Jump to content

KMW

Members
  • Posts

    22
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Actually I have a question: on the Avira should it be set to scanner or guard? What is the difference?
  2. Thanks for explaining the difference. As you can tell, I don't know much about this stuff. The computer is running fine. I haven't noticed any issues. I'm still puzzled about how those two viruses 'disappeared' - they were there so long (2 months!) and MBAM could never remove them. Then one day I run it, and they are gone - not even detected, just gone. But if the system looks clean now, after all this, then I guess I'll believe it. Thanks for all your help. You really were persistent and clear in your communication.
  3. I thought that buying the protection module for MBAM was taking care of my anti-virus protection. Geez. I wish I had understood that better. I used to use Trend Micro but got rid of it when I got MBAM. OK, I downloaded and ran Avira. Here is what it said: Avira AntiVir Personal Report file date: Thursday, April 09, 2009 16:45 Scanning for 1284893 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : KAREN-FC4119C57 Version information: BUILD.DAT : 9.0.0.386 17962 Bytes 3/11/2009 15:55:00 AVSCAN.EXE : 9.0.3.3 464641 Bytes 2/24/2009 19:13:26 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 17:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 18:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 17:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 19:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 03:33:26 ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 14:41:14 ANTIVIR3.VDF : 7.1.2.127 110592 Bytes 3/5/2009 21:58:20 Engineversion : 8.2.0.100 AEVDF.DLL : 8.1.1.0 106868 Bytes 1/28/2009 00:36:42 AESCRIPT.DLL : 8.1.1.56 352634 Bytes 2/27/2009 03:01:56 AESCN.DLL : 8.1.1.7 127347 Bytes 2/12/2009 18:44:25 AERDL.DLL : 8.1.1.3 438645 Bytes 10/30/2008 01:24:41 AEPACK.DLL : 8.1.3.10 397686 Bytes 3/4/2009 20:06:10 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 03:01:56 AEHEUR.DLL : 8.1.0.100 1618295 Bytes 2/25/2009 22:49:16 AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 03:01:56 AEGEN.DLL : 8.1.1.24 336244 Bytes 3/4/2009 20:06:10 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 21:32:40 AECORE.DLL : 8.1.6.6 176501 Bytes 2/17/2009 21:22:44 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 21:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 15:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 17:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 21:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 17:32:09 AVARKT.DLL : 9.0.0.1 292609 Bytes 2/9/2009 14:52:24 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 17:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 22:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 15:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 17:32:10 RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 18:45:45 RCTEXT.DLL : 9.0.35.0 87297 Bytes 3/11/2009 22:55:12 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, F:, H:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: on Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Thursday, April 09, 2009 16:45 Initiating scan of system files: Signed -> 'C:\WINDOWS\system32\svchost.exe' Signed -> 'C:\WINDOWS\system32\winlogon.exe' Signed -> 'C:\WINDOWS\explorer.exe' Signed -> 'C:\WINDOWS\system32\smss.exe' Signed -> 'C:\WINDOWS\system32\wininet.DLL' Signed -> 'C:\WINDOWS\system32\wsock32.DLL' Signed -> 'C:\WINDOWS\system32\ws2_32.DLL' Signed -> 'C:\WINDOWS\system32\services.exe' Signed -> 'C:\WINDOWS\system32\lsass.exe' Signed -> 'C:\WINDOWS\system32\csrss.exe' Signed -> 'C:\WINDOWS\system32\drivers\kbdclass.sys' Signed -> 'C:\WINDOWS\system32\spoolsv.exe' Signed -> 'C:\WINDOWS\system32\alg.exe' Signed -> 'C:\WINDOWS\system32\wuauclt.exe' Signed -> 'C:\WINDOWS\system32\advapi32.DLL' Signed -> 'C:\WINDOWS\system32\user32.DLL' Signed -> 'C:\WINDOWS\system32\gdi32.DLL' Signed -> 'C:\WINDOWS\system32\kernel32.DLL' Signed -> 'C:\WINDOWS\system32\ntdll.DLL' Signed -> 'C:\WINDOWS\system32\ntoskrnl.exe' Signed -> 'C:\WINDOWS\system32\ctfmon.exe' The system files were scanned ('21' files) Starting search for hidden objects. '44009' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'mbamservice.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'ehSched.exe' - '1' Module(s) have been scanned Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'MEMonitor.exe' - '1' Module(s) have been scanned Scan process 'DevDtct2.exe' - '1' Module(s) have been scanned Scan process 'kmw_show.exe' - '1' Module(s) have been scanned Scan process 'dpupdchk.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'mbamgui.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'itype.exe' - '1' Module(s) have been scanned Scan process 'kmw_run.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'LCDClock.exe' - '1' Module(s) have been scanned Scan process 'LCDMedia.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'LCDMon.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 54 processes with 54 modules were scanned Starting master boot sector scan: Start scanning boot sectors: Starting to scan executable files (registry). The registry was scanned ( '54' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\System Volume Information\_restore{34A19403-3599-4E98-B6CD-42BBBDDF86A0}\RP85\A0042360.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{34A19403-3599-4E98-B6CD-42BBBDDF86A0}\RP85\A0042493.exe [DETECTION] Is the TR/Drop.Softomat.AN Trojan Begin scan in 'F:\' <New Volume> Begin scan in 'H:\' H:\Trend Micro\Internet Security 2005\Quarantine\11.tmp [0] Archive type: HIDDEN --> FIL\\\?\H:\Trend Micro\Internet Security 2005\Quarantine\11.tmp [DETECTION] Is the TR/Dldr.Small.aaq.2 Trojan H:\Trend Micro\Internet Security 2005\Quarantine\6.tmp [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.EC back-door program H:\Trend Micro\Internet Security 2005\Quarantine\8.tmp [0] Archive type: HIDDEN --> FIL\\\?\H:\Trend Micro\Internet Security 2005\Quarantine\8.tmp [DETECTION] Is the TR/Dldr.Small.aaq.2 Trojan H:\Trend Micro\Internet Security 2005\Quarantine\A.tmp [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.EC back-door program H:\Trend Micro\Internet Security 2005\Quarantine\F.tmp [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.EC back-door program H:\Program Files\Trend Micro\Internet Security 2005\Quarantine\11.tmp [0] Archive type: HIDDEN --> FIL\\\?\H:\Program Files\Trend Micro\Internet Security 2005\Quarantine\11.tmp [DETECTION] Is the TR/Dldr.Small.aaq.2 Trojan H:\Program Files\Trend Micro\Internet Security 2005\Quarantine\6.tmp [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.EC back-door program H:\Program Files\Trend Micro\Internet Security 2005\Quarantine\8.tmp [0] Archive type: HIDDEN --> FIL\\\?\H:\Program Files\Trend Micro\Internet Security 2005\Quarantine\8.tmp [DETECTION] Is the TR/Dldr.Small.aaq.2 Trojan H:\Program Files\Trend Micro\Internet Security 2005\Quarantine\A.tmp [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.EC back-door program H:\Program Files\Trend Micro\Internet Security 2005\Quarantine\F.tmp [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.EC back-door program Beginning disinfection: C:\System Volume Information\_restore{34A19403-3599-4E98-B6CD-42BBBDDF86A0}\RP85\A0042360.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4a0e8d9c.qua'! C:\System Volume Information\_restore{34A19403-3599-4E98-B6CD-42BBBDDF86A0}\RP85\A0042493.exe [DETECTION] Is the TR/Drop.Softomat.AN Trojan [NOTE] The file was moved to '4b7bf895.qua'! H:\Trend Micro\Internet Security 2005\Quarantine\11.tmp [NOTE] The file was moved to '4a0c8d9d.qua'! H:\Trend Micro\Internet Security 2005\Quarantine\6.tmp [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.EC back-door program [NOTE] The file was moved to '4a528d9a.qua'! H:\Trend Micro\Internet Security 2005\Quarantine\8.tmp [NOTE] The file was moved to '4b26e0db.qua'! H:\Trend Micro\Internet Security 2005\Quarantine\A.tmp [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.EC back-door program [NOTE] The file was moved to '4b24f14b.qua'! H:\Trend Micro\Internet Security 2005\Quarantine\F.tmp [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.EC back-door program [NOTE] The file was moved to '4b292e23.qua'! H:\Program Files\Trend Micro\Internet Security 2005\Quarantine\11.tmp [NOTE] The file was moved to '4b76166e.qua'! H:\Program Files\Trend Micro\Internet Security 2005\Quarantine\6.tmp [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.EC back-door program [NOTE] The file was moved to '4c240053.qua'! H:\Program Files\Trend Micro\Internet Security 2005\Quarantine\8.tmp [NOTE] The file was moved to '4c2a10c3.qua'! H:\Program Files\Trend Micro\Internet Security 2005\Quarantine\A.tmp [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.EC back-door program [NOTE] The file was moved to '4c2b28bb.qua'! H:\Program Files\Trend Micro\Internet Security 2005\Quarantine\F.tmp [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.EC back-door program [NOTE] The file was moved to '4c29392b.qua'! End of the scan: Thursday, April 09, 2009 17:06 Used time: 19:48 Minute(s) The scan has been done completely. 9261 Scanned directories 272710 Files were scanned 12 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted
  4. Sorry, which anti-virus program are we talking about?
  5. Here's my MBAM log: Malwarebytes' Anti-Malware 1.36 Database version: 1959 Windows 5.1.2600 Service Pack 3 4/9/2009 12:02:05 PM mbam-log-2009-04-09 (12-02-05).txt Scan type: Full Scan (C:\|F:\|) Objects scanned: 136022 Time elapsed: 24 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  6. I checked Windows Update and the machine is up to date. It seems to be running fine. No problems with either Explorer or Firefox browsers. Speed seems good. So is it safe to assume that the trojan and rootkit have been removed?
  7. OK, I ran Dial A Fix and the script you posted. Here's what I got: SERVICE_NAME: Alerter DISPLAY_NAME: Alerter TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: ALG DISPLAY_NAME: Application Layer Gateway Service TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: Apple Mobile Device DISPLAY_NAME: Apple Mobile Device TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: AppMgmt DISPLAY_NAME: Application Management TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: aspnet_state DISPLAY_NAME: ASP.NET State Service TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: AudioSrv DISPLAY_NAME: Windows Audio TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: BITS DISPLAY_NAME: Background Intelligent Transfer Service TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: Bonjour Service DISPLAY_NAME: Bonjour Service TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: Browser DISPLAY_NAME: Computer Browser TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: CiSvc DISPLAY_NAME: Indexing Service TYPE : 120 WIN32_SHARE_PROCESS (interactive) STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: ClipSrv DISPLAY_NAME: ClipBook TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: clr_optimization_v2.0.50727_32 DISPLAY_NAME: .NET Runtime Optimization Service v2.0.50727_X86 TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: COMSysApp DISPLAY_NAME: COM+ System Application TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: CryptSvc DISPLAY_NAME: Cryptographic Services TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: DcomLaunch DISPLAY_NAME: DCOM Server Process Launcher TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: Dhcp DISPLAY_NAME: DHCP Client TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: dmadmin DISPLAY_NAME: Logical Disk Manager Administrative Service TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: dmserver DISPLAY_NAME: Logical Disk Manager TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: Dnscache DISPLAY_NAME: DNS Client TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: Dot3svc DISPLAY_NAME: Wired AutoConfig TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: EapHost DISPLAY_NAME: Extensible Authentication Protocol Service TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: ehRecvr DISPLAY_NAME: Media Center Receiver Service TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: ehSched DISPLAY_NAME: Media Center Scheduler Service TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: ERSvc DISPLAY_NAME: Error Reporting Service TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: Eventlog DISPLAY_NAME: Event Log TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: EventSystem DISPLAY_NAME: COM+ Event System TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: FastUserSwitchingCompatibility DISPLAY_NAME: Fast User Switching Compatibility TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: FontCache3.0.0.0 DISPLAY_NAME: Windows Presentation Foundation Font Cache 3.0.0.0 TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: ForceWare Intelligent Application Manager (IAM) DISPLAY_NAME: ForceWare Intelligent Application Manager (IAM) TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: gusvc DISPLAY_NAME: Google Updater Service TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: helpsvc DISPLAY_NAME: Help and Support TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: HidServ DISPLAY_NAME: HID Input Service TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: hkmsvc DISPLAY_NAME: Health Key and Certificate Management Service TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: HTTPFilter DISPLAY_NAME: HTTP SSL TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: idsvc DISPLAY_NAME: Windows CardSpace TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: ImapiService DISPLAY_NAME: IMAPI CD-Burning COM Service TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: iPod Service DISPLAY_NAME: iPod Service TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: JavaQuickStarterService DISPLAY_NAME: Java Quick Starter TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: lanmanserver DISPLAY_NAME: Server TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: lanmanworkstation DISPLAY_NAME: Workstation TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: LmHosts DISPLAY_NAME: TCP/IP NetBIOS Helper TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: MBAMService DISPLAY_NAME: MBAMService TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: Messenger DISPLAY_NAME: Messenger TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: MHN DISPLAY_NAME: MHN TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: mnmsrvc DISPLAY_NAME: NetMeeting Remote Desktop Sharing TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: MSDTC DISPLAY_NAME: Distributed Transaction Coordinator TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: MSIServer DISPLAY_NAME: Windows Installer TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: napagent DISPLAY_NAME: Network Access Protection Agent TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: NetDDE DISPLAY_NAME: Network DDE TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: NetDDEdsdm DISPLAY_NAME: Network DDE DSDM TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: Netlogon DISPLAY_NAME: Net Logon TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: Netman DISPLAY_NAME: Network Connections TYPE : 120 WIN32_SHARE_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: NetTcpPortSharing DISPLAY_NAME: Net.Tcp Port Sharing Service TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: Nla DISPLAY_NAME: Network Location Awareness (NLA) TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: nSvcIp DISPLAY_NAME: ForceWare IP service TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: NtLmSsp DISPLAY_NAME: NT LM Security Support Provider TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: NtmsSvc DISPLAY_NAME: Removable Storage TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: NVSvc DISPLAY_NAME: NVIDIA Display Driver Service TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: odserv DISPLAY_NAME: Microsoft Office Diagnostics Service TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: ose DISPLAY_NAME: Office Source Engine TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: PlugPlay DISPLAY_NAME: Plug and Play TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: PolicyAgent DISPLAY_NAME: IPSEC Services TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: ProtectedStorage DISPLAY_NAME: Protected Storage TYPE : 120 WIN32_SHARE_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: RasAuto DISPLAY_NAME: Remote Access Auto Connection Manager TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: RasMan DISPLAY_NAME: Remote Access Connection Manager TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: RDSessMgr DISPLAY_NAME: Remote Desktop Help Session Manager TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: RemoteAccess DISPLAY_NAME: Routing and Remote Access TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: RemoteRegistry DISPLAY_NAME: Remote Registry TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: RpcLocator DISPLAY_NAME: Remote Procedure Call (RPC) Locator TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: RpcSs DISPLAY_NAME: Remote Procedure Call (RPC) TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: RSVP DISPLAY_NAME: QoS RSVP TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: SamSs DISPLAY_NAME: Security Accounts Manager TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: SCardSvr DISPLAY_NAME: Smart Card TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: Schedule DISPLAY_NAME: Task Scheduler TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: seclogon DISPLAY_NAME: Secondary Logon TYPE : 120 WIN32_SHARE_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: SENS DISPLAY_NAME: System Event Notification TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: SharedAccess DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS) TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: ShellHWDetection DISPLAY_NAME: Shell Hardware Detection TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: Spooler DISPLAY_NAME: Print Spooler TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: srservice DISPLAY_NAME: System Restore Service TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: SSDPSRV DISPLAY_NAME: SSDP Discovery Service TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: stisvc DISPLAY_NAME: Windows Image Acquisition (WIA) TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: SwPrv DISPLAY_NAME: MS Software Shadow Copy Provider TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: SysmonLog DISPLAY_NAME: Performance Logs and Alerts TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: TapiSrv DISPLAY_NAME: Telephony TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: TermService DISPLAY_NAME: Terminal Services TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: Themes DISPLAY_NAME: Themes TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: TlntSvr DISPLAY_NAME: Telnet TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: TrkWks DISPLAY_NAME: Distributed Link Tracking Client TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: UMWdf DISPLAY_NAME: Windows User Mode Driver Framework TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: upnphost DISPLAY_NAME: Universal Plug and Play Device Host TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: UPS DISPLAY_NAME: Uninterruptible Power Supply TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: VSS DISPLAY_NAME: Volume Shadow Copy TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: W32Time DISPLAY_NAME: Windows Time TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: WebClient DISPLAY_NAME: WebClient TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: winmgmt DISPLAY_NAME: Windows Management Instrumentation TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: WmdmPmSN DISPLAY_NAME: Portable Media Serial Number Service TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: Wmi DISPLAY_NAME: Windows Management Instrumentation Driver Extensions TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: WmiApSrv DISPLAY_NAME: WMI Performance Adapter TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: wscsvc DISPLAY_NAME: Security Center TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: wuauserv DISPLAY_NAME: Automatic Updates TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: WZCSVC DISPLAY_NAME: Wireless Zero Configuration TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: xmlprov DISPLAY_NAME: Network Provisioning Service TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0
  8. I did reboot the computer after I saved the reg file. I've been saving everything basically! I looked in the Application and System logs as you asked. In the application logs, I repeatedly get this error - it looks like it happens when the computer is booted: Error 4/5/2009 10:33:59 AM Media Center Phone Service None 8 N/A KAREN-FC4119C57 I also get these errors/warnings repeatedly: Error 4/4/2009 12:02:23 AM Application Hang (101) 1002 N/A KAREN-FC4119C57 Error 4/2/2009 10:13:55 AM Application Error None 1000 N/A KAREN-FC4119C57 Warning 3/31/2009 4:39:02 PM System.ServiceModel.Install 3.0.0.0 None 0 N/A KAREN-FC4119C57 Warning 3/31/2009 4:38:48 PM ASP.NET 2.0.50727.0 Setup 1020 N/A KAREN-FC4119C57 From the system log I got these: Error 4/7/2009 9:32:14 AM Service Control Manager None 7034 N/A KAREN-FC4119C57 Error 4/7/2009 9:32:13 AM Service Control Manager None 7031 N/A KAREN-FC4119C57 Warning 4/6/2009 9:07:18 AM Dhcp None 1003 N/A KAREN-FC4119C57 Error 4/5/2009 8:02:59 PM Service Control Manager None 7001 N/A KAREN-FC4119C57 (this error occurred dozens of times some days, usually within seconds of each other) Warning 4/3/2009 11:15:52 PM W32Time None 36 N/A KAREN-FC4119C57 So what does it all mean?
  9. DDS log: DDS (Ver_09-03-16.01) - NTFSx86 Run by Karen at 10:05:39.90 on Tue 04/07/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1622 [GMT -7:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\kmw_run.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\WINDOWS\system32\KMW_SHOW.EXE C:\Program Files\Sprint Instinct Applications\MEMonitor.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Documents and Settings\Karen\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [Launch LCDMon] "c:\program files\common files\logitech\lcd manager\lcdmon.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [updReg] c:\windows\UpdReg.EXE mRun: [P17Helper] Rundll32 P17.dll,P17Helper mRun: [kmw_run.exe] kmw_run.exe mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\karen\startm~1\programs\startup\sprint~1.lnk - c:\windows\RM.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\nvappfilter.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\karen\applic~1\mozilla\firefox\profiles\3s8kts0g.default\ FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ ============= SERVICES / DRIVERS =============== R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-2 179856] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-2 15504] =============== Created Last 30 ================ 2009-04-07 10:05 7,304 a------- c:\windows\TMP0001.TMP 2009-04-07 09:31 <DIR> --d----- C:\ComboFix 2009-04-06 09:21 <DIR> --d----- C:\RootRepeal 2009-04-06 09:00 73,728 a------- c:\windows\system32\javacpl.cpl 2009-04-06 08:48 <DIR> --d----- c:\program files\CCleaner 2009-04-05 09:25 <DIR> a-dshr-- C:\cmdcons 2009-04-05 09:23 161,792 a------- c:\windows\SWREG.exe 2009-04-05 09:23 98,816 a------- c:\windows\sed.exe 2009-04-01 07:26 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat 2009-03-31 16:37 <DIR> --d----- c:\windows\system32\XPSViewer 2009-03-31 16:36 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll 2009-03-31 16:36 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-03-31 16:36 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll 2009-03-31 16:36 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-03-31 16:36 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-03-31 16:36 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-03-31 16:36 117,760 -------- c:\windows\system32\prntvpt.dll 2009-03-20 23:40 127 a------- c:\windows\system32\MRT.INI 2009-03-20 11:57 <DIR> --d----- c:\program files\Trend Micro 2009-03-19 10:41 <DIR> --d----- c:\program files\iPod 2009-03-19 10:41 <DIR> --d----- c:\program files\iTunes 2009-03-19 10:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-19 10:40 <DIR> --d----- c:\program files\Bonjour ==================== Find3M ==================== 2009-04-06 09:00 410,984 a------- c:\windows\system32\deploytk.dll 2009-03-26 16:49 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 16:49 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys 2009-01-07 11:28 453,152 a------- c:\windows\system32\NVUNINST.EXE 2008-04-09 21:03 59,782,440 a------- c:\program files\iTunesSetup.exe 2008-09-13 08:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091320080914\index.dat ============= FINISH: 10:05:58.04 ===============
  10. I am posting the new ComboFix and DDS logs below. As for your question about performance, the machine has actually been running fine. My main issue had been problems running Explorer - windows opening and closing by themselves, pop-ups, etc - but that seems to have disappeared even before the rootkit and trojan were removed (or hid deeper, whatever the case may be). Otherwise, the computer runs fine, no slow downs or other issues. My main question/issue is, are these two viruses really off my machine or can MBAM just not find them any more? By the way, I tried a number of other anti-virus software before MBAM and none of them could even detect the viruses! Also, just wanted to say thanks for all your help in this issue. ComboFix: ComboFix 09-04-04.01 - Karen 2009-04-07 9:32:15.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1585 [GMT -7:00] Running from: c:\documents and settings\Karen\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Karen\Desktop\CFscript.txt * Created a new restore point FILE :: c:\windows\system32\gizilalu.dll c:\windows\system32\kuzeyogi.dll c:\windows\system32\lesufuya.dll c:\windows\system32\sazujimo.dll c:\windows\TMP0001.TMP . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\gizilalu.dll c:\windows\system32\sazujimo.dll c:\windows\TMP0001.TMP . ((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 ))))))))))))))))))))))))))))))) . 2009-04-06 09:21 . 2009-04-06 09:32 <DIR> d-------- C:\RootRepeal 2009-04-06 09:00 . 2009-04-06 09:00 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-04-06 08:48 . 2009-04-06 08:48 <DIR> d-------- c:\program files\CCleaner 2009-04-01 07:26 . 2009-01-09 12:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat 2009-03-31 16:37 . 2009-03-31 16:37 <DIR> d-------- c:\windows\system32\XPSViewer 2009-03-31 16:37 . 2009-03-31 16:37 <DIR> d-------- c:\program files\Reference Assemblies 2009-03-31 16:37 . 2009-03-31 16:37 <DIR> d-------- c:\program files\MSBuild 2009-03-31 16:36 . 2008-07-06 05:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll 2009-03-31 16:36 . 2008-07-06 05:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll 2009-03-31 16:36 . 2008-07-06 03:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-03-31 16:36 . 2008-07-06 05:06 575,488 --------- c:\windows\system32\xpsshhdr.dll 2009-03-31 16:36 . 2008-07-06 05:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll 2009-03-31 16:36 . 2008-07-06 05:06 117,760 --------- c:\windows\system32\prntvpt.dll 2009-03-31 16:36 . 2008-07-06 05:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-03-20 23:40 . 2009-03-20 23:40 127 --a------ c:\windows\system32\MRT.INI 2009-03-20 11:57 . 2009-03-20 11:57 <DIR> d-------- c:\program files\Trend Micro 2009-03-19 10:41 . 2009-03-19 10:41 <DIR> d-------- c:\program files\iTunes 2009-03-19 10:41 . 2009-03-19 10:41 <DIR> d-------- c:\program files\iPod 2009-03-19 10:41 . 2009-03-19 10:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-19 10:40 . 2009-03-19 10:40 <DIR> d-------- c:\program files\Bonjour . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-07 16:34 7,304 ----a-w c:\windows\TMP0001.TMP 2009-04-07 16:21 --------- d--h--w c:\program files\InstallShield Installation Information 2009-04-06 15:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-06 04:32 --------- d-----w c:\program files\City of Heroes 2009-04-03 20:12 --------- d-----w c:\documents and settings\Karen\Application Data\Canon 2009-03-28 18:23 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-26 23:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 23:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-19 17:40 --------- d-----w c:\program files\Common Files\Apple 2009-03-08 16:14 --------- d-----w c:\documents and settings\Karen\Application Data\U3 2009-02-24 16:57 --------- d-----w c:\program files\QuickTime 2009-02-21 23:30 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-12 18:59 --------- d-----w c:\program files\Panda Security 2008-04-10 04:03 59,782,440 ----a-w c:\program files\iTunesSetup.exe 2008-09-13 15:54 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091320080914\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-04-05_ 9.30.02.03 ))))))))))))))))))))))))))))))))))))))))) . - 2009-02-06 04:01:27 410,984 ----a-w c:\windows\system32\deploytk.dll + 2009-04-06 16:00:00 410,984 ----a-w c:\windows\system32\deploytk.dll - 2009-02-06 04:01:28 144,792 ----a-w c:\windows\system32\java.exe + 2009-04-06 16:00:00 144,792 ----a-w c:\windows\system32\java.exe - 2009-02-06 04:01:28 144,792 ----a-w c:\windows\system32\javaw.exe + 2009-04-06 16:00:00 144,792 ----a-w c:\windows\system32\javaw.exe - 2009-02-06 04:01:28 148,888 ----a-w c:\windows\system32\javaws.exe + 2009-04-06 16:00:00 148,888 ----a-w c:\windows\system32\javaws.exe + 2009-04-07 16:35:04 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6d4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-16 68856] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2006-07-18 549376] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-03-26 401040] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-06 148888] "nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe] "P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll] "kmw_run.exe"="kmw_run.exe" [2002-12-23 c:\windows\system32\kmw_run.exe] c:\documents and settings\Karen\Start Menu\Programs\Startup\ Sprint media monitor.lnk - c:\windows\RM.exe [2008-08-11 222552] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-04-25 118784] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"= "c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"= "c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-01-02 179856] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-01-02 15504] . Contents of the 'Scheduled Tasks' folder 2009-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-04-07 c:\windows\Tasks\Malwarebytes' Scheduled Update for Karen.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-03-26 16:49] 2009-04-06 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job - c:\program files\Microsoft IntelliType Pro\itype.exe [2007-08-31 12:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\nvappfilter.dll FF - ProfilePath - c:\documents and settings\Karen\Application Data\Mozilla\Firefox\Profiles\3s8kts0g.default\ FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-07 09:35:14 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1123561945-746137067-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:d8,56,b3,9b,5a,aa,7d,51,fb,7e,cb,48,ac,f1,f3,41,c9,b4,79,ad,7f,95,31, 10,68,ff,bd,e3,47,ce,25,b2,32,73,55,36,2c,11,c9,e5,95,62,b0,7d,a2,db,b2,97,\ "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(952) c:\windows\system32\nvappfilter.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehRecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe c:\windows\system32\dllhost.exe c:\program files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe c:\program files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\windows\ehome\ehmsas.exe c:\program files\Microsoft IntelliType Pro\dpupdchk.exe c:\windows\system32\kmw_show.exe c:\program files\Sprint Instinct Applications\MEMonitor.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-04-07 9:37:24 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-07 16:37:21 ComboFix2.txt 2009-04-05 16:30:25 Pre-Run: 96,435,789,824 bytes free Post-Run: 96,421,429,248 bytes free 186 --- E O F --- 2009-04-02 14:45:43
  11. Bootlog: ervice Pack 3 4 6 2009 09:48:44.125 Loaded driver \WINDOWS\system32\ntkrnlpa.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver ACPI.sys Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver ohci1394.sys Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS Loaded driver pciide.sys Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver dmload.sys Loaded driver dmio.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver disk.sys Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver PxHelp20.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver Mup.sys Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys Loaded driver \SystemRoot\system32\DRIVERS\serial.sys Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys Loaded driver \SystemRoot\system32\DRIVERS\usbohci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\system32\DRIVERS\nic1394.sys Loaded driver \SystemRoot\system32\DRIVERS\ctoss2k.sys Loaded driver \SystemRoot\system32\DRIVERS\ctsfm2k.sys Loaded driver \SystemRoot\system32\drivers\P17.sys Loaded driver \SystemRoot\system32\DRIVERS\nvnetbus.sys Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\system32\DRIVERS\psched.sys Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys Loaded driver \SystemRoot\system32\DRIVERS\update.sys Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\system32\DRIVERS\NVENETFD.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Did not load driver \SystemRoot\system32\DRIVERS\i8042prt.sys Did not load driver \SystemRoot\system32\DRIVERS\kbdhid.sys Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\ws2ifsl.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\system32\DRIVERS\arp1394.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys Loaded driver \SystemRoot\system32\DRIVERS\KMW_USB.sys Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys Loaded driver \SystemRoot\system32\DRIVERS\KMW_SYS.sys Loaded driver \SystemRoot\system32\drivers\usbaudio.sys Loaded driver \SystemRoot\system32\DRIVERS\usbscan.sys Loaded driver \SystemRoot\system32\DRIVERS\usbprint.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys Loaded driver \SystemRoot\System32\DRIVERS\KMW_KBD.sys Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys Did not load driver \SystemRoot\System32\Drivers\Parport.SYS Loaded driver \??\C:\WINDOWS\system32\drivers\mbam.sys Loaded driver \SystemRoot\system32\DRIVERS\srv.sys Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys
  12. Rootrepeal: ROOTREPEAL © AD, 2007-2008 ================================================== Scan Time: 2009/04/06 09:27 Program Version: Version 1.2.3.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB3C53000 Size: 98304 File Visible: No Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA5D0000 Size: 8192 File Visible: No Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB0FAF000 Size: 45056 File Visible: No Status: - Hidden/Locked Files ------------------- Path: C:\Documents and Settings\Karen\Local Settings\Temp\etilqs_Bw73eZmNYBuaLf5B0ntX Status: Allocation size mismatch (API: 32768, Raw: 0) Path: C:\Documents and Settings\Karen\Application Data\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρϴϱЄϱЃϵϳЅ Status: Locked to the Windows API! Path: C:\Documents and Settings\Karen\Application Data\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρЂϻϵЉЃϵϳЅ Status: Locked to the Windows API! SSDT ------------------- #: 050 Function Name: NtCreateSection Status: Hooked by "C:\WINDOWS\system32\drivers\mbam.sys" at address 0xb1703fe0 ________________________________________________________________________________ __
  13. Attach.txt: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-03-16.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/25/2008 10:40:07 AM System Uptime: 4/6/2009 9:06:55 AM (0 hours ago) Motherboard: EVGA | | 132-CK-NF78 Processor: Intel® Core2 Extreme CPU Q6850 @ 3.00GHz | Socket 775 | 3333/333mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 140 GiB total, 79.28 GiB free. D: is CDROM () E: is CDROM () F: is FIXED (NTFS) - 298 GiB total, 295.51 GiB free. H: is FIXED (FAT32) - 76 GiB total, 13.498 GiB free. ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1: 3/25/2008 10:44:44 AM - System Checkpoint RP2: 3/25/2008 10:56:31 AM - Installed NVIDIA ForceWare Network Access Manager RP3: 3/25/2008 11:26:36 AM - Installed Sound Blaster Audigy RP4: 3/25/2008 11:26:48 AM - Installed Windows Media Format Runtime RP5: 3/25/2008 11:27:23 AM - Installed Creative Restore Defaults RP6: 3/25/2008 11:28:56 AM - Installed Creative Software AutoUpdate RP7: 3/25/2008 11:33:50 AM - Installed DirectX RP8: 3/25/2008 11:34:10 AM - Installed Microsoft Visual C++ 2005 Redistributable RP9: 3/27/2008 10:27:19 AM - System Checkpoint RP10: 4/3/2008 10:48:57 AM - Unsigned driver install RP11: 4/8/2008 4:17:28 PM - Software Distribution Service 3.0 RP12: 4/8/2008 4:40:57 PM - Installed Windows Installer KB893803v2. RP13: 4/8/2008 4:41:08 PM - Removed MSXML 6.0 Parser RP14: 4/8/2008 4:43:28 PM - Installed Logitech Z-series Software 1.03 RP15: 4/8/2008 6:45:06 PM - Installed Trend Micro Internet Security RP16: 4/8/2008 7:01:03 PM - Installed BioShock RP17: 4/8/2008 7:10:57 PM - Installed DirectX RP18: 4/8/2008 7:11:41 PM - Removed Microsoft Visual C++ 2005 Redistributable RP19: 4/8/2008 8:55:20 PM - Installed Mids' Hero Designer RP20: 4/8/2008 10:09:17 PM - Software Distribution Service 3.0 RP21: 4/9/2008 5:37:02 PM - Installed Microsoft Office Home and Student 2007 RP22: 4/9/2008 5:39:33 PM - Printer Driver Send To Microsoft OneNote Driver Installed RP23: 4/9/2008 9:05:27 PM - Installed iTunes RP24: 4/10/2008 9:09:53 PM - Installed Steam RP25: 4/10/2008 9:25:20 PM - Installed Half-Life® 2 RP26: 4/10/2008 9:27:50 PM - Removed Steam RP27: 4/10/2008 9:51:24 PM - Software Distribution Service 3.0 RP28: 4/12/2008 11:03:52 PM - Software Distribution Service 3.0 RP29: 4/13/2008 6:03:32 PM - Installed Solution Disk RP30: 4/19/2008 10:56:14 PM - Installed VidiotMaps Map Overlay RP31: 4/25/2008 12:08:29 PM - Installed Olympus Digital Wave Player RP32: 4/25/2008 12:13:55 PM - Unsigned driver install RP33: 4/26/2008 8:44:21 PM - Installed Adobe Reader 8.1.2 RP34: 4/27/2008 9:26:53 AM - Software Distribution Service 3.0 RP35: 4/28/2008 7:02:17 AM - Software Distribution Service 3.0 RP36: 5/13/2008 9:37:28 PM - Software Distribution Service 3.0 RP37: 5/16/2008 6:58:29 AM - Software Distribution Service 3.0 RP38: 5/27/2008 10:06:17 PM - Software Distribution Service 3.0 RP39: 6/10/2008 9:34:48 PM - Software Distribution Service 3.0 RP40: 6/11/2008 10:46:23 PM - Software Distribution Service 3.0 RP41: 6/19/2008 9:15:14 PM - Software Distribution Service 3.0 RP42: 7/8/2008 9:29:21 PM - Software Distribution Service 3.0 RP43: 7/18/2008 6:04:13 AM - Software Distribution Service 3.0 RP44: 8/11/2008 7:32:16 PM - Installed SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 RP45: 8/14/2008 9:00:45 PM - Software Distribution Service 3.0 RP46: 8/22/2008 6:53:20 AM - Software Distribution Service 3.0 RP47: 9/10/2008 6:03:02 AM - Software Distribution Service 3.0 RP48: 9/13/2008 8:32:36 AM - Software Distribution Service 3.0 RP49: 9/13/2008 8:34:59 AM - service pack 3 RP50: 9/13/2008 8:37:48 AM - Installed Windows XP Service Pack 3. RP51: 9/13/2008 8:45:29 AM - Installed Windows XP KB938464. RP52: 9/13/2008 8:45:50 AM - Installed Windows XP KB946648. RP53: 9/13/2008 8:46:11 AM - Installed Windows XP KB950762. RP54: 9/13/2008 8:46:32 AM - Installed Windows XP KB950974. RP55: 9/13/2008 8:46:53 AM - Installed Windows XP KB951066. RP56: 9/13/2008 8:47:15 AM - Installed Windows XP KB951376. RP57: 9/13/2008 8:47:37 AM - Installed Windows XP KB951376-v2. RP58: 9/13/2008 8:47:58 AM - Installed Windows XP KB951698. RP59: 9/13/2008 8:48:19 AM - Installed Windows XP KB951748. RP60: 9/13/2008 8:48:41 AM - Installed Windows XP KB952287. RP61: 9/13/2008 8:49:02 AM - Installed Windows XP KB952954. RP62: 9/14/2008 1:25:59 AM - Software Distribution Service 3.0 RP63: 10/15/2008 9:18:07 PM - Software Distribution Service 3.0 RP64: 10/23/2008 8:57:05 PM - Software Distribution Service 3.0 RP65: 11/12/2008 6:32:01 PM - Installed Logitech Harmony Remote Software 7 RP66: 11/12/2008 10:00:45 PM - Software Distribution Service 3.0 RP67: 12/11/2008 10:38:32 PM - Software Distribution Service 3.0 RP68: 12/18/2008 3:37:23 PM - Software Distribution Service 3.0 RP69: 12/20/2008 1:12:17 PM - Removed Mids' Hero Designer RP70: 1/1/2009 11:35:24 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later. RP71: 1/1/2009 3:19:42 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later. RP72: 1/1/2009 4:05:57 PM - pre-spyware doc RP73: 1/1/2009 4:07:42 PM - Removed Trend Micro Internet Security RP74: 1/1/2009 4:36:41 PM - Spyware Doctor: Cleaning Threats RP75: 1/1/2009 4:56:16 PM - installing Spybot RP76: 1/2/2009 12:58:09 AM - premalware RP77: 1/17/2009 8:41:23 AM - pre revo unistaller RP78: 1/17/2009 8:49:15 AM - Revo Uninstaller's restore point - Spyware Doctor 6.0 RP79: 1/17/2009 9:05:20 AM - Revo Uninstaller's restore point - BOClean RP80: 1/18/2009 9:56:58 PM - sdfix RP81: 1/19/2009 3:50:46 PM - pre-combofix u RP82: 1/24/2009 8:37:25 PM - nvidia update RP83: 1/25/2009 9:14:20 AM - pre-gmer RP84: 1/29/2009 3:31:05 PM - pre-drcureit RP85: 2/5/2009 9:01:23 PM - Installed Java 6 Update 11 RP86: 3/18/2009 7:46:27 AM - pre deletion RP87: 3/20/2009 11:39:16 PM - Software Distribution Service 3.0 RP88: 3/31/2009 4:23:37 PM - Software Distribution Service 3.0 RP89: 3/31/2009 4:26:05 PM - pre service pack 3.5 RP90: 3/31/2009 4:34:52 PM - Software Distribution Service 3.0 RP91: 4/2/2009 7:44:46 AM - Software Distribution Service 3.0 RP92: 4/5/2009 9:18:34 AM - pre combo fix RP93: 4/5/2009 9:23:32 AM - ComboFix created restore point RP94: 4/6/2009 8:42:12 AM - Removed Java 6 Update 11 RP95: 4/6/2009 8:59:58 AM - Installed Java 6 Update 13 ==== Installed Programs ====================== 2007 Microsoft Office Suite Service Pack 1 (SP1) Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Apple Mobile Device Support Apple Software Update BioShock Bonjour Camera Support Core Library Camera Window DS Camera Window DVC Camera Window MC Canon Camera Support Core Library Canon Camera Window DS for ZoomBrowser EX Canon Camera Window DVC for ZoomBrowser EX Canon Camera Window for ZoomBrowser EX Canon MovieEdit Task for ZoomBrowser EX Canon MP Navigator 2.2 Canon MP530 Canon MP530 User Registration Canon PhotoRecord Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities Easy-PhotoPrint Canon Utilities PhotoStitch 3.1 Canon ZoomBrowser EX CCleaner (remove only) CDisplay 1.8 Creative Software AutoUpdate Easy-WebPrint Google Toolbar for Internet Explorer HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) iTunes Java 6 Update 13 Kensington MouseWorks Logitech Harmony Remote Software 7 Logitech Z-series Software 1.03 Malwarebytes' Anti-Malware Mass Effect Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft IntelliType Pro 6.2 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft Visual C++ 2005 Redistributable Mids' Hero/Villain Designer MovieEdit Task Mozilla Firefox (3.0.8) MSXML 6.0 Parser (KB933579) NVIDIA Drivers NVIDIA ForceWare Network Access Manager NVIDIA PhysX Olympus Digital Wave Player PhotoStitch QuickTime RAW Image Task 1.2 Remote Control USB Driver RemoteCapture Task 1.1 Revo Uninstaller 1.75 SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB958439) Security Update for Microsoft Office Excel 2007 (KB958437) Security Update for Microsoft Office OneNote 2007 (KB950130) Security Update for Microsoft Office PowerPoint 2007 (KB951338) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB956828) Security Update for Microsoft Office Word 2007 (KB956358) Security Update for Visio 2007 (KB947590) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Sound Blaster Audigy Sprint media manager Spybot - Search & Destroy Update for Office 2007 (KB946691) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) VidiotMaps Map Overlay WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Media Format Runtime Windows XP Service Pack 3 ==== Event Viewer Messages From Past Week ======== 4/2/2009 10:08:19 AM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/2/2009 7:43:43 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/1/2009 8:39:41 AM, error: Print [6161] - The document http://www.benefitoptions.az.gov/news/ARRA%20listserve.pdf owned by Karen failed to print on printer Canon MP530 Series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 159940. Number of bytes printed: 63856. Total number of pages in the document: 5. Number of pages printed: 0. Client machine: \\KAREN-FC4119C57. Win32 error code returned by the print processor: 13 (0xd). ==== End Of File ===========================
  14. I did reset MSCONFIG back to normal. Sorry I did not run the other logs, I thought you wanted me to do one step and then post. I've run the rest, as well as removed and reloaded Java, and run CCleaner. I will post the logs in multiple messages. DDS: DS (Ver_09-03-16.01) - NTFSx86 Run by Karen at 9:13:21.42 on Mon 04/06/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1614 [GMT -7:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\kmw_run.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\WINDOWS\system32\KMW_SHOW.EXE C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\Sprint Instinct Applications\MEMonitor.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Documents and Settings\Karen\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [Launch LCDMon] "c:\program files\common files\logitech\lcd manager\lcdmon.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [updReg] c:\windows\UpdReg.EXE mRun: [P17Helper] Rundll32 P17.dll,P17Helper mRun: [kmw_run.exe] kmw_run.exe mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\karen\startm~1\programs\startup\sprint~1.lnk - c:\windows\RM.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\nvappfilter.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\karen\applic~1\mozilla\firefox\profiles\3s8kts0g.default\ FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ ============= SERVICES / DRIVERS =============== R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-2 179856] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-2 15504] =============== Created Last 30 ================ 2009-04-06 09:00 73,728 a------- c:\windows\system32\javacpl.cpl 2009-04-06 08:48 <DIR> --d----- c:\program files\CCleaner 2009-04-05 09:25 <DIR> a-dshr-- C:\cmdcons 2009-04-05 09:23 161,792 a------- c:\windows\SWREG.exe 2009-04-05 09:23 98,816 a------- c:\windows\sed.exe 2009-04-05 09:23 <DIR> --d----- C:\ComboFix 2009-04-01 07:26 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat 2009-03-31 16:37 <DIR> --d----- c:\windows\system32\XPSViewer 2009-03-31 16:36 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll 2009-03-31 16:36 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-03-31 16:36 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll 2009-03-31 16:36 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-03-31 16:36 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-03-31 16:36 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-03-31 16:36 117,760 -------- c:\windows\system32\prntvpt.dll 2009-03-20 23:40 127 a------- c:\windows\system32\MRT.INI 2009-03-20 11:57 <DIR> --d----- c:\program files\Trend Micro 2009-03-19 10:41 <DIR> --d----- c:\program files\iPod 2009-03-19 10:41 <DIR> --d----- c:\program files\iTunes 2009-03-19 10:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-19 10:40 <DIR> --d----- c:\program files\Bonjour ==================== Find3M ==================== 2009-04-06 09:07 7,304 a------- c:\windows\TMP0001.TMP 2009-04-06 09:00 410,984 a------- c:\windows\system32\deploytk.dll 2009-03-26 16:49 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 16:49 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys 2009-01-07 11:28 453,152 a------- c:\windows\system32\NVUNINST.EXE 2008-04-09 21:03 59,782,440 a------- c:\program files\iTunesSetup.exe 2008-12-31 13:35 6,959 a--sh--- c:\windows\system32\gizilalu.dll 2008-12-31 13:35 6,969 a--sh--- c:\windows\system32\sazujimo.dll 2008-09-13 08:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091320080914\index.dat ============= FINISH: 9:13:38.75 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.