Jump to content

Recommended Posts

After Downloading "MCPatcher" from "Addfly" Which where I was redirected from Minecraft Community site "planetMineCraft" Official MCPatcher Thread. (Which I have the real one now.) But From one of their several links Provided It started downloading "iLividSetup1". Idk why I let it installed it self but I figured that it was the correct thing. Which has lead to computer slightly Slower and Google Redirects. Soo Can you help me out.?

The Infected Computer Has been Off since the logs were taken. Posted this from Safe Laptop, will be checking back every mins (10-15)

__________________________________________________________

------------------

System Information

------------------

Time of this report: 8/2/2011, 18:36:37

Machine name: FAMILY-COMPUTER

Operating System: Windows XP Home Edition (5.1, Build 2600) Service Pack 3 (2600.xpsp_sp3_gdr.101209-1647)

Language: English (Regional Setting: English)

System Manufacturer: Gateway

System Model: 504GR

BIOS: Default System BIOS

Processor: Intel® Pentium® 4 CPU 3.00GHz (2 CPUs)

Memory: 1526MB RAM

Page File: 621MB used, 1511MB available

Windows Dir: C:\WINDOWS\KIVEN

DirectX Version: DirectX 9.0c (4.09.0000.0904)

DX Setup Parameters: Not found

DxDiag Version: 5.03.2600.5512 32bit Unicode

------------

DxDiag Notes

------------

DirectX Files Tab: Several files (ks.sys, stream.sys, mspclock.sys, etc.) are incorrectly installed in the Windows folder and should be deleted.

Display Tab 1: No problems found.

Sound Tab 1: No problems found.

Music Tab: No problems found.

Input Tab: No problems found.

Network Tab: No problems found.

__________________________________________________________

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7963

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/17/2011 6:01:56 AM

mbam-log-2011-10-17 (07-58-55).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)

Objects scanned: 453766

Time elapsed: 1 hour(s), 48 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{051C5BBA-ABDD-4249-A60C-1DF3E573453c} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{051C5BBA-ABDD-4249-A60C-1DF3E573453C} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\kevin.family-computer\local settings\Temp\thpm350142996788380442.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.

c:\documents and settings\kevin.family-computer\local settings\application data\servicesys32.dll (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.

__________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:06:11 AM, on 10/17/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\KIVEN\System32\smss.exe

C:\WINDOWS\KIVEN\system32\winlogon.exe

C:\WINDOWS\KIVEN\system32\services.exe

C:\WINDOWS\KIVEN\system32\lsass.exe

C:\WINDOWS\KIVEN\system32\svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\KIVEN\System32\svchost.exe

C:\WINDOWS\KIVEN\system32\spoolsv.exe

C:\WINDOWS\KIVEN\System32\svchost.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\KIVEN\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\KIVEN\Explorer.EXE

C:\Program Files\D-Link\Air Utility\AirCFG.exe

C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

C:\WINDOWS\KIVEN\System32\igfxtray.exe

C:\WINDOWS\KIVEN\System32\hkcmd.exe

C:\WINDOWS\KIVEN\System32\igfxpers.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\WINDOWS\KIVEN\SOUNDMAN.EXE

C:\WINDOWS\KIVEN\ALCWZRD.EXE

C:\WINDOWS\KIVEN\ALCMTR.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\KIVEN\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\KIVEN\system32\wuauclt.exe

C:\WINDOWS\KIVEN\system32\rundll32.exe

C:\WINDOWS\KIVEN\system32\rundll32.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\KIVEN\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Kevin.FAMILY-COMPUTER\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe

O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\KIVEN\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\KIVEN\System32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\KIVEN\System32\igfxpers.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\KIVEN\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [intelTrayManager] rundll32.exe "C:\Documents and Settings\All Users.KIVEN\Application Data\IntelTrayManager.dll",DllRegisterServer

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - S-1-5-18 Startup: CurseClientStartup.ccip (User 'SYSTEM')

O4 - .DEFAULT Startup: CurseClientStartup.ccip (User 'Default user')

O4 - Startup: CurseClientStartup.ccip

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\KIVEN\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\KIVEN\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8942.cab

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.syste...el_4.3.16.0.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 7437 bytes

post-32545-0-35311700-1318966563.png

Link to post
Share on other sites

Hi and Welcome to the Malwarebytes Forum,

Download TFC to your desktop.

  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

Download DDS and save it to your desktop from HERE or HERE.

dds_scr.gif

Disable any script blocking programs you may have installed (such as Norton script blocking), and then double-click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt

    [*]Save both reports to your desktop

    [*]Please copy and paste dds.txt into your next reply and hold on to attach.txt for now.

Some background information on what we're planning to do can be found HERE

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    This is the executable version:
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

To sum it up - I'd like your to copy/paste dds.txt and the tdsskiler log into your next reply. Thank You!

Link to post
Share on other sites

Thanks, for replying to my post and helping me out. I've also scanned with Microsoft security program before I posted this thread forgot to post that in my orginal,and I will post the findings from there at the bottem. Nothing was found from TDS

_____________________________________________________________________________

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Run by Kevin at 12:27:05 on 2011-10-19

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1526.873 [GMT -4:00]

.

AV: Malware Defense *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\KIVEN\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\KIVEN\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\KIVEN\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\KIVEN\System32\svchost.exe -k Akamai

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\KIVEN\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\KIVEN\Explorer.EXE

C:\WINDOWS\KIVEN\system32\wuauclt.exe

C:\Program Files\D-Link\Air Utility\AirCFG.exe

C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

C:\WINDOWS\KIVEN\System32\igfxtray.exe

C:\WINDOWS\KIVEN\System32\hkcmd.exe

C:\WINDOWS\KIVEN\System32\igfxpers.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\WINDOWS\KIVEN\SOUNDMAN.EXE

C:\WINDOWS\KIVEN\ALCWZRD.EXE

C:\WINDOWS\KIVEN\ALCMTR.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\KIVEN\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\kiven\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [AdobeBridge]

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

mRun: [D-Link Air Utility] c:\program files\d-link\air utility\AirCFG.exe

mRun: [ANIWZCSService] c:\program files\alpha networks\aniwzcs service\WZCSLDR.exe

mRun: [igfxTray] c:\windows\kiven\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\kiven\system32\hkcmd.exe

mRun: [Persistence] c:\windows\kiven\system32\igfxpers.exe

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AtiPTA] Atiptaxx.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\documents and settings\kevin.family-computer\start menu\programs\startup\CurseClientStartup.ccip

StartupFolder: c:\docume~1\alluse~1.kiv\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1.kiv\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\docume~1\alluse~1.kiv\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: live.com\onecare

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{1E86CE61-3336-4597-8D6F-40133635EEDA} : DhcpNameServer = 192.168.1.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\kevin.family-computer\application data\mozilla\firefox\profiles\ft67vuhu.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\kiven\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: XUL Cache: {fc9c9a7a-3f2e-4caa-bdec-1eed61750c83} - %profile%\extensions\{fc9c9a7a-3f2e-4caa-bdec-1eed61750c83}

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\kiven\system32\drivers\MpFilter.sys [2009-12-2 165648]

R1 MpKsl1f19516d;MpKsl1f19516d;c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{13304b4a-015b-425b-86e5-b2385e9cd226}\MpKsl1f19516d.sys [2011-10-19 28752]

R1 MpKsl7075ead6;MpKsl7075ead6;c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{13304b4a-015b-425b-86e5-b2385e9cd226}\MpKsl7075ead6.sys [2011-10-19 28752]

R2 Akamai;Akamai NetSession Interface;c:\windows\kiven\system32\svchost.exe -k Akamai [2003-3-31 14336]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\kiven\system32\drivers\EAPPkt.sys [2007-10-9 38144]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-4 1361288]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-7 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\kiven\system32\drivers\mbam.sys [2011-3-7 22216]

R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\kiven\system32\drivers\wg111v3.sys [2007-12-28 341504]

R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\kiven\system32\drivers\whfltr2k.sys [2011-8-23 7424]

S0 wyibviqo;wyibviqo;c:\windows\kiven\system32\drivers\ekrust.sys --> c:\windows\kiven\system32\drivers\ekrust.sys [?]

S1 MpKsl000aa11c;MpKsl000aa11c;\??\c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{1542ce2c-9c5b-46e2-83e8-61bd021f1258}\mpksl000aa11c.sys --> c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{1542ce2c-9c5b-46e2-83e8-61bd021f1258}\MpKsl000aa11c.sys [?]

S1 MpKsl04bf62c0;MpKsl04bf62c0;\??\c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{4df61b47-6f5e-4625-9b83-f3aeb939f9c0}\mpksl04bf62c0.sys --> c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{4df61b47-6f5e-4625-9b83-f3aeb939f9c0}\MpKsl04bf62c0.sys [?]

S1 MpKsl20ccc7a6;MpKsl20ccc7a6;\??\c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{281febfc-a0d6-4c42-917f-aa6fb338686c}\mpksl20ccc7a6.sys --> c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{281febfc-a0d6-4c42-917f-aa6fb338686c}\MpKsl20ccc7a6.sys [?]

S1 MpKsl2627ac03;MpKsl2627ac03;\??\c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{3604906c-6aaf-4ecb-a4e9-b7c5dc8ddbb6}\mpksl2627ac03.sys --> c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{3604906c-6aaf-4ecb-a4e9-b7c5dc8ddbb6}\MpKsl2627ac03.sys [?]

S1 MpKsl3f973087;MpKsl3f973087;\??\c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{ae128a53-7530-4fc4-8c23-8cbd0e8af513}\mpksl3f973087.sys --> c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{ae128a53-7530-4fc4-8c23-8cbd0e8af513}\MpKsl3f973087.sys [?]

S1 MpKsl74288d06;MpKsl74288d06;\??\c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{af4edb8a-b458-486d-9ef0-b7be7ae75c0a}\mpksl74288d06.sys --> c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{af4edb8a-b458-486d-9ef0-b7be7ae75c0a}\MpKsl74288d06.sys [?]

S1 MpKsl84914982;MpKsl84914982;\??\c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{eacd814b-fb88-4679-8845-4bd22637d0c7}\mpksl84914982.sys --> c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{eacd814b-fb88-4679-8845-4bd22637d0c7}\MpKsl84914982.sys [?]

S1 MpKsl881682b7;MpKsl881682b7;\??\c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{39142419-2a70-4b9f-b6a4-e928998f87a7}\mpksl881682b7.sys --> c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{39142419-2a70-4b9f-b6a4-e928998f87a7}\MpKsl881682b7.sys [?]

S1 MpKslbbd71ee3;MpKslbbd71ee3;\??\c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{376c8f51-ddb0-41f2-9f16-35b00f3b613d}\mpkslbbd71ee3.sys --> c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{376c8f51-ddb0-41f2-9f16-35b00f3b613d}\MpKslbbd71ee3.sys [?]

S1 MpKsle8ce0e21;MpKsle8ce0e21;\??\c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{edbc3ec2-97b3-4f3e-8118-423b79ebf080}\mpksle8ce0e21.sys --> c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{edbc3ec2-97b3-4f3e-8118-423b79ebf080}\MpKsle8ce0e21.sys [?]

S1 MpKslfaa86dbf;MpKslfaa86dbf;\??\c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{376c8f51-ddb0-41f2-9f16-35b00f3b613d}\mpkslfaa86dbf.sys --> c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{376c8f51-ddb0-41f2-9f16-35b00f3b613d}\MpKslfaa86dbf.sys [?]

S1 MpKslfbde92ee;MpKslfbde92ee;\??\c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{edbc3ec2-97b3-4f3e-8118-423b79ebf080}\mpkslfbde92ee.sys --> c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{edbc3ec2-97b3-4f3e-8118-423b79ebf080}\MpKslfbde92ee.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\kiven\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 20RN0Ly4;20RN0Ly4;\??\c:\windows\kiven\system32\drivers\20rn0ly4.sys --> c:\windows\kiven\system32\drivers\20RN0Ly4.sys [?]

S3 ati2mpad;ati2mpad;c:\windows\kiven\system32\drivers\ati2mpad.sys [2002-2-18 303360]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;c:\windows\kiven\system32\drivers\PRISMNDS.sys [2003-7-17 676352]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\kiven\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-10-19 16:14:01 56200 ----a-w- c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{13304b4a-015b-425b-86e5-b2385e9cd226}\offreg.dll

2011-10-19 15:40:07 28752 ----a-w- c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{13304b4a-015b-425b-86e5-b2385e9cd226}\MpKsl7075ead6.sys

2011-10-19 15:35:09 28752 ----a-w- c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{13304b4a-015b-425b-86e5-b2385e9cd226}\MpKsl1f19516d.sys

2011-10-18 23:44:31 6668624 ----a-w- c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\{13304b4a-015b-425b-86e5-b2385e9cd226}\mpengine.dll

2011-10-11 02:55:58 -------- d-----w- c:\documents and settings\kevin.family-computer\local settings\application data\Ilivid Player

2011-10-11 02:54:08 -------- d-----w- c:\program files\iLivid

2011-10-11 02:51:36 -------- d-----w- c:\documents and settings\kevin.family-computer\local settings\application data\PackageAware

2011-10-07 20:26:23 -------- d-----w- c:\documents and settings\kevin.family-computer\riotsGamesLogs

2011-10-07 20:26:05 -------- d-----w- c:\documents and settings\kevin.family-computer\application data\LolClient

2011-10-07 18:07:22 -------- d-----w- C:\Riot Games

2011-10-02 01:28:17 -------- d-----w- c:\documents and settings\kevin.family-computer\application data\pymclevel

2011-10-02 01:27:48 -------- d-----w- c:\documents and settings\kevin.family-computer\local settings\application data\MCEdit

2011-09-26 06:15:46 7269712 ----a-w- c:\documents and settings\all users.kiven\application data\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll

2011-09-26 01:00:02 139656 -c----w- c:\windows\kiven\system32\dllcache\rdpwd.sys

2011-09-26 00:55:47 10496 -c----w- c:\windows\kiven\system32\dllcache\ndistapi.sys

2011-09-21 02:35:58 -------- d-----w- c:\windows\kiven\system32\wbem\repository\FS

2011-09-21 02:35:58 -------- d-----w- c:\windows\kiven\system32\wbem\Repository

.

==================== Find3M ====================

.

2011-10-12 19:52:34 414368 ----a-w- c:\windows\kiven\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:12:13 599040 ----a-w- c:\windows\kiven\system32\crypt32.dll

2011-08-31 21:00:50 22216 ----a-w- c:\windows\kiven\system32\drivers\mbam.sys

.

============= FINISH: 12:27:56.90 ===============

_____________________________________________________________________________

12:31:10.0828 2208 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27

12:31:11.0156 2208 ============================================================

12:31:11.0156 2208 Current date / time: 2011/10/19 12:31:11.0156

12:31:11.0156 2208 SystemInfo:

12:31:11.0156 2208

12:31:11.0156 2208 OS Version: 5.1.2600 ServicePack: 3.0

12:31:11.0156 2208 Product type: Workstation

12:31:11.0156 2208 ComputerName: FAMILY-COMPUTER

12:31:11.0156 2208 UserName: Kevin

12:31:11.0156 2208 Windows directory: C:\WINDOWS\KIVEN

12:31:11.0156 2208 System windows directory: C:\WINDOWS\KIVEN

12:31:11.0156 2208 Processor architecture: Intel x86

12:31:11.0156 2208 Number of processors: 2

12:31:11.0156 2208 Page size: 0x1000

12:31:11.0156 2208 Boot type: Normal boot

12:31:11.0156 2208 ============================================================

12:31:12.0484 2208 Initialize success

12:31:59.0156 1712 ============================================================

12:31:59.0156 1712 Scan started

12:31:59.0156 1712 Mode: Manual;

12:31:59.0156 1712 ============================================================

12:31:59.0468 1712 20RN0Ly4 - ok

12:31:59.0500 1712 Abiosdsk - ok

12:31:59.0515 1712 abp480n5 - ok

12:31:59.0578 1712 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\KIVEN\system32\DRIVERS\ACPI.sys

12:31:59.0578 1712 ACPI - ok

12:31:59.0625 1712 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\KIVEN\system32\drivers\ACPIEC.sys

12:31:59.0625 1712 ACPIEC - ok

12:31:59.0640 1712 adpu160m - ok

12:31:59.0671 1712 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\KIVEN\system32\drivers\aec.sys

12:31:59.0687 1712 aec - ok

12:31:59.0734 1712 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\KIVEN\system32\DRIVERS\AegisP.sys

12:31:59.0734 1712 AegisP - ok

12:31:59.0796 1712 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\KIVEN\System32\drivers\afd.sys

12:31:59.0796 1712 AFD - ok

12:31:59.0812 1712 Aha154x - ok

12:31:59.0828 1712 aic78u2 - ok

12:31:59.0843 1712 aic78xx - ok

12:31:59.0859 1712 AliIde - ok

12:31:59.0875 1712 amsint - ok

12:31:59.0937 1712 ANIO (4a5c7eaefa4c43d139c402c6da5bfd2c) C:\WINDOWS\KIVEN\System32\ANIO.SYS

12:31:59.0937 1712 ANIO - ok

12:31:59.0984 1712 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\KIVEN\system32\DRIVERS\arp1394.sys

12:31:59.0984 1712 Arp1394 - ok

12:32:00.0000 1712 asc - ok

12:32:00.0015 1712 asc3350p - ok

12:32:00.0031 1712 asc3550 - ok

12:32:00.0078 1712 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\KIVEN\system32\DRIVERS\asyncmac.sys

12:32:00.0078 1712 AsyncMac - ok

12:32:00.0140 1712 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\KIVEN\system32\DRIVERS\atapi.sys

12:32:00.0140 1712 atapi - ok

12:32:00.0156 1712 Atdisk - ok

12:32:00.0218 1712 ati2mpad (31f9bbb4cbe149c6305da08e4a38c83f) C:\WINDOWS\KIVEN\system32\DRIVERS\ati2mpad.sys

12:32:00.0218 1712 ati2mpad - ok

12:32:00.0281 1712 atirage3 (79e888ccceafb49764b254c2537f1afb) C:\WINDOWS\KIVEN\system32\DRIVERS\atimpae.sys

12:32:00.0281 1712 atirage3 - ok

12:32:00.0312 1712 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\KIVEN\system32\DRIVERS\atmarpc.sys

12:32:00.0328 1712 Atmarpc - ok

12:32:00.0359 1712 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\KIVEN\system32\DRIVERS\audstub.sys

12:32:00.0359 1712 audstub - ok

12:32:00.0421 1712 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\KIVEN\system32\drivers\Beep.sys

12:32:00.0421 1712 Beep - ok

12:32:00.0468 1712 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\KIVEN\system32\drivers\cbidf2k.sys

12:32:00.0468 1712 cbidf2k - ok

12:32:00.0500 1712 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\KIVEN\system32\DRIVERS\CCDECODE.sys

12:32:00.0500 1712 CCDECODE - ok

12:32:00.0515 1712 cd20xrnt - ok

12:32:00.0531 1712 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\KIVEN\system32\drivers\Cdaudio.sys

12:32:00.0531 1712 Cdaudio - ok

12:32:00.0562 1712 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\KIVEN\system32\drivers\Cdfs.sys

12:32:00.0562 1712 Cdfs - ok

12:32:00.0578 1712 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\KIVEN\system32\DRIVERS\cdrom.sys

12:32:00.0578 1712 Cdrom - ok

12:32:00.0593 1712 Changer - ok

12:32:00.0625 1712 CmdIde - ok

12:32:00.0640 1712 Cpqarray - ok

12:32:00.0781 1712 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys

12:32:00.0781 1712 cpudrv - ok

12:32:00.0796 1712 dac2w2k - ok

12:32:00.0812 1712 dac960nt - ok

12:32:00.0843 1712 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\KIVEN\system32\DRIVERS\disk.sys

12:32:00.0843 1712 Disk - ok

12:32:00.0890 1712 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\KIVEN\system32\drivers\dmboot.sys

12:32:00.0906 1712 dmboot - ok

12:32:00.0921 1712 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\KIVEN\system32\drivers\dmio.sys

12:32:00.0937 1712 dmio - ok

12:32:00.0968 1712 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\KIVEN\system32\drivers\dmload.sys

12:32:00.0968 1712 dmload - ok

12:32:01.0015 1712 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\KIVEN\system32\drivers\DMusic.sys

12:32:01.0015 1712 DMusic - ok

12:32:01.0062 1712 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\KIVEN\system32\DRIVERS\Dot4Prt.sys

12:32:01.0062 1712 Dot4Print - ok

12:32:01.0078 1712 dpti2o - ok

12:32:01.0109 1712 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\KIVEN\system32\drivers\drmkaud.sys

12:32:01.0109 1712 drmkaud - ok

12:32:01.0156 1712 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\KIVEN\system32\DRIVERS\e100b325.sys

12:32:01.0171 1712 E100B - ok

12:32:01.0187 1712 EagleNT - ok

12:32:01.0234 1712 EAPPkt (c47e7c5e7410c7de98f7219e3008c23d) C:\WINDOWS\KIVEN\system32\DRIVERS\EAPPkt.sys

12:32:01.0234 1712 EAPPkt - ok

12:32:01.0265 1712 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\KIVEN\system32\drivers\Fastfat.sys

12:32:01.0265 1712 Fastfat - ok

12:32:01.0296 1712 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\KIVEN\system32\drivers\Fdc.sys

12:32:01.0296 1712 Fdc - ok

12:32:01.0328 1712 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\KIVEN\system32\DRIVERS\lvuvcflt.sys

12:32:01.0328 1712 FilterService - ok

12:32:01.0375 1712 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\KIVEN\system32\drivers\Fips.sys

12:32:01.0375 1712 Fips - ok

12:32:01.0390 1712 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\KIVEN\system32\drivers\Flpydisk.sys

12:32:01.0390 1712 Flpydisk - ok

12:32:01.0406 1712 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\KIVEN\system32\drivers\fltmgr.sys

12:32:01.0406 1712 FltMgr - ok

12:32:01.0468 1712 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\KIVEN\system32\drivers\Fs_Rec.sys

12:32:01.0468 1712 Fs_Rec - ok

12:32:01.0484 1712 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\KIVEN\system32\DRIVERS\ftdisk.sys

12:32:01.0484 1712 Ftdisk - ok

12:32:01.0515 1712 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\KIVEN\system32\DRIVERS\msgpc.sys

12:32:01.0515 1712 Gpc - ok

12:32:01.0546 1712 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\KIVEN\system32\DRIVERS\hamachi.sys

12:32:01.0546 1712 hamachi - ok

12:32:01.0593 1712 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\KIVEN\system32\DRIVERS\HDAudBus.sys

12:32:01.0593 1712 HDAudBus - ok

12:32:01.0625 1712 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\KIVEN\system32\DRIVERS\hidusb.sys

12:32:01.0625 1712 hidusb - ok

12:32:01.0640 1712 hpn - ok

12:32:01.0687 1712 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\KIVEN\system32\DRIVERS\HSFHWBS2.sys

12:32:01.0687 1712 HSFHWBS2 - ok

12:32:01.0765 1712 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\KIVEN\system32\DRIVERS\HSF_DPV.sys

12:32:01.0796 1712 HSF_DPV - ok

12:32:01.0875 1712 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\KIVEN\system32\Drivers\HTTP.sys

12:32:01.0875 1712 HTTP - ok

12:32:01.0890 1712 i2omgmt - ok

12:32:01.0906 1712 i2omp - ok

12:32:01.0968 1712 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\KIVEN\system32\drivers\i8042prt.sys

12:32:01.0968 1712 i8042prt - ok

12:32:02.0218 1712 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\KIVEN\system32\DRIVERS\igxpmp32.sys

12:32:02.0437 1712 ialm - ok

12:32:02.0484 1712 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\KIVEN\system32\DRIVERS\imapi.sys

12:32:02.0484 1712 Imapi - ok

12:32:02.0500 1712 ini910u - ok

12:32:02.0640 1712 IntcAzAudAddService (2262f37983e91e97e10de301e96367e0) C:\WINDOWS\KIVEN\system32\drivers\RtkHDAud.sys

12:32:02.0671 1712 IntcAzAudAddService - ok

12:32:02.0687 1712 IntelIde - ok

12:32:02.0734 1712 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\KIVEN\system32\DRIVERS\intelppm.sys

12:32:02.0734 1712 intelppm - ok

12:32:02.0781 1712 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\KIVEN\system32\drivers\ip6fw.sys

12:32:02.0781 1712 ip6fw - ok

12:32:02.0812 1712 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\KIVEN\system32\DRIVERS\ipfltdrv.sys

12:32:02.0812 1712 IpFilterDriver - ok

12:32:02.0843 1712 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\KIVEN\system32\DRIVERS\ipinip.sys

12:32:02.0843 1712 IpInIp - ok

12:32:02.0890 1712 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\KIVEN\system32\DRIVERS\ipnat.sys

12:32:02.0890 1712 IpNat - ok

12:32:02.0906 1712 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\KIVEN\system32\DRIVERS\ipsec.sys

12:32:02.0906 1712 IPSec - ok

12:32:02.0937 1712 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\KIVEN\system32\DRIVERS\irenum.sys

12:32:02.0937 1712 IRENUM - ok

12:32:02.0984 1712 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\KIVEN\system32\DRIVERS\isapnp.sys

12:32:02.0984 1712 isapnp - ok

12:32:03.0000 1712 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\KIVEN\system32\DRIVERS\kbdclass.sys

12:32:03.0000 1712 Kbdclass - ok

12:32:03.0031 1712 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\KIVEN\system32\DRIVERS\kbdhid.sys

12:32:03.0031 1712 kbdhid - ok

12:32:03.0046 1712 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\KIVEN\system32\drivers\kmixer.sys

12:32:03.0046 1712 kmixer - ok

12:32:03.0093 1712 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\KIVEN\system32\drivers\KSecDD.sys

12:32:03.0093 1712 KSecDD - ok

12:32:03.0109 1712 lbrtfdc - ok

12:32:03.0156 1712 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\KIVEN\system32\DRIVERS\lvrs.sys

12:32:03.0187 1712 LVRS - ok

12:32:03.0218 1712 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\KIVEN\system32\drivers\LVUSBSta.sys

12:32:03.0218 1712 LVUSBSta - ok

12:32:03.0359 1712 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\KIVEN\system32\DRIVERS\lvuvc.sys

12:32:03.0468 1712 LVUVC - ok

12:32:03.0500 1712 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\KIVEN\system32\drivers\mbam.sys

12:32:03.0500 1712 MBAMProtector - ok

12:32:03.0531 1712 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\KIVEN\system32\DRIVERS\mdmxsdk.sys

12:32:03.0531 1712 mdmxsdk - ok

12:32:03.0593 1712 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\KIVEN\system32\drivers\mnmdd.sys

12:32:03.0593 1712 mnmdd - ok

12:32:03.0656 1712 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\KIVEN\system32\drivers\Modem.sys

12:32:03.0656 1712 Modem - ok

12:32:03.0687 1712 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\KIVEN\system32\DRIVERS\mouclass.sys

12:32:03.0687 1712 Mouclass - ok

12:32:03.0703 1712 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\KIVEN\system32\DRIVERS\mouhid.sys

12:32:03.0703 1712 mouhid - ok

12:32:03.0734 1712 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\KIVEN\system32\drivers\MountMgr.sys

12:32:03.0734 1712 MountMgr - ok

12:32:03.0765 1712 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\KIVEN\system32\DRIVERS\MpFilter.sys

12:32:03.0765 1712 MpFilter - ok

12:32:03.0890 1712 MpKsl000aa11c - ok

12:32:03.0906 1712 MpKsl04bf62c0 - ok

12:32:03.0968 1712 MpKsl1f19516d (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13304B4A-015B-425B-86E5-B2385E9CD226}\MpKsl1f19516d.sys

12:32:03.0968 1712 MpKsl1f19516d - ok

12:32:03.0968 1712 MpKsl20ccc7a6 - ok

12:32:03.0968 1712 MpKsl2627ac03 - ok

12:32:03.0984 1712 MpKsl3f973087 - ok

12:32:04.0000 1712 MpKsl7075ead6 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13304B4A-015B-425B-86E5-B2385E9CD226}\MpKsl7075ead6.sys

12:32:04.0000 1712 MpKsl7075ead6 - ok

12:32:04.0015 1712 MpKsl74288d06 - ok

12:32:04.0015 1712 MpKsl84914982 - ok

12:32:04.0015 1712 MpKsl881682b7 - ok

12:32:04.0031 1712 MpKslbbd71ee3 - ok

12:32:04.0031 1712 MpKsle8ce0e21 - ok

12:32:04.0046 1712 MpKslfaa86dbf - ok

12:32:04.0046 1712 MpKslfbde92ee - ok

12:32:04.0156 1712 mraid35x - ok

12:32:04.0218 1712 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\KIVEN\system32\DRIVERS\mrxdav.sys

12:32:04.0218 1712 MRxDAV - ok

12:32:04.0281 1712 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\KIVEN\system32\DRIVERS\mrxsmb.sys

12:32:04.0296 1712 MRxSmb - ok

12:32:04.0328 1712 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\KIVEN\system32\drivers\Msfs.sys

12:32:04.0328 1712 Msfs - ok

12:32:04.0359 1712 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\KIVEN\system32\drivers\MSKSSRV.sys

12:32:04.0359 1712 MSKSSRV - ok

12:32:04.0375 1712 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\KIVEN\system32\drivers\MSPCLOCK.sys

12:32:04.0375 1712 MSPCLOCK - ok

12:32:04.0390 1712 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\KIVEN\system32\drivers\MSPQM.sys

12:32:04.0390 1712 MSPQM - ok

12:32:04.0437 1712 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\KIVEN\system32\DRIVERS\mssmbios.sys

12:32:04.0437 1712 mssmbios - ok

12:32:04.0468 1712 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\KIVEN\system32\drivers\MSTEE.sys

12:32:04.0468 1712 MSTEE - ok

12:32:04.0515 1712 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\KIVEN\system32\drivers\Mup.sys

12:32:04.0515 1712 Mup - ok

12:32:04.0546 1712 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\KIVEN\system32\DRIVERS\NABTSFEC.sys

12:32:04.0546 1712 NABTSFEC - ok

12:32:04.0593 1712 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\KIVEN\system32\drivers\NDIS.sys

12:32:04.0593 1712 NDIS - ok

12:32:04.0625 1712 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\KIVEN\system32\DRIVERS\NdisIP.sys

12:32:04.0625 1712 NdisIP - ok

12:32:04.0671 1712 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\KIVEN\system32\DRIVERS\ndistapi.sys

12:32:04.0671 1712 NdisTapi - ok

12:32:04.0703 1712 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\KIVEN\system32\DRIVERS\ndisuio.sys

12:32:04.0703 1712 Ndisuio - ok

12:32:04.0718 1712 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\KIVEN\system32\DRIVERS\ndiswan.sys

12:32:04.0734 1712 NdisWan - ok

12:32:04.0781 1712 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\KIVEN\system32\drivers\NDProxy.sys

12:32:04.0781 1712 NDProxy - ok

12:32:04.0812 1712 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\KIVEN\system32\DRIVERS\netbios.sys

12:32:04.0812 1712 NetBIOS - ok

12:32:04.0843 1712 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\KIVEN\system32\DRIVERS\netbt.sys

12:32:04.0843 1712 NetBT - ok

12:32:04.0890 1712 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\KIVEN\system32\DRIVERS\nic1394.sys

12:32:04.0890 1712 NIC1394 - ok

12:32:04.0906 1712 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\KIVEN\system32\drivers\Npfs.sys

12:32:04.0921 1712 Npfs - ok

12:32:04.0984 1712 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\KIVEN\system32\drivers\Ntfs.sys

12:32:05.0000 1712 Ntfs - ok

12:32:05.0062 1712 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\KIVEN\system32\drivers\Null.sys

12:32:05.0062 1712 Null - ok

12:32:05.0109 1712 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\KIVEN\system32\DRIVERS\nwlnkflt.sys

12:32:05.0109 1712 NwlnkFlt - ok

12:32:05.0125 1712 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\KIVEN\system32\DRIVERS\nwlnkfwd.sys

12:32:05.0125 1712 NwlnkFwd - ok

12:32:05.0140 1712 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\KIVEN\system32\DRIVERS\ohci1394.sys

12:32:05.0140 1712 ohci1394 - ok

12:32:05.0187 1712 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\KIVEN\system32\DRIVERS\parport.sys

12:32:05.0187 1712 Parport - ok

12:32:05.0203 1712 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\KIVEN\system32\drivers\PartMgr.sys

12:32:05.0203 1712 PartMgr - ok

12:32:05.0218 1712 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\KIVEN\system32\drivers\ParVdm.sys

12:32:05.0234 1712 ParVdm - ok

12:32:05.0250 1712 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\KIVEN\system32\DRIVERS\pci.sys

12:32:05.0250 1712 PCI - ok

12:32:05.0265 1712 PCIDump - ok

12:32:05.0296 1712 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\KIVEN\system32\DRIVERS\pciide.sys

12:32:05.0296 1712 PCIIde - ok

12:32:05.0328 1712 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\KIVEN\system32\drivers\Pcmcia.sys

12:32:05.0328 1712 Pcmcia - ok

12:32:05.0343 1712 PDCOMP - ok

12:32:05.0359 1712 PDFRAME - ok

12:32:05.0375 1712 PDRELI - ok

12:32:05.0390 1712 PDRFRAME - ok

12:32:05.0406 1712 perc2 - ok

12:32:05.0421 1712 perc2hib - ok

12:32:05.0468 1712 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\KIVEN\system32\DRIVERS\raspptp.sys

12:32:05.0468 1712 PptpMiniport - ok

12:32:05.0531 1712 PRISM (68c947fafbd0b5143962d19017fe951a) C:\WINDOWS\KIVEN\system32\DRIVERS\PRISMNDS.sys

12:32:05.0546 1712 PRISM - ok

12:32:05.0578 1712 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\KIVEN\system32\DRIVERS\processr.sys

12:32:05.0578 1712 Processor - ok

12:32:05.0609 1712 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\KIVEN\system32\DRIVERS\psched.sys

12:32:05.0609 1712 PSched - ok

12:32:05.0640 1712 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\KIVEN\system32\DRIVERS\ptilink.sys

12:32:05.0640 1712 Ptilink - ok

12:32:05.0656 1712 ql1080 - ok

12:32:05.0671 1712 Ql10wnt - ok

12:32:05.0687 1712 ql12160 - ok

12:32:05.0703 1712 ql1240 - ok

12:32:05.0718 1712 ql1280 - ok

12:32:05.0750 1712 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\KIVEN\system32\DRIVERS\rasacd.sys

12:32:05.0750 1712 RasAcd - ok

12:32:05.0781 1712 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\KIVEN\system32\DRIVERS\rasl2tp.sys

12:32:05.0781 1712 Rasl2tp - ok

12:32:05.0796 1712 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\KIVEN\system32\DRIVERS\raspppoe.sys

12:32:05.0796 1712 RasPppoe - ok

12:32:05.0812 1712 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\KIVEN\system32\DRIVERS\raspti.sys

12:32:05.0812 1712 Raspti - ok

12:32:05.0843 1712 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\KIVEN\system32\DRIVERS\rdbss.sys

12:32:05.0843 1712 Rdbss - ok

12:32:05.0859 1712 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\KIVEN\system32\DRIVERS\RDPCDD.sys

12:32:05.0859 1712 RDPCDD - ok

12:32:05.0937 1712 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\KIVEN\system32\drivers\RDPWD.sys

12:32:05.0937 1712 RDPWD - ok

12:32:05.0968 1712 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\KIVEN\system32\DRIVERS\redbook.sys

12:32:05.0968 1712 redbook - ok

12:32:06.0046 1712 RTL8187B (de4635e8b7975d2b5d961299469a7462) C:\WINDOWS\KIVEN\system32\DRIVERS\wg111v3.sys

12:32:06.0046 1712 RTL8187B - ok

12:32:06.0093 1712 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\KIVEN\system32\DRIVERS\secdrv.sys

12:32:06.0093 1712 Secdrv - ok

12:32:06.0109 1712 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\KIVEN\system32\DRIVERS\serenum.sys

12:32:06.0109 1712 serenum - ok

12:32:06.0125 1712 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\KIVEN\system32\DRIVERS\serial.sys

12:32:06.0125 1712 Serial - ok

12:32:06.0187 1712 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\KIVEN\system32\drivers\Sfloppy.sys

12:32:06.0187 1712 Sfloppy - ok

12:32:06.0203 1712 Simbad - ok

12:32:06.0234 1712 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\KIVEN\system32\DRIVERS\SLIP.sys

12:32:06.0234 1712 SLIP - ok

12:32:06.0265 1712 Sparrow - ok

12:32:06.0296 1712 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\KIVEN\system32\drivers\splitter.sys

12:32:06.0312 1712 splitter - ok

12:32:06.0343 1712 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\KIVEN\system32\DRIVERS\sr.sys

12:32:06.0343 1712 sr - ok

12:32:06.0390 1712 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\KIVEN\system32\DRIVERS\srv.sys

12:32:06.0390 1712 Srv - ok

12:32:06.0437 1712 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\KIVEN\system32\DRIVERS\StreamIP.sys

12:32:06.0437 1712 streamip - ok

12:32:06.0468 1712 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\KIVEN\system32\DRIVERS\swenum.sys

12:32:06.0468 1712 swenum - ok

12:32:06.0500 1712 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\KIVEN\system32\drivers\swmidi.sys

12:32:06.0500 1712 swmidi - ok

12:32:06.0515 1712 symc810 - ok

12:32:06.0531 1712 symc8xx - ok

12:32:06.0546 1712 sym_hi - ok

12:32:06.0562 1712 sym_u3 - ok

12:32:06.0578 1712 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\KIVEN\system32\drivers\sysaudio.sys

12:32:06.0578 1712 sysaudio - ok

12:32:06.0656 1712 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\KIVEN\system32\DRIVERS\tcpip.sys

12:32:06.0656 1712 Tcpip - ok

12:32:06.0687 1712 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\KIVEN\system32\drivers\TDPIPE.sys

12:32:06.0687 1712 TDPIPE - ok

12:32:06.0703 1712 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\KIVEN\system32\drivers\TDTCP.sys

12:32:06.0718 1712 TDTCP - ok

12:32:06.0750 1712 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\KIVEN\system32\DRIVERS\termdd.sys

12:32:06.0750 1712 TermDD - ok

12:32:06.0765 1712 TosIde - ok

12:32:06.0812 1712 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\KIVEN\system32\drivers\Udfs.sys

12:32:06.0812 1712 Udfs - ok

12:32:06.0828 1712 ultra - ok

12:32:06.0859 1712 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\KIVEN\system32\DRIVERS\update.sys

12:32:06.0859 1712 Update - ok

12:32:06.0906 1712 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\KIVEN\system32\drivers\usbaudio.sys

12:32:06.0906 1712 usbaudio - ok

12:32:06.0921 1712 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\KIVEN\system32\DRIVERS\usbccgp.sys

12:32:06.0937 1712 usbccgp - ok

12:32:06.0984 1712 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\KIVEN\system32\DRIVERS\usbehci.sys

12:32:06.0984 1712 usbehci - ok

12:32:07.0015 1712 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\KIVEN\system32\DRIVERS\usbhub.sys

12:32:07.0015 1712 usbhub - ok

12:32:07.0062 1712 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\KIVEN\system32\DRIVERS\usbprint.sys

12:32:07.0062 1712 usbprint - ok

12:32:07.0078 1712 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\KIVEN\system32\DRIVERS\USBSTOR.SYS

12:32:07.0078 1712 usbstor - ok

12:32:07.0109 1712 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\KIVEN\system32\DRIVERS\usbuhci.sys

12:32:07.0109 1712 usbuhci - ok

12:32:07.0125 1712 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\KIVEN\System32\drivers\vga.sys

12:32:07.0140 1712 VgaSave - ok

12:32:07.0140 1712 ViaIde - ok

12:32:07.0187 1712 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\KIVEN\system32\drivers\VolSnap.sys

12:32:07.0187 1712 VolSnap - ok

12:32:07.0234 1712 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\KIVEN\system32\DRIVERS\wanarp.sys

12:32:07.0234 1712 Wanarp - ok

12:32:07.0250 1712 WDICA - ok

12:32:07.0281 1712 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\KIVEN\system32\drivers\wdmaud.sys

12:32:07.0281 1712 wdmaud - ok

12:32:07.0312 1712 whfltr2k (b4e9b84c2eff6e2f28403a8e44926eb5) C:\WINDOWS\KIVEN\system32\DRIVERS\whfltr2k.sys

12:32:07.0312 1712 whfltr2k - ok

12:32:07.0390 1712 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\KIVEN\system32\DRIVERS\HSF_CNXT.sys

12:32:07.0421 1712 winachsf - ok

12:32:07.0515 1712 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\KIVEN\system32\DRIVERS\WSTCODEC.SYS

12:32:07.0515 1712 WSTCODEC - ok

12:32:07.0531 1712 wyibviqo - ok

12:32:07.0593 1712 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

12:32:07.0781 1712 \Device\Harddisk0\DR0 - ok

12:32:07.0781 1712 Boot (0x1200) (52c2cf908224989f0b18b1dbfcdd3471) \Device\Harddisk0\DR0\Partition0

12:32:07.0781 1712 \Device\Harddisk0\DR0\Partition0 - ok

12:32:07.0781 1712 Boot (0x1200) (462265addafadcdc18749730af23fb32) \Device\Harddisk0\DR0\Partition1

12:32:07.0781 1712 \Device\Harddisk0\DR0\Partition1 - ok

12:32:07.0796 1712 ============================================================

12:32:07.0796 1712 Scan finished

12:32:07.0796 1712 ============================================================

12:32:07.0796 3316 Detected object count: 0

12:32:07.0796 3316 Actual detected object count: 0

_____________________________________________________________________________

MicrosoftSecurity Ess. Findings:

post-32545-0-11463700-1319042290.png

Link to post
Share on other sites

Now for some additional instructions - but just a general note - when I tell you to download something to the infected PC, it is really better if you download the troubleshooting program in question to a clean PC and transfer it to the infected PC via an otherwise empty USB Flash drive or other media.

First, I want you to clear the Java cache:

Go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
    • Trace and Log Files

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*] Click OK to leave the Temporary Files Window

    [*]Click OK to leave the Java Control Panel.

As Java Cache can be an infection repository, You can quickly scan it periodically for infectious elements, by right-clicking the following folder and selecting the "Scan with <Your antivirus>" option:

The location of this folder is:

In XP:

C:\Documents and Settings\<user_name>\Application Data\Sun\Java\Deployment\cache\

Reset Internet Proxy Settings if they were altered by the infection for all browsers you use by following these directions:

http://forums.avg.com/us-en/avg-forums?sec=thread&act=show&id=166875

Download and run a complete scan with the Microsoft Malicious Removal Tool:

Download Microsoft's Malicious Software Removal Tool (MSRT) to your desktop

Save and Rename it as You download it to explorer.exe

Double-click explorer.exe on your Desktop to run it

In the "Scan Type" selection window, select "Full Scan"

Perform a Full scan and the Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Click on Start, Run

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log

You can use this tutorial as a guide, then attach the resulting scan report to your next reply:

http://secure-computer-solutions.com/blog/2010/09/scanning_and_removing_malware.html

Please Run ComboFix by following the steps provided in exactly this sequence:

Here is a tutorial that describes how to download, install and run Combofix. Please thoroughly review it beofre proceeding:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Very Important! BEFORE downloading Combofix, temporarily disable your antivirus and antimalware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix and even remove onboard components so it is rendered ineffective:

http://www.bleepingcomputer.com/forums/topic114351.html

Note: The above tutorial does not tell you to rename Combofix as I am about to instruct you to do in the following instructions, so make sure you complete the renaming step before launching Combofix.

Using ComboFix ->

Please download Combofix from one of these locations:

HERE or HERE

I want you to rename Combofix.exe as you download it to iexplore.exe

Notes:

  • It is very important that save the newly renamed EXE file to your desktop.
  • You must rename Combofixe.exe as you download it and not after it is on your computer.
    You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:
    • Open Firefox
    • Click Tools -> Options -> Main
    • Under the downloads section check the button that says "Always ask me where to save files".
    • Click OK

    [*]For Internet Explorer:

    • Choose to save, not open the file
    • When prompted - save the file to your desktop, and rename it iexplore.exe.

Running Combofix

In the event you already have Combofix, please delete it as this is a new version.

  • Close any open browsers and programs.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • If Combofix asks to update, please allow it to do so. If it renames itself back to Combofix.exe - this is normal!!
  • If You are running Windows XP, and Combofix asks to install the Recovery Console, please allow it to do so or it WILL NOT perform it's normal malware removal capabilities. This is for your safety !!

1. To Launch Combofix

Click Start --> Run, and enter (copy/paste)this command exactly as shown:

"%userprofile%\desktop\iexplore.exe" /killall

2. When finished, it will produce a logfile located at C:\ComboFix.txt

3. Post the contents of that log in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Please post C:\ComboFix.txt in your next reply.

If You have problems running Combofix then try running it in "Safe Mode with Networking" as follows:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading normally, the Advanced Options Menu should appear;
  • Select the option, to run Windows in "Safe Mode with Networking", then press Enter.
  • Choose your usual account, and launch Combofix as directed above.

=============

NOTE: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

-------------------

Please copy/paste the following into your next reply:

c:\windows\debug\mrt.log (attach this)

C:\Combofix.txt

Link to post
Share on other sites

You may have to modify your browser settings if you use Firefox, so you can rename the file as you download it. To do that:

Open Firefox

Click Tools -> Options -> Main

Under the downloads section check the button that says "Always ask me where to save files".

Click OK

For Internet Explorer:

Choose to save, not open the file

When prompted - save the file to your desktop, and rename it iexplore.exe.

Looks like you use Firefox so the above should help.

Link to post
Share on other sites

Ok got it loaded fully and finished the 2 scans. here are the reports.

Results Summary:

----------------

No infection found.

Return code: 0

Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 26 09:24:53 2006

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.14, March 2006

Started On Sat Apr 08 14:04:50 2006

->Sysclean WARNING: MemScanGetImagePathFromPid(2488) (Win32 Error Code: 0x00000057 (87):The parameter is incorrect.) [696]

Results Summary:

----------------

No infection found.

Return code: 0

Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 08 14:05:29 2006

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.15, April 2006

Started On Sun Apr 16 00:33:00 2006

Results Summary:

----------------

No infection found.

Return code: 0

Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 16 00:33:11 2006

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.16, May 2006

Started On Fri May 12 09:18:54 2006

Results Summary:

----------------

No infection found.

Return code: 0

Microsoft Windows Malicious Software Removal Tool Finished On Fri May 12 09:19:05 2006

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.17, June 2006

Started On Tue Jun 13 17:13:11 2006

Results Summary:

----------------

No infection found.

Return code: 0

Microsoft Windows Malicious Software Removal Tool Finished On Tue Jun 13 17:13:33 2006

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.5, December 2008

Started On Wed Jan 07 18:17:47 2009

Results Summary:

----------------

No infection found.

Return code: 0

Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 07 18:20:09 2009

________________________________________________________________

ComboFix 11-10-19.06 - Kevin 10/19/2011 19:29:21.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1526.901 [GMT -4:00]

Running from: c:\documents and settings\Kevin.FAMILY-COMPUTER\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator.FAMILY-COMPUTER\Application Data\Mozilla\Firefox\Profiles\ua6dk0uk.default\extensions\{fc9c9a7a-3f2e-4caa-bdec-1eed61750c83}

c:\documents and settings\Administrator.FAMILY-COMPUTER\Application Data\Mozilla\Firefox\Profiles\ua6dk0uk.default\extensions\{fc9c9a7a-3f2e-4caa-bdec-1eed61750c83}\chrome.manifest

c:\documents and settings\Administrator.FAMILY-COMPUTER\Application Data\Mozilla\Firefox\Profiles\ua6dk0uk.default\extensions\{fc9c9a7a-3f2e-4caa-bdec-1eed61750c83}\chrome\xulcache.jar

c:\documents and settings\Administrator.FAMILY-COMPUTER\Application Data\Mozilla\Firefox\Profiles\ua6dk0uk.default\extensions\{fc9c9a7a-3f2e-4caa-bdec-1eed61750c83}\defaults\preferences\xulcache.js

c:\documents and settings\Administrator.FAMILY-COMPUTER\Application Data\Mozilla\Firefox\Profiles\ua6dk0uk.default\extensions\{fc9c9a7a-3f2e-4caa-bdec-1eed61750c83}\install.rdf

c:\documents and settings\All Users.KIVEN\Application Data\h8srtmainqt.dll

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Kevin.FAMILY-COMPUTER\Application Data\Mozilla\Firefox\Profiles\ft67vuhu.default\extensions\{fc9c9a7a-3f2e-4caa-bdec-1eed61750c83}

c:\documents and settings\Kevin.FAMILY-COMPUTER\Application Data\Mozilla\Firefox\Profiles\ft67vuhu.default\extensions\{fc9c9a7a-3f2e-4caa-bdec-1eed61750c83}\chrome.manifest

c:\documents and settings\Kevin.FAMILY-COMPUTER\Application Data\Mozilla\Firefox\Profiles\ft67vuhu.default\extensions\{fc9c9a7a-3f2e-4caa-bdec-1eed61750c83}\chrome\xulcache.jar

c:\documents and settings\Kevin.FAMILY-COMPUTER\Application Data\Mozilla\Firefox\Profiles\ft67vuhu.default\extensions\{fc9c9a7a-3f2e-4caa-bdec-1eed61750c83}\defaults\preferences\xulcache.js

c:\documents and settings\Kevin.FAMILY-COMPUTER\Application Data\Mozilla\Firefox\Profiles\ft67vuhu.default\extensions\{fc9c9a7a-3f2e-4caa-bdec-1eed61750c83}\install.rdf

c:\documents and settings\Kevin.FAMILY-COMPUTER\Local Settings\Application Data\._Revolution_

c:\documents and settings\Kevin.FAMILY-COMPUTER\WINDOWS

c:\documents and settings\Kevin\WINDOWS

c:\documents and settings\Marie\WINDOWS

c:\documents and settings\Owner\WINDOWS

c:\documents and settings\Virginia\WINDOWS

C:\install.exe

c:\windows\KIVEN\bwUnin-8.1.1.50-8876480SL.exe

c:\windows\KIVEN\tsoc.log

H:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))

.

.

2011-10-19 23:18 . 2011-10-19 23:18 7271 ----a-w- c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2011-10-19 23:18 . 2011-10-19 23:18 8782 ----a-w- c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2011-10-19 16:14 . 2011-10-19 23:18 56200 ----a-w- c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13304B4A-015B-425B-86E5-B2385E9CD226}\offreg.dll

2011-10-19 15:40 . 2011-10-19 15:40 28752 ----a-w- c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13304B4A-015B-425B-86E5-B2385E9CD226}\MpKsl7075ead6.sys

2011-10-19 15:35 . 2011-10-19 15:35 28752 ----a-w- c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13304B4A-015B-425B-86E5-B2385E9CD226}\MpKsl1f19516d.sys

2011-10-18 23:44 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13304B4A-015B-425B-86E5-B2385E9CD226}\mpengine.dll

2011-10-11 02:55 . 2011-10-11 02:56 -------- d-----w- c:\documents and settings\Kevin.FAMILY-COMPUTER\Local Settings\Application Data\Ilivid Player

2011-10-11 02:54 . 2011-10-11 03:01 -------- d-----w- c:\program files\iLivid

2011-10-11 02:51 . 2011-10-11 02:51 -------- d-----w- c:\documents and settings\Kevin.FAMILY-COMPUTER\Local Settings\Application Data\PackageAware

2011-10-07 20:26 . 2011-10-16 18:08 -------- d-----w- c:\documents and settings\Kevin.FAMILY-COMPUTER\riotsGamesLogs

2011-10-07 20:26 . 2011-10-07 20:26 -------- d-----w- c:\documents and settings\Kevin.FAMILY-COMPUTER\Application Data\LolClient

2011-10-07 18:07 . 2011-10-07 18:07 -------- d-----w- C:\Riot Games

2011-10-02 01:28 . 2011-10-02 01:28 -------- d-----w- c:\documents and settings\Kevin.FAMILY-COMPUTER\Application Data\pymclevel

2011-10-02 01:27 . 2011-10-02 01:27 -------- d-----w- c:\documents and settings\Kevin.FAMILY-COMPUTER\Local Settings\Application Data\MCEdit

2011-09-26 06:15 . 2011-09-12 20:14 7269712 ----a-w- c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-09-26 01:00 . 2011-06-24 14:10 139656 -c----w- c:\windows\KIVEN\system32\dllcache\rdpwd.sys

2011-09-26 00:55 . 2011-07-08 14:02 10496 -c----w- c:\windows\KIVEN\system32\dllcache\ndistapi.sys

2011-09-21 02:35 . 2011-09-21 02:35 -------- d-----w- c:\windows\KIVEN\system32\wbem\Repository

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-12 19:52 . 2011-05-14 11:13 414368 ----a-w- c:\windows\KIVEN\system32\FlashPlayerCPLApp.cpl

2011-10-07 03:48 . 2010-02-14 12:46 6668624 ----a-w- c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-09 09:12 . 2003-03-31 12:00 599040 ----a-w- c:\windows\KIVEN\system32\crypt32.dll

2011-08-31 21:00 . 2011-03-07 20:50 22216 ----a-w- c:\windows\KIVEN\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-07 3077528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"D-Link Air Utility"="c:\program files\D-Link\Air Utility\AirCFG.exe" [2003-09-09 3362816]

"ANIWZCSService"="c:\program files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 32768]

"IgfxTray"="c:\windows\KIVEN\System32\igfxtray.exe" [2007-01-13 131072]

"HotKeysCmds"="c:\windows\KIVEN\System32\hkcmd.exe" [2007-01-13 163840]

"Persistence"="c:\windows\KIVEN\System32\igfxpers.exe" [2007-01-13 135168]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"SoundMan"="SOUNDMAN.EXE" [2005-04-07 90112]

"AlcWzrd"="ALCWZRD.EXE" [2005-04-07 2805248]

"AtiPTA"="Atiptaxx.exe" [2001-10-10 270336]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

.

c:\documents and settings\Kevin.FAMILY-COMPUTER\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2011-6-15 0]

.

c:\documents and settings\All Users.KIVEN\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-6-15 66864]

NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-7-1 2326528]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\WINDOWS\\KIVEN\\system32\\sessmgr.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.3.5.12340-x86-Win-enUS-BKGND-downloader.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\World of Warcraft\\World of Warcraft Public Test\\Launcher.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\World of Warcraft Public Test\\BackgroundDownloader.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Documents and Settings\\Kevin.FAMILY-COMPUTER\\Local Settings\\Apps\\2.0\\OJDJNTQW.MZL\\07H7TLD1.9K9\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader

"6112:TCP"= 6112:TCP:Blizzard Downloader

"1119:UDP"= 1119:UDP:battle2.net

"58082:TCP"= 58082:TCP:Pando Media Booster

"58082:UDP"= 58082:UDP:Pando Media Booster

"57829:TCP"= 57829:TCP:Pando Media Booster

"57829:UDP"= 57829:UDP:Pando Media Booster

"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881

"58336:TCP"= 58336:TCP:Pando Media Booster

"58336:UDP"= 58336:UDP:Pando Media Booster

"2141:TCP"= 2141:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundTimestampRequest"= 0 (0x0)

"AllowInboundMaskRequest"= 0 (0x0)

"AllowInboundRouterRequest"= 0 (0x0)

"AllowOutboundDestinationUnreachable"= 0 (0x0)

"AllowOutboundSourceQuench"= 0 (0x0)

"AllowOutboundParameterProblem"= 0 (0x0)

"AllowOutboundTimeExceeded"= 0 (0x0)

"AllowRedirect"= 0 (0x0)

"AllowOutboundPacketTooBig"= 0 (0x0)

.

R1 MpKsl1f19516d;MpKsl1f19516d;c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13304B4A-015B-425B-86E5-B2385E9CD226}\MpKsl1f19516d.sys [10/19/2011 11:35 AM 28752]

R1 MpKsl7075ead6;MpKsl7075ead6;c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13304B4A-015B-425B-86E5-B2385E9CD226}\MpKsl7075ead6.sys [10/19/2011 11:40 AM 28752]

R2 Akamai;Akamai NetSession Interface;c:\windows\KIVEN\System32\svchost.exe -k Akamai [3/31/2003 8:00 AM 14336]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\KIVEN\system32\drivers\EAPPkt.sys [10/9/2007 2:13 PM 38144]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [8/4/2011 2:34 PM 1361288]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/7/2011 4:50 PM 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\KIVEN\system32\drivers\mbam.sys [3/7/2011 4:50 PM 22216]

R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\KIVEN\system32\drivers\wg111v3.sys [12/28/2007 4:02 PM 341504]

R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\KIVEN\system32\drivers\whfltr2k.sys [8/23/2011 4:30 AM 7424]

S0 wyibviqo;wyibviqo;c:\windows\KIVEN\system32\drivers\ekrust.sys --> c:\windows\KIVEN\system32\drivers\ekrust.sys [?]

S1 MpKsl000aa11c;MpKsl000aa11c;\??\c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1542CE2C-9C5B-46E2-83E8-61BD021F1258}\MpKsl000aa11c.sys --> c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1542CE2C-9C5B-46E2-83E8-61BD021F1258}\MpKsl000aa11c.sys [?]

S1 MpKsl04bf62c0;MpKsl04bf62c0;\??\c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DF61B47-6F5E-4625-9B83-F3AEB939F9C0}\MpKsl04bf62c0.sys --> c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DF61B47-6F5E-4625-9B83-F3AEB939F9C0}\MpKsl04bf62c0.sys [?]

S1 MpKsl20ccc7a6;MpKsl20ccc7a6;\??\c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{281FEBFC-A0D6-4C42-917F-AA6FB338686C}\MpKsl20ccc7a6.sys --> c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{281FEBFC-A0D6-4C42-917F-AA6FB338686C}\MpKsl20ccc7a6.sys [?]

S1 MpKsl2627ac03;MpKsl2627ac03;\??\c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3604906C-6AAF-4ECB-A4E9-B7C5DC8DDBB6}\MpKsl2627ac03.sys --> c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3604906C-6AAF-4ECB-A4E9-B7C5DC8DDBB6}\MpKsl2627ac03.sys [?]

S1 MpKsl3f973087;MpKsl3f973087;\??\c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE128A53-7530-4FC4-8C23-8CBD0E8AF513}\MpKsl3f973087.sys --> c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE128A53-7530-4FC4-8C23-8CBD0E8AF513}\MpKsl3f973087.sys [?]

S1 MpKsl74288d06;MpKsl74288d06;\??\c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AF4EDB8A-B458-486D-9EF0-B7BE7AE75C0A}\MpKsl74288d06.sys --> c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AF4EDB8A-B458-486D-9EF0-B7BE7AE75C0A}\MpKsl74288d06.sys [?]

S1 MpKsl84914982;MpKsl84914982;\??\c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EACD814B-FB88-4679-8845-4BD22637D0C7}\MpKsl84914982.sys --> c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EACD814B-FB88-4679-8845-4BD22637D0C7}\MpKsl84914982.sys [?]

S1 MpKsl881682b7;MpKsl881682b7;\??\c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{39142419-2A70-4B9F-B6A4-E928998F87A7}\MpKsl881682b7.sys --> c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{39142419-2A70-4B9F-B6A4-E928998F87A7}\MpKsl881682b7.sys [?]

S1 MpKslbbd71ee3;MpKslbbd71ee3;\??\c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{376C8F51-DDB0-41F2-9F16-35B00F3B613D}\MpKslbbd71ee3.sys --> c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{376C8F51-DDB0-41F2-9F16-35B00F3B613D}\MpKslbbd71ee3.sys [?]

S1 MpKsle8ce0e21;MpKsle8ce0e21;\??\c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDBC3EC2-97B3-4F3E-8118-423B79EBF080}\MpKsle8ce0e21.sys --> c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDBC3EC2-97B3-4F3E-8118-423B79EBF080}\MpKsle8ce0e21.sys [?]

S1 MpKslfaa86dbf;MpKslfaa86dbf;\??\c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{376C8F51-DDB0-41F2-9F16-35B00F3B613D}\MpKslfaa86dbf.sys --> c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{376C8F51-DDB0-41F2-9F16-35B00F3B613D}\MpKslfaa86dbf.sys [?]

S1 MpKslfbde92ee;MpKslfbde92ee;\??\c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDBC3EC2-97B3-4F3E-8118-423B79EBF080}\MpKslfbde92ee.sys --> c:\documents and settings\All Users.KIVEN\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDBC3EC2-97B3-4F3E-8118-423B79EBF080}\MpKslfbde92ee.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\KIVEN\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 20RN0Ly4;20RN0Ly4;\??\c:\windows\KIVEN\system32\drivers\20RN0Ly4.sys --> c:\windows\KIVEN\system32\drivers\20RN0Ly4.sys [?]

S3 ati2mpad;ati2mpad;c:\windows\KIVEN\system32\drivers\ati2mpad.sys [2/18/2002 3:19 PM 303360]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]

S3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;c:\windows\KIVEN\system32\drivers\PRISMNDS.sys [7/17/2003 2:58 PM 676352]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\KIVEN\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: live.com\onecare

TCP: DhcpNameServer = 192.168.1.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\Kevin.FAMILY-COMPUTER\Application Data\Mozilla\Firefox\Profiles\ft67vuhu.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\KIVEN\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-AdobeBridge - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-19 19:36

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-10-19 19:38:34

ComboFix-quarantined-files.txt 2011-10-19 23:38

.

Pre-Run: 88,185,192,448 bytes free

Post-Run: 88,314,773,504 bytes free

.

- - End Of File - - CBEF218A98DA156C71F6D57D82682C6D

./crossfingers for good news. :D

Link to post
Share on other sites

Good Job!

The MSRT log is clean!

As you can see Combofix found and deleted a lot of infected items so that is good news. Are you still being redirected?

I did notice an infected service in your Combofix log that I want to remove. To do that open a Command Prompt:

Click Start --> Run, Type cmd

Hit Enter

Copy/paste this command exactly as shown:

sc stop wyibviqo

Hit Enter (you may get an error because the service should already be stopped)

Copy/paste this command exactly as shown

sc delete wyibviqo

Hit Enter

Close the Command Window

Please perform a scan with the ESET online virus scanner

You can expect some detections in Combofix's quarantine (Qoobox) and system volume information. They will not represent active threats, so don't worry:

Navigate to the following url using Internet Explorer:

http://www.eset.com/onlinescan/index.php

  • ESET recommends disabling your resident antivirus's auto-protection feature (MSE) before beginning the scan to avoid conflicts and system hangs
  • Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan.
  • Check the "Yes, I accept the terms of use" box.
  • Click "Start"
  • Approve the installation of the ActiveX control that's required to enable scanning
  • Make sure the box to
    • Remove found threats is CHECKED!!
    • Click "Start"

    [*]Allow the definition data base to install

    [*]Click "Scan"

When the scan is done:

  • Do NOT choose the option to uninstall the ESET Online Scanner with all its components because you need to retain the scan log for posting.
  • Please post the scan report in your next reply. It can be found in this location:
    C:\Program Files\EsetOnlineScanner\log.txt
  • You can remove the ESET Online Scanner using the Windows Control Panel - Add/Remove Programs feature

Link to post
Share on other sites

Ok here is the log, Sorry about late reply GF had me held up! Thanks for spotting out that threat.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=fcdf7f7754775848a6ef697d11809ac1

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-10-20 03:39:22

# local_time=2011-10-19 11:39:22 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=3586 16764926 0 91 78999839 743396885 0 0

# compatibility_mode=5891 16776869 42 87 0 15007755 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=119925

# found=4

# cleaned=4

# scan_time=5480

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator.FAMILY-COMPUTER\Application Data\Mozilla\Firefox\Profiles\ua6dk0uk.default\extensions\{fc9c9a7a-3f2e-4caa-bdec-1eed61750c83}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Kevin.FAMILY-COMPUTER\Application Data\Mozilla\Firefox\Profiles\ft67vuhu.default\extensions\{fc9c9a7a-3f2e-4caa-bdec-1eed61750c83}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{12D4880A-6E1A-4C60-B702-3457B88B4357}\RP561\A0153914.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{12D4880A-6E1A-4C60-B702-3457B88B4357}\RP561\A0153916.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

.................

And here I thought we were all Done ;P

** If you see this problem as complete and have the time. If I may ask how would I go about CLEARING old accounts that old this pc like other users? cuz It's just me now and there's other accounts on here just taking up space a prolonging scanning process by atleast 30mins. One account is holding like about 700 pictures on it. And i can no longer get to their account from where u log into user but their folders still there if i just right click and delete will that clear those out? or is there more that would need to be done to Completely free up the space they are taking?

If you feel like this shouldn't be answered here that's fine, don't sweat it please, you help enough.

Link to post
Share on other sites

Hi GraveDigger,

We'll answer your user account question later, if you don't mind.

First of all, the active infection on your PC appears to be gone. Your ESET log shows nothing other than system restore remnants & Combofix quarantine items, so that is great news.

For browser sluggishness -

Clean your temp files etc with this temporary file cleaner as follows:

Download TFC to your desktop

http://oldtimer.geekstogo.com/TFC.exe

  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

It's normal after running TFC cleaner that the PC will be slower to boot the first time

Next, download the attached file (DNS-REST.bat) to your desktop.

  • Disable Microsoft Security Essentials
  • Double-click DNS-Reset.bat to run it
  • A black command window will open temporarily, allow the script to complete.
  • Re-enable Microsoft Security Essentials

Please try running Google Chrome to see if that speeds things up. Many have success with that program in curing browser lagginess:

http://www.google.com/chrome

Link to post
Share on other sites

You should use TFC regularly to clear out temp files and unnecessary clutter that is apt to drag your browser down. Forgot we had already used it!

Let's see if the batch file uploads this time if not I'll just give you the code with instructions on how to create & run the batch file.

OK on my second attempt, I see what is happening. I believe a file with a bat file extension cannot be uploaded, so I made it a TXT file instead.

Just rename DNS-RESET.txt => DNS-RESET.bat and then double-click DNS-RESET.bat to run it.

Next, download & test out Google Chrome to see if you can pick up any significant speed.

DNS-RESET.txt

Link to post
Share on other sites

Glad you like Chrome's speediness!

Let me address this:

Even after renaming it DNS-RESET.bat, it just opens notepad and shows.

Running this script is not critical but it may help to speed things up a bit. Apparently, XP is seeing it as a text file & defaulting to opening it with Notepad (as opposed to running it as an executable file). The icon on your desktop should look like a gear (spoked wheel) and not have a TXT file icon. You can try the following options:

1. When it is open in Notepad:

  • Click File -> Save as
  • In the File Name field, make sure it says only "DNS-RESET.bat" (no quotes of course) and then save it.
  • In the "Save as Type" pull down menu set the File Type to "All Files (*.*)"
  • Click Save.

Try to Double-click DNS-RESET.bat on your desktop to run it again.

OR

2. Right-click DNS-RESET.bat on your desktop & select "Open" (does it execute by opening a Command Prompt Window with executing code or does it open in Notepad?)

Link to post
Share on other sites

Yes, that's it - if you saw the black box with flashing code it ran properly. It flushes the dns cache (a repository similar to your temporarily internet cache) and resets your internet connection which often resolves problems.

Were just about finished up now!

Please read:

Slow Computer May Not Be Malware Related

Any more questions before I give you some final security advice on protecting your computer?

Link to post
Share on other sites

You're welcome!!

Now as far as your question concerning User Accounts goes - have you already deleted the User Account from the Control Panel? When you do - it asks if you would like to retain the user account's documents and Desktop files and files.

Please read this and let me know:

http://uis.georgetown.edu/software/documentation/winxp/winxp.deleting.accounts.html

Link to post
Share on other sites

Try this:

1. Open Windows Explorer

2. Navigate to the Documents folder containing the photos you want to delete.

C:\Documents and Settings\<username>

Note: <username> is the name of the account you previously deleted

3. Right-click that folder and select "Delete"

What Happens?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.