Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer has some nasties


  • This topic is locked This topic is locked
73 replies to this topic

#1 sampsonti

sampsonti

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 01 January 2013 - 10:57 AM

Noticed computer was sluggish and was acting weird. Cannot run internet unless in safe mode. MSE will not update. Ran Malwarebytes initially and it found 5 infections. Got rid of them but to no resolution. Thanks.



DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Jimmy at 15:59:08 on 2012-12-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2545 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081222
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081222
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [cdloader] "c:\documents and settings\jimmy\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Microsoft Works Update Detection] ?\WkDetect.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\jimmy\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\rtl8187 wireless lan utility\RtWLan.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\jimmy\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232279814357
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{32F15BCD-E4A8-451A-9825-58215822E7E6} : DHCPNameServer = 192.168.1.1
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jimmy\application data\mozilla\firefox\profiles\umsuer3h.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\documents and settings\jimmy\application data\mozilla\firefox\profiles\umsuer3h.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-30 64288]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-12-30 101720]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 193552]
S2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [2009-1-25 112835]
S2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-2-4 401920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2012-6-13 38144]
S2 HPFECP11;HPFECP11;c:\windows\system32\drivers\HPFecp11.sys [1999-5-3 52800]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-3-14 10384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-21 398184]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-9 682344]
S2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacomd\x86\novacomd.exe [2011-3-15 61440]
S2 VBoxDRV;PortableVBoxDRV;\??\f:\virtualbox\portable-virtualbox\app32\drivers\vboxdrv\vboxdrv.sys --> f:\virtualbox\portable-virtualbox\app32\drivers\vboxdrv\VBoxDrv.sys [?]
S2 VBoxUSBMon;PortableVBoxUSBMon;\??\f:\virtualbox\portable-virtualbox\app32\drivers\usb\filter\vboxusbmon.sys --> f:\virtualbox\portable-virtualbox\app32\drivers\usb\filter\VBoxUSBMon.sys [?]
S3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [2009-1-25 5325]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-9 21104]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [2012-6-13 332928]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-12-26 23:49:57 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{53b678b0-1555-4e73-bd01-4c36ab2e7341}\mpengine.dll
2012-12-26 23:40:44 -------- d-----w- c:\documents and settings\jimmy\application data\Viaf
2012-12-26 23:40:44 -------- d-----w- c:\documents and settings\jimmy\application data\Tepu
2012-12-26 23:40:44 -------- d-----w- c:\documents and settings\jimmy\application data\Qyrimo
2012-12-26 15:40:26 -------- d-----w- c:\documents and settings\jimmy\application data\Zeziq
2012-12-26 15:40:26 -------- d-----w- c:\documents and settings\jimmy\application data\Ufgu
2012-12-26 15:40:26 -------- d-----w- c:\documents and settings\jimmy\application data\Amdatu
2012-12-26 07:40:09 -------- d-----w- c:\documents and settings\jimmy\application data\Uvafqi
2012-12-26 07:40:09 -------- d-----w- c:\documents and settings\jimmy\application data\Ihysg
2012-12-26 07:40:09 -------- d-----w- c:\documents and settings\jimmy\application data\Azby
2012-12-25 23:39:52 -------- d-----w- c:\documents and settings\jimmy\application data\Peveaf
2012-12-25 23:39:52 -------- d-----w- c:\documents and settings\jimmy\application data\Ekyl
2012-12-25 23:39:52 -------- d-----w- c:\documents and settings\jimmy\application data\Cerom
2012-12-23 02:36:45 -------- d-----w- c:\documents and settings\jimmy\application data\Xauwqy
2012-12-23 02:36:45 -------- d-----w- c:\documents and settings\jimmy\application data\Ryyn
2012-12-23 02:36:45 -------- d-----w- c:\documents and settings\jimmy\application data\Nuko
2012-12-22 18:36:24 -------- d-----w- c:\documents and settings\jimmy\application data\Uxuhdy
2012-12-22 18:36:24 -------- d-----w- c:\documents and settings\jimmy\application data\Siym
2012-12-22 18:36:24 -------- d-----w- c:\documents and settings\jimmy\application data\Koqyzu
2012-12-22 02:35:41 -------- d-----w- c:\documents and settings\jimmy\application data\Ykyfa
2012-12-22 02:35:41 -------- d-----w- c:\documents and settings\jimmy\application data\Vopae
2012-12-22 02:35:41 -------- d-----w- c:\documents and settings\jimmy\application data\Mahibu
2012-12-21 18:35:23 -------- d-----w- c:\documents and settings\jimmy\application data\Tuyl
2012-12-21 18:35:23 -------- d-----w- c:\documents and settings\jimmy\application data\Suokpa
2012-12-21 18:35:23 -------- d-----w- c:\documents and settings\jimmy\application data\Koigy
2012-12-21 10:35:15 -------- d-----w- c:\documents and settings\jimmy\application data\Ymfoa
2012-12-21 10:35:15 -------- d-----w- c:\documents and settings\jimmy\application data\Olur
2012-12-21 10:35:14 -------- d-----w- c:\documents and settings\jimmy\application data\Ildofu
2012-12-21 02:35:03 -------- d-----w- c:\documents and settings\jimmy\application data\Uxme
2012-12-21 02:35:03 -------- d-----w- c:\documents and settings\jimmy\application data\Rufi
2012-12-21 02:35:03 -------- d-----w- c:\documents and settings\jimmy\application data\Ixem
2012-12-19 10:44:04 -------- d-----w- c:\documents and settings\jimmy\application data\Vuda
2012-12-19 10:44:04 -------- d-----w- c:\documents and settings\jimmy\application data\Uguz
2012-12-19 10:44:04 -------- d-----w- c:\documents and settings\jimmy\application data\Piahb
2012-12-19 10:43:05 -------- d-----w- c:\documents and settings\jimmy\application data\Umym
2012-12-19 10:43:05 -------- d-----w- c:\documents and settings\jimmy\application data\Umxe
2012-12-19 10:43:05 -------- d-----w- c:\documents and settings\jimmy\application data\Avver
2012-12-17 22:00:11 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M ====================
.
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 11:20:36 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
.
============= FINISH: 15:59:49.65 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/18/2009 6:54:53 AM
System Uptime: 12/29/2012 6:36:03 PM (21 hours ago)
.
Motherboard: Dell Inc. | | 0FM586
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2394/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 65.18 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 825.059 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP720: 9/30/2012 8:30:26 PM - Software Distribution Service 3.0
RP721: 9/30/2012 8:41:52 PM - Software Distribution Service 3.0
RP722: 10/3/2012 4:01:05 PM - Software Distribution Service 3.0
RP723: 10/6/2012 4:16:46 PM - Software Distribution Service 3.0
RP724: 10/9/2012 4:31:28 PM - Software Distribution Service 3.0
RP725: 10/10/2012 5:37:57 PM - Software Distribution Service 3.0
RP726: 10/19/2012 6:05:31 PM - Software Distribution Service 3.0
RP727: 10/19/2012 6:14:19 PM - Software Distribution Service 3.0
RP728: 10/20/2012 6:20:57 PM - System Checkpoint
RP729: 10/22/2012 5:31:30 AM - Software Distribution Service 3.0
RP730: 10/23/2012 5:00:01 PM - Software Distribution Service 3.0
RP731: 10/24/2012 5:43:49 PM - System Checkpoint
RP732: 10/27/2012 4:51:19 PM - Software Distribution Service 3.0
RP733: 10/28/2012 5:18:34 PM - System Checkpoint
RP734: 10/31/2012 6:43:56 AM - Installed HP USB Disk Storage Format Tool
RP735: 10/31/2012 6:51:20 AM - Software Distribution Service 3.0
RP736: 11/4/2012 6:14:23 PM - Software Distribution Service 3.0
RP737: 11/5/2012 6:21:17 PM - System Checkpoint
RP738: 11/6/2012 6:30:27 PM - Software Distribution Service 3.0
RP739: 11/7/2012 6:59:52 PM - System Checkpoint
RP740: 11/8/2012 5:52:05 PM - Software Distribution Service 3.0
RP741: 11/9/2012 5:51:44 PM - Software Distribution Service 3.0
RP742: 11/10/2012 6:46:50 PM - System Checkpoint
RP743: 11/11/2012 9:11:06 AM - Software Distribution Service 3.0
RP744: 11/13/2012 6:03:11 PM - Software Distribution Service 3.0
RP745: 11/14/2012 6:19:31 PM - System Checkpoint
RP746: 11/15/2012 6:27:07 AM - Software Distribution Service 3.0
RP747: 11/16/2012 6:00:59 AM - Software Distribution Service 3.0
RP748: 11/16/2012 6:44:04 AM - Software Distribution Service 3.0
RP749: 11/17/2012 6:19:45 PM - Software Distribution Service 3.0
RP750: 11/18/2012 6:19:48 PM - Software Distribution Service 3.0
RP751: 11/22/2012 5:39:25 AM - Software Distribution Service 3.0
RP752: 11/29/2012 7:51:14 AM - System Checkpoint
RP753: 12/1/2012 10:22:02 AM - Software Distribution Service 3.0
RP754: 12/3/2012 6:14:09 PM - Software Distribution Service 3.0
RP755: 12/9/2012 6:23:49 PM - Software Distribution Service 3.0
RP756: 12/10/2012 7:08:16 PM - System Checkpoint
RP757: 12/11/2012 6:41:53 AM - Software Distribution Service 3.0
RP758: 12/15/2012 7:14:55 PM - Software Distribution Service 3.0
RP759: 12/16/2012 3:00:16 AM - Software Distribution Service 3.0
RP760: 12/17/2012 5:00:02 PM - Software Distribution Service 3.0
RP761: 12/18/2012 5:47:11 PM - System Checkpoint
RP762: 12/20/2012 10:06:28 PM - System Checkpoint
RP763: 12/21/2012 3:00:14 AM - Software Distribution Service 3.0
RP764: 12/22/2012 3:20:56 AM - System Checkpoint
RP765: 12/23/2012 3:37:29 AM - System Checkpoint
RP766: 12/25/2012 6:53:30 PM - System Checkpoint
RP767: 12/26/2012 6:54:46 PM - System Checkpoint
RP768: 12/28/2012 10:58:01 PM - System Checkpoint
.
==== Installed Programs ======================
.
ABBYY FineReader 5.0 Sprint
Acrobat.com
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Air Video Server 2.4.3
ALi USB2.0 Driver
Amazon Games & Software Downloader
AnswerWorks 5.0 English Runtime
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Baseball Mogul 2009
BlackBerry Device Software Updater
Bonjour
Browser Address Error Redirector
BufferChm
Canon i950
CDBurnerXP
CDDRV_Installer
Cisco Connect
CloneCD
CloneDVD2
Compatibility Pack for the 2007 Office system
Corel Paint Shop Pro X
Coupon Printer for Windows
Dell Driver Reset Tool
Dell Support Center (Support Software)
Destinations
DeviceManagementQFolder
dj_taplugin
dj6980
DVD Shrink 3.2
EPSON Copy Utility 3
EPSON Print CD
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
EPSON SPR340 User's Guide
eSupportQFolder
Free Audio CD Burner version 1.4
Free YouTube Downloader 3.5.126
Free YouTube to MP3 Converter version 3.7
Freemake Video Converter version 2.1.0
FreeRIP v3.42
Garmin Communicator Plugin
Garmin USB Drivers
GoToAssist 8.0.0.514
H&R Block Connecticut 2009
H&R Block Connecticut 2010
H&R Block Deluxe + Efile + State 2009
H&R Block Deluxe + Efile + State 2010
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Deskjet 6900 series
HP DeskJet 810C Series (Remove only)
HP Drive Key Boot Utility
HP Imaging Device Functions 6.0
HP Photosmart Essential
HP Software Update
HP Solution Center and Imaging Support Tools 6.0
HP USB Disk Storage Format Tool
hpf_ProductContext
HPProductAssistant
InfraRecorder
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
iTunes
Java Auto Updater
Java™ 6 Update 30
KhalInstallWrapper
LinuxLive USB Creator
LiveUSB Creator (remove only)
Logitech SetPoint
LP6980_Help
LP6980Trb
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Greetings 2001
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional with FrontPage
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WinUsb 1.0
Microsoft Works
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
Nero Suite
Novacomd
OpenOffice.org 3.1
Presto! BizCard 4.1 Eng
QuickTime
Readme
Realtek High Definition Audio Driver
REALTEK RTL8187 Wireless LAN Driver and Utility
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
ScanToWeb
SearchAssist
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
SolutionCenter
SPIF225 USB to SATA Bridge 98 Driver Installer
Spybot - Search & Destroy
Status
TrayApp
TurboTax 2008
TurboTax 2008 wctiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2011
TurboTax 2011 wctiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wmaiper
TurboTax 2011 wrapper
Ubuntu
Uninstall 1.0.0.1
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.8a
WebFldrs XP
WebReg
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
12/29/2012 8:57:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/29/2012 6:46:38 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2605.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
12/29/2012 6:46:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/29/2012 6:38:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ElbyCDIO Fips intelppm MpFilter
12/29/2012 6:32:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/29/2012 6:30:28 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ElbyCDIO Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/29/2012 6:30:28 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2012 6:30:28 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2012 6:30:28 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2012 6:30:28 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2012 6:30:28 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2012 6:30:28 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/29/2012 6:30:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/29/2012 6:30:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/29/2012 6:22:29 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2605.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/29/2012 6:13:55 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2605.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/29/2012 6:09:22 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2605.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/29/2012 6:07:11 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2605.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/29/2012 6:02:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor
12/28/2012 9:41:52 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2605.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/28/2012 9:29:59 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
12/28/2012 9:29:58 PM, error: Service Control Manager [7022] - The Terminal Services service hung on starting.
12/28/2012 9:29:58 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
12/28/2012 9:29:58 PM, error: Service Control Manager [7001] - The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error: After starting, the service hung in a start-pending state.
12/26/2012 6:49:49 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 8:31:07 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.2057.0&asdelta=1.141.2057.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: JIMANDLISA\Jimmy Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 8:31:07 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.2057.0&asdelta=1.141.2057.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: JIMANDLISA\Jimmy Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 8:30:41 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 8:29:23 PM, error: Print [6161] - The document Test Page owned by Jimmy failed to print on printer HP DeskJet 810C. Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\JIMANDLISA. Win32 error code returned by the print processor: 2 (0x2).
12/25/2012 8:25:58 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.2057.0&asdelta=1.141.2057.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: JIMANDLISA\Jimmy Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 8:25:58 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.2057.0&asdelta=1.141.2057.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: JIMANDLISA\Jimmy Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 8:25:33 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 8:23:15 PM, error: Print [6161] - The document llbean_return_form_us.pdf owned by Jimmy failed to print on printer HP DeskJet 810C. Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\JIMANDLISA. Win32 error code returned by the print processor: 2 (0x2).
12/25/2012 8:19:58 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.2057.0&asdelta=1.141.2057.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: JIMANDLISA\Jimmy Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 8:19:58 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.2057.0&asdelta=1.141.2057.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: JIMANDLISA\Jimmy Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 8:19:32 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 7:43:40 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.2057.0&asdelta=1.141.2057.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: JIMANDLISA\Jimmy Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 7:43:40 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.2057.0&asdelta=1.141.2057.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: JIMANDLISA\Jimmy Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 7:43:15 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 7:10:23 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.2057.0&asdelta=1.141.2057.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 7:10:23 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.2057.0&asdelta=1.141.2057.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 7:09:39 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 6:50:27 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.2057.0&asdelta=1.141.2057.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 6:50:27 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.2057.0&asdelta=1.141.2057.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 6:49:42 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 6:41:08 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.2057.0&asdelta=1.141.2057.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 6:41:08 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.2057.0&asdelta=1.141.2057.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 6:40:23 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
12/25/2012 6:38:10 PM, error: Service Control Manager [7000] - The PortableVBoxUSBMon service failed to start due to the following error: The system cannot find the path specified.
12/25/2012 6:38:10 PM, error: Service Control Manager [7000] - The PortableVBoxDRV service failed to start due to the following error: The system cannot find the path specified.
12/25/2012 6:38:10 PM, error: Service Control Manager [7000] - The ALi PCI to USB Enhanced Host Controller service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/23/2012 3:29:11 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2057.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072efd Error description: A connection with the server could not be established
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Instructor
  • 14,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:04 AM

Posted 02 January 2013 - 02:34 PM

Hello, sampsonti.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!



Step 1

  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply



Step 2



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

unite_teal.png
Unified Network of Instructors and Trusted Eliminators
 


#3 sampsonti

sampsonti
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 02 January 2013 - 06:43 PM

Here are the logs. Thank you for your assistance. I ran the computer a bit after completing the two test. The internet is running "better". Weirdly it will connect to this site unless I am in safe mode which I ran the tests in as I could not download them in regular windows mode. MSE still will not update and that about what I checked. I was able to connect to yahoo,google and ebay. I limited my browsing to those and this site.

17:39:56.0593 2000 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:39:56.0859 2000 ============================================================
17:39:56.0859 2000 Current date / time: 2013/01/02 17:39:56.0859
17:39:56.0859 2000 SystemInfo:
17:39:56.0859 2000
17:39:56.0859 2000 OS Version: 5.1.2600 ServicePack: 3.0
17:39:56.0859 2000 Product type: Workstation
17:39:56.0859 2000 ComputerName: JIMANDLISA
17:39:56.0859 2000 UserName: Jimmy
17:39:56.0859 2000 Windows directory: C:\WINDOWS
17:39:56.0859 2000 System windows directory: C:\WINDOWS
17:39:56.0859 2000 Processor architecture: Intel x86
17:39:56.0859 2000 Number of processors: 4
17:39:56.0859 2000 Page size: 0x1000
17:39:56.0859 2000 Boot type: Safe boot with network
17:39:56.0859 2000 ============================================================
17:39:59.0796 2000 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:39:59.0796 2000 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:39:59.0796 2000 ============================================================
17:39:59.0796 2000 \Device\Harddisk0\DR0:
17:39:59.0796 2000 MBR partitions:
17:39:59.0796 2000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x3A371830
17:39:59.0796 2000 \Device\Harddisk1\DR1:
17:39:59.0796 2000 MBR partitions:
17:39:59.0796 2000 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
17:39:59.0796 2000 ============================================================
17:39:59.0875 2000 C: <-> \Device\Harddisk0\DR0\Partition1
17:40:00.0250 2000 E: <-> \Device\Harddisk1\DR1\Partition1
17:40:00.0281 2000 ============================================================
17:40:00.0281 2000 Initialize success
17:40:00.0281 2000 ============================================================
17:40:05.0828 2040 ============================================================
17:40:05.0828 2040 Scan started
17:40:05.0828 2040 Mode: Manual;
17:40:05.0828 2040 ============================================================
17:40:07.0125 2040 ================ Scan system memory ========================
17:40:07.0125 2040 System memory - ok
17:40:07.0125 2040 ================ Scan services =============================
17:40:07.0359 2040 Abiosdsk - ok
17:40:07.0375 2040 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:40:07.0375 2040 abp480n5 - ok
17:40:07.0421 2040 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:40:07.0421 2040 ACPI - ok
17:40:07.0437 2040 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:40:07.0437 2040 ACPIEC - ok
17:40:07.0562 2040 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
17:40:07.0562 2040 Adobe LM Service - ok
17:40:07.0609 2040 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:40:07.0609 2040 adpu160m - ok
17:40:07.0656 2040 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:40:07.0656 2040 aec - ok
17:40:07.0718 2040 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:40:07.0718 2040 AegisP - ok
17:40:07.0765 2040 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:40:07.0781 2040 AFD - ok
17:40:07.0781 2040 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
17:40:07.0781 2040 agp440 - ok
17:40:07.0796 2040 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:40:07.0796 2040 agpCPQ - ok
17:40:07.0812 2040 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:40:07.0812 2040 Aha154x - ok
17:40:07.0843 2040 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:40:07.0843 2040 aic78u2 - ok
17:40:07.0843 2040 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:40:07.0859 2040 aic78xx - ok
17:40:07.0906 2040 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:40:07.0906 2040 Alerter - ok
17:40:07.0953 2040 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:40:07.0953 2040 ALG - ok
17:40:08.0015 2040 [ BCFE73D1867912F8DD08E4169218F6EE ] ALIEHCD C:\WINDOWS\system32\Drivers\ALIEHCI.sys
17:40:08.0015 2040 ALIEHCD - ok
17:40:08.0031 2040 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
17:40:08.0031 2040 AliIde - ok
17:40:08.0062 2040 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:40:08.0062 2040 alim1541 - ok
17:40:08.0078 2040 [ 940BE3324D504D36DAB84A6BB0DB4465 ] aliroothub C:\WINDOWS\system32\DRIVERS\AliRtHub.sys
17:40:08.0078 2040 aliroothub - ok
17:40:08.0171 2040 [ FF6F0F6A2D72065AE4300426FA414693 ] Amazon Download Agent C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
17:40:08.0171 2040 Amazon Download Agent - ok
17:40:08.0187 2040 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:40:08.0187 2040 amdagp - ok
17:40:08.0203 2040 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
17:40:08.0203 2040 amsint - ok
17:40:08.0265 2040 [ C6A45FEE274FB31DAF3DE1E12D53A191 ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
17:40:08.0265 2040 AnyDVD - ok
17:40:08.0375 2040 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:40:08.0375 2040 Apple Mobile Device - ok
17:40:08.0421 2040 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:40:08.0421 2040 AppMgmt - ok
17:40:08.0437 2040 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
17:40:08.0437 2040 asc - ok
17:40:08.0453 2040 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:40:08.0453 2040 asc3350p - ok
17:40:08.0468 2040 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:40:08.0468 2040 asc3550 - ok
17:40:08.0656 2040 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:40:08.0703 2040 aspnet_state - ok
17:40:08.0718 2040 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:40:08.0718 2040 AsyncMac - ok
17:40:08.0765 2040 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:40:08.0765 2040 atapi - ok
17:40:08.0781 2040 Atdisk - ok
17:40:08.0796 2040 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:40:08.0796 2040 Atmarpc - ok
17:40:08.0812 2040 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:40:08.0812 2040 AudioSrv - ok
17:40:08.0828 2040 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:40:08.0828 2040 audstub - ok
17:40:08.0843 2040 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:40:08.0843 2040 Beep - ok
17:40:08.0906 2040 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:40:09.0031 2040 BITS - ok
17:40:09.0140 2040 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:40:09.0140 2040 Bonjour Service - ok
17:40:09.0203 2040 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:40:09.0203 2040 Browser - ok
17:40:09.0250 2040 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
17:40:09.0250 2040 BVRPMPR5 - ok
17:40:09.0281 2040 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:40:09.0281 2040 cbidf - ok
17:40:09.0296 2040 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:40:09.0296 2040 cbidf2k - ok
17:40:09.0312 2040 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:40:09.0312 2040 cd20xrnt - ok
17:40:09.0328 2040 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:40:09.0328 2040 Cdaudio - ok
17:40:09.0343 2040 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:40:09.0343 2040 Cdfs - ok
17:40:09.0359 2040 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:40:09.0359 2040 Cdrom - ok
17:40:09.0375 2040 Changer - ok
17:40:09.0421 2040 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:40:09.0421 2040 CiSvc - ok
17:40:09.0437 2040 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:40:09.0437 2040 ClipSrv - ok
17:40:09.0515 2040 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:40:09.0562 2040 clr_optimization_v2.0.50727_32 - ok
17:40:09.0640 2040 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:40:09.0921 2040 clr_optimization_v4.0.30319_32 - ok
17:40:09.0921 2040 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:40:09.0921 2040 CmdIde - ok
17:40:09.0937 2040 COMSysApp - ok
17:40:09.0968 2040 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:40:09.0968 2040 Cpqarray - ok
17:40:10.0031 2040 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:40:10.0031 2040 CryptSvc - ok
17:40:10.0062 2040 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:40:10.0078 2040 dac2w2k - ok
17:40:10.0093 2040 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:40:10.0093 2040 dac960nt - ok
17:40:10.0171 2040 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:40:10.0171 2040 DcomLaunch - ok
17:40:10.0234 2040 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:40:10.0234 2040 Dhcp - ok
17:40:10.0250 2040 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:40:10.0250 2040 Disk - ok
17:40:10.0265 2040 dmadmin - ok
17:40:10.0312 2040 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:40:10.0328 2040 dmboot - ok
17:40:10.0343 2040 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:40:10.0343 2040 dmio - ok
17:40:10.0359 2040 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:40:10.0359 2040 dmload - ok
17:40:10.0375 2040 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:40:10.0375 2040 dmserver - ok
17:40:10.0453 2040 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:40:10.0453 2040 DMusic - ok
17:40:10.0500 2040 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:40:10.0500 2040 Dnscache - ok
17:40:10.0531 2040 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:40:10.0546 2040 Dot3svc - ok
17:40:10.0546 2040 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:40:10.0546 2040 dpti2o - ok
17:40:10.0625 2040 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:40:10.0625 2040 drmkaud - ok
17:40:10.0656 2040 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
17:40:10.0656 2040 e1express - ok
17:40:10.0687 2040 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:40:10.0687 2040 EapHost - ok
17:40:10.0734 2040 [ C47E7C5E7410C7DE98F7219E3008C23D ] EAPPkt C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
17:40:10.0734 2040 EAPPkt - ok
17:40:10.0796 2040 [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
17:40:10.0796 2040 ElbyCDFL - ok
17:40:10.0843 2040 [ 309AC30471A0F1C3A89DEE1C81230576 ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
17:40:10.0843 2040 ElbyCDIO - ok
17:40:10.0859 2040 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:40:10.0859 2040 ERSvc - ok
17:40:10.0921 2040 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:40:10.0921 2040 Eventlog - ok
17:40:10.0953 2040 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:40:10.0968 2040 EventSystem - ok
17:40:10.0968 2040 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:40:10.0968 2040 Fastfat - ok
17:40:11.0015 2040 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:40:11.0015 2040 FastUserSwitchingCompatibility - ok
17:40:11.0078 2040 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
17:40:11.0078 2040 Fax - ok
17:40:11.0093 2040 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:40:11.0093 2040 Fdc - ok
17:40:11.0140 2040 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:40:11.0140 2040 Fips - ok
17:40:11.0156 2040 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:40:11.0156 2040 Flpydisk - ok
17:40:11.0171 2040 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:40:11.0187 2040 FltMgr - ok
17:40:11.0265 2040 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:40:11.0265 2040 FontCache3.0.0.0 - ok
17:40:11.0296 2040 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:40:11.0312 2040 Fs_Rec - ok
17:40:11.0312 2040 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:40:11.0312 2040 Ftdisk - ok
17:40:11.0390 2040 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:40:11.0390 2040 GEARAspiWDM - ok
17:40:11.0484 2040 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
17:40:11.0484 2040 GoToAssist - ok
17:40:11.0515 2040 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:40:11.0515 2040 Gpc - ok
17:40:11.0515 2040 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:40:11.0515 2040 HDAudBus - ok
17:40:11.0593 2040 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:40:11.0593 2040 helpsvc - ok
17:40:11.0593 2040 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:40:11.0593 2040 HidServ - ok
17:40:11.0609 2040 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:40:11.0609 2040 hidusb - ok
17:40:11.0656 2040 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:40:11.0671 2040 hkmsvc - ok
17:40:11.0734 2040 [ C5F00D15AA15CB7F55A027FF75E44BB7 ] HP Port Resolver C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
17:40:11.0750 2040 HP Port Resolver - ok
17:40:11.0781 2040 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
17:40:11.0781 2040 HP Status Server - ok
17:40:11.0828 2040 [ 713138D836EA8294FCA7287F5712D470 ] HPFECP11 C:\WINDOWS\System32\drivers\HPFECP11.SYS
17:40:11.0828 2040 HPFECP11 - ok
17:40:11.0890 2040 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
17:40:11.0890 2040 hpn - ok
17:40:11.0968 2040 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:40:11.0968 2040 HPZid412 - ok
17:40:12.0015 2040 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:40:12.0015 2040 HPZipr12 - ok
17:40:12.0062 2040 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:40:12.0062 2040 HPZius12 - ok
17:40:12.0125 2040 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:40:12.0140 2040 HTTP - ok
17:40:12.0187 2040 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:40:12.0203 2040 HTTPFilter - ok
17:40:12.0234 2040 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
17:40:12.0234 2040 i2omgmt - ok
17:40:12.0250 2040 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:40:12.0250 2040 i2omp - ok
17:40:12.0468 2040 [ 28423512370705AEDA6A652FEDB25468 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:40:12.0656 2040 ialm - ok
17:40:12.0718 2040 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
17:40:12.0718 2040 iaStor - ok
17:40:12.0781 2040 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:40:12.0796 2040 idsvc - ok
17:40:12.0843 2040 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:40:12.0843 2040 Imapi - ok
17:40:12.0906 2040 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:40:12.0906 2040 ImapiService - ok
17:40:12.0921 2040 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:40:12.0921 2040 ini910u - ok
17:40:13.0062 2040 [ 17BBBABB21F86B650B2626045A9D016C ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:40:13.0187 2040 IntcAzAudAddService - ok
17:40:13.0203 2040 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
17:40:13.0203 2040 IntelIde - ok
17:40:13.0250 2040 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:40:13.0250 2040 intelppm - ok
17:40:13.0406 2040 [ 1A263BD87C082FA7AB38093014C8FC79 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
17:40:13.0406 2040 IntuitUpdateService - ok
17:40:13.0484 2040 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
17:40:13.0484 2040 IntuitUpdateServiceV4 - ok
17:40:13.0515 2040 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:40:13.0515 2040 Ip6Fw - ok
17:40:13.0531 2040 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:40:13.0531 2040 IpFilterDriver - ok
17:40:13.0546 2040 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:40:13.0546 2040 IpInIp - ok
17:40:13.0578 2040 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:40:13.0578 2040 IpNat - ok
17:40:13.0656 2040 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:40:13.0671 2040 iPod Service - ok
17:40:13.0687 2040 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:40:13.0687 2040 IPSec - ok
17:40:13.0687 2040 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:40:13.0687 2040 IRENUM - ok
17:40:13.0718 2040 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:40:13.0718 2040 isapnp - ok
17:40:13.0890 2040 [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
17:40:13.0890 2040 JavaQuickStarterService - ok
17:40:13.0953 2040 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:40:13.0953 2040 Kbdclass - ok
17:40:13.0953 2040 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:40:13.0968 2040 kbdhid - ok
17:40:13.0984 2040 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:40:13.0984 2040 kmixer - ok
17:40:14.0015 2040 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:40:14.0015 2040 KSecDD - ok
17:40:14.0062 2040 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
17:40:14.0062 2040 LanmanServer - ok
17:40:14.0125 2040 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:40:14.0171 2040 lanmanworkstation - ok
17:40:14.0218 2040 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:40:14.0218 2040 Lbd - ok
17:40:14.0265 2040 [ E254E5B2C5227DDBB47D045940A0A559 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
17:40:14.0265 2040 LBeepKE - ok
17:40:14.0265 2040 lbrtfdc - ok
17:40:14.0359 2040 [ 47C12F1A54B5C1B51008D7629C1D4F7B ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
17:40:14.0359 2040 LBTServ - ok
17:40:14.0406 2040 [ 8B30311241F97B35167AFE68D79E8530 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
17:40:14.0406 2040 LHidFilt - ok
17:40:14.0468 2040 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:40:14.0468 2040 LmHosts - ok
17:40:14.0531 2040 [ 48D7422A6C4EEC886B56AC534CFA3ACF ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
17:40:14.0531 2040 LMouFilt - ok
17:40:14.0593 2040 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
17:40:14.0593 2040 MBAMProtector - ok
17:40:14.0703 2040 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:40:14.0718 2040 MBAMScheduler - ok
17:40:14.0796 2040 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:40:14.0812 2040 MBAMService - ok
17:40:14.0875 2040 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:40:14.0875 2040 Messenger - ok
17:40:14.0890 2040 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:40:14.0890 2040 mnmdd - ok
17:40:14.0921 2040 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:40:14.0921 2040 mnmsrvc - ok
17:40:14.0937 2040 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:40:14.0937 2040 Modem - ok
17:40:14.0968 2040 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:40:14.0968 2040 Mouclass - ok
17:40:14.0984 2040 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:40:14.0984 2040 mouhid - ok
17:40:15.0000 2040 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:40:15.0000 2040 MountMgr - ok
17:40:15.0078 2040 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:40:15.0078 2040 MpFilter - ok
17:40:15.0125 2040 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:40:15.0125 2040 mraid35x - ok
17:40:15.0140 2040 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:40:15.0140 2040 MRxDAV - ok
17:40:15.0203 2040 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:40:15.0203 2040 MRxSmb - ok
17:40:15.0265 2040 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:40:15.0265 2040 MSDTC - ok
17:40:15.0328 2040 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:40:15.0328 2040 Msfs - ok
17:40:15.0343 2040 MSIServer - ok
17:40:15.0375 2040 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:40:15.0375 2040 MSKSSRV - ok
17:40:15.0500 2040 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
17:40:15.0500 2040 MsMpSvc - ok
17:40:15.0531 2040 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:40:15.0531 2040 MSPCLOCK - ok
17:40:15.0546 2040 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:40:15.0546 2040 MSPQM - ok
17:40:15.0562 2040 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:40:15.0562 2040 mssmbios - ok
17:40:15.0593 2040 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:40:15.0593 2040 Mup - ok
17:40:15.0625 2040 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:40:15.0625 2040 napagent - ok
17:40:15.0640 2040 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:40:15.0640 2040 NDIS - ok
17:40:15.0687 2040 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:40:15.0687 2040 NdisTapi - ok
17:40:15.0703 2040 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:40:15.0703 2040 Ndisuio - ok
17:40:15.0718 2040 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:40:15.0718 2040 NdisWan - ok
17:40:15.0750 2040 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:40:15.0750 2040 NDProxy - ok
17:40:15.0765 2040 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:40:15.0765 2040 NetBIOS - ok
17:40:15.0796 2040 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:40:15.0796 2040 NetBT - ok
17:40:15.0859 2040 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:40:15.0859 2040 NetDDE - ok
17:40:15.0875 2040 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:40:15.0875 2040 NetDDEdsdm - ok
17:40:15.0906 2040 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:40:15.0906 2040 Netlogon - ok
17:40:15.0937 2040 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:40:15.0937 2040 Netman - ok
17:40:15.0984 2040 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:40:15.0984 2040 NetTcpPortSharing - ok
17:40:16.0015 2040 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:40:16.0015 2040 Nla - ok
17:40:16.0140 2040 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU C:\Program Files\CDBurnerXP\NMSAccessU.exe
17:40:16.0140 2040 NMSAccessU - ok
17:40:16.0203 2040 [ 085440078813949C51C33589557BFD29 ] NovacomD C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
17:40:16.0203 2040 NovacomD - ok
17:40:16.0203 2040 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:40:16.0203 2040 Npfs - ok
17:40:16.0250 2040 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:40:16.0250 2040 Ntfs - ok
17:40:16.0265 2040 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:40:16.0265 2040 NtLmSsp - ok
17:40:16.0296 2040 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:40:16.0312 2040 NtmsSvc - ok
17:40:16.0343 2040 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:40:16.0343 2040 Null - ok
17:40:16.0375 2040 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:40:16.0375 2040 NwlnkFlt - ok
17:40:16.0375 2040 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:40:16.0375 2040 NwlnkFwd - ok
17:40:16.0421 2040 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
17:40:16.0421 2040 Parport - ok
17:40:16.0421 2040 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:40:16.0437 2040 PartMgr - ok
17:40:16.0468 2040 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:40:16.0468 2040 ParVdm - ok
17:40:16.0515 2040 PCASp50 - ok
17:40:16.0531 2040 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:40:16.0531 2040 PCI - ok
17:40:16.0531 2040 PCIDump - ok
17:40:16.0562 2040 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:40:16.0562 2040 PCIIde - ok
17:40:16.0562 2040 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:40:16.0562 2040 Pcmcia - ok
17:40:16.0578 2040 PDCOMP - ok
17:40:16.0593 2040 PDFRAME - ok
17:40:16.0609 2040 PDRELI - ok
17:40:16.0625 2040 PDRFRAME - ok
17:40:16.0671 2040 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
17:40:16.0687 2040 perc2 - ok
17:40:16.0687 2040 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:40:16.0687 2040 perc2hib - ok
17:40:16.0734 2040 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:40:16.0734 2040 PlugPlay - ok
17:40:16.0750 2040 [ A38B3CE68E7F126190CDE4AA3FDF050F ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
17:40:16.0765 2040 Pml Driver HPZ12 - ok
17:40:16.0765 2040 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:40:16.0765 2040 PolicyAgent - ok
17:40:16.0812 2040 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:40:16.0812 2040 PptpMiniport - ok
17:40:16.0812 2040 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:40:16.0812 2040 ProtectedStorage - ok
17:40:16.0890 2040 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe
17:40:16.0890 2040 ProtexisLicensing - ok
17:40:16.0906 2040 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:40:16.0906 2040 PSched - ok
17:40:16.0921 2040 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:40:16.0921 2040 Ptilink - ok
17:40:16.0953 2040 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:40:16.0953 2040 PxHelp20 - ok
17:40:16.0984 2040 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:40:16.0984 2040 ql1080 - ok
17:40:16.0984 2040 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:40:16.0984 2040 Ql10wnt - ok
17:40:17.0000 2040 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:40:17.0000 2040 ql12160 - ok
17:40:17.0015 2040 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:40:17.0015 2040 ql1240 - ok
17:40:17.0031 2040 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:40:17.0031 2040 ql1280 - ok
17:40:17.0046 2040 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:40:17.0046 2040 RasAcd - ok
17:40:17.0093 2040 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:40:17.0093 2040 RasAuto - ok
17:40:17.0140 2040 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:40:17.0140 2040 Rasl2tp - ok
17:40:17.0218 2040 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:40:17.0218 2040 RasMan - ok
17:40:17.0218 2040 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:40:17.0218 2040 RasPppoe - ok
17:40:17.0234 2040 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:40:17.0234 2040 Raspti - ok
17:40:17.0265 2040 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:40:17.0265 2040 Rdbss - ok
17:40:17.0281 2040 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:40:17.0281 2040 RDPCDD - ok
17:40:17.0296 2040 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:40:17.0296 2040 rdpdr - ok
17:40:17.0359 2040 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:40:17.0359 2040 RDPWD - ok
17:40:17.0406 2040 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:40:17.0406 2040 RDSessMgr - ok
17:40:17.0437 2040 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:40:17.0437 2040 redbook - ok
17:40:17.0484 2040 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:40:17.0484 2040 RemoteAccess - ok
17:40:17.0515 2040 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:40:17.0515 2040 RemoteRegistry - ok
17:40:17.0546 2040 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
17:40:17.0562 2040 RimUsb - ok
17:40:17.0593 2040 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:40:17.0593 2040 RpcLocator - ok
17:40:17.0640 2040 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:40:17.0640 2040 RpcSs - ok
17:40:17.0687 2040 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:40:17.0687 2040 RSVP - ok
17:40:17.0765 2040 [ 5A850259B849A899990379A75460A4EB ] RTLWUSB C:\WINDOWS\system32\DRIVERS\RTL8187.sys
17:40:17.0765 2040 RTLWUSB - ok
17:40:17.0796 2040 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:40:17.0796 2040 SamSs - ok
17:40:17.0828 2040 [ 0505DA5D357F18A5D42FC5DEDE6BC9A0 ] SBRE C:\WINDOWS\system32\drivers\SBREdrv.sys
17:40:17.0828 2040 SBRE - ok
17:40:17.0859 2040 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:40:17.0859 2040 SCardSvr - ok
17:40:17.0906 2040 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:40:17.0906 2040 Schedule - ok
17:40:17.0937 2040 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:40:17.0937 2040 Secdrv - ok
17:40:17.0937 2040 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:40:17.0953 2040 seclogon - ok
17:40:17.0968 2040 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:40:17.0968 2040 SENS - ok
17:40:18.0000 2040 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
17:40:18.0000 2040 Serial - ok
17:40:18.0062 2040 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:40:18.0062 2040 Sfloppy - ok
17:40:18.0140 2040 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:40:18.0140 2040 SharedAccess - ok
17:40:18.0156 2040 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:40:18.0156 2040 ShellHWDetection - ok
17:40:18.0171 2040 Simbad - ok
17:40:18.0187 2040 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:40:18.0187 2040 sisagp - ok
17:40:18.0234 2040 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:40:18.0234 2040 Sparrow - ok
17:40:18.0296 2040 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:40:18.0296 2040 splitter - ok
17:40:18.0328 2040 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:40:18.0328 2040 Spooler - ok
17:40:18.0375 2040 [ 777115C9CC675BD98127660712D2F784 ] sprtsvc_DellSupportCenter C:\Program Files\Dell Support Center\bin\sprtsvc.exe
17:40:18.0375 2040 sprtsvc_DellSupportCenter - ok
17:40:18.0390 2040 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:40:18.0390 2040 sr - ok
17:40:18.0468 2040 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:40:18.0468 2040 srservice - ok
17:40:18.0500 2040 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:40:18.0500 2040 Srv - ok
17:40:18.0546 2040 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:40:18.0546 2040 SSDPSRV - ok
17:40:18.0609 2040 [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
17:40:18.0609 2040 StarOpen - ok
17:40:18.0625 2040 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:40:18.0640 2040 stisvc - ok
17:40:18.0671 2040 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:40:18.0671 2040 swenum - ok
17:40:18.0687 2040 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:40:18.0687 2040 swmidi - ok
17:40:18.0703 2040 SwPrv - ok
17:40:18.0734 2040 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
17:40:18.0734 2040 symc810 - ok
17:40:18.0750 2040 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:40:18.0750 2040 symc8xx - ok
17:40:18.0765 2040 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:40:18.0765 2040 sym_hi - ok
17:40:18.0765 2040 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:40:18.0765 2040 sym_u3 - ok
17:40:18.0812 2040 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:40:18.0812 2040 sysaudio - ok
17:40:18.0859 2040 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:40:18.0859 2040 SysmonLog - ok
17:40:18.0890 2040 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:40:18.0890 2040 TapiSrv - ok
17:40:18.0953 2040 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:40:18.0953 2040 Tcpip - ok
17:40:18.0984 2040 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:40:18.0984 2040 TDPIPE - ok
17:40:19.0000 2040 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:40:19.0000 2040 TDTCP - ok
17:40:19.0046 2040 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:40:19.0046 2040 TermDD - ok
17:40:19.0109 2040 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:40:19.0109 2040 TermService - ok
17:40:19.0140 2040 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:40:19.0140 2040 Themes - ok
17:40:19.0171 2040 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:40:19.0171 2040 TlntSvr - ok
17:40:19.0187 2040 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
17:40:19.0203 2040 TosIde - ok
17:40:19.0218 2040 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:40:19.0218 2040 TrkWks - ok
17:40:19.0250 2040 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:40:19.0250 2040 Udfs - ok
17:40:19.0250 2040 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
17:40:19.0250 2040 ultra - ok
17:40:19.0328 2040 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
17:40:19.0328 2040 UMWdf - ok
17:40:19.0359 2040 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:40:19.0375 2040 Update - ok
17:40:19.0406 2040 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:40:19.0406 2040 upnphost - ok
17:40:19.0421 2040 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:40:19.0421 2040 UPS - ok
17:40:19.0500 2040 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
17:40:19.0500 2040 USBAAPL - ok
17:40:19.0562 2040 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:40:19.0562 2040 usbaudio - ok
17:40:19.0593 2040 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:40:19.0593 2040 usbccgp - ok
17:40:19.0609 2040 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:40:19.0609 2040 usbehci - ok
17:40:19.0656 2040 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:40:19.0656 2040 usbhub - ok
17:40:19.0656 2040 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:40:19.0656 2040 usbohci - ok
17:40:19.0734 2040 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:40:19.0734 2040 usbprint - ok
17:40:19.0765 2040 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:40:19.0765 2040 usbscan - ok
17:40:19.0796 2040 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:40:19.0796 2040 USBSTOR - ok
17:40:19.0828 2040 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:40:19.0828 2040 usbuhci - ok
17:40:19.0843 2040 VBoxDRV - ok
17:40:19.0859 2040 VBoxUSBMon - ok
17:40:19.0875 2040 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:40:19.0890 2040 VgaSave - ok
17:40:19.0921 2040 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:40:19.0921 2040 viaagp - ok
17:40:19.0937 2040 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
17:40:19.0937 2040 ViaIde - ok
17:40:19.0984 2040 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:40:19.0984 2040 VolSnap - ok
17:40:20.0031 2040 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:40:20.0031 2040 VSS - ok
17:40:20.0078 2040 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
17:40:20.0078 2040 w32time - ok
17:40:20.0109 2040 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:40:20.0109 2040 Wanarp - ok
17:40:20.0171 2040 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:40:20.0171 2040 Wdf01000 - ok
17:40:20.0187 2040 WDICA - ok
17:40:20.0234 2040 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:40:20.0234 2040 wdmaud - ok
17:40:20.0265 2040 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:40:20.0265 2040 WebClient - ok
17:40:20.0375 2040 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:40:20.0375 2040 winmgmt - ok
17:40:20.0453 2040 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
17:40:20.0453 2040 WinUSB - ok
17:40:20.0500 2040 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:40:20.0500 2040 WmdmPmSN - ok
17:40:20.0546 2040 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:40:20.0562 2040 Wmi - ok
17:40:20.0609 2040 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:40:20.0609 2040 WmiApSrv - ok
17:40:20.0687 2040 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:40:20.0734 2040 WPFFontCache_v0400 - ok
17:40:20.0796 2040 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:40:20.0796 2040 wscsvc - ok
17:40:20.0812 2040 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:40:20.0843 2040 wuauserv - ok
17:40:20.0906 2040 [ 6FF66513D372D479EF1810223C8D20CE ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:40:20.0906 2040 WudfPf - ok
17:40:20.0921 2040 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:40:20.0921 2040 WudfRd - ok
17:40:20.0984 2040 [ 575A4190D989F64732119E4114045A4F ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:40:20.0984 2040 WudfSvc - ok
17:40:21.0031 2040 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:40:21.0031 2040 WZCSVC - ok
17:40:21.0062 2040 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:40:21.0078 2040 xmlprov - ok
17:40:21.0109 2040 ================ Scan global ===============================
17:40:21.0171 2040 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:40:21.0218 2040 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:40:21.0234 2040 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:40:21.0234 2040 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:40:21.0234 2040 [Global] - ok
17:40:21.0234 2040 ================ Scan MBR ==================================
17:40:21.0281 2040 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
17:40:21.0484 2040 \Device\Harddisk0\DR0 - ok
17:40:21.0500 2040 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:40:21.0500 2040 \Device\Harddisk1\DR1 - ok
17:40:21.0500 2040 ================ Scan VBR ==================================
17:40:21.0531 2040 [ 8E824116E6611BA22272D96903D20318 ] \Device\Harddisk0\DR0\Partition1
17:40:21.0531 2040 \Device\Harddisk0\DR0\Partition1 - ok
17:40:21.0531 2040 [ 0B020FA46F9483E15469FDD09ED01CF8 ] \Device\Harddisk1\DR1\Partition1
17:40:21.0531 2040 \Device\Harddisk1\DR1\Partition1 - ok
17:40:21.0546 2040 ============================================================
17:40:21.0546 2040 Scan finished
17:40:21.0546 2040 ============================================================
17:40:21.0562 1744 Detected object count: 0
17:40:21.0562 1744 Actual detected object count: 0
17:46:24.0281 1992 Deinitialize success




ComboFix 13-01-02.02 - Administrator 01/02/2013 18:19:24.1.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2674 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\etavaresCF.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ADS - WINDOWS: deleted 72 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\windows\system32\3gpvideoconvertera.dat
c:\windows\system32\3gpvideoconverterb.dat
c:\windows\system32\SET1F.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET23.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET28.tmp
c:\windows\system32\SET2A.tmp
c:\windows\system32\SET72.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-12-02 to 2013-01-02 )))))))))))))))))))))))))))))))
.
.
2013-01-02 22:26 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{34ECAEFA-8C51-4124-A0A7-A9BE718F6B58}\mpengine.dll
2012-12-31 01:16 . 2012-12-31 01:16 -------- d-----w- c:\program files\ESET
2012-12-29 23:31 . 2012-12-29 23:31 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-12-29 23:30 . 2012-12-29 23:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-12-29 23:30 . 2012-12-29 23:30 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-12-26 23:49 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 21:49 . 2012-05-09 22:16 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 11:20 . 2008-04-25 16:16 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41 . 2008-04-25 16:16 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2008-04-25 16:16 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2008-04-25 16:16 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2008-04-25 16:16 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe [2012-6-13 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-22 19:02 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 04:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Documents and Settings\\Jimmy\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\AirVideoServer\\AirVideoServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/30/2010 5:18 AM 64288]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [12/30/2010 5:18 AM 101720]
S2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [1/25/2009 3:32 PM 112835]
S2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2/4/2010 7:19 AM 401920]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [6/13/2012 3:49 PM 38144]
S2 HPFECP11;HPFECP11;c:\windows\system32\drivers\HPFecp11.sys [5/3/1999 4:17 AM 52800]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [3/14/2009 6:32 AM 10384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/21/2012 7:23 AM 398184]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/9/2012 5:16 PM 682344]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [3/15/2011 4:35 PM 61440]
S2 VBoxDRV;PortableVBoxDRV;\??\f:\virtualbox\Portable-VirtualBox\app32\drivers\VBoxDrv\VBoxDrv.sys --> f:\virtualbox\Portable-VirtualBox\app32\drivers\VBoxDrv\VBoxDrv.sys [?]
S2 VBoxUSBMon;PortableVBoxUSBMon;\??\f:\virtualbox\Portable-VirtualBox\app32\drivers\USB\filter\VBoxUSBMon.sys --> f:\virtualbox\Portable-VirtualBox\app32\drivers\USB\filter\VBoxUSBMon.sys [?]
S3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [1/25/2009 3:32 PM 5325]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/9/2012 5:16 PM 21104]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [6/13/2012 3:49 PM 332928]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LBEEPKE
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081222
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4pz1xa95.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-SearchAssist - c:\dell\SearchAssist\UninstSA.bat
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-02 18:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1751569790-2203224123-3960669779-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,82,5f,28,cb,c0,35,4a,87,bf,9f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,82,5f,28,cb,c0,35,4a,87,bf,9f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2013-01-02 18:23:39
ComboFix-quarantined-files.txt 2013-01-02 23:23
.
Pre-Run: 69,707,132,928 bytes free
Post-Run: 70,027,988,992 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7FB507FE41AE5C41A4D2934E72A11BD2

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Instructor
  • 14,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:04 AM

Posted 03 January 2013 - 09:08 AM

Hello, sampsonti.

Something is definitely blocking the internet, at least to security sites. We'll clean up some more.


Step 1



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

folder::
c:\documents and settings\jimmy\application data\Viaf
c:\documents and settings\jimmy\application data\Tepu
c:\documents and settings\jimmy\application data\Qyrimo
c:\documents and settings\jimmy\application data\Zeziq
c:\documents and settings\jimmy\application data\Ufgu
c:\documents and settings\jimmy\application data\Amdatu
c:\documents and settings\jimmy\application data\Uvafqi
c:\documents and settings\jimmy\application data\Ihysg
c:\documents and settings\jimmy\application data\Azby
c:\documents and settings\jimmy\application data\Peveaf
c:\documents and settings\jimmy\application data\Ekyl
c:\documents and settings\jimmy\application data\Cerom
c:\documents and settings\jimmy\application data\Xauwqy
c:\documents and settings\jimmy\application data\Ryyn
c:\documents and settings\jimmy\application data\Nuko
c:\documents and settings\jimmy\application data\Uxuhdy
c:\documents and settings\jimmy\application data\Siym
c:\documents and settings\jimmy\application data\Koqyzu
c:\documents and settings\jimmy\application data\Ykyfa
c:\documents and settings\jimmy\application data\Vopae
c:\documents and settings\jimmy\application data\Mahibu
c:\documents and settings\jimmy\application data\Tuyl
c:\documents and settings\jimmy\application data\Suokpa
c:\documents and settings\jimmy\application data\Koigy
c:\documents and settings\jimmy\application data\Ymfoa
c:\documents and settings\jimmy\application data\Olur
c:\documents and settings\jimmy\application data\Ildofu
c:\documents and settings\jimmy\application data\Uxme
c:\documents and settings\jimmy\application data\Rufi
c:\documents and settings\jimmy\application data\Ixem
c:\documents and settings\jimmy\application data\Vuda
c:\documents and settings\jimmy\application data\Uguz
c:\documents and settings\jimmy\application data\Piahb
c:\documents and settings\jimmy\application data\Umym
c:\documents and settings\jimmy\application data\Umxe
c:\documents and settings\jimmy\application data\Avver
Registry::
[HKEY_USERS\S-1-5-21-1751569790-2203224123-3960669779-500\Software\Microsoft\Internet Explorer\User Preferences]
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=-
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=-

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.



Step 2

Download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

If you have a 64-bit system, please download the 64 bit version from here:
SystemLook (64-bit)

  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy and Paste the content of the following codebox into the main textfield under "File":
    :filefind
    i8042prt.sys
    
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task




Step 3

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

unite_teal.png
Unified Network of Instructors and Trusted Eliminators
 


#5 sampsonti

sampsonti
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 03 January 2013 - 05:31 PM

combofix/text log:

ComboFix 13-01-02.02 - Administrator 01/03/2013 12:29:58.2.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2746 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\etavaresCF.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jimmy\application data\Amdatu
c:\documents and settings\jimmy\application data\Amdatu\piokg.qoo
c:\documents and settings\jimmy\application data\Avver
c:\documents and settings\jimmy\application data\Avver\ybqo.ucy
c:\documents and settings\jimmy\application data\Azby
c:\documents and settings\jimmy\application data\Cerom
c:\documents and settings\jimmy\application data\Cerom\kodax.efy
c:\documents and settings\jimmy\application data\Ekyl
c:\documents and settings\jimmy\application data\Ihysg
c:\documents and settings\jimmy\application data\Ihysg\kogew.boa
c:\documents and settings\jimmy\application data\Ildofu
c:\documents and settings\jimmy\application data\Ixem
c:\documents and settings\jimmy\application data\Ixem\voari.exe
c:\documents and settings\jimmy\application data\Koigy
c:\documents and settings\jimmy\application data\Koigy\afnas.qab
c:\documents and settings\jimmy\application data\Koqyzu
c:\documents and settings\jimmy\application data\Koqyzu\faqy.opq
c:\documents and settings\jimmy\application data\Mahibu
c:\documents and settings\jimmy\application data\Mahibu\niis.una
c:\documents and settings\jimmy\application data\Nuko
c:\documents and settings\jimmy\application data\Olur
c:\documents and settings\jimmy\application data\Olur\qixy.syb
c:\documents and settings\jimmy\application data\Peveaf
c:\documents and settings\jimmy\application data\Peveaf\kiaq.nyz
c:\documents and settings\jimmy\application data\Piahb
c:\documents and settings\jimmy\application data\Piahb\igpeu.fym
c:\documents and settings\jimmy\application data\Qyrimo
c:\documents and settings\jimmy\application data\Qyrimo\vawua.uhl
c:\documents and settings\jimmy\application data\Rufi
c:\documents and settings\jimmy\application data\Rufi\ytvy.avf
c:\documents and settings\jimmy\application data\Ryyn
c:\documents and settings\jimmy\application data\Ryyn\vere.byn
c:\documents and settings\jimmy\application data\Siym
c:\documents and settings\jimmy\application data\Suokpa
c:\documents and settings\jimmy\application data\Suokpa\niwoo.opo
c:\documents and settings\jimmy\application data\Tepu
c:\documents and settings\jimmy\application data\Tepu\apem.awo
c:\documents and settings\jimmy\application data\Tuyl
c:\documents and settings\jimmy\application data\Ufgu
c:\documents and settings\jimmy\application data\Uguz
c:\documents and settings\jimmy\application data\Umxe
c:\documents and settings\jimmy\application data\Umym
c:\documents and settings\jimmy\application data\Uvafqi
c:\documents and settings\jimmy\application data\Uvafqi\imlia.iri
c:\documents and settings\jimmy\application data\Uxme
c:\documents and settings\jimmy\application data\Uxuhdy
c:\documents and settings\jimmy\application data\Uxuhdy\hozu.adr
c:\documents and settings\jimmy\application data\Viaf
c:\documents and settings\jimmy\application data\Vopae
c:\documents and settings\jimmy\application data\Vopae\illav.kop
c:\documents and settings\jimmy\application data\Vuda
c:\documents and settings\jimmy\application data\Vuda\puinb.ovp
c:\documents and settings\jimmy\application data\Xauwqy
c:\documents and settings\jimmy\application data\Xauwqy\rupy.liv
c:\documents and settings\jimmy\application data\Ykyfa
c:\documents and settings\jimmy\application data\Ymfoa
c:\documents and settings\jimmy\application data\Ymfoa\ikivy.tut
c:\documents and settings\jimmy\application data\Zeziq
c:\documents and settings\jimmy\application data\Zeziq\etav.lil
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-12-03 to 2013-01-03 )))))))))))))))))))))))))))))))
.
.
2013-01-02 23:33 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CBEA09D-E2F5-42AE-AF22-4E52DE3068ED}\mpengine.dll
2012-12-31 01:16 . 2012-12-31 01:16 -------- d-----w- c:\program files\ESET
2012-12-29 23:31 . 2012-12-29 23:31 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-12-29 23:30 . 2012-12-29 23:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-12-29 23:30 . 2012-12-29 23:30 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-12-26 23:49 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 21:49 . 2012-05-09 22:16 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 11:20 . 2008-04-25 16:16 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41 . 2008-04-25 16:16 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2008-04-25 16:16 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2008-04-25 16:16 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2008-04-25 16:16 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe [2012-6-13 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-22 19:02 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 04:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Documents and Settings\\Jimmy\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\AirVideoServer\\AirVideoServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/30/2010 5:18 AM 64288]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [12/30/2010 5:18 AM 101720]
S2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [1/25/2009 3:32 PM 112835]
S2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2/4/2010 7:19 AM 401920]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [6/13/2012 3:49 PM 38144]
S2 HPFECP11;HPFECP11;c:\windows\system32\drivers\HPFecp11.sys [5/3/1999 4:17 AM 52800]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [3/14/2009 6:32 AM 10384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/21/2012 7:23 AM 398184]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/9/2012 5:16 PM 682344]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [3/15/2011 4:35 PM 61440]
S2 VBoxDRV;PortableVBoxDRV;\??\f:\virtualbox\Portable-VirtualBox\app32\drivers\VBoxDrv\VBoxDrv.sys --> f:\virtualbox\Portable-VirtualBox\app32\drivers\VBoxDrv\VBoxDrv.sys [?]
S2 VBoxUSBMon;PortableVBoxUSBMon;\??\f:\virtualbox\Portable-VirtualBox\app32\drivers\USB\filter\VBoxUSBMon.sys --> f:\virtualbox\Portable-VirtualBox\app32\drivers\USB\filter\VBoxUSBMon.sys [?]
S3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [1/25/2009 3:32 PM 5325]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/9/2012 5:16 PM 21104]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [6/13/2012 3:49 PM 332928]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LBEEPKE
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081222
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4pz1xa95.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-03 12:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1751569790-2203224123-3960669779-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,82,5f,28,cb,c0,35,4a,87,bf,9f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,82,5f,28,cb,c0,35,4a,87,bf,9f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2013-01-03 12:37:31
ComboFix-quarantined-files.txt 2013-01-03 17:37
ComboFix2.txt 2013-01-02 23:23
.
Pre-Run: 70,021,373,952 bytes free
Post-Run: 70,005,305,344 bytes free
.
- - End Of File - - 7EA624BFA4BA7BEB8271ECDA6A7588CC


Systemlook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 17:01 on 03/01/2013 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "i8042prt.sys"
No files found.

-= EOF =-


MBA-M Log:

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.03.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: JIMANDLISA [administrator]

Protection: Disabled

1/3/2013 5:05:11 PM
mbam-log-2013-01-03 (17-05-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230081
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Instructor
  • 14,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:04 AM

Posted 04 January 2013 - 02:35 PM

Hello, sampsonti.

Do you have your Windows installation CD?


Step 1

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.



Step 2

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

unite_teal.png
Unified Network of Instructors and Trusted Eliminators
 


#7 sampsonti

sampsonti
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 04 January 2013 - 10:07 PM

etavares,

Yes I do have the reinstall discs you had inquired about. Here the next set up logs requested. I did this again in the safe mode just to be able to get to these sites. Withthese scan I followed the direction not to do anything but just let them scan. Hopefully that was correct. Thanks for all you time and assistance.

ADWCleaner:

# AdwCleaner v2.104 - Logfile created 01/04/2013 at 16:53:55
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - JIMANDLISA
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\FreeRIP
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\FreeRIP3
Folder Found : C:\Documents and Settings\Jimmy\Application Data\OpenCandy
Folder Found : C:\Program Files\FreeRIP3

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.3 (en-US)

File : C:\Documents and Settings\Jimmy\Application Data\Mozilla\Firefox\Profiles\umsuer3h.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4pz1xa95.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1169 octets] - [04/01/2013 16:53:55]

########## EOF - C:\AdwCleaner[R1].txt - [1229 octets] ##########



ESET Online Scanner:

# AdwCleaner v2.104 - Logfile created 01/04/2013 at 16:53:55
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - JIMANDLISA
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\FreeRIP
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\FreeRIP3
Folder Found : C:\Documents and Settings\Jimmy\Application Data\OpenCandy
Folder Found : C:\Program Files\FreeRIP3

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.3 (en-US)

File : C:\Documents and Settings\Jimmy\Application Data\Mozilla\Firefox\Profiles\umsuer3h.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4pz1xa95.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1169 octets] - [04/01/2013 16:53:55]

########## EOF - C:\AdwCleaner[R1].txt - [1229 octets] ##########

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Instructor
  • 14,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:04 AM

Posted 06 January 2013 - 07:20 AM

Hi sampsonti,

Free Rip Toolbar is classified as 'potentially undesirable program'. See here for information:
http://www.systemlookup.com/search.php?type=name&client=malwaresearch-chrome&search=FreeRIP

It's up to you if you want to remove it. You can run adwCleaner again and select Clean if you want to remove it.

It looks like you meant to post the ESET log but posted the adwCleaner log twice. Do you still have the ESET log?

-etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

unite_teal.png
Unified Network of Instructors and Trusted Eliminators
 


#9 sampsonti

sampsonti
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 06 January 2013 - 05:48 PM

etavares,

Yes, I would prefer to remove it. Still having issues with getting MSE to update and getting to sites like this one.

ESET Log:

C:\Documents and Settings\Jimmy\Application Data\Sun\Java\Deployment\cache\6.0\20\5b548e94-449abf6e multiple threats
C:\Documents and Settings\Jimmy\Application Data\Sun\Java\Deployment\cache\6.0\20\5b548e94-72ed0e34 multiple threats
C:\Documents and Settings\Jimmy\Application Data\Sun\Java\Deployment\cache\6.0\20\5b548e94-73a0352a multiple threats



Update.
I removed free rip toolbar and still see no improvement. Cannot access any secuity sites in non safe mode. Bizzarre. Just for the sake of being comprehesive I am providing the original MBA-M log when I found the initial nasties and then came here after that did not work.


Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.29.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jimmy :: JIMANDLISA [administrator]

Protection: Enabled

12/28/2012 9:41:26 PM
mbam-log-2012-12-28 (21-41-26).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 349809
Time elapsed: 1 hour(s), 4 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\Jimmy\wgsdgsdgdsgsd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jimmy\Application Data\Sun\Java\Deployment\cache\6.0\20\5b548e94-39ca25b8 (Trojan.Exploitdrop.AW) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jimmy\Application Data\Uguz\vibiu.exe (Trojan.Exploitdrop.AW) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jimmy\Local Settings\Temp\tmp9260c66b\statsreaderfix.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP767\A0109058.exe (Trojan.Exploitdrop.AW) -> Quarantined and deleted successfully.

(end)

Edited by sampsonti, 06 January 2013 - 08:39 PM.


#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Instructor
  • 14,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:04 AM

Posted 06 January 2013 - 08:34 PM

Hello, sampsonti.


Step 1

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.



Step 2


Follow these instructions to run System File Check:
How To Use Sfc.exe To Repair System Files

It will likely prompt you for your installation CD. Let me know if it does and if you had any issues running sfc.

Then, let me know how your computer is running at that point.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

unite_teal.png
Unified Network of Instructors and Trusted Eliminators
 


#11 sampsonti

sampsonti
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 07 January 2013 - 05:57 PM

In doing step 2 I keep getting retry when trying to runsystem file check. It prompts to use the installation disc but I keep getting that retry. The status bar continues but it did not seem to make any difference after finishing this task. Computer still not able to connect to security sites. Maybe I have the wrong installation disc but i thought it was for this computer.....


ADWcleaner Log:

# AdwCleaner v2.104 - Logfile created 01/07/2013 at 07:33:18
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - JIMANDLISA
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.3 (en-US)

File : C:\Documents and Settings\Jimmy\Application Data\Mozilla\Firefox\Profiles\umsuer3h.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4pz1xa95.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1298 octets] - [04/01/2013 16:53:55]
AdwCleaner[R2].txt - [1358 octets] - [04/01/2013 16:55:13]
AdwCleaner[R3].txt - [1418 octets] - [06/01/2013 13:22:23]
AdwCleaner[S1].txt - [1602 octets] - [06/01/2013 13:22:39]
AdwCleaner[S2].txt - [1134 octets] - [07/01/2013 07:33:18]

########## EOF - C:\AdwCleaner[S2].txt - [1194 octets] ##########

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Instructor
  • 14,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:04 AM

Posted 08 January 2013 - 09:22 AM

Hello, sampsonti.

I'm not convinced we removed everything even though the scans are coming in clean, especially since you still can't access sites.

FIrst, please delete your copy of COmbofix and download a fresh copy. We'll try it with an updated version.


Step 1



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares

Edited by etavares, 08 January 2013 - 09:22 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

unite_teal.png
Unified Network of Instructors and Trusted Eliminators
 


#13 sampsonti

sampsonti
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 08 January 2013 - 06:01 PM

etavares,

Completed new combofix scan as instructed. Below is the log requested. I did several minutes of browsing on the web after getting log. It still will not connect to your site, eset, kaspersky ect....I used both IE and FF to test. Again, thank you for your time and effort it is appreciated.

I may be able to access a Windows XP disc by tomorrow and I could try sfcheck again. Dont know if it would work but this would be a full version XP pro disc and I do have a legal XP pro serial #.

ComboFix 13-01-08.01 - Administrator 01/08/2013 17:33:46.3.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2705 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\etavaresCF.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\i8042prt.sys was missing
Restored copy from - c:\windows\system32\dllcache\i8042prt.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-12-08 to 2013-01-08 )))))))))))))))))))))))))))))))
.
.
2013-01-08 22:39 . 2008-04-14 05:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2013-01-08 22:13 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A3D26F2-CCC2-4C5D-A407-6C4914990D85}\mpengine.dll
2013-01-08 22:13 . 2013-01-08 22:14 -------- d-----w- C:\e82bbbb1f1b99ceb2a
2013-01-07 23:24 . 2008-04-14 12:00 221696 -c--a-w- c:\windows\system32\dllcache\seo.dll
2013-01-07 23:24 . 2008-04-14 05:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2013-01-07 23:24 . 2001-08-17 18:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2013-01-07 23:24 . 2001-08-18 03:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2013-01-07 23:24 . 2001-08-17 18:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2013-01-07 23:21 . 2001-08-18 03:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2013-01-07 23:21 . 2001-08-17 17:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2013-01-07 23:21 . 2008-04-14 12:00 4096 -c--a-w- c:\windows\system32\dllcache\rpcref.dll
2013-01-07 23:21 . 2008-04-14 05:10 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2013-01-07 23:21 . 2008-04-14 05:26 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2013-01-07 23:21 . 2001-08-17 17:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2013-01-07 23:21 . 2008-04-14 05:16 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2013-01-07 22:03 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-07 21:58 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2013-01-07 17:23 . 2001-08-18 03:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2013-01-07 17:21 . 2008-04-14 12:00 175104 -c--a-w- c:\windows\system32\dllcache\pintlcsa.dll
2013-01-07 17:20 . 2001-08-17 17:12 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2013-01-07 17:20 . 2001-08-17 17:12 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2013-01-07 17:20 . 2001-08-17 17:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2013-01-07 17:20 . 2008-04-14 05:16 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2013-01-07 17:20 . 2008-04-14 10:42 4274816 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2013-01-07 17:20 . 2008-04-14 03:04 1897408 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2013-01-07 17:20 . 2001-08-17 17:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2013-01-07 17:20 . 2001-08-18 03:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2013-01-07 17:20 . 2008-04-14 04:53 180360 -c--a-w- c:\windows\system32\dllcache\ntmtlfax.sys
2013-01-07 17:20 . 2001-08-18 03:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2013-01-07 17:20 . 2001-08-17 17:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2013-01-07 17:12 . 2001-08-17 18:50 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2013-01-07 17:11 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2013-01-07 17:10 . 2004-08-04 05:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2013-01-07 17:09 . 2001-08-17 19:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2013-01-07 17:08 . 2001-08-18 03:36 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2013-01-07 17:07 . 2001-08-18 03:36 43520 -c--a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2013-01-07 17:06 . 2001-08-17 17:10 55999 -c--a-w- c:\windows\system32\dllcache\el556nd5.sys
2013-01-07 17:05 . 2001-08-17 17:19 3072 -c--a-w- c:\windows\system32\dllcache\cwbmidi.sys
2013-01-07 17:04 . 2008-04-14 05:16 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys
2013-01-07 17:03 . 2004-08-04 05:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2013-01-07 17:02 . 2003-03-24 21:52 20540 -c--a-w- c:\windows\system32\dllcache\admin.dll
2013-01-07 17:02 . 2003-03-24 21:52 16439 -c--a-w- c:\windows\system32\dllcache\admin.exe
2013-01-03 22:04 . 2013-01-03 22:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-12-31 01:16 . 2012-12-31 01:16 -------- d-----w- c:\program files\ESET
2012-12-29 23:31 . 2012-12-29 23:31 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-12-29 23:30 . 2012-12-29 23:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-12-29 23:30 . 2012-12-29 23:30 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 21:49 . 2012-05-09 22:16 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 11:20 . 2008-04-25 16:16 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41 . 2008-04-25 16:16 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2008-04-25 16:16 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2008-04-25 16:16 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2008-04-25 16:16 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="?\WkDetect.exe" [?]
"cdloader"="c:\documents and settings\Jimmy\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe [2012-6-13 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-22 19:02 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 04:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Documents and Settings\\Jimmy\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/30/2010 5:18 AM 64288]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [12/30/2010 5:18 AM 101720]
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2/4/2010 7:19 AM 401920]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [6/13/2012 3:49 PM 38144]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [3/14/2009 6:32 AM 10384]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/21/2012 7:23 AM 398184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/9/2012 5:16 PM 682344]
R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [3/15/2011 4:35 PM 61440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/9/2012 5:16 PM 21104]
S2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [1/25/2009 3:32 PM 112835]
S2 HPFECP11;HPFECP11;c:\windows\system32\drivers\HPFecp11.sys [5/3/1999 4:17 AM 52800]
S2 VBoxDRV;PortableVBoxDRV;\??\f:\virtualbox\Portable-VirtualBox\app32\drivers\VBoxDrv\VBoxDrv.sys --> f:\virtualbox\Portable-VirtualBox\app32\drivers\VBoxDrv\VBoxDrv.sys [?]
S2 VBoxUSBMon;PortableVBoxUSBMon;\??\f:\virtualbox\Portable-VirtualBox\app32\drivers\USB\filter\VBoxUSBMon.sys --> f:\virtualbox\Portable-VirtualBox\app32\drivers\USB\filter\VBoxUSBMon.sys [?]
S3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [1/25/2009 3:32 PM 5325]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [6/13/2012 3:49 PM 332928]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{775b4a12-20d4-11df-a52c-00219b0fa0a9}]
\Shell\AutoRun\command - F:\Setup.exe
\Shell\Install\command - F:\Setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081222
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Jimmy\Application Data\Mozilla\Firefox\Profiles\umsuer3h.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-08 17:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(624)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2013-01-08 17:46:28 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-08 22:46
ComboFix2.txt 2013-01-03 17:37
ComboFix3.txt 2013-01-02 23:23
.
Pre-Run: 68,786,790,400 bytes free
Post-Run: 65,576,177,664 bytes free
.
- - End Of File - - C276E02E23CBEC43F7225999EAE42866

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Instructor
  • 14,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:04 AM

Posted 09 January 2013 - 04:57 PM

Before I respond with next steps, a few questions:

First, do you have an empty USB drive we can use from your working computer (need internet access)?
Second, do you have issues accessing other websites (e.g. google.com, msn.com, etc.) or just the security ones (bleepingcomputer.com, avg, etc.)

Thanks,
-etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

unite_teal.png
Unified Network of Instructors and Trusted Eliminators
 


#15 sampsonti

sampsonti
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 09 January 2013 - 06:48 PM

Yes, I have an available USB drive. I do also have access to computer that can also access internet other than the infected computer. Correct, I can access sites such as yahoo, google,msn ect. It seems to be security sites giving me the issue. bleeping computer, AVG, eset are the ones i have tried. I can not update Microsoft security essential but i am able to update malwarebytes.

I did try using loaned Xp pro disc but did not work with sfc. It keeps repeating to put the XP disc in.....




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users