Jump to content

ajhorney

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. ok I think I got it all this time........... ComboFix 11-12-04.02 - Owner 12/04/2011 9:46.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.506 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\chrome.manifest c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\chrome\chrome.jar c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\components\autocomplite.js c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\components\logger.js c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\components\omIGamesBarLogger.xpt c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\gb.cfg c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\install.rdf c:\windows\system32\usmt\migwiz_a.exe . . ((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 ))))))))))))))))))))))))))))))) . . 2011-11-13 19:35 . 2011-11-13 19:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2011-11-13 19:34 . 2011-11-13 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-11-13 19:34 . 2011-11-13 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-13 19:34 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-12 18:45 . 2011-11-12 18:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-11-12 18:29 . 2011-11-28 22:41 -------- d-----w- c:\documents and settings\Administrator.YOUR-89BFE66D42.000 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-28 20:57 . 2011-06-09 14:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-16 19:31 . 2011-03-04 00:50 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2011-10-10 14:22 . 2006-05-07 00:36 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-03 10:06 . 2011-03-20 14:07 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-03 07:37 . 2011-03-03 23:20 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-09-28 07:06 . 2008-08-21 22:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41 . 2008-08-21 22:52 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2008-08-21 22:52 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-06 13:20 . 2006-05-07 00:24 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-04-14 18:01 . 2011-03-04 23:19 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-11-28_22.46.20 ))))))))))))))))))))))))))))))))))))))))) . + 2011-12-03 09:00 . 2011-12-03 09:00 16384 c:\windows\temp\Perflib_Perfdata_4a8.dat + 2011-12-03 11:22 . 2011-12-03 11:22 16384 c:\windows\temp\Perflib_Perfdata_370.dat + 2006-05-07 00:40 . 2011-12-04 11:44 65536 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-05-07 00:40 . 2011-11-28 15:42 65536 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2006-05-07 00:40 . 2011-12-04 11:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2006-05-07 00:40 . 2011-11-28 15:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2011-11-28 23:37 . 2011-12-04 11:44 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2006-05-07 00:40 . 2011-11-28 15:42 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-04 39408] "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "nwiz"="nwiz.exe" [2006-10-31 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800] "SkyTel"="SkyTel.EXE" [2007-08-03 1826816] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-03 1838592] "Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-07-14 5252936] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . c:\documents and settings\Owner\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= . R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/3/2011 7:35 PM 84200] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/13/2011 2:34 PM 366152] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 7:35 PM 271480] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 7:35 PM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 7:35 PM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/3/2011 7:36 PM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/3/2011 7:04 PM 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/3/2011 7:35 PM 56064] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/13/2011 2:34 PM 22216] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/3/2011 7:35 PM 314088] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/3/2011 7:35 PM 88736] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/25/2011 7:33 PM 135664] S2 necusb;NEC USB Device Service;c:\windows\System32\svchost.exe -k necusb3 [8/21/2008 5:52 PM 14336] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [3/3/2011 7:50 PM 69692] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/25/2011 7:33 PM 135664] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/3/2011 7:35 PM 88736] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/3/2011 7:35 PM 84488] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] necusb3 REG_MULTI_SZ necusb . Contents of the 'Scheduled Tasks' folder . 2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 00:33] . 2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 00:33] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-04 09:55 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2011-12-04 09:58:09 ComboFix-quarantined-files.txt 2011-12-04 14:57 ComboFix2.txt 2011-11-28 22:53 . Pre-Run: 122,456,915,968 bytes free Post-Run: 122,425,036,800 bytes free . - - End Of File - - D1D1A3D4A0558C34AFE0B931049AE1F5
  2. Here is the combo fix log. so far every thing has been ok, there has been no signs of infection since I ran the TDSSKiller and the DDS log with Attach.txt My mcfee has caught about 5 viruses aon each scan since I first ran the combo fix tool, Thanks for all of your help. ComboFix 11-12-04.02 - Owner 12/04/2011 9:46.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.506 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\chrome.manifest c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\chrome\chrome.jar c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\components\autocomplite.js c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\components\logger.js c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\components\omIGamesBarLogger.xpt c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\gb.cfg c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\install.rdf c:\windows\system32\usmt\migwiz_a.exe . . ((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 ))))))))))))))))))))))))))))))) . . 2011-11-13 19:35 . 2011-11-13 19:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2011-11-13 19:34 . 2011-11-13 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-11-13 19:34 . 2011-11-13 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-13 19:34 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-12 18:45 . 2011-11-12 18:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-11-12 18:29 . 2011-11-28 22:41 -------- d-----w- c:\documents and settings\Administrator.YOUR-89BFE66D42.000 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-28 20:57 . 2011-06-09 14:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-16 19:31 . 2011-03-04 00:50 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2011-10-10 14:22 . 2006-05-07 00:36 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-03 10:06 . 2011-03-20 14:07 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-03 07:37 . 2011-03-03 23:20 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-09-28 07:06 . 2008-08-21 22:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41 . 2008-08-21 22:52 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2008-08-21 22:52 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-06 13:20 . 2006-05-07 00:24 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-04-14 18:01 . 2011-03-04 23:19 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-11-28_22.46.20 ))))))))))))))))))))))))))))))))))))))))) . + 2011-12-03 09:00 . 2011-12-03 09:00 16384 c:\windows\temp\Perflib_Perfdata_4a8.dat + 2011-12-03 11:22 . 2011-12-03 11:22 16384 c:\windows\temp\Perflib_Perfdata_370.dat + 2006-05-07 00:40 . 2011-12-04 11:44 65536 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-05-07 00:40 . 2011-11-28 15:42 65536 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2006-05-07 00:40 . 2011-12-04 11:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2006-05-07 00:40 . 2011-11-28 15:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2011-11-28 23:37 . 2011-12-04 11:44 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2006-05-07 00:40 . 2011-11-28 15:42 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . .
  3. Here is the log for Combo Fix ComboFix 11-11-28.02 - Owner 11/28/2011 17:31:23.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.434 [GMT -5:00] Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator.YOUR-89BFE66D42.000\WINDOWS c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Default User\WINDOWS c:\documents and settings\Owner\WINDOWS c:\windows\$NtUninstallKB11650$ c:\windows\$NtUninstallKB11650$\403912081\@ c:\windows\$NtUninstallKB11650$\403912081\bckfg.tmp c:\windows\$NtUninstallKB11650$\403912081\cfg.ini c:\windows\$NtUninstallKB11650$\403912081\Desktop.ini c:\windows\$NtUninstallKB11650$\403912081\keywords c:\windows\$NtUninstallKB11650$\403912081\kwrd.dll c:\windows\$NtUninstallKB11650$\403912081\L\evpbxyye c:\windows\$NtUninstallKB11650$\403912081\lsflt7.ver c:\windows\$NtUninstallKB11650$\403912081\U\00000001.@ c:\windows\$NtUninstallKB11650$\403912081\U\00000002.@ c:\windows\$NtUninstallKB11650$\403912081\U\00000004.@ c:\windows\$NtUninstallKB11650$\403912081\U\80000000.@ c:\windows\$NtUninstallKB11650$\403912081\U\80000004.@ c:\windows\$NtUninstallKB11650$\403912081\U\80000032.@ c:\windows\$NtUninstallKB11650$\44714038 c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\Thumbs.db D:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 ))))))))))))))))))))))))))))))) . . 2011-11-13 19:35 . 2011-11-13 19:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2011-11-13 19:34 . 2011-11-13 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-11-13 19:34 . 2011-11-13 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-13 19:34 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-12 18:45 . 2011-11-12 18:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-11-12 18:29 . 2011-11-28 22:41 -------- d-----w- c:\documents and settings\Administrator.YOUR-89BFE66D42.000 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-28 20:57 . 2011-06-09 14:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-16 19:31 . 2011-03-04 00:50 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2011-10-10 14:22 . 2006-05-07 00:36 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-03 10:06 . 2011-03-20 14:07 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-03 07:37 . 2011-03-03 23:20 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-09-28 07:06 . 2008-08-21 22:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41 . 2008-08-21 22:52 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2008-08-21 22:52 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-06 13:20 . 2006-05-07 00:24 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-04-14 18:01 . 2011-03-04 23:19 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-04 39408] "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "nwiz"="nwiz.exe" [2006-10-31 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800] "SkyTel"="SkyTel.EXE" [2007-08-03 1826816] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-03 1838592] "Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-07-14 5252936] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . c:\documents and settings\Owner\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= . R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/3/2011 7:35 PM 84200] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/13/2011 2:34 PM 366152] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 7:35 PM 271480] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 7:35 PM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 7:35 PM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/3/2011 7:36 PM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/3/2011 7:04 PM 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/3/2011 7:35 PM 56064] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/13/2011 2:34 PM 22216] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/3/2011 7:35 PM 314088] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/3/2011 7:35 PM 88736] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/25/2011 7:33 PM 135664] S2 necusb;NEC USB Device Service;c:\windows\System32\svchost.exe -k necusb3 [8/21/2008 5:52 PM 14336] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [3/3/2011 7:50 PM 69692] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/25/2011 7:33 PM 135664] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/3/2011 7:35 PM 88736] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/3/2011 7:35 PM 84488] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] necusb3 REG_MULTI_SZ necusb . Contents of the 'Scheduled Tasks' folder . 2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 00:33] . 2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 00:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://start.pogo.iplay.com/?o=shp uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Oberon GamesBar: gamesbar@oberon-media.com - %profile%\extensions\gamesbar@oberon-media.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-BigFix - c:\program files\Bigfix\bigfix.exe Notify-necusb - nwusbw32.dll SafeBoot-25851173.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-28 17:47 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1812) c:\windows\system32\WININET.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\windows\system32\nvsvc32.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2011-11-28 17:53:46 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-28 22:53 . Pre-Run: 121,345,462,272 bytes free Post-Run: 122,374,647,808 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - F637E2FE8EED80C70AC4C2DC62B347CE
  4. I haven't had time to run combo fix yet just wanted to let you know I am still here. But the thing has stopped popping up since my last post do you still think that I should run combo fix? Thanks for all your help, you guys are great, I wish I was out of school and was able to donate to you all. Hopefully I can later in the year after graduation, Thanks again .
  5. Thanks for your help I have followed your directions and here are the logs: 14:28:50.0421 3068 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50 14:28:51.0609 3068 ============================================================ 14:28:51.0609 3068 Current date / time: 2011/11/16 14:28:51.0609 14:28:51.0609 3068 SystemInfo: 14:28:51.0609 3068 14:28:51.0609 3068 OS Version: 5.1.2600 ServicePack: 3.0 14:28:51.0609 3068 Product type: Workstation 14:28:51.0609 3068 ComputerName: YOUR-89BFE66D42 14:28:51.0609 3068 UserName: Owner 14:28:51.0609 3068 Windows directory: C:\WINDOWS 14:28:51.0609 3068 System windows directory: C:\WINDOWS 14:28:51.0609 3068 Processor architecture: Intel x86 14:28:51.0609 3068 Number of processors: 1 14:28:51.0609 3068 Page size: 0x1000 14:28:51.0609 3068 Boot type: Normal boot 14:28:51.0609 3068 ============================================================ 14:28:52.0328 3068 Initialize success 14:29:10.0343 3880 ============================================================ 14:29:10.0343 3880 Scan started 14:29:10.0343 3880 Mode: Manual; SigCheck; TDLFS; 14:29:10.0343 3880 ============================================================ 14:29:11.0875 3880 Abiosdsk - ok 14:29:11.0968 3880 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 14:29:13.0890 3880 abp480n5 - ok 14:29:14.0062 3880 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 14:29:14.0234 3880 ACPI - ok 14:29:14.0265 3880 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 14:29:14.0453 3880 ACPIEC - ok 14:29:14.0656 3880 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 14:29:14.0812 3880 adpu160m - ok 14:29:14.0875 3880 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 14:29:15.0046 3880 aec - ok 14:29:15.0140 3880 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 14:29:15.0234 3880 AFD - ok 14:29:15.0375 3880 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 14:29:15.0546 3880 agp440 - ok 14:29:15.0593 3880 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 14:29:15.0750 3880 agpCPQ - ok 14:29:15.0781 3880 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 14:29:15.0843 3880 Aha154x - ok 14:29:15.0937 3880 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 14:29:16.0078 3880 aic78u2 - ok 14:29:16.0140 3880 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 14:29:16.0296 3880 aic78xx - ok 14:29:16.0421 3880 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 14:29:16.0578 3880 AliIde - ok 14:29:16.0609 3880 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 14:29:16.0781 3880 alim1541 - ok 14:29:16.0828 3880 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 14:29:17.0000 3880 amdagp - ok 14:29:17.0125 3880 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 14:29:17.0203 3880 amsint - ok 14:29:17.0265 3880 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 14:29:17.0453 3880 Arp1394 - ok 14:29:17.0656 3880 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 14:29:17.0843 3880 asc - ok 14:29:17.0875 3880 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 14:29:17.0937 3880 asc3350p - ok 14:29:18.0062 3880 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 14:29:18.0203 3880 asc3550 - ok 14:29:18.0296 3880 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 14:29:18.0468 3880 AsyncMac - ok 14:29:18.0578 3880 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 14:29:18.0750 3880 atapi - ok 14:29:18.0765 3880 Atdisk - ok 14:29:18.0796 3880 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 14:29:18.0953 3880 Atmarpc - ok 14:29:19.0000 3880 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 14:29:19.0156 3880 audstub - ok 14:29:19.0312 3880 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 14:29:19.0468 3880 Beep - ok 14:29:19.0531 3880 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 14:29:19.0718 3880 cbidf - ok 14:29:19.0734 3880 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 14:29:19.0890 3880 cbidf2k - ok 14:29:19.0906 3880 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 14:29:19.0984 3880 cd20xrnt - ok 14:29:20.0015 3880 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 14:29:20.0187 3880 Cdaudio - ok 14:29:20.0375 3880 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 14:29:20.0546 3880 Cdfs - ok 14:29:20.0593 3880 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 14:29:20.0765 3880 Cdrom - ok 14:29:20.0812 3880 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys 14:29:20.0859 3880 cfwids - ok 14:29:21.0000 3880 Changer - ok 14:29:21.0062 3880 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 14:29:21.0234 3880 CmBatt - ok 14:29:21.0359 3880 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 14:29:21.0546 3880 CmdIde - ok 14:29:21.0562 3880 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 14:29:21.0718 3880 Compbatt - ok 14:29:21.0765 3880 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 14:29:21.0937 3880 Cpqarray - ok 14:29:21.0953 3880 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 14:29:22.0125 3880 dac2w2k - ok 14:29:22.0156 3880 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 14:29:22.0328 3880 dac960nt - ok 14:29:22.0437 3880 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 14:29:22.0593 3880 Disk - ok 14:29:22.0640 3880 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 14:29:22.0843 3880 dmboot - ok 14:29:22.0921 3880 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 14:29:23.0109 3880 dmio - ok 14:29:23.0296 3880 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 14:29:23.0484 3880 dmload - ok 14:29:23.0546 3880 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 14:29:23.0718 3880 DMusic - ok 14:29:23.0890 3880 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 14:29:24.0062 3880 dpti2o - ok 14:29:24.0156 3880 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 14:29:24.0312 3880 drmkaud - ok 14:29:24.0421 3880 el575nd5 (23f6b9cf432f492ebbd8105d78cb008c) C:\WINDOWS\system32\DRIVERS\el575nd5.sys 14:29:24.0593 3880 el575nd5 - ok 14:29:24.0656 3880 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 14:29:24.0828 3880 Fastfat - ok 14:29:24.0968 3880 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 14:29:25.0140 3880 Fdc - ok 14:29:25.0265 3880 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 14:29:25.0421 3880 Fips - ok 14:29:25.0531 3880 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 14:29:25.0703 3880 Flpydisk - ok 14:29:25.0781 3880 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 14:29:25.0937 3880 FltMgr - ok 14:29:26.0078 3880 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 14:29:26.0250 3880 Fs_Rec - ok 14:29:26.0312 3880 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 14:29:26.0515 3880 Ftdisk - ok 14:29:26.0625 3880 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 14:29:26.0812 3880 Gpc - ok 14:29:26.0875 3880 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 14:29:27.0031 3880 HDAudBus - ok 14:29:27.0171 3880 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 14:29:27.0343 3880 hpn - ok 14:29:27.0390 3880 HSFHWBS2 (f3e718604c5a8a28003280d861d96c19) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 14:29:27.0453 3880 HSFHWBS2 - ok 14:29:27.0609 3880 HSF_DPV (4290713b7c3289ef87ee5ca474b21221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 14:29:27.0718 3880 HSF_DPV - ok 14:29:27.0906 3880 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 14:29:27.0968 3880 HTTP - ok 14:29:28.0140 3880 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 14:29:28.0296 3880 i2omgmt - ok 14:29:28.0343 3880 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 14:29:28.0515 3880 i2omp - ok 14:29:28.0546 3880 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 14:29:28.0718 3880 i8042prt - ok 14:29:28.0859 3880 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\IASTOR.SYS 14:29:28.0953 3880 iaStor ( UnsignedFile.Multi.Generic ) - warning 14:29:28.0953 3880 iaStor - detected UnsignedFile.Multi.Generic (1) 14:29:29.0125 3880 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 14:29:29.0296 3880 Imapi - ok 14:29:29.0343 3880 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 14:29:29.0500 3880 ini910u - ok 14:29:29.0703 3880 IntcAzAudAddService (574c9b2f9406d28f8f7e5c7b46b470e6) C:\WINDOWS\system32\drivers\RtkHDAud.sys 14:29:29.0937 3880 IntcAzAudAddService - ok 14:29:30.0093 3880 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 14:29:30.0250 3880 IntelIde - ok 14:29:30.0296 3880 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 14:29:30.0468 3880 Ip6Fw - ok 14:29:30.0500 3880 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 14:29:30.0656 3880 IpFilterDriver - ok 14:29:30.0765 3880 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 14:29:30.0937 3880 IpInIp - ok 14:29:30.0968 3880 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 14:29:31.0140 3880 IpNat - ok 14:29:31.0171 3880 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 14:29:31.0328 3880 IPSec - ok 14:29:31.0468 3880 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 14:29:31.0531 3880 IRENUM - ok 14:29:31.0593 3880 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 14:29:31.0750 3880 isapnp - ok 14:29:31.0781 3880 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 14:29:31.0937 3880 Kbdclass - ok 14:29:32.0078 3880 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 14:29:32.0234 3880 kmixer - ok 14:29:32.0281 3880 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 14:29:32.0375 3880 KSecDD - ok 14:29:32.0484 3880 lbrtfdc - ok 14:29:32.0546 3880 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys 14:29:32.0562 3880 MBAMProtector - ok 14:29:32.0578 3880 MBAMSwissArmy - ok 14:29:32.0671 3880 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 14:29:32.0703 3880 mdmxsdk - ok 14:29:32.0765 3880 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys 14:29:32.0781 3880 mfeapfk - ok 14:29:32.0921 3880 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys 14:29:32.0953 3880 mfeavfk - ok 14:29:32.0984 3880 mfeavfk01 - ok 14:29:33.0015 3880 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys 14:29:33.0031 3880 mfebopk - ok 14:29:33.0046 3880 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys 14:29:33.0093 3880 mfefirek - ok 14:29:33.0156 3880 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys 14:29:33.0187 3880 mfehidk - ok 14:29:33.0296 3880 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 14:29:33.0328 3880 mfendisk - ok 14:29:33.0328 3880 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 14:29:33.0343 3880 mfendiskmp - ok 14:29:33.0375 3880 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys 14:29:33.0390 3880 mferkdet - ok 14:29:33.0437 3880 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys 14:29:33.0437 3880 mfetdi2k - ok 14:29:33.0500 3880 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 14:29:33.0656 3880 mnmdd - ok 14:29:33.0828 3880 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 14:29:34.0000 3880 Modem - ok 14:29:34.0046 3880 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 14:29:34.0234 3880 Mouclass - ok 14:29:34.0390 3880 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 14:29:34.0562 3880 MountMgr - ok 14:29:34.0593 3880 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 14:29:34.0750 3880 mraid35x - ok 14:29:34.0890 3880 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 14:29:35.0046 3880 MRxDAV - ok 14:29:35.0171 3880 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 14:29:35.0296 3880 MRxSmb - ok 14:29:35.0468 3880 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 14:29:35.0656 3880 Msfs - ok 14:29:35.0671 3880 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 14:29:35.0828 3880 MSKSSRV - ok 14:29:35.0859 3880 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 14:29:36.0031 3880 MSPCLOCK - ok 14:29:36.0187 3880 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 14:29:36.0359 3880 MSPQM - ok 14:29:36.0406 3880 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 14:29:36.0562 3880 mssmbios - ok 14:29:36.0609 3880 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 14:29:36.0656 3880 Mup - ok 14:29:36.0828 3880 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 14:29:36.0984 3880 NDIS - ok 14:29:37.0062 3880 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 14:29:37.0125 3880 NdisTapi - ok 14:29:37.0218 3880 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 14:29:37.0453 3880 Ndisuio - ok 14:29:37.0515 3880 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 14:29:37.0687 3880 NdisWan - ok 14:29:37.0781 3880 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 14:29:37.0828 3880 NDProxy - ok 14:29:37.0906 3880 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 14:29:38.0078 3880 NetBIOS - ok 14:29:38.0234 3880 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 14:29:38.0390 3880 NetBT - ok 14:29:38.0468 3880 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 14:29:38.0640 3880 NIC1394 - ok 14:29:38.0703 3880 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 14:29:38.0859 3880 Npfs - ok 14:29:38.0906 3880 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 14:29:39.0078 3880 Ntfs - ok 14:29:39.0187 3880 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 14:29:39.0375 3880 Null - ok 14:29:39.0593 3880 nv (eb2858f920b8135b807b5ccaa3ed73dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 14:29:39.0765 3880 nv - ok 14:29:39.0937 3880 NVENETFD (0ae6258709d58fb53638e8d28f4480d4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 14:29:39.0984 3880 NVENETFD - ok 14:29:40.0031 3880 nvgts (fa740e97a0fe36e368c2299d9f3c01c1) C:\WINDOWS\system32\DRIVERS\NVGTS.SYS 14:29:40.0093 3880 nvgts - ok 14:29:40.0234 3880 nvnetbus (1296b33c223a58485d5eaa779752216a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 14:29:40.0281 3880 nvnetbus - ok 14:29:40.0328 3880 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 14:29:40.0500 3880 NwlnkFlt - ok 14:29:40.0578 3880 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 14:29:40.0765 3880 NwlnkFwd - ok 14:29:40.0828 3880 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 14:29:40.0984 3880 ohci1394 - ok 14:29:41.0062 3880 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 14:29:41.0203 3880 Parport - ok 14:29:41.0265 3880 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 14:29:41.0437 3880 PartMgr - ok 14:29:41.0468 3880 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 14:29:41.0625 3880 ParVdm - ok 14:29:41.0734 3880 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 14:29:41.0906 3880 PCI - ok 14:29:41.0953 3880 PCIDump - ok 14:29:41.0984 3880 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 14:29:42.0140 3880 PCIIde - ok 14:29:42.0234 3880 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 14:29:42.0406 3880 Pcmcia - ok 14:29:42.0453 3880 PDCOMP - ok 14:29:42.0468 3880 PDFRAME - ok 14:29:42.0484 3880 PDRELI - ok 14:29:42.0500 3880 PDRFRAME - ok 14:29:42.0531 3880 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 14:29:42.0687 3880 perc2 - ok 14:29:42.0765 3880 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 14:29:42.0921 3880 perc2hib - ok 14:29:42.0984 3880 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 14:29:43.0156 3880 PptpMiniport - ok 14:29:43.0234 3880 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 14:29:43.0375 3880 Processor - ok 14:29:43.0437 3880 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 14:29:43.0593 3880 PSched - ok 14:29:43.0640 3880 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 14:29:43.0796 3880 Ptilink - ok 14:29:43.0875 3880 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 14:29:43.0890 3880 PxHelp20 - ok 14:29:43.0984 3880 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 14:29:44.0156 3880 ql1080 - ok 14:29:44.0328 3880 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 14:29:44.0500 3880 Ql10wnt - ok 14:29:44.0578 3880 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 14:29:44.0734 3880 ql12160 - ok 14:29:44.0828 3880 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 14:29:45.0000 3880 ql1240 - ok 14:29:45.0015 3880 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 14:29:45.0187 3880 ql1280 - ok 14:29:45.0281 3880 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 14:29:45.0437 3880 RasAcd - ok 14:29:45.0562 3880 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 14:29:45.0718 3880 Rasl2tp - ok 14:29:45.0750 3880 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 14:29:45.0906 3880 RasPppoe - ok 14:29:46.0046 3880 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 14:29:46.0187 3880 Raspti - ok 14:29:46.0250 3880 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 14:29:46.0406 3880 Rdbss - ok 14:29:46.0546 3880 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 14:29:46.0687 3880 RDPCDD - ok 14:29:46.0734 3880 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 14:29:46.0890 3880 rdpdr - ok 14:29:46.0921 3880 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 14:29:46.0968 3880 RDPWD - ok 14:29:47.0156 3880 redbook (ea9cb095c2a49261dfdefc4b6c3ed5e9) C:\WINDOWS\system32\DRIVERS\redbook.sys 14:29:47.0156 3880 redbook ( Rootkit.Win32.ZAccess.k ) - infected 14:29:47.0156 3880 redbook - detected Rootkit.Win32.ZAccess.k (0) 14:29:47.0265 3880 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 14:29:47.0421 3880 sdbus - ok 14:29:47.0531 3880 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 14:29:47.0609 3880 Secdrv - ok 14:29:47.0671 3880 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 14:29:47.0812 3880 Serenum - ok 14:29:47.0843 3880 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 14:29:48.0031 3880 Serial - ok 14:29:48.0156 3880 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 14:29:48.0312 3880 Sfloppy - ok 14:29:48.0328 3880 Simbad - ok 14:29:48.0375 3880 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 14:29:48.0531 3880 sisagp - ok 14:29:48.0718 3880 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 14:29:48.0781 3880 Sparrow - ok 14:29:48.0828 3880 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 14:29:48.0968 3880 splitter - ok 14:29:48.0984 3880 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 14:29:49.0046 3880 sr - ok 14:29:49.0218 3880 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 14:29:49.0281 3880 Srv - ok 14:29:49.0328 3880 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 14:29:49.0468 3880 swenum - ok 14:29:49.0609 3880 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 14:29:49.0781 3880 swmidi - ok 14:29:49.0843 3880 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 14:29:49.0984 3880 symc810 - ok 14:29:50.0000 3880 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 14:29:50.0156 3880 symc8xx - ok 14:29:50.0171 3880 SymIM - ok 14:29:50.0187 3880 SymIMMP - ok 14:29:50.0203 3880 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 14:29:50.0343 3880 sym_hi - ok 14:29:50.0453 3880 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 14:29:50.0609 3880 sym_u3 - ok 14:29:50.0671 3880 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 14:29:51.0125 3880 sysaudio - ok 14:29:51.0234 3880 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 14:29:51.0500 3880 Tcpip - ok 14:29:51.0656 3880 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 14:29:52.0046 3880 TDPIPE - ok 14:29:52.0125 3880 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 14:29:52.0515 3880 TDTCP - ok 14:29:52.0656 3880 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 14:29:53.0031 3880 TermDD - ok 14:29:53.0078 3880 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 14:29:53.0468 3880 TosIde - ok 14:29:53.0640 3880 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 14:29:53.0968 3880 Udfs - ok 14:29:54.0046 3880 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 14:29:54.0312 3880 ultra - ok 14:29:54.0468 3880 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 14:29:54.0875 3880 Update - ok 14:29:54.0968 3880 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 14:29:55.0328 3880 usbehci - ok 14:29:55.0468 3880 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 14:29:55.0859 3880 usbhub - ok 14:29:55.0890 3880 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 14:29:56.0234 3880 usbohci - ok 14:29:56.0437 3880 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 14:29:56.0593 3880 usbscan - ok 14:29:56.0640 3880 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 14:29:56.0765 3880 USBSTOR - ok 14:29:56.0890 3880 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 14:29:57.0046 3880 usbuhci - ok 14:29:57.0109 3880 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 14:29:57.0250 3880 VgaSave - ok 14:29:57.0296 3880 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 14:29:57.0453 3880 viaagp - ok 14:29:57.0531 3880 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 14:29:57.0671 3880 ViaIde - ok 14:29:57.0703 3880 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 14:29:57.0859 3880 VolSnap - ok 14:29:57.0921 3880 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 14:29:58.0078 3880 Wanarp - ok 14:29:58.0140 3880 WDICA - ok 14:29:58.0203 3880 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 14:29:58.0343 3880 wdmaud - ok 14:29:58.0437 3880 winachsf (cb2dc26de2c815fc2309566f92d22ed4) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 14:29:58.0500 3880 winachsf - ok 14:29:58.0703 3880 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 14:29:58.0750 3880 WudfPf - ok 14:29:58.0781 3880 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 14:29:58.0796 3880 WudfRd - ok 14:29:58.0859 3880 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0 14:29:58.0906 3880 \Device\Harddisk0\DR0 - ok 14:29:58.0937 3880 Boot (0x1200) (e782f1a76bc28bdc7ecbf0a5c12369b0) \Device\Harddisk0\DR0\Partition0 14:29:58.0937 3880 \Device\Harddisk0\DR0\Partition0 - ok 14:29:58.0953 3880 Boot (0x1200) (d15158421a38e0c4e393be5a71aa55fa) \Device\Harddisk0\DR0\Partition1 14:29:58.0953 3880 \Device\Harddisk0\DR0\Partition1 - ok 14:29:58.0953 3880 ============================================================ 14:29:58.0953 3880 Scan finished 14:29:58.0953 3880 ============================================================ 14:29:59.0062 2732 Detected object count: 2 14:29:59.0062 2732 Actual detected object count: 2 14:30:28.0734 2732 iaStor ( UnsignedFile.Multi.Generic ) - skipped by user 14:30:28.0734 2732 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:30:28.0968 2732 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\redbook.sys) error 1813 14:30:31.0000 2732 Backup copy found, using it.. 14:30:31.0015 2732 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot 14:30:33.0703 2732 redbook ( Rootkit.Win32.ZAccess.k ) - User select action: Cure 14:30:55.0984 3400 Deinitialize success . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by Owner at 14:37:18 on 2011-11-16 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.125 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Spare Backup\SpareBackup.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE svchost.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Oberon Media\Parts\1.0.0.16\OberonParts.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.pogo.iplay.com/?o=shp uSearch Page = hxxp://www.google.com uInternet Settings,ProxyOverride = <local> mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644 uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110511132028.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [bigFix] c:\program files\bigfix\bigfix.exe /atstartup mRun: [spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silent mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\owner\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{238C4367-5E2E-4024-B9EE-97C81F3FF3A8} : DhcpNameServer = 192.168.1.254 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: necusb - nwusbw32.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\qj1tufh7.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.8\npapicomadapter.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Oberon GamesBar: gamesbar@oberon-media.com - %profile%\extensions\gamesbar@oberon-media.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\mcafee\SiteAdvisor . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 387480] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-3 84200] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-13 366152] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-3 271480] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-3 271480] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-3 271480] R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-3 271480] R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-3 171168] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-3 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-3 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-3 56064] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-13 22216] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-3 153280] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-3 52320] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-3 314088] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-3 88736] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-25 135664] S2 necusb;NEC USB Device Service;c:\windows\system32\svchost.exe -k necusb3 [2008-8-21 14336] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2011-3-3 69692] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-25 135664] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-3 88736] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-3 84488] . =============== Created Last 30 ================ . 2011-11-13 19:35:09 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes 2011-11-13 19:34:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-11-13 19:34:54 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-13 19:34:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-18 20:48:46 -------- d-----w- c:\program files\VideoLAN . ==================== Find3M ==================== . 2011-11-16 19:31:57 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-03 07:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-19 19:16:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec . ============= FINISH: 14:38:52.39 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 3/3/2011 6:52:34 PM System Uptime: 11/16/2011 2:31:55 PM (0 hours ago) . Motherboard: Gateway | | MCP61SM2MA Processor: AMD Sempron Processor LE-1200 | Socket AM2 | 2109/201mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 144 GiB total, 113.14 GiB free. D: is FIXED (FAT32) - 5 GiB total, 1.791 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP179: 8/19/2011 10:52:05 AM - System Checkpoint RP180: 8/20/2011 12:51:27 PM - System Checkpoint RP181: 8/21/2011 1:34:30 PM - System Checkpoint RP182: 8/22/2011 1:51:28 PM - System Checkpoint RP183: 8/23/2011 2:30:00 PM - System Checkpoint RP184: 8/24/2011 3:00:14 AM - Software Distribution Service 3.0 RP185: 8/25/2011 3:29:57 AM - System Checkpoint RP186: 8/26/2011 3:30:18 AM - System Checkpoint RP187: 8/27/2011 3:30:25 AM - System Checkpoint RP188: 8/28/2011 3:59:40 AM - System Checkpoint RP189: 8/29/2011 4:59:40 AM - System Checkpoint RP190: 8/30/2011 5:59:41 AM - System Checkpoint RP191: 8/31/2011 7:40:48 AM - System Checkpoint RP192: 9/1/2011 11:45:55 AM - System Checkpoint RP193: 9/2/2011 9:45:20 PM - System Checkpoint RP194: 9/3/2011 11:46:19 PM - System Checkpoint RP195: 9/5/2011 12:38:27 AM - System Checkpoint RP196: 9/6/2011 7:13:55 AM - System Checkpoint RP197: 9/7/2011 12:40:02 AM - Software Distribution Service 3.0 RP198: 9/8/2011 1:29:01 AM - System Checkpoint RP199: 9/9/2011 2:29:06 AM - System Checkpoint RP200: 9/10/2011 3:29:10 AM - System Checkpoint RP201: 9/11/2011 3:32:13 AM - System Checkpoint RP202: 9/12/2011 4:32:13 AM - System Checkpoint RP203: 9/13/2011 5:33:18 AM - System Checkpoint RP204: 9/14/2011 5:49:08 AM - System Checkpoint RP205: 9/15/2011 6:02:30 AM - System Checkpoint RP206: 9/15/2011 6:04:52 PM - Removed WorldWinner Games RP207: 9/16/2011 3:00:40 AM - Software Distribution Service 3.0 RP208: 9/17/2011 3:31:14 AM - System Checkpoint RP209: 9/18/2011 3:49:21 AM - System Checkpoint RP210: 9/19/2011 4:35:43 AM - System Checkpoint RP211: 9/19/2011 3:21:28 PM - Installed Microsoft Office Web Apps Browser Plugin RP212: 9/20/2011 3:35:42 PM - System Checkpoint RP213: 9/21/2011 8:28:13 PM - System Checkpoint RP214: 9/22/2011 9:44:03 PM - System Checkpoint RP215: 9/23/2011 11:10:55 PM - System Checkpoint RP216: 9/25/2011 11:46:25 AM - System Checkpoint RP217: 9/26/2011 1:54:58 PM - System Checkpoint RP218: 9/27/2011 2:07:53 PM - System Checkpoint RP219: 9/28/2011 3:08:27 PM - System Checkpoint RP220: 9/29/2011 3:35:59 AM - Software Distribution Service 3.0 RP221: 9/30/2011 3:44:16 AM - System Checkpoint RP222: 10/1/2011 3:45:20 AM - System Checkpoint RP223: 10/2/2011 4:44:14 AM - System Checkpoint RP224: 10/3/2011 5:40:22 AM - System Checkpoint RP225: 10/4/2011 5:45:00 AM - System Checkpoint RP226: 10/5/2011 6:40:25 AM - System Checkpoint RP227: 10/6/2011 7:41:27 AM - System Checkpoint RP228: 10/7/2011 7:56:44 AM - System Checkpoint RP229: 10/8/2011 8:27:50 AM - System Checkpoint RP230: 10/9/2011 8:34:58 AM - System Checkpoint RP231: 10/10/2011 9:44:00 AM - System Checkpoint RP232: 10/11/2011 10:16:52 AM - System Checkpoint RP233: 10/12/2011 10:16:56 AM - System Checkpoint RP234: 10/13/2011 10:29:07 AM - System Checkpoint RP235: 10/14/2011 3:00:17 AM - Software Distribution Service 3.0 RP236: 10/15/2011 11:14:21 AM - System Checkpoint RP237: 10/16/2011 11:39:02 AM - System Checkpoint RP238: 10/17/2011 11:39:07 AM - System Checkpoint RP239: 10/18/2011 3:00:23 AM - Software Distribution Service 3.0 RP240: 10/19/2011 3:05:19 AM - System Checkpoint RP241: 10/19/2011 3:52:07 PM - Removed Microsoft Office Professional 2010 RP242: 10/20/2011 3:00:21 AM - Software Distribution Service 3.0 RP243: 10/21/2011 7:50:08 AM - System Checkpoint RP244: 10/22/2011 8:22:48 AM - System Checkpoint RP245: 10/23/2011 8:37:03 AM - System Checkpoint RP246: 10/24/2011 8:39:45 AM - System Checkpoint RP247: 10/25/2011 9:39:46 AM - System Checkpoint RP248: 10/26/2011 1:19:59 PM - System Checkpoint RP249: 10/27/2011 1:33:25 PM - System Checkpoint RP250: 10/28/2011 3:06:02 PM - System Checkpoint RP251: 10/29/2011 11:18:47 PM - System Checkpoint RP252: 10/31/2011 12:50:47 AM - System Checkpoint RP253: 11/1/2011 1:32:53 AM - System Checkpoint RP254: 11/2/2011 2:29:22 AM - System Checkpoint RP255: 11/3/2011 8:47:42 AM - System Checkpoint RP256: 11/4/2011 9:54:22 AM - System Checkpoint RP257: 11/5/2011 10:22:59 AM - System Checkpoint RP258: 11/6/2011 9:37:57 AM - System Checkpoint RP259: 11/7/2011 12:42:56 PM - System Checkpoint RP260: 11/8/2011 12:51:35 PM - System Checkpoint RP261: 11/9/2011 1:09:57 PM - System Checkpoint RP262: 11/10/2011 3:00:17 AM - Software Distribution Service 3.0 RP263: 11/11/2011 3:00:18 AM - Software Distribution Service 3.0 RP264: 11/12/2011 3:45:16 AM - System Checkpoint RP265: 11/13/2011 3:50:07 AM - System Checkpoint RP266: 11/13/2011 3:12:50 PM - Installed Java 6 Update 29 RP267: 11/13/2011 3:17:38 PM - Removed Java SE Runtime Environment 6 Update 1 RP268: 11/13/2011 3:18:52 PM - Removed Java 6 Update 22 RP269: 11/14/2011 4:53:04 PM - System Checkpoint RP270: 11/15/2011 8:31:55 PM - System Checkpoint . ==== Installed Programs ====================== . 3DVIA player 5.0 AC3Filter (remove only) Activation Assistant for the 2007 Microsoft Office suites Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.4.5 Browser Address Error Redirector Canon Camera Access Library Canon DIGITAL CAMERA Solution Disk Software Guide CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MovieEdit Task for ZoomBrowser EX Canon Personal Printing Guide Canon PowerShot A3100 IS and PowerShot A3000 IS Camera User Guide Canon Utilities CameraWindow Canon Utilities CameraWindow DC 8 Canon Utilities Movie Uploader for YouTube Canon Utilities MyCamera Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Compatibility Pack for the 2007 Office system DivX Setup DVD Suite eMachines Connect Favorite Places FrostWire 4.21.8 Google Chrome Google Desktop Google Toolbar for Internet Explorer Google Update Helper High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB981793) Java Auto Updater Java 6 Update 29 Laugh, Smile & Learn™ Malwarebytes' Anti-Malware version 1.51.2.1300 McAfee SecurityCenter Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2572067) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Web Apps Browser Plugin Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Microsoft WSE 2.0 SP3 Runtime Mozilla Firefox (3.6.24) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) NVIDIA Drivers OpenOffice.org 3.3 Realtek High Definition Audio Driver Recovery Software Suite eMachines Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553074) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office Excel 2007 (KB2553073) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB913433) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Soft Data Fax Modem with SmartCP Spare Backup Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office OneNote 2007 (KB980729) Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB951978) Update for Windows XP (KB953356) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VC80CRTRedist - 8.0.50727.4053 VideoLAN VLC media player 0.8.6f WebFldrs XP Windows Backup Utility Windows Driver Package - NVIDIA (NVENETFD) Net (11/27/2006 65.4.8) Windows Driver Package - NVIDIA (nvnetbus) NVIDIA Network Bus Enumerator (11/27/2006 65.4.8) Windows Genuine Advantage Validation Tool Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 Xvid Video Codec . ==== Event Viewer Messages From Past Week ======== . 11/16/2011 8:38:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 ACPIEC adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp iaStor ini910u IntelIde mraid35x Pcmcia perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde 11/16/2011 8:38:33 AM, error: Service Control Manager [7023] - The NEC USB Device Service service terminated with the following error: The specified module could not be found. 11/16/2011 8:38:05 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 11/16/2011 8:35:47 AM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified. 11/15/2011 6:45:20 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found. 11/13/2011 7:50:58 PM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 11/13/2011 3:19:16 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found. . ==== End Of File ===========================
  6. I got something that downloaded and was a fake anti virus named privacy protector. ran computer in safe mode and deleted it. downloaded malwarebytes, which caught about 15 more things including a search engine redirect bug, then it keeps popping up saying blocked suspicious outgoing connection to a couple different ip addresses about every minute or so it does this. Here are the two logs: dds.txt attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.