Jump to content

Virus Affecting Google, Redirects & Popups


kjay

Recommended Posts

I am having problems ridding our PC of a virus. Earlier this month Malwarebytes found and removed the following trojans (Trojan.Agent, Trojan.FakeAlert, Trojan.FakeAlert.RO and Trojan.Lameshield). Malwarebytes scans show that no malicious software detected. Yet we cannot consistently use google (get Forbidden 404 message or Connection Interrupted message). Also will have small pop-ups and occasional redirection to PC Fix website. I have attached the Quick Scan I completed this evening and the dds.txt and attach.txt file as requested. Any assistance would be appreciated.

Thanks

alwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.27.08

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Chris Jacobs :: KJACOBS [administrator]

27/08/2012 7:11:22 PM

mbam-log-2012-08-27 (19-11-22).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 363641

Time elapsed: 23 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

dds.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Chris Jacobs at 20:37:16 on 2012-08-27

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1195 [GMT -4:00]

.

AV: Norton Security Online *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: GFI Software VIPRE *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

FW: Norton Security Online *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe

C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe

C:\Program Files\Secunia\PSI\sua.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\GFI Software\VIPRE\SBAMTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\WINDOWS\notepad.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.ca/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: N/A: {e372c287-64ea-4bec-a4a6-8771b11d539b} - c:\program files\gamenutt_2s\bar\1.bin\2sSrcAs.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Toolbar BHO: {19c672d9-54c1-4416-aa7a-696185cb77f6} - c:\progra~1\gamenu~2\bar\1.bin\2sbar.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Search Assistant BHO: {f599d514-765f-43c8-9347-cb54ba40073f} - c:\program files\gamenutt_2s\bar\1.bin\2sSrcAs.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: UltimateGamesBar: {15c23c48-f231-4557-8eee-da3152e2e7dd} - c:\program files\gamenutt_2s\bar\1.bin\2sbar.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent

uRun: [Google Update] "c:\documents and settings\chris jacobs\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; WinNT-PAI 31.07.2009)" -"http://webgames.d.tmsrv.com/c=877d703974766a0e0a36bc6d37fabd23/aff=t_04cl_wg/p/release/gamehouse/wg_nannymania/nannymania/index.html"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"

mRun: [Amazing3DAquariumWallpaper]

mRun: [YeppStudioAgent] c:\program files\samsung\samsung media studio\SamsungMediaStudioAgent.exe

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon

mRun: [GameNutt_2s Browser Plugin Loader] c:\progra~1\gamenu~2\bar\1.bin\2sbrmon.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sBAMTray] "c:\program files\gfi software\vipre\SBAMTray.exe"

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: &Search - http://tbedits.ultimategamesbar.com/one-toolbaredits/menusearch.jhtml?s=202360838&p=9Yxdm011YYca&si=1591&a=768AB20F-30F5-44ED-9EEB-81C7A44B5DE4&n=2011121316

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: brassring.com\sjobs

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: plaxo.com\www

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346099389648

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9FDD0B95-0C23-4FD0-8212-413F03EE8815} : DhcpNameServer = 192.168.0.1

Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll

Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll

Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll

Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll

Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\turbotax 2011\ic2011pp.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\chris jacobs\application data\mozilla\firefox\profiles\kxgn1snm.default\

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\chris jacobs\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\chris jacobs\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\chris jacobs\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\documents and settings\chris jacobs\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\downloaded program files\npsoe.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-7-13 21240]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2012-1-25 101112]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-8-25 219136]

R2 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\kodak\digital display\orbkodaklauncher\DllStartupService.exe [2009-5-14 98304]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 SBAMSvc;VIPRE Antivirus;c:\program files\gfi software\vipre\SBAMSvc.exe [2012-5-2 3289680]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-7-13 77816]

R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\vipre\SBPIMSvc.exe [2012-5-2 173920]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-7-25 681056]

S2 5576;5576;\??\c:\docume~1\chrisj~1\locals~1\temp\5576.sys --> c:\docume~1\chrisj~1\locals~1\temp\5576.sys [?]

S2 5709;5709;\??\c:\docume~1\chrisj~1\locals~1\temp\5709.sys --> c:\docume~1\chrisj~1\locals~1\temp\5709.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-2 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 257224]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-2 135664]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-17 22344]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-16 113120]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-7-25 1326176]

S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-17 655944]

.

=============== Created Last 30 ================

.

2012-08-16 20:40:23 -------- d-----w- c:\program files\common files\Nancy Drew Prerequisites

2012-08-15 03:15:14 -------- d--h--w- c:\windows\PIF

2012-08-15 01:11:31 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-08-15 01:11:31 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2012-08-14 04:01:42 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-14 04:01:42 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-08-14 03:58:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2012-08-14 03:58:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2012-08-14 03:58:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2012-08-14 03:58:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2012-08-14 03:58:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2012-08-14 03:58:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2012-08-14 03:58:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2012-08-14 03:45:22 -------- d-----w- c:\program files\iPod

2012-08-14 03:40:16 -------- d-----w- c:\program files\Bonjour

2012-08-14 03:00:18 -------- d-----w- c:\documents and settings\chris jacobs\local settings\application data\Secunia PSI

2012-08-14 03:00:07 -------- d-----w- c:\program files\Secunia

2012-08-14 00:23:36 -------- d-----w- c:\program files\WiseConvert

2012-08-10 16:12:55 -------- d-----w- c:\program files\common files\xing shared

2012-08-01 01:07:50 -------- d-----w- c:\documents and settings\all users\application data\f91280

2012-07-30 21:52:13 103904 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-08-14 04:01:18 472840 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-14 03:32:59 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-14 03:32:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-10 16:12:25 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-08-10 14:09:32 114 ----a-w- c:\documents and settings\chris jacobs\application data\netstat.bat

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

.

============= FINISH: 20:38:52.05 ===============

Attach.txt.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 30/01/2007 11:57:37 PM

System Uptime: 27/08/2012 9:09:45 AM (11 hours ago)

.

Motherboard: Dell Inc. | | 0WG855

Processor: Intel® Core2 CPU 6400 @ 2.13GHz | Microprocessor | 2127/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 293 GiB total, 190.3 GiB free.

D: is CDROM (UDF)

E: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&38E4B95F&0&0001

Manufacturer:

Name:

PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&38E4B95F&0&0001

Service:

.

==== System Restore Points ===================

.

RP2117: 30/05/2012 6:45:45 PM - System Checkpoint

RP2118: 31/05/2012 7:31:50 PM - System Checkpoint

RP2119: 01/06/2012 7:50:06 PM - System Checkpoint

RP2120: 02/06/2012 8:21:54 PM - System Checkpoint

RP2121: 03/06/2012 10:07:16 PM - System Checkpoint

RP2122: 04/06/2012 10:00:17 AM - Software Distribution Service 3.0

RP2123: 05/06/2012 10:01:23 AM - System Checkpoint

RP2124: 06/06/2012 10:36:53 AM - System Checkpoint

RP2125: 07/06/2012 11:07:13 AM - System Checkpoint

RP2126: 08/06/2012 11:14:35 AM - System Checkpoint

RP2127: 09/06/2012 1:15:09 PM - System Checkpoint

RP2128: 10/06/2012 1:40:45 PM - System Checkpoint

RP2129: 11/06/2012 3:30:55 PM - System Checkpoint

RP2130: 12/06/2012 4:38:37 PM - System Checkpoint

RP2131: 13/06/2012 10:00:18 AM - Software Distribution Service 3.0

RP2132: 13/06/2012 7:45:57 PM - VIPRE clean action

RP2133: 14/06/2012 8:01:54 PM - System Checkpoint

RP2134: 15/06/2012 8:25:10 PM - System Checkpoint

RP2135: 16/06/2012 8:35:31 PM - System Checkpoint

RP2136: 17/06/2012 9:11:34 PM - System Checkpoint

RP2137: 18/06/2012 11:06:04 PM - System Checkpoint

RP2138: 20/06/2012 10:12:18 AM - System Checkpoint

RP2139: 21/06/2012 10:21:22 AM - System Checkpoint

RP2140: 22/06/2012 10:46:06 AM - System Checkpoint

RP2141: 23/06/2012 11:20:08 AM - System Checkpoint

RP2142: 24/06/2012 11:54:47 AM - System Checkpoint

RP2143: 25/06/2012 12:36:10 PM - System Checkpoint

RP2144: 26/06/2012 1:24:03 PM - System Checkpoint

RP2145: 27/06/2012 1:42:49 PM - System Checkpoint

RP2146: 28/06/2012 2:28:30 PM - System Checkpoint

RP2147: 29/06/2012 2:43:36 PM - System Checkpoint

RP2148: 30/06/2012 3:20:27 PM - System Checkpoint

RP2149: 01/07/2012 3:39:09 PM - System Checkpoint

RP2150: 08/07/2012 4:24:23 PM - System Checkpoint

RP2151: 09/07/2012 5:50:26 PM - System Checkpoint

RP2152: 10/07/2012 5:58:20 PM - System Checkpoint

RP2153: 11/07/2012 10:00:20 AM - Software Distribution Service 3.0

RP2154: 12/07/2012 10:35:15 AM - System Checkpoint

RP2155: 13/07/2012 11:37:01 AM - System Checkpoint

RP2156: 14/07/2012 12:28:24 PM - System Checkpoint

RP2157: 15/07/2012 8:17:42 AM - Installed The Sims 3

RP2158: 16/07/2012 8:26:43 AM - System Checkpoint

RP2159: 17/07/2012 10:31:48 AM - System Checkpoint

RP2160: 18/07/2012 11:12:42 AM - System Checkpoint

RP2161: 19/07/2012 12:04:08 PM - System Checkpoint

RP2162: 20/07/2012 12:12:50 PM - System Checkpoint

RP2163: 21/07/2012 1:02:29 PM - System Checkpoint

RP2164: 21/07/2012 11:07:23 PM - Removed Bonjour

RP2165: 21/07/2012 11:10:07 PM - Removed Nancy Drew: The Phantom of Venice

RP2166: 21/07/2012 11:15:31 PM - Removed Roxio DLA

RP2167: 21/07/2012 11:16:26 PM - Removed Roxio MyDVD LE

RP2168: 21/07/2012 11:17:11 PM - Removed Roxio RecordNow Audio

RP2169: 21/07/2012 11:17:35 PM - Removed Roxio RecordNow Copy

RP2170: 21/07/2012 11:18:01 PM - Removed Roxio RecordNow Data

RP2171: 21/07/2012 11:19:53 PM - Uninstall Click'N Design 3D

RP2172: 22/07/2012 9:27:01 PM - Installed %1 %2.

RP2173: 23/07/2012 12:18:11 PM - Removed TheSims3EP5

RP2174: 24/07/2012 3:40:38 PM - System Checkpoint

RP2175: 25/07/2012 3:00:48 PM - Installed The Sims 3 Ambitions

RP2176: 25/07/2012 3:47:43 PM - Installed Saddle Up

RP2177: 26/07/2012 4:28:04 PM - System Checkpoint

RP2178: 26/07/2012 10:07:08 PM - Removed The Sims 3 Ambitions

RP2179: 27/07/2012 10:17:00 PM - System Checkpoint

RP2180: 28/07/2012 11:43:22 PM - System Checkpoint

RP2181: 30/07/2012 12:37:06 AM - System Checkpoint

RP2182: 30/07/2012 11:14:48 AM - Installed The Sims 3 Ambitions

RP2183: 30/07/2012 11:48:36 AM - Installed The Sims 3 Ambitions

RP2184: 31/07/2012 12:34:12 PM - System Checkpoint

RP2185: 01/08/2012 12:56:45 PM - System Checkpoint

RP2186: 02/08/2012 1:07:05 PM - System Checkpoint

RP2187: 03/08/2012 1:51:32 PM - System Checkpoint

RP2188: 04/08/2012 2:53:52 PM - System Checkpoint

RP2189: 05/08/2012 3:48:07 PM - System Checkpoint

RP2190: 06/08/2012 4:10:23 PM - System Checkpoint

RP2191: 07/08/2012 4:29:21 PM - System Checkpoint

RP2192: 08/08/2012 5:19:18 PM - System Checkpoint

RP2193: 09/08/2012 5:35:35 PM - System Checkpoint

RP2194: 10/08/2012 9:51:04 AM - Removed Saddle Up

RP2195: 11/08/2012 10:20:49 AM - System Checkpoint

RP2196: 12/08/2012 10:47:00 AM - System Checkpoint

RP2197: 13/08/2012 11:44:09 AM - System Checkpoint

RP2198: 14/08/2012 12:37:17 AM - Removed Windows Live Favorites for Windows Live Toolbar

RP2199: 15/08/2012 9:41:18 AM - System Checkpoint

RP2200: 15/08/2012 10:00:56 AM - Software Distribution Service 3.0

RP2201: 16/08/2012 11:05:14 AM - System Checkpoint

RP2202: 16/08/2012 4:40:10 PM - Installed Nancy Drew: The Captive Curse

RP2203: 17/08/2012 4:43:46 PM - System Checkpoint

RP2204: 18/08/2012 4:44:55 PM - System Checkpoint

RP2205: 19/08/2012 5:52:10 PM - System Checkpoint

RP2206: 20/08/2012 6:51:17 PM - System Checkpoint

RP2207: 21/08/2012 7:42:00 PM - System Checkpoint

RP2208: 22/08/2012 8:02:13 PM - System Checkpoint

RP2209: 23/08/2012 9:14:38 PM - System Checkpoint

RP2210: 24/08/2012 9:27:38 PM - System Checkpoint

RP2211: 25/08/2012 9:39:53 PM - System Checkpoint

RP2212: 26/08/2012 1:50:42 PM - Removed Google Earth.

RP2213: 27/08/2012 2:13:50 PM - System Checkpoint

.

==== Installed Programs ======================

.

.

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.2

Adobe Shockwave Player 11.6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft Print Creations

ArcSoft Print Creations - Album Page

ArcSoft Print Creations - Funhouse

ArcSoft Print Creations - Greeting Card

ArcSoft Print Creations - Photo Book

ArcSoft Print Creations - Photo Calendar

ArcSoft Print Creations - Scrapbook

ArcSoft Print Creations - Slimline Card

ATI Catalyst Install Manager

ATI Catalyst Registration

ATI Parental Control & Encoder

BioShock

Bonjour

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DC_DV 6 for ZoomBrowser EX

Canon Camera Window MC 6 for ZoomBrowser EX

Canon Easy-PhotoPrint EX

Canon Easy-PhotoPrint Pro

Canon Easy-WebPrint EX

Canon G.726 WMP-Decoder

Canon MG6100 series MP Drivers

Canon MovieEdit Task for ZoomBrowser EX

Canon MP Navigator EX 4.0

Canon My Printer

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Solution Menu EX

Canon Utilities EOS Utility

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

ccc-core-static

ccc-utility

CCC Help English

CCScore

Clone Wars

Compatibility Pack for the 2007 Office system

Critical Update for Windows Media Player 11 (KB959772)

Dell CinePlayer

Dell Driver Reset Tool

Dell Support 3.2.1

Dell System Restore

DivX Web Player

DVD-MovieAlbumSE 3 for DVDCAM

EPSON Printer Software

ESPNMotion

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSTOOLS

essvatgt

EZface ActiveX 210

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Graboid Video 3.05

High Definition Audio Driver Package - KB835221

Highlight Viewer (Windows Live Toolbar)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB945060-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® Matrix Storage Manager

Intel® PRO Network Connections

InterActual Player

iTunes

Java Auto Updater

Java 6 Update 33

Junk Mail filter update

KEDDS

kgcbaby

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

Kodak EasyShare software

Logitech Gaming Software

Malwarebytes Anti-Malware version 1.62.0.1300

Managed DirectX (0900)

Map Button (Windows Live Toolbar)

MCU

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.0 Hotfix (KB2604042)

Microsoft .NET Framework 1.0 Hotfix (KB2656378)

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office File Validation Add-In

Microsoft Office Standard Edition 2003

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works 6-9 Converter

Microsoft WSE 3.0 Runtime

MobileMe Control Panel

Move Networks Media Player for Internet Explorer

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSN

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser

Musicnotes Player

Musicnotes Software Suite 1.0

Nancy Drew: The Captive Curse

netbrdg

OfotoXMI

On2 VP3 Video for Windows Codec

Origin

Otto

Picture Package Music Transfer

PunkBuster Services

QuickTax 2006

QuickTax 2007

QuickTax 2008

QuickTax 2009

QuickTime

QuickTime for Windows (32-bit)

Race Day Demo Version

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

RPS CRT

RSH Home Networking Wizard

Samsung Media Studio

SecondLife (remove only)

Secunia PSI (3.0.0.3001)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

SFR

SHASTA

Shockwave

Sibelius Scorch (ActiveX Only)

skin0001

SKINXSDK

Smart Menus (Windows Live Toolbar)

Sonic Activation Module

Sonic Encoders

Sony Picture Utility

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

staticcr

swMSM

TeamViewer 5

The Sims™ 3

The Sims™ 3 Ambitions

Tiger Woods PGA TOUR 2004

TurboTax 2010

TurboTax 2011

UltimateGamesBar

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Media Player 10 (KB910393)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB943729)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

VC80CRTRedist - 8.0.50727.762

VIPRE Antivirus

VLC media player 2.0.2

VoiceOver Kit

VPRINTOL

WebCyberCoach 3.2 Dell

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

Windows Media Player 11

Windows PowerShell 1.0

Windows Search 4.0

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB908246

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

WIRELESS

YP-U1

.

==== Event Viewer Messages From Past Week ========

.

23/08/2012 4:34:55 PM, error: Dhcp [1002] - The IP address lease 192.168.0.10 for the Network Card with network address 0019D11D42C2 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

23/08/2012 1:27:05 PM, error: Service Control Manager [7000] - The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.

23/08/2012 1:27:05 PM, error: Service Control Manager [7000] - The 5709 service failed to start due to the following error: The system cannot find the file specified.

23/08/2012 1:27:05 PM, error: Service Control Manager [7000] - The 5576 service failed to start due to the following error: The system cannot find the file specified.

23/08/2012 1:27:04 PM, error: Dhcp [1002] - The IP address lease 192.168.0.15 for the Network Card with network address 0019D11D42C2 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

22/08/2012 3:20:57 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.10 with the system having network hardware address 00:C6:10:D0:00:B5. Network operations on this system may be disrupted as a result.

22/08/2012 3:20:44 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

22/08/2012 3:20:38 PM, error: Dhcp [1002] - The IP address lease 192.168.0.11 for the Network Card with network address 0019D11D42C2 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

RogueKiller V8.0.0 [08/26/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Chris Jacobs [Admin rights]

Mode : Scan -- Date : 08/28/2012 21:32:02

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5576 (\??\C:\DOCUME~1\CHRISJ~1\LOCALS~1\Temp\5576.sys) -> FOUND

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5709 (\??\C:\DOCUME~1\CHRISJ~1\LOCALS~1\Temp\5709.sys) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[Faked.Drv][FILE] nwlnknb.sys : C:\WINDOWS\system32\drivers\nwlnknb.sys --> CANNOT FIX

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320620AS +++++

--- User ---

[MBR] 4f64bb99f305879aaae592529b9af759

[bSP] 3efdd157322bc54deb4f0f8435ac64f6 : MBR Code unknown

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 300442 Mo

2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 615401955 | Size: 4753 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5576 (\??\C:\DOCUME~1\CHRISJ~1\LOCALS~1\Temp\5576.sys) -> FOUND

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5709 (\??\C:\DOCUME~1\CHRISJ~1\LOCALS~1\Temp\5709.sys) -> FOUND

Now click Delete on the right hand column under Options

~~~~~~~~~~~~~~~~~~

Then..........

Please read the directions carefully so you don't end up deleting something that is good!!

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Attached is the report from TDSSKiller. It found one malicious object and allowed me to select cure. Upon completion, I rebooted the computer as instructed.

22:28:23.0365 9012 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

22:28:23.0724 9012 ============================================================

22:28:23.0724 9012 Current date / time: 2012/08/28 22:28:23.0724

22:28:23.0724 9012 SystemInfo:

22:28:23.0724 9012

22:28:23.0724 9012 OS Version: 5.1.2600 ServicePack: 3.0

22:28:23.0724 9012 Product type: Workstation

22:28:23.0724 9012 ComputerName: KJACOBS

22:28:23.0724 9012 UserName: Chris Jacobs

22:28:23.0724 9012 Windows directory: C:\WINDOWS

22:28:23.0724 9012 System windows directory: C:\WINDOWS

22:28:23.0724 9012 Processor architecture: Intel x86

22:28:23.0724 9012 Number of processors: 2

22:28:23.0724 9012 Page size: 0x1000

22:28:23.0724 9012 Boot type: Normal boot

22:28:23.0724 9012 ============================================================

22:28:24.0396 9012 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

22:28:24.0443 9012 ============================================================

22:28:24.0443 9012 \Device\Harddisk0\DR0:

22:28:24.0443 9012 MBR partitions:

22:28:24.0443 9012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x24ACD15D

22:28:24.0443 9012 ============================================================

22:28:24.0490 9012 C: <-> \Device\Harddisk0\DR0\Partition1

22:28:24.0490 9012 ============================================================

22:28:24.0490 9012 Initialize success

22:28:24.0490 9012 ============================================================

22:29:31.0302 7904 ============================================================

22:29:31.0302 7904 Scan started

22:29:31.0302 7904 Mode: Manual; SigCheck; TDLFS;

22:29:31.0302 7904 ============================================================

22:29:31.0646 7904 ================ Scan services =============================

22:29:31.0787 7904 5576 - ok

22:29:31.0787 7904 5709 - ok

22:29:32.0083 7904 Abiosdsk - ok

22:29:32.0115 7904 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

22:29:33.0662 7904 abp480n5 - ok

22:29:33.0755 7904 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

22:29:33.0771 7904 ACDaemon - ok

22:29:33.0818 7904 [ EA38C961260F29295C6D03070FA9D0B5 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

22:29:33.0833 7904 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: EA38C961260F29295C6D03070FA9D0B5, Fake md5: 8FD99680A539792A30E97944FDAECF17

22:29:33.0833 7904 ACPI ( Virus.Win32.Rloader.a ) - infected

22:29:33.0833 7904 ACPI - detected Virus.Win32.Rloader.a (0)

22:29:33.0865 7904 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

22:29:34.0083 7904 ACPIEC - ok

22:29:34.0177 7904 [ F3CD7B20B27D1772C946DF993FF3635C ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

22:29:34.0193 7904 AdobeFlashPlayerUpdateSvc - ok

22:29:34.0224 7904 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys

22:29:34.0349 7904 adpu160m - ok

22:29:34.0380 7904 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

22:29:34.0490 7904 aec - ok

22:29:34.0537 7904 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

22:29:34.0568 7904 AFD - ok

22:29:34.0599 7904 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys

22:29:34.0693 7904 agp440 - ok

22:29:34.0724 7904 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

22:29:34.0818 7904 agpCPQ - ok

22:29:34.0833 7904 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys

22:29:34.0896 7904 Aha154x - ok

22:29:34.0912 7904 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys

22:29:35.0037 7904 aic78u2 - ok

22:29:35.0052 7904 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys

22:29:35.0146 7904 aic78xx - ok

22:29:35.0177 7904 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

22:29:35.0302 7904 Alerter - ok

22:29:35.0318 7904 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

22:29:35.0396 7904 ALG - ok

22:29:35.0412 7904 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys

22:29:35.0505 7904 AliIde - ok

22:29:35.0521 7904 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys

22:29:35.0646 7904 alim1541 - ok

22:29:35.0677 7904 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys

22:29:35.0771 7904 amdagp - ok

22:29:35.0787 7904 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys

22:29:35.0849 7904 amsint - ok

22:29:35.0927 7904 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:29:35.0943 7904 Apple Mobile Device - ok

22:29:36.0005 7904 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

22:29:36.0068 7904 AppMgmt - ok

22:29:36.0099 7904 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys

22:29:36.0208 7904 asc - ok

22:29:36.0224 7904 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys

22:29:36.0287 7904 asc3350p - ok

22:29:36.0302 7904 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys

22:29:36.0396 7904 asc3550 - ok

22:29:36.0505 7904 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

22:29:36.0552 7904 aspnet_state - ok

22:29:36.0583 7904 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

22:29:36.0677 7904 AsyncMac - ok

22:29:36.0708 7904 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

22:29:36.0818 7904 atapi - ok

22:29:36.0818 7904 Atdisk - ok

22:29:36.0865 7904 [ C2B87DF80DAB23407C4155090177C813 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

22:29:36.0912 7904 Ati HotKey Poller - ok

22:29:37.0068 7904 [ 662C08FEF641D8D6E9DCDB39168895B0 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

22:29:37.0193 7904 ati2mtag - ok

22:29:37.0224 7904 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

22:29:37.0349 7904 Atmarpc - ok

22:29:37.0412 7904 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

22:29:37.0537 7904 AudioSrv - ok

22:29:37.0552 7904 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

22:29:37.0646 7904 audstub - ok

22:29:37.0677 7904 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

22:29:37.0787 7904 Beep - ok

22:29:37.0833 7904 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

22:29:37.0958 7904 BITS - ok

22:29:38.0021 7904 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

22:29:38.0037 7904 Bonjour Service - ok

22:29:38.0083 7904 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

22:29:38.0271 7904 Browser - ok

22:29:38.0287 7904 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

22:29:38.0412 7904 cbidf - ok

22:29:38.0412 7904 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

22:29:38.0505 7904 cbidf2k - ok

22:29:38.0552 7904 [ 20F89E232173985A455BC9A5F70D1166 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe

22:29:38.0552 7904 CCALib8 ( UnsignedFile.Multi.Generic ) - warning

22:29:38.0552 7904 CCALib8 - detected UnsignedFile.Multi.Generic (1)

22:29:38.0583 7904 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

22:29:38.0630 7904 cd20xrnt - ok

22:29:38.0646 7904 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

22:29:38.0755 7904 Cdaudio - ok

22:29:38.0802 7904 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

22:29:38.0896 7904 Cdfs - ok

22:29:38.0943 7904 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

22:29:38.0990 7904 Cdrom - ok

22:29:38.0990 7904 Changer - ok

22:29:39.0021 7904 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

22:29:39.0146 7904 CiSvc - ok

22:29:39.0162 7904 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

22:29:39.0287 7904 ClipSrv - ok

22:29:39.0318 7904 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:29:39.0396 7904 clr_optimization_v2.0.50727_32 - ok

22:29:39.0412 7904 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys

22:29:39.0521 7904 CmdIde - ok

22:29:39.0521 7904 COMSysApp - ok

22:29:39.0552 7904 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys

22:29:39.0646 7904 Cpqarray - ok

22:29:39.0662 7904 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

22:29:39.0787 7904 CryptSvc - ok

22:29:39.0818 7904 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

22:29:39.0912 7904 dac2w2k - ok

22:29:39.0927 7904 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys

22:29:40.0052 7904 dac960nt - ok

22:29:40.0083 7904 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

22:29:40.0130 7904 DcomLaunch - ok

22:29:40.0177 7904 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

22:29:40.0271 7904 Dhcp - ok

22:29:40.0318 7904 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

22:29:40.0443 7904 Disk - ok

22:29:40.0443 7904 dmadmin - ok

22:29:40.0474 7904 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

22:29:40.0583 7904 dmboot - ok

22:29:40.0599 7904 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

22:29:40.0693 7904 dmio - ok

22:29:40.0708 7904 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

22:29:40.0802 7904 dmload - ok

22:29:40.0833 7904 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

22:29:40.0974 7904 dmserver - ok

22:29:41.0005 7904 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

22:29:41.0130 7904 DMusic - ok

22:29:41.0162 7904 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

22:29:41.0255 7904 Dnscache - ok

22:29:41.0287 7904 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

22:29:41.0427 7904 Dot3svc - ok

22:29:41.0443 7904 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys

22:29:41.0537 7904 dpti2o - ok

22:29:41.0568 7904 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

22:29:41.0693 7904 drmkaud - ok

22:29:41.0740 7904 [ 2AC2372FFAD9ADC85672CC8E8AE14BE9 ] DSproct C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

22:29:41.0943 7904 DSproct ( UnsignedFile.Multi.Generic ) - warning

22:29:41.0943 7904 DSproct - detected UnsignedFile.Multi.Generic (1)

22:29:41.0974 7904 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys

22:29:42.0083 7904 E100B - ok

22:29:42.0130 7904 [ 00192F0C612591D585594E9467E6CA8B ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys

22:29:42.0177 7904 e1express - ok

22:29:42.0208 7904 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

22:29:42.0333 7904 EapHost - ok

22:29:42.0412 7904 [ 70AEAC5D481B2904B40F2173E280B1B5 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

22:29:42.0458 7904 eeCtrl - ok

22:29:42.0521 7904 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe

22:29:42.0615 7904 ehRecvr - ok

22:29:42.0646 7904 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe

22:29:42.0740 7904 ehSched - ok

22:29:42.0787 7904 [ 00BD6FC4A873D3341DCF9AEF2D3C841E ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

22:29:42.0818 7904 EraserUtilRebootDrv - ok

22:29:42.0849 7904 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

22:29:42.0974 7904 ERSvc - ok

22:29:43.0005 7904 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

22:29:43.0037 7904 Eventlog - ok

22:29:43.0068 7904 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

22:29:43.0130 7904 EventSystem - ok

22:29:43.0162 7904 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

22:29:43.0287 7904 Fastfat - ok

22:29:43.0318 7904 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

22:29:43.0380 7904 FastUserSwitchingCompatibility - ok

22:29:43.0396 7904 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

22:29:43.0521 7904 Fdc - ok

22:29:43.0552 7904 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

22:29:43.0646 7904 Fips - ok

22:29:43.0662 7904 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

22:29:43.0771 7904 Flpydisk - ok

22:29:43.0818 7904 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

22:29:43.0912 7904 FltMgr - ok

22:29:43.0974 7904 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

22:29:44.0005 7904 FontCache3.0.0.0 - ok

22:29:44.0037 7904 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

22:29:44.0130 7904 Fs_Rec - ok

22:29:44.0146 7904 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

22:29:44.0240 7904 Ftdisk - ok

22:29:44.0287 7904 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

22:29:44.0287 7904 GEARAspiWDM - ok

22:29:44.0318 7904 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

22:29:44.0412 7904 Gpc - ok

22:29:44.0490 7904 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

22:29:44.0490 7904 gupdate - ok

22:29:44.0505 7904 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

22:29:44.0521 7904 gupdatem - ok

22:29:44.0568 7904 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

22:29:44.0693 7904 HDAudBus - ok

22:29:44.0755 7904 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

22:29:44.0865 7904 helpsvc - ok

22:29:44.0896 7904 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

22:29:45.0021 7904 HidServ - ok

22:29:45.0052 7904 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

22:29:45.0162 7904 HidUsb - ok

22:29:45.0193 7904 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

22:29:45.0302 7904 hkmsvc - ok

22:29:45.0318 7904 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys

22:29:45.0412 7904 hpn - ok

22:29:45.0458 7904 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

22:29:45.0521 7904 HTTP - ok

22:29:45.0552 7904 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

22:29:45.0662 7904 HTTPFilter - ok

22:29:45.0677 7904 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys

22:29:45.0771 7904 i2omgmt - ok

22:29:45.0802 7904 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys

22:29:45.0896 7904 i2omp - ok

22:29:45.0927 7904 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

22:29:46.0037 7904 i8042prt - ok

22:29:46.0083 7904 [ B122BE74E283A2BC7FEBC180BFD2EFD5 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

22:29:46.0099 7904 IAANTMON ( UnsignedFile.Multi.Generic ) - warning

22:29:46.0099 7904 IAANTMON - detected UnsignedFile.Multi.Generic (1)

22:29:46.0115 7904 [ 019CF5F31C67030841233C545A0E217A ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys

22:29:46.0162 7904 iaStor - ok

22:29:46.0271 7904 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

22:29:46.0287 7904 IDriverT ( UnsignedFile.Multi.Generic ) - warning

22:29:46.0287 7904 IDriverT - detected UnsignedFile.Multi.Generic (1)

22:29:46.0365 7904 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

22:29:46.0396 7904 idsvc - ok

22:29:46.0443 7904 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

22:29:46.0552 7904 Imapi - ok

22:29:46.0583 7904 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

22:29:46.0708 7904 ImapiService - ok

22:29:46.0724 7904 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys

22:29:46.0833 7904 ini910u - ok

22:29:46.0865 7904 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

22:29:46.0958 7904 IntelIde - ok

22:29:46.0990 7904 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

22:29:47.0099 7904 intelppm - ok

22:29:47.0130 7904 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

22:29:47.0224 7904 Ip6Fw - ok

22:29:47.0255 7904 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

22:29:47.0349 7904 IpFilterDriver - ok

22:29:47.0380 7904 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

22:29:47.0474 7904 IpInIp - ok

22:29:47.0505 7904 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

22:29:47.0599 7904 IpNat - ok

22:29:47.0662 7904 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

22:29:47.0708 7904 iPod Service - ok

22:29:47.0740 7904 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

22:29:47.0833 7904 IPSec - ok

22:29:47.0865 7904 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

22:29:47.0927 7904 IRENUM - ok

22:29:47.0958 7904 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

22:29:48.0068 7904 isapnp - ok

22:29:48.0162 7904 [ DE5D05FD449798EF88CC34AD4B1E7F85 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

22:29:48.0177 7904 JavaQuickStarterService - ok

22:29:48.0193 7904 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

22:29:48.0287 7904 Kbdclass - ok

22:29:48.0318 7904 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

22:29:48.0412 7904 kbdhid - ok

22:29:48.0458 7904 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

22:29:48.0568 7904 kmixer - ok

22:29:48.0615 7904 [ 9646A100ACF21516DB1052BC419332BA ] KodakDigitalDisplayService C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe

22:29:48.0615 7904 KodakDigitalDisplayService ( UnsignedFile.Multi.Generic ) - warning

22:29:48.0615 7904 KodakDigitalDisplayService - detected UnsignedFile.Multi.Generic (1)

22:29:48.0662 7904 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

22:29:48.0740 7904 KSecDD - ok

22:29:48.0787 7904 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

22:29:48.0833 7904 lanmanserver - ok

22:29:48.0880 7904 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

22:29:48.0943 7904 lanmanworkstation - ok

22:29:48.0943 7904 lbrtfdc - ok

22:29:49.0005 7904 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

22:29:49.0115 7904 LmHosts - ok

22:29:49.0146 7904 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

22:29:49.0162 7904 MBAMProtector - ok

22:29:49.0240 7904 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

22:29:49.0287 7904 MBAMService - ok

22:29:49.0318 7904 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe

22:29:49.0333 7904 McrdSvc - ok

22:29:49.0396 7904 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

22:29:49.0412 7904 MDM - ok

22:29:49.0443 7904 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

22:29:49.0583 7904 Messenger - ok

22:29:49.0599 7904 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll

22:29:49.0630 7904 MHN ( UnsignedFile.Multi.Generic ) - warning

22:29:49.0630 7904 MHN - detected UnsignedFile.Multi.Generic (1)

22:29:49.0646 7904 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys

22:29:49.0677 7904 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

22:29:49.0677 7904 MHNDRV - detected UnsignedFile.Multi.Generic (1)

22:29:49.0708 7904 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

22:29:49.0802 7904 mnmdd - ok

22:29:49.0833 7904 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

22:29:49.0958 7904 mnmsrvc - ok

22:29:49.0990 7904 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

22:29:50.0083 7904 Modem - ok

22:29:50.0115 7904 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

22:29:50.0208 7904 Mouclass - ok

22:29:50.0255 7904 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

22:29:50.0333 7904 mouhid - ok

22:29:50.0365 7904 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

22:29:50.0458 7904 MountMgr - ok

22:29:50.0490 7904 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

22:29:50.0537 7904 MozillaMaintenance - ok

22:29:50.0552 7904 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys

22:29:50.0646 7904 mraid35x - ok

22:29:50.0662 7904 MREMPR5 - ok

22:29:50.0662 7904 MRENDIS5 - ok

22:29:50.0677 7904 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

22:29:50.0787 7904 MRxDAV - ok

22:29:50.0818 7904 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

22:29:50.0896 7904 MRxSmb - ok

22:29:50.0927 7904 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

22:29:51.0037 7904 MSDTC - ok

22:29:51.0052 7904 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

22:29:51.0146 7904 Msfs - ok

22:29:51.0146 7904 MSIServer - ok

22:29:51.0177 7904 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

22:29:51.0287 7904 MSKSSRV - ok

22:29:51.0302 7904 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

22:29:51.0396 7904 MSPCLOCK - ok

22:29:51.0412 7904 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

22:29:51.0505 7904 MSPQM - ok

22:29:51.0537 7904 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

22:29:51.0630 7904 mssmbios - ok

22:29:51.0646 7904 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

22:29:51.0693 7904 Mup - ok

22:29:51.0724 7904 [ 1E59AAED42A5E3A5ED86EC403F9C0776 ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys

22:29:51.0724 7904 NAL ( UnsignedFile.Multi.Generic ) - warning

22:29:51.0724 7904 NAL - detected UnsignedFile.Multi.Generic (1)

22:29:51.0755 7904 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

22:29:51.0880 7904 napagent - ok

22:29:51.0927 7904 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

22:29:52.0005 7904 NDIS - ok

22:29:52.0052 7904 [ 1A18F436E4855572260580F4D42C69E8 ] NDISRD C:\WINDOWS\system32\drivers\NDISRD.sys

22:29:52.0052 7904 NDISRD ( UnsignedFile.Multi.Generic ) - warning

22:29:52.0052 7904 NDISRD - detected UnsignedFile.Multi.Generic (1)

22:29:52.0083 7904 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

22:29:52.0130 7904 NdisTapi - ok

22:29:52.0162 7904 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

22:29:52.0240 7904 Ndisuio - ok

22:29:52.0255 7904 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

22:29:52.0380 7904 NdisWan - ok

22:29:52.0412 7904 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

22:29:52.0458 7904 NDProxy - ok

22:29:52.0490 7904 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

22:29:52.0583 7904 NetBIOS - ok

22:29:52.0615 7904 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

22:29:52.0708 7904 NetBT - ok

22:29:52.0740 7904 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

22:29:52.0865 7904 NetDDE - ok

22:29:52.0865 7904 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

22:29:52.0958 7904 NetDDEdsdm - ok

22:29:52.0990 7904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

22:29:53.0115 7904 Netlogon - ok

22:29:53.0130 7904 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

22:29:53.0224 7904 Netman - ok

22:29:53.0240 7904 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:29:53.0271 7904 NetTcpPortSharing - ok

22:29:53.0318 7904 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

22:29:53.0349 7904 Nla - ok

22:29:53.0380 7904 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

22:29:53.0490 7904 Npfs - ok

22:29:53.0521 7904 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

22:29:53.0630 7904 Ntfs - ok

22:29:53.0662 7904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

22:29:53.0740 7904 NtLmSsp - ok

22:29:53.0787 7904 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

22:29:53.0912 7904 NtmsSvc - ok

22:29:53.0927 7904 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

22:29:54.0037 7904 Null - ok

22:29:54.0052 7904 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

22:29:54.0162 7904 NwlnkFlt - ok

22:29:54.0177 7904 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

22:29:54.0255 7904 NwlnkFwd - ok

22:29:54.0287 7904 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:29:54.0318 7904 ose - ok

22:29:54.0349 7904 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

22:29:54.0443 7904 Parport - ok

22:29:54.0474 7904 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

22:29:54.0583 7904 PartMgr - ok

22:29:54.0599 7904 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

22:29:54.0708 7904 ParVdm - ok

22:29:54.0708 7904 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

22:29:54.0833 7904 PCI - ok

22:29:54.0833 7904 PCIDump - ok

22:29:54.0880 7904 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

22:29:54.0958 7904 PCIIde - ok

22:29:55.0005 7904 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

22:29:55.0099 7904 Pcmcia - ok

22:29:55.0115 7904 PDCOMP - ok

22:29:55.0115 7904 PDFRAME - ok

22:29:55.0115 7904 PDRELI - ok

22:29:55.0130 7904 PDRFRAME - ok

22:29:55.0146 7904 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys

22:29:55.0240 7904 perc2 - ok

22:29:55.0255 7904 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys

22:29:55.0365 7904 perc2hib - ok

22:29:55.0396 7904 [ DA86016F0672ADA925F589EDE715F185 ] pfc C:\WINDOWS\system32\drivers\pfc.sys

22:29:55.0427 7904 pfc ( UnsignedFile.Multi.Generic ) - warning

22:29:55.0427 7904 pfc - detected UnsignedFile.Multi.Generic (1)

22:29:55.0443 7904 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

22:29:55.0458 7904 PlugPlay - ok

22:29:55.0505 7904 [ 831883B107684301F48ACE752C963984 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe

22:29:55.0505 7904 PnkBstrA - ok

22:29:55.0521 7904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

22:29:55.0615 7904 PolicyAgent - ok

22:29:55.0662 7904 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

22:29:55.0771 7904 PptpMiniport - ok

22:29:55.0802 7904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

22:29:55.0896 7904 ProtectedStorage - ok

22:29:55.0896 7904 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

22:29:56.0021 7904 PSched - ok

22:29:56.0052 7904 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys

22:29:56.0068 7904 PSI - ok

22:29:56.0099 7904 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

22:29:56.0208 7904 Ptilink - ok

22:29:56.0240 7904 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

22:29:56.0240 7904 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

22:29:56.0240 7904 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

22:29:56.0271 7904 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys

22:29:56.0365 7904 ql1080 - ok

22:29:56.0380 7904 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

22:29:56.0490 7904 Ql10wnt - ok

22:29:56.0505 7904 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys

22:29:56.0599 7904 ql12160 - ok

22:29:56.0615 7904 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys

22:29:56.0693 7904 ql1240 - ok

22:29:56.0724 7904 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys

22:29:56.0833 7904 ql1280 - ok

22:29:56.0865 7904 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

22:29:56.0958 7904 RasAcd - ok

22:29:56.0990 7904 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

22:29:57.0099 7904 RasAuto - ok

22:29:57.0115 7904 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

22:29:57.0208 7904 Rasl2tp - ok

22:29:57.0255 7904 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

22:29:57.0365 7904 RasMan - ok

22:29:57.0365 7904 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

22:29:57.0458 7904 RasPppoe - ok

22:29:57.0474 7904 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

22:29:57.0552 7904 Raspti - ok

22:29:57.0599 7904 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

22:29:57.0693 7904 Rdbss - ok

22:29:57.0708 7904 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

22:29:57.0818 7904 RDPCDD - ok

22:29:57.0833 7904 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

22:29:57.0943 7904 rdpdr - ok

22:29:57.0974 7904 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

22:29:58.0037 7904 RDPWD - ok

22:29:58.0083 7904 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

22:29:58.0193 7904 RDSessMgr - ok

22:29:58.0224 7904 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

22:29:58.0333 7904 redbook - ok

22:29:58.0365 7904 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

22:29:58.0474 7904 RemoteAccess - ok

22:29:58.0505 7904 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

22:29:58.0615 7904 RemoteRegistry - ok

22:29:58.0646 7904 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

22:29:58.0755 7904 RpcLocator - ok

22:29:58.0787 7904 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

22:29:58.0802 7904 RpcSs - ok

22:29:58.0802 7904 RPSKT - ok

22:29:58.0833 7904 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

22:29:58.0927 7904 RSVP - ok

22:29:58.0943 7904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

22:29:59.0037 7904 SamSs - ok

22:29:59.0193 7904 [ 18530D2F605F1EC48CA20A7B184CCBCC ] SBAMSvc C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe

22:29:59.0302 7904 SBAMSvc - ok

22:29:59.0349 7904 [ 62BA65CC0B4A4BD1EAFF5FED6E2B5069 ] sbaphd C:\WINDOWS\system32\drivers\sbaphd.sys

22:29:59.0349 7904 sbaphd - ok

22:29:59.0396 7904 [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] sbapifs C:\WINDOWS\system32\drivers\sbapifs.sys

22:29:59.0412 7904 sbapifs - ok

22:29:59.0443 7904 [ 2815772894855506E94008CC0E602738 ] SBPIMSvc C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe

22:29:59.0458 7904 SBPIMSvc - ok

22:29:59.0505 7904 [ D03A8CCA8BFA82CBF12A87326EBFE258 ] SBRE C:\WINDOWS\system32\drivers\SBREDrv.sys

22:29:59.0505 7904 SBRE - ok

22:29:59.0552 7904 [ 451626248828CD323D2F47300EA77AF5 ] SbTis C:\WINDOWS\system32\drivers\sbtis.sys

22:29:59.0568 7904 SbTis - ok

22:29:59.0599 7904 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

22:29:59.0724 7904 SCardSvr - ok

22:29:59.0755 7904 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

22:29:59.0880 7904 Schedule - ok

22:29:59.0927 7904 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

22:29:59.0974 7904 Secdrv - ok

22:30:00.0021 7904 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

22:30:00.0130 7904 seclogon - ok

22:30:00.0224 7904 [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe

22:30:00.0318 7904 Secunia PSI Agent - ok

22:30:00.0380 7904 [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe

22:30:00.0412 7904 Secunia Update Agent - ok

22:30:00.0443 7904 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

22:30:00.0537 7904 SENS - ok

22:30:00.0583 7904 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

22:30:00.0662 7904 serenum - ok

22:30:00.0693 7904 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

22:30:00.0787 7904 Serial - ok

22:30:00.0818 7904 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

22:30:00.0927 7904 Sfloppy - ok

22:30:00.0974 7904 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

22:30:01.0099 7904 SharedAccess - ok

22:30:01.0115 7904 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

22:30:01.0130 7904 ShellHWDetection - ok

22:30:01.0130 7904 Simbad - ok

22:30:01.0162 7904 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys

22:30:01.0255 7904 sisagp - ok

22:30:01.0287 7904 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys

22:30:01.0349 7904 Sparrow - ok

22:30:01.0380 7904 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

22:30:01.0490 7904 splitter - ok

22:30:01.0505 7904 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

22:30:01.0552 7904 Spooler - ok

22:30:01.0583 7904 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

22:30:01.0630 7904 sr - ok

22:30:01.0662 7904 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

22:30:01.0724 7904 srservice - ok

22:30:01.0740 7904 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

22:30:01.0771 7904 Srv - ok

22:30:01.0818 7904 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

22:30:01.0896 7904 SSDPSRV - ok

22:30:01.0958 7904 [ 797FCC1D859B203958E915BB82528DA9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys

22:30:02.0068 7904 STHDA - ok

22:30:02.0115 7904 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

22:30:02.0240 7904 stisvc - ok

22:30:02.0287 7904 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

22:30:02.0365 7904 swenum - ok

22:30:02.0396 7904 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

22:30:02.0490 7904 swmidi - ok

22:30:02.0505 7904 SwPrv - ok

22:30:02.0521 7904 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys

22:30:02.0615 7904 symc810 - ok

22:30:02.0646 7904 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys

22:30:02.0740 7904 symc8xx - ok

22:30:02.0771 7904 [ C5EAFB6A8C73FB26B73EE613C1A5AEF6 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

22:30:02.0787 7904 SymEvent - ok

22:30:02.0802 7904 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys

22:30:02.0896 7904 sym_hi - ok

22:30:02.0896 7904 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys

22:30:02.0990 7904 sym_u3 - ok

22:30:03.0005 7904 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

22:30:03.0130 7904 sysaudio - ok

22:30:03.0162 7904 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

22:30:03.0271 7904 SysmonLog - ok

22:30:03.0302 7904 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

22:30:03.0412 7904 TapiSrv - ok

22:30:03.0458 7904 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

22:30:03.0474 7904 Tcpip - ok

22:30:03.0505 7904 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

22:30:03.0615 7904 TDPIPE - ok

22:30:03.0646 7904 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

22:30:03.0740 7904 TDTCP - ok

22:30:03.0771 7904 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

22:30:03.0865 7904 TermDD - ok

22:30:03.0912 7904 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

22:30:04.0037 7904 TermService - ok

22:30:04.0052 7904 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

22:30:04.0068 7904 Themes - ok

22:30:04.0099 7904 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

22:30:04.0177 7904 TlntSvr - ok

22:30:04.0208 7904 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys

22:30:04.0287 7904 TosIde - ok

22:30:04.0302 7904 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

22:30:04.0427 7904 TrkWks - ok

22:30:04.0474 7904 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

22:30:04.0552 7904 Udfs - ok

22:30:04.0583 7904 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys

22:30:04.0646 7904 ultra - ok

22:30:04.0693 7904 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

22:30:04.0787 7904 Update - ok

22:30:04.0818 7904 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

22:30:04.0896 7904 upnphost - ok

22:30:04.0927 7904 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

22:30:05.0037 7904 UPS - ok

22:30:05.0083 7904 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

22:30:05.0130 7904 USBAAPL - ok

22:30:05.0162 7904 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

22:30:05.0255 7904 usbccgp - ok

22:30:05.0287 7904 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

22:30:05.0396 7904 usbehci - ok

22:30:05.0427 7904 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

22:30:05.0505 7904 usbhub - ok

22:30:05.0537 7904 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

22:30:05.0662 7904 usbprint - ok

22:30:05.0677 7904 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

22:30:05.0771 7904 usbscan - ok

22:30:05.0802 7904 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

22:30:05.0912 7904 USBSTOR - ok

22:30:05.0943 7904 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

22:30:06.0037 7904 usbuhci - ok

22:30:06.0068 7904 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

22:30:06.0162 7904 VgaSave - ok

22:30:06.0193 7904 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys

22:30:06.0287 7904 viaagp - ok

22:30:06.0318 7904 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys

22:30:06.0412 7904 ViaIde - ok

22:30:06.0427 7904 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

22:30:06.0537 7904 VolSnap - ok

22:30:06.0568 7904 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

22:30:06.0646 7904 VSS - ok

22:30:06.0677 7904 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll

22:30:06.0771 7904 w32time - ok

22:30:06.0818 7904 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

22:30:06.0927 7904 Wanarp - ok

22:30:06.0927 7904 WDICA - ok

22:30:06.0958 7904 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

22:30:07.0052 7904 wdmaud - ok

22:30:07.0083 7904 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

22:30:07.0193 7904 WebClient - ok

22:30:07.0271 7904 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

22:30:07.0396 7904 winmgmt - ok

22:30:07.0427 7904 [ BC3ECBCB40147BDAE3AD2FD0B4B346D8 ] WmBEnum C:\WINDOWS\system32\drivers\WmBEnum.sys

22:30:07.0458 7904 WmBEnum - ok

22:30:07.0505 7904 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

22:30:07.0583 7904 WmdmPmSN - ok

22:30:07.0599 7904 [ 19F9881D8B3484FEDB605D0216876898 ] WmFilter C:\WINDOWS\system32\drivers\WmFilter.sys

22:30:07.0646 7904 WmFilter - ok

22:30:07.0677 7904 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

22:30:07.0724 7904 Wmi - ok

22:30:07.0755 7904 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

22:30:07.0880 7904 WmiApSrv - ok

22:30:07.0974 7904 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

22:30:08.0052 7904 WMPNetworkSvc - ok

22:30:08.0099 7904 [ 7A51545A6409A25EEDBDBD97D019E8CC ] WmVirHid C:\WINDOWS\system32\drivers\WmVirHid.sys

22:30:08.0146 7904 WmVirHid - ok

22:30:08.0162 7904 [ 1F083B3BC73017E60C3CA85CF4A70753 ] WmXlCore C:\WINDOWS\system32\drivers\WmXlCore.sys

22:30:08.0177 7904 WmXlCore - ok

22:30:08.0208 7904 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

22:30:08.0318 7904 WS2IFSL - ok

22:30:08.0349 7904 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

22:30:08.0474 7904 wscsvc - ok

Link to post
Share on other sites

OK....please do this >

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-08-29.03 - Chris Jacobs 29/08/2012 22:01:26.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1307 [GMT -4:00]

Running from: c:\documents and settings\Chris Jacobs\Desktop\ComboFix.exe

AV: GFI Software VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

AV: Norton Security Online *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Online *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Aidan Jacobs\Application Data\alot

c:\documents and settings\Aidan Jacobs\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

c:\documents and settings\Aidan Jacobs\WINDOWS

c:\documents and settings\Alison Jacobs\WINDOWS

c:\documents and settings\All Users\Application Data\shs_setup_4059-354328.exe

c:\documents and settings\Chris Jacobs\WINDOWS

c:\documents and settings\Hannah Jacobs\Application Data\alot

c:\documents and settings\Hannah Jacobs\WINDOWS

c:\program files\Common Files\Uninstall

c:\windows\system32\ndisapi.dll

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 )))))))))))))))))))))))))))))))

.

.

2012-08-29 02:32 . 2012-08-29 02:32 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-21 19:43 . 2012-08-21 19:43 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2012-08-17 02:28 . 2012-08-17 02:28 -------- d-----w- c:\documents and settings\Chris Jacobs\Local Settings\Application Data\Mozilla

2012-08-17 02:28 . 2012-08-17 02:28 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-08-16 20:40 . 2012-08-16 20:40 -------- d-----w- c:\program files\Common Files\Nancy Drew Prerequisites

2012-08-15 03:15 . 2012-08-15 03:15 -------- d--h--w- c:\windows\PIF

2012-08-15 01:11 . 2012-08-15 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-08-15 01:11 . 2012-08-15 01:14 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-08-15 00:47 . 2012-08-15 00:47 -------- d-----w- c:\documents and settings\Katherine Jacobs\Application Data\Canon Easy-WebPrint EX

2012-08-14 04:01 . 2012-08-14 04:01 -------- d-----w- c:\program files\Common Files\Java

2012-08-14 04:01 . 2012-08-14 04:01 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-14 04:01 . 2012-08-14 04:01 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-08-14 03:58 . 2012-08-14 03:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll

2012-08-14 03:58 . 2012-08-14 03:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll

2012-08-14 03:58 . 2012-08-14 03:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll

2012-08-14 03:58 . 2012-08-14 03:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll

2012-08-14 03:58 . 2012-08-14 03:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll

2012-08-14 03:58 . 2012-08-14 03:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll

2012-08-14 03:58 . 2012-08-14 03:58 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll

2012-08-14 03:58 . 2012-08-14 03:58 -------- d-----w- c:\program files\QuickTime

2012-08-14 03:45 . 2012-08-14 03:45 -------- d-----w- c:\program files\iPod

2012-08-14 03:40 . 2012-08-14 03:40 -------- d-----w- c:\program files\Bonjour

2012-08-14 03:00 . 2012-08-14 03:00 -------- d-----w- c:\documents and settings\Chris Jacobs\Local Settings\Application Data\Secunia PSI

2012-08-14 03:00 . 2012-08-14 03:00 -------- d-----w- c:\program files\Secunia

2012-08-14 00:23 . 2012-08-14 00:23 -------- d-----w- c:\program files\WiseConvert

2012-08-10 16:12 . 2012-08-10 16:12 -------- d-----w- c:\program files\Common Files\xing shared

2012-08-01 01:07 . 2012-08-01 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\f91280

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-29 11:29 . 2012-08-29 11:29 19674 ----a-w- C:\TDSSKiller.2.8.8.0_28.08.2012_22.28.23_log.zip

2012-08-29 02:33 . 2004-08-04 05:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys

2012-08-14 04:01 . 2011-04-19 02:37 472840 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-14 03:32 . 2012-03-30 00:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-14 03:32 . 2011-06-22 21:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-10 16:12 . 2003-02-21 10:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-08-10 14:09 . 2011-04-17 03:58 114 ----a-w- c:\documents and settings\Chris Jacobs\Application Data\netstat.bat

2012-07-06 13:58 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05 . 2005-08-16 10:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 17:46 . 2011-04-17 21:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:40 . 2005-08-16 10:18 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49 . 2005-08-16 10:18 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec

2012-06-05 15:50 . 2008-09-12 20:46 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2005-08-16 10:18 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 21:35 . 2008-09-10 06:10 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32 . 2005-08-16 10:18 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19 . 2007-06-18 22:16 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19 . 2007-06-18 22:16 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19 . 2005-08-16 10:40 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 19:19 . 2005-08-16 10:40 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 19:19 . 2005-08-16 10:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19 . 2007-06-18 22:16 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19 . 2005-08-16 10:40 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 19:19 . 2005-08-16 10:40 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 19:19 . 2005-08-16 10:18 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 19:19 . 2005-05-26 10:16 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 19:19 . 2007-06-18 22:16 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:19 . 2005-08-16 10:40 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 19:19 . 2005-08-16 10:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 19:18 . 2008-09-10 06:10 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18 . 2008-09-10 06:10 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-07-14 00:17 . 2012-08-17 02:28 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-11 98304]

"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]

"YeppStudioAgent"="c:\program files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-09-12 40960]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]

"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"SBAMTray"="c:\program files\GFI Software\VIPRE\SBAMTray.exe" [2012-05-02 3050848]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-08-10 296096]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\Digital Display\\KodakDigitalDisplaySoftware.exe"=

"c:\\Program Files\\Kodak\\Digital Display\\OrbKodakLauncher\\DllStartupService.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1324:UDP"= 1324:UDP:Windows Media Format SDK (iexplore.exe)

"1325:UDP"= 1325:UDP:Windows Media Format SDK (iexplore.exe)

.

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [13/07/2012 8:56 PM 21240]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [25/01/2012 10:21 PM 101112]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [25/08/2010 9:50 PM 219136]

R2 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [14/05/2009 1:21 PM 98304]

R2 SBAMSvc;VIPRE Antivirus;c:\program files\GFI Software\VIPRE\SBAMSvc.exe [02/05/2012 8:59 AM 3289680]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [13/07/2012 8:56 PM 77816]

R2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\VIPRE\SBPIMSvc.exe [02/05/2012 8:58 AM 173920]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [25/07/2012 4:46 AM 681056]

S2 5576;5576;\??\c:\docume~1\CHRISJ~1\LOCALS~1\Temp\5576.sys --> c:\docume~1\CHRISJ~1\LOCALS~1\Temp\5576.sys [?]

S2 5709;5709;\??\c:\docume~1\CHRISJ~1\LOCALS~1\Temp\5709.sys --> c:\docume~1\CHRISJ~1\LOCALS~1\Temp\5709.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/05/2010 11:42 AM 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29/03/2012 8:20 PM 257224]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/02/2009 11:55 AM 101936]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [02/05/2010 11:42 AM 135664]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17/04/2011 5:40 PM 22344]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [16/08/2012 10:28 PM 113120]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 4:30 AM 15544]

S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [25/07/2012 4:46 AM 1326176]

S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/04/2011 5:40 PM 655944]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - NDISRD

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 03:32]

.

2012-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 15:42]

.

2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 15:42]

.

2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3363229072-3021304974-548893752-1007Core.job

- c:\documents and settings\Chris Jacobs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-26 03:03]

.

2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3363229072-3021304974-548893752-1007UA.job

- c:\documents and settings\Chris Jacobs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-26 03:03]

.

2012-08-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3363229072-3021304974-548893752-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]

.

2012-08-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3363229072-3021304974-548893752-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.ca/

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

Trusted Zone: brassring.com\sjobs

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: plaxo.com\www

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.0.1

Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll

Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\TurboTax 2011\ic2011pp.dll

DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab

FF - ProfilePath - c:\documents and settings\Chris Jacobs\Application Data\Mozilla\Firefox\Profiles\kxgn1snm.default\

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{e372c287-64ea-4bec-a4a6-8771b11d539b} - c:\program files\GameNutt_2s\bar\1.bin\2sSrcAs.dll

Toolbar-SITEguard - (no file)

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

HKLM-Run-Amazing3DAquariumWallpaper - (no file)

HKLM-Run-GameNutt_2s Browser Plugin Loader - c:\progra~1\GAMENU~2\bar\1.bin\2sbrmon.exe

SafeBoot-71887763.sys

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-29 22:11

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3363229072-3021304974-548893752-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:8c,1a,c4,6d,d6,71,39,bd,cf,36,70,a1,ae,e9,5a,1a,24,ff,5f,fd,3e,0b,98,

3a,cd,e9,b1,80,66,de,4d,7f,2f,ea,4a,39,10,c7,43,a4,66,e2,24,1b,a2,21,e9,f5,\

"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

.

[HKEY_USERS\S-1-5-21-3363229072-3021304974-548893752-1007\Software\SecuROM\License information*]

"datasecu"=hex:8d,fc,6d,66,69,bd,ae,84,4a,b8,0d,af,93,16,c7,41,0e,17,47,01,47,

7f,06,f5,97,0d,b3,c0,3d,2d,51,55,53,7e,2f,58,4e,1f,07,c5,af,97,b6,44,ac,ab,\

"rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(704)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(3768)

c:\windows\system32\WININET.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\system32\wscntfy.exe

c:\windows\stsystra.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2012-08-29 22:17:04 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-30 02:17

.

Pre-Run: 204,095,823,872 bytes free

Post-Run: 206,818,766,848 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - BD640721E811B83F7BC6B4FD5A3C30AE

Link to post
Share on other sites

Here is the malwarebytes log. Did not come up with any malicious files, so nothing to remove. Was it supposed to?

A quick test on google and everything seems okay. If I notice anything odd, I will let you know.

Would this virus have contributed to increased internet usage. We seem to have higher than expected usage for the past year. First thought it was kids and added use, but we do not download any HD video. Kids play on ipods, watch some utube, download some TV shows, browse the web and email. Last month we exceeded our maximum of 120GB. Any thoughts?

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.29.10

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Chris Jacobs :: KJACOBS [administrator]

29/08/2012 10:42:34 PM

mbam-log-2012-08-29 (22-42-34).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 354959

Time elapsed: 15 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Here is the malwarebytes log. Did not come up with any malicious files, so nothing to remove. Was it supposed to?

No

A quick test on google and everything seems okay. If I notice anything odd, I will let you know.

OK

Would this virus have contributed to increased internet usage. We seem to have higher than expected usage for the past year. First thought it was kids and added use, but we do not download any HD video. Kids play on ipods, watch some utube, download some TV shows, browse the web and email. Last month we exceeded our maximum of 120GB. Any thoughts?

Don't think so.

~~~~~~~~~~~~~~~~~~~

One last scan.......

Please do this:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

MrC (gone for tonight...be back in AM)

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.49

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton Security Online

GFI Software VIPRE

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Secunia PSI (3.0.0.3001)

Malwarebytes Anti-Malware version 1.62.0.1300

Java 6 Update 33

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 10.3.183.20 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (14.0.1)

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 7%

````````````````````End of Log``````````````````````

Should I uninstall ComboFix or leave it on our computer for now? There is also a folder RK_Quarantine on the desktop, may I delete the folder?

Thanks again for your help with this.

Link to post
Share on other sites

Java™ 6 Update 33 <---uninstall and install newest version

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date! <--update

Adobe Flash Player 10.3.183.20 Flash Player out of Date! <---update

Adobe Reader 9 Adobe Reader out of Date! <---update

You have out dated programs on the system which are vulnerable to malware.

Please update or delete them

Info on doing that can be found in my Preventive Maintenance below.

~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.