Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected? lets find out!


  • Please log in to reply
42 replies to this topic

#1 petegt5012

petegt5012

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 30 April 2012 - 11:22 PM

i am redirected here by crytodan previous topic post http://www.bleepingcomputer.com/forums/topic451906.html
and here are my scan logs. so far I ran malwarebytes, securitycheck, DDS, have run defogger as I did have cd emulator "deamon tools" and rebooted.
Had an issue with SAS on install this message
""Description:
Faulting application superantispyware.exe, version 5.0.0.1148, faulting module superantispyware.exe, version 5.0.0.1148, fault address 0x0007712c. "" the complete event info is in the previous topic above. redownloaded tweice and reinstalled a few times same error. Still able to run SAS however, it is running now. log will be posted when it finishes below.

DDS.scr downloaded it and followed instructions however my son uses autocad and this file type is used by autocad the file just opened as a exe would open via notepad. So i renamed it to DDS.exe from DDS.scr double clicked on it and it ran and did it's thing. these logs are also below.

To start things rolling here are the logs so far
Malwarebytes just shows protection logs ??? here they are
from 2012-04-18
2012/04/18 23:48:57 -0400 D820LIVINGSTON admin1 MESSAGE Starting protection
2012/04/18 23:49:07 -0400 D820LIVINGSTON admin1 MESSAGE Protection started successfully
2012/04/18 23:49:10 -0400 D820LIVINGSTON admin1 MESSAGE Starting IP protection
2012/04/18 23:49:17 -0400 D820LIVINGSTON admin1 MESSAGE IP Protection started successfully
2012/04/18 23:52:54 -0400 D820LIVINGSTON admin1 MESSAGE Executing scheduled update: Daily
2012/04/18 23:52:55 -0400 D820LIVINGSTON admin1 MESSAGE Database already up-to-date

from 2012-04-19
2012/04/19 00:19:12 -0400 D820LIVINGSTON admin1 MESSAGE Stopping IP protection
2012/04/19 00:19:12 -0400 D820LIVINGSTON admin1 MESSAGE IP Protection stopped
2012/04/19 00:19:12 -0400 D820LIVINGSTON admin1 MESSAGE Starting IP protection
2012/04/19 00:19:21 -0400 D820LIVINGSTON admin1 MESSAGE IP Protection started successfully
2012/04/19 00:19:21 -0400 D820LIVINGSTON admin1 MESSAGE Stopping IP protection
2012/04/19 00:19:21 -0400 D820LIVINGSTON admin1 MESSAGE IP Protection stopped
2012/04/19 00:19:21 -0400 D820LIVINGSTON admin1 MESSAGE Starting IP protection
2012/04/19 00:19:30 -0400 D820LIVINGSTON admin1 MESSAGE IP Protection started successfully
2012/04/19 20:55:56 -0400 D820LIVINGSTON admin1 MESSAGE Starting protection
2012/04/19 20:56:24 -0400 D820LIVINGSTON admin1 MESSAGE Protection started successfully
2012/04/19 20:56:27 -0400 D820LIVINGSTON admin1 MESSAGE Starting IP protection
2012/04/19 20:56:31 -0400 D820LIVINGSTON admin1 MESSAGE IP Protection started successfully
2012/04/19 23:49:01 -0400 D820LIVINGSTON admin1 MESSAGE Starting protection
2012/04/19 23:49:39 -0400 D820LIVINGSTON admin1 MESSAGE Protection started successfully
2012/04/19 23:49:42 -0400 D820LIVINGSTON admin1 MESSAGE Starting IP protection
2012/04/19 23:49:46 -0400 D820LIVINGSTON admin1 MESSAGE IP Protection started successfully
2012/04/19 23:51:49 -0400 D820LIVINGSTON admin1 MESSAGE Starting database refresh
2012/04/19 23:51:49 -0400 D820LIVINGSTON admin1 MESSAGE Stopping IP protection
2012/04/19 23:51:49 -0400 D820LIVINGSTON admin1 MESSAGE IP Protection stopped
2012/04/19 23:52:04 -0400 D820LIVINGSTON admin1 MESSAGE Database refreshed successfully
2012/04/19 23:52:04 -0400 D820LIVINGSTON admin1 MESSAGE Starting IP protection
2012/04/19 23:52:12 -0400 D820LIVINGSTON admin1 MESSAGE IP Protection started successfully

from 2012-04-30
2012/04/30 21:39:31 -0400 D820LIVINGSTON admin1 MESSAGE Starting protection
2012/04/30 21:40:00 -0400 D820LIVINGSTON admin1 MESSAGE Protection started successfully
2012/04/30 21:40:03 -0400 D820LIVINGSTON admin1 MESSAGE Starting IP protection
2012/04/30 21:40:07 -0400 D820LIVINGSTON admin1 MESSAGE IP Protection started successfully
2012/04/30 21:44:15 -0400 D820LIVINGSTON admin1 MESSAGE Executing scheduled update: Daily
2012/04/30 21:44:26 -0400 D820LIVINGSTON admin1 MESSAGE Starting database refresh
2012/04/30 21:44:26 -0400 D820LIVINGSTON admin1 MESSAGE Scheduled update executed successfully: database updated from version v2012.04.30.03 to version v2012.04.30.08
2012/04/30 21:44:26 -0400 D820LIVINGSTON admin1 MESSAGE Stopping IP protection
2012/04/30 21:44:26 -0400 D820LIVINGSTON admin1 MESSAGE IP Protection stopped


I don't think tha is whatyou wanted , can't find any logs anywhere else , these were in allusers/app~data/malwarebytes/malwarebytes' Anti-Malware/logs

4 items are ignored
regkey hkcu\software\The Weather Channel
C:Document and setings\owner\desktop\xpantivirus2008 or 2009_etc read this.txt
g:UBCD4WIN\BartPE\PROGRAMS\PassPro\PasswordsPro.exe
G:UBCD4WIN\plugin\Pasword\passwordspro\files\Passwordspro.exe
these last 2 on G:drive are tools to recover a messed up xp install, although I have never used these particular pieces of UBCD4WIN.

securitycheck log
checkup.txt
Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
McAfee Agent
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.6
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Windows Defender
Windows Defender Signatures
BOClean
TuneUp Utilities 2007
CCleaner
JavaFX 2.0.3
Java™ 6 Update 24
Java™ 6 Update 29
Java™ 7 Update 3
Adobe Flash Player 11.2.202.233
Adobe Reader X (10.1.3)
Mozilla Firefox (for..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

DDS.scr which I had to rename to .exe to run
dds.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.3.1
Run by admin1 at 22:28:44 on 2012-04-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1925 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Google\Update\GoogleUpdate.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\All Users\Application Data\OfficeGuardian\reminder\SacReminder.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\regedit.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program files\windows desktop search\dsWebAllow.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [TuneUp MemOptimizer] "c:\program files\tuneup utilities 2007\MemOptimizer.exe" autostart
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SacReminder] c:\documents and settings\all users\application data\officeguardian\reminder\SacReminder.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe"
mRun: [USB2Check] "RUNDLL32.EXE" "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunKistEM] "c:\program files\digital media reader\shwiconem.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
mRun: [PCLEUSBTip] "c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe"
mRun: [PCLEPCI] c:\progra~1\pinnacle\ppe\PPE.EXE
mRun: [Name of App] c:\program files\samsung\fw liveupdate\FWManager.exe r
mRun: [MediaFace Integration] c:\program files\fellowes\mediaface 4.2\SetHook.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [CHotkey] zHotkey.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [Bomgar_Cleanup_ZD771718750] cmd.exe /C rd /S /Q "c:\documents and settings\all users\application data\bomgar-scc-4f6e2dda" & reg delete hkcu\software\microsoft\windows\currentversion\Run /v Bomgar_Cleanup_ZD771718750 /f
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\admin1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\colorc~1.lnk - c:\program files\sec\magictune3.5_client\GammaTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\instal~1.lnk - c:\program files\sifxinst\SIFXINST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\magict~1.lnk - c:\program files\sec\magictune3.5_client\MagicTuneTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\natura~1.lnk - c:\program files\sec\natural color\NaturalColorLoad.exe
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-ca\msntabres.dll.mui/229?ffd8ed15331a42778b6cb5e35674f9dc
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-ca\msntabres.dll.mui/230?ffd8ed15331a42778b6cb5e35674f9dc
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\update
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - hxxps://signup.msn.com/pages/MsnInstC.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://dlstoner.spaces.live.com//PhotoUpload/MsnPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143843623328
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37710.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{88BC29D5-57DA-408A-8D00-D9D143C77FA5} : DhcpNameServer = 64.71.255.198
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: {36DED058-D4AD-11D5-92D9-00A0CC63447C} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin1\application data\mozilla\firefox\profiles\2c0bt650.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WiseConvert Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-30 654408]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-30 22344]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-30 40776]
S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys --> c:\windows\system32\drivers\mfehidk.sys [?]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 McAfeeEngineService;McAfee Engine Service;"c:\program files\mcafee\virusscan enterprise\engineserver.exe" --> c:\program files\mcafee\virusscan enterprise\EngineServer.exe [?]
S2 McAfeeFramework;McAfee Framework Service;"c:\program files\mcafee\common framework\frameworkservice.exe" /servicestart --> c:\program files\mcafee\common framework\FrameworkService.exe [?]
S2 McTaskManager;McAfee Task Manager;"c:\program files\mcafee\virusscan enterprise\vstskmgr.exe" --> c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [?]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe --> c:\windows\system32\mfevtps.exe [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-10-5 13592]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 253088]
S3 AMTUSI;AMTUSI;c:\docume~1\admin1\locals~1\temp\AMTUSI.exe [2012-4-24 387968]
S3 BOCore;BOCore;c:\program files\comodo\cboclean\BOCore.exe [2009-3-23 73464]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys --> c:\windows\system32\drivers\mfeavfk.sys [?]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys --> c:\windows\system32\drivers\mfebopk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys --> c:\windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 129976]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2003-9-29 83008]
S3 OFOD;OFOD;c:\docume~1\admin1\locals~1\temp\OFOD.exe [2012-4-24 560000]
S3 PBU;PBU;c:\docume~1\admin1\locals~1\temp\PBU.exe [2012-4-25 494464]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\total defense\PCPitstopScheduleService.exe [2012-4-22 91816]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-4-26 27064]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-4-13 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 YVDKPAGBU;YVDKPAGBU;c:\docume~1\admin1\locals~1\temp\YVDKPAGBU.exe [2012-4-24 363392]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-4-5 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-4-5 5248]
S4 McShield;McAfee McShield;"c:\program files\mcafee\virusscan enterprise\mcshield.exe" --> c:\program files\mcafee\virusscan enterprise\Mcshield.exe [?]
.
=============== File Associations ===============
.
txtfile=c:\windows\NOTEPAD.EXE %1
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-05-01 01:42:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-01 00:21:03 -------- d-----w- c:\documents and settings\admin1\application data\SUPERAntiSpyware.com
2012-05-01 00:18:02 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-04-30 16:59:46 -------- d-----w- c:\documents and settings\all users\application data\SUPERSetup
2012-04-30 05:44:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-30 05:44:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-29 20:58:34 -------- d-----w- c:\program files\Seagate
2012-04-29 16:34:37 -------- d-----w- c:\documents and settings\admin1\local settings\application data\LogMeIn Rescue Applet
2012-04-28 23:06:16 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-28 23:06:11 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-28 23:06:11 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-27 15:59:32 -------- d-----w- c:\documents and settings\all users\application data\Cisco Systems
2012-04-23 03:25:04 98816 ----a-w- c:\windows\sed.exe
2012-04-23 03:25:04 518144 ----a-w- c:\windows\SWREG.exe
2012-04-23 03:25:04 256000 ----a-w- c:\windows\PEV.exe
2012-04-23 03:25:04 208896 ----a-w- c:\windows\MBR.exe
2012-04-23 03:24:53 -------- d-----w- C:\ComboFix
2012-04-23 00:52:04 -------- d-----w- c:\program files\Total Defense
2012-04-22 23:03:56 -------- d-----w- c:\documents and settings\admin1\local settings\application data\Sun
2012-04-22 23:02:23 -------- d-----w- c:\program files\Oracle
2012-04-22 23:02:03 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-22 19:44:58 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-04-22 19:43:58 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2012-04-22 19:42:57 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2012-04-22 19:41:59 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2012-04-22 19:40:59 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2012-04-22 19:39:57 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2012-04-22 19:38:57 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
2012-04-22 19:37:57 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-04-22 19:36:58 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2012-04-22 19:35:58 9728 -c--a-w- c:\windows\system32\dllcache\query.exe
2012-04-22 19:34:58 20992 -c--a-w- c:\windows\system32\dllcache\permchk.dll
2012-04-22 19:33:58 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2012-04-22 19:33:55 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-04-22 19:33:52 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2012-04-22 19:33:49 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2012-04-22 19:33:46 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2012-04-22 19:33:39 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2012-04-22 19:33:37 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2012-04-22 19:33:31 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2012-04-22 19:33:31 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2012-04-22 19:33:27 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2012-04-22 19:33:24 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-04-22 19:33:23 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2012-04-22 19:33:22 226816 -c--a-w- c:\windows\system32\dllcache\npdrmv2.dll
2012-04-22 18:13:29 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2012-04-22 18:13:26 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2012-04-22 18:13:22 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll
2012-04-22 18:13:22 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-04-22 18:13:21 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-04-22 18:13:17 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2012-04-22 18:13:14 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-04-22 18:13:11 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2012-04-22 18:13:08 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2012-04-22 18:13:03 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2012-04-22 18:13:00 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2012-04-22 18:11:59 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2012-04-22 18:10:57 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2012-04-22 18:09:58 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2012-04-22 18:08:52 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2012-04-22 18:07:59 126976 -c--a-w- c:\windows\system32\dllcache\hpgt34tk.dll
2012-04-22 18:06:59 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2012-04-22 18:05:59 114944 -c--a-w- c:\windows\system32\dllcache\epstw2k.sys
2012-04-22 18:04:59 91305 -c--a-w- c:\windows\system32\dllcache\dimaint.sys
2012-04-22 18:03:59 56320 -c--a-w- c:\windows\system32\dllcache\convlog.exe
2012-04-22 18:02:59 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2012-04-22 18:01:16 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2012-04-22 18:01:08 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-04-22 18:00:59 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2012-04-22 18:00:58 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2012-04-22 18:00:58 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2012-04-22 18:00:57 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2012-04-22 18:00:57 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2012-04-22 18:00:56 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2012-04-22 05:57:58 -------- d-sha-r- C:\cmdcons
2012-04-22 05:57:56 -------- d-----w- c:\windows\setup.pss
2012-04-22 05:57:37 -------- d-----w- c:\windows\setupupd
2012-04-22 03:38:29 -------- d-----w- c:\documents and settings\all users\application data\PCPitstop
2012-04-22 03:29:27 -------- d-----w- c:\documents and settings\admin1\application data\SMART Technologies Inc
2012-04-21 21:17:02 -------- d-----w- c:\program files\Speccy
2012-04-19 03:46:57 -------- d-----w- c:\documents and settings\admin1\application data\Malwarebytes
2012-04-19 03:46:45 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-18 02:50:12 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2012-04-18 02:46:51 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP
2012-04-07 05:03:49 -------- d-----w- c:\documents and settings\admin1\application data\Safer Networking
2012-04-04 05:53:56 182160 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-04-04 04:31:15 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-03 22:28:12 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-18 00:14:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2006-05-27 16:16:56 2720336 ----a-w- c:\program files\MPEG4Decoder.exe
2006-04-10 14:45:36 455 ----a-w- c:\program files\layout.bin
2004-04-19 01:10:16 116688 ----a-w- c:\program files\setup.exe
.
============= FINISH: 22:30:43.70 ===============


attach.txt zipped in attachment


SAS scan log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/01/2012 at 00:16 AM

Application Version : 5.0.1148

Core Rules Database Version : 8535
Trace Rules Database Version: 6347

Scan type : Complete Scan
Total Scan Time : 01:29:43

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 615
Memory threats detected : 0
Registry items scanned : 39113
Registry threats detected : 0
File items scanned : 113293
File threats detected : 36

Adware.Tracking Cookie
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMIN1\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VWJNBKLL ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\ADMIN1\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VWJNBKLL ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\ADMIN1\APPLICATION DATA\MACROMEDIA\FLASH

PLAYER\#SHAREDOBJECTS\VWJNBKLL ]
stat.easydate.biz [ C:\DOCUMENTS AND SETTINGS\ADMIN1\APPLICATION DATA\MACROMEDIA\FLASH

PLAYER\#SHAREDOBJECTS\VWJNBKLL ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMIN2\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\Z18V7YW5.DEFAULT\COOKIES.SQLITE ]
cdn.insights.gravity.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XT7D2NGW ]
www.media.gov.on.ca [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XT7D2NGW ]

Trojan.Agent/Gen-Toggle
C:\DOCUMENTS AND SETTINGS\ADMIN1\MY DOCUMENTS\DOWNLOADS\WS-FTP

HOME\INSTALLER_IPSWITCH_WS_FTP_HOME.EXE

Trojan.Agent/Gen-AutoRun
ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\DOWNLOADS\AUTO-CAD 2005

(WITH KEY).ZIP )/BIN/ACADFEUI/SUPPORT/EXPRESS/PROGRAM FILES/AUTOCAD 2005/EXPRESS/LSPSURF.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\DOWNLOADS\AUTO-CAD 2005 (WITH KEY).ZIP
C:\PROGRAM FILES\AUTO CAD\BIN\ACADFEUI\SUPPORT\EXPRESS\PROGRAM FILES\AUTOCAD 2005

\EXPRESS\LSPSURF.EXE

Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\NO2KWEL.DLL

will send Gmer log in new post tomorrow

Attached Files



BC AdBot (Login to Remove)

 


#2 petegt5012

petegt5012
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 02 May 2012 - 08:51 PM

Gmer ran overnight in the morning I was presented with a window that indicated that a fault had occurred
this a paste of the event log entry. I have no idea if it was GMER or some other thing.
***paste from event log
Event Type: Information
Event Source: Application Popup
Event Category: None
Event ID: 26
Date: 02/05/2012
Time: 7:16:49 AM
User: N/A
Computer: D820LIVINGSTON
Description:
Application popup: Windows - Application Error : The application failed to initialize properly (0xc0000017). Click on OK to terminate the application.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.




I was able to save the GMER log and it is posted at the bottom of this post.

Right after saving the log my PC seemed locked, I lost the function of the mouse, here are some event log entries that occurred just before the entry above and just after.

Event Type: Error
Event Source: atapi
Event Category: None
Event ID: 9
Date: 02/05/2012
Time: 5:33:47 AM
User: N/A
Computer: D820LIVINGSTON
Description:
The device, \Device\Ide\IdePort1, did not respond within the timeout period.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0f 00 50 00 01 00 a4 00 ..P....
0008: 00 00 00 00 09 00 04 c0 .......
0010: 00 01 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 00 00 00 00 00 00 00 00 ........
0030: 00 00 00 00 07 00 00 00 ........
0038: 40 00 00 0e 00 00 00 00 @.......
0040: 00 20 0a 12 48 03 00 00 . ..H...
0048: 00 02 00 00 01 00 00 00 ........
0050: b0 34 98 e4 78 c4 9e 8a 4˜xžŠ
0058: 00 00 00 00 78 7c 6c 89 ....x|l‰
0060: 02 00 00 00 37 1d 1d 04 ....7...
0068: 28 00 04 1d 1d 37 00 00 (....7..
0070: 01 00 00 00 00 00 00 00 ........




Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2019
Date: 02/05/2012
Time: 5:44:59 AM
User: N/A
Computer: D820LIVINGSTON
Description:
The server was unable to allocate from the system nonpaged pool because the pool was empty.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 04 00 01 00 54 00 ......T.
0008: 00 00 00 00 e3 07 00 c0 ......
0010: 00 00 00 00 9a 00 00 c0 ....š..
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 02 00 00 00 ....
this one above occurred multiple times


this one only once
Event Type: Error
Event Source: sr
Event Category: None
Event ID: 1
Date: 02/05/2012
Time: 6:14:52 AM
User: N/A
Computer: D820LIVINGSTON
Description:
The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'Adobe PCD' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 15 00 00 00 04 00 4e 00 ......N.
0008: 00 00 00 00 01 00 00 c0 .......
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

attached as screen 3 event manager.jpg is a screen print of the 3rd page of just the errors since I ran GMER. Do you want to see these ? do you have an efficient way of getting the details into a post other than what I strted to do as a paste of each event.





below is my GMER log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-02 07:20:32
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 HDT722525DLA380 rev.V44OA91A
Running: gmer.exe; Driver: C:\DOCUME~1\admin1\LOCALS~1\Temp\kwliqkog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA7CD56D0]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xBA478300]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{61B3CF6B-2FDF-EDE7-BC7D-E1B6D2074302}\InprocServer32@Assembly Microsoft.Vbe.Interop, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
Reg HKLM\SOFTWARE\Classes\CLSID\{61B3CF6B-2FDF-EDE7-BC7D-E1B6D2074302}\InprocServer32@Class Microsoft.Vbe.Interop.VBProjectsClass
Reg HKLM\SOFTWARE\Classes\CLSID\{61B3CF6B-2FDF-EDE7-BC7D-E1B6D2074302}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{61B3CF6B-2FDF-EDE7-BC7D-E1B6D2074302}\InprocServer32\11.0.0.0
Reg HKLM\SOFTWARE\Classes\CLSID\{61B3CF6B-2FDF-EDE7-BC7D-E1B6D2074302}\InprocServer32\11.0.0.0@Class Microsoft.Vbe.Interop.VBProjectsClass
Reg HKLM\SOFTWARE\Classes\CLSID\{61B3CF6B-2FDF-EDE7-BC7D-E1B6D2074302}\InprocServer32\11.0.0.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{61B3CF6B-2FDF-EDE7-BC7D-E1B6D2074302}\InprocServer32\11.0.0.0@Assembly Microsoft.Vbe.Interop, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Ryan\Templates\amipro.sam 4570 bytes
File C:\Documents and Settings\Ryan\Templates\excel.xls 5632 bytes
File C:\Documents and Settings\Ryan\Templates\excel4.xls 0 bytes
File C:\Documents and Settings\Ryan\Templates\lotus.wk4 0 bytes
File C:\Documents and Settings\Ryan\Templates\powerpnt.ppt 12288 bytes
File C:\Documents and Settings\Ryan\Templates\presenta.shw 461 bytes
File C:\Documents and Settings\Ryan\Templates\quattro.wb2 4017 bytes
File C:\Documents and Settings\Ryan\Templates\sndrec.wav 58 bytes
File C:\Documents and Settings\Ryan\Templates\winword.doc 0 bytes
File C:\Documents and Settings\Ryan\Templates\winword2.doc 0 bytes
File C:\Documents and Settings\Ryan\Templates\wordpfct.wpd 0 bytes
File C:\Documents and Settings\Ryan\Templates\wordpfct.wpg 0 bytes

---- EOF - GMER 1.0.15 ----

Attached Files



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:16 PM

Posted 04 May 2012 - 12:42 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Please post the logs for my review.

#4 petegt5012

petegt5012
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 04 May 2012 - 08:52 PM

turned off spyware detectors etc. (MBAM, spybot)

here are the logs

TDSSKiller
19:11:35.0125 3636 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
19:11:35.0234 3636 ============================================================
19:11:35.0234 3636 Current date / time: 2012/05/04 19:11:35.0234
19:11:35.0234 3636 SystemInfo:
19:11:35.0234 3636
19:11:35.0234 3636 OS Version: 5.1.2600 ServicePack: 3.0
19:11:35.0234 3636 Product type: Workstation
19:11:35.0234 3636 ComputerName: D820LIVINGSTON
19:11:35.0234 3636 UserName: admin1
19:11:35.0234 3636 Windows directory: C:\WINDOWS
19:11:35.0234 3636 System windows directory: C:\WINDOWS
19:11:35.0234 3636 Processor architecture: Intel x86
19:11:35.0234 3636 Number of processors: 2
19:11:35.0234 3636 Page size: 0x1000
19:11:35.0234 3636 Boot type: Normal boot
19:11:35.0234 3636 ============================================================
19:11:37.0046 3636 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:11:37.0046 3636 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:11:37.0203 3636 ============================================================
19:11:37.0203 3636 \Device\Harddisk0\DR0:
19:11:37.0203 3636 MBR partitions:
19:11:37.0203 3636 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x94CB9F, BlocksNum 0x1C8779E2
19:11:37.0203 3636 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x94CB60
19:11:37.0203 3636 \Device\Harddisk1\DR1:
19:11:37.0203 3636 MBR partitions:
19:11:37.0203 3636 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
19:11:37.0203 3636 ============================================================
19:11:37.0250 3636 C: <-> \Device\Harddisk0\DR0\Partition0
19:11:37.0250 3636 D: <-> \Device\Harddisk0\DR0\Partition1
19:11:37.0281 3636 G: <-> \Device\Harddisk1\DR1\Partition0
19:11:37.0281 3636 ============================================================
19:11:37.0281 3636 Initialize success
19:11:37.0281 3636 ============================================================
19:11:47.0000 0416 ============================================================
19:11:47.0000 0416 Scan started
19:11:47.0000 0416 Mode: Manual;
19:11:47.0000 0416 ============================================================
19:11:47.0281 0416 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:11:47.0281 0416 !SASCORE - ok
19:11:47.0390 0416 Abiosdsk - ok
19:11:47.0421 0416 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:11:47.0421 0416 abp480n5 - ok
19:11:47.0468 0416 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:11:47.0468 0416 ACPI - ok
19:11:47.0484 0416 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:11:47.0484 0416 ACPIEC - ok
19:11:47.0515 0416 Adobe LM Service (c1eb9968ec89fba5f3a264e2e57923ab) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
19:11:47.0515 0416 Adobe LM Service - ok
19:11:47.0593 0416 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:11:47.0593 0416 AdobeFlashPlayerUpdateSvc - ok
19:11:47.0609 0416 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:11:47.0609 0416 adpu160m - ok
19:11:47.0625 0416 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:11:47.0625 0416 aec - ok
19:11:47.0671 0416 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:11:47.0671 0416 AFD - ok
19:11:47.0703 0416 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:11:47.0703 0416 agp440 - ok
19:11:47.0703 0416 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:11:47.0718 0416 agpCPQ - ok
19:11:47.0718 0416 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:11:47.0718 0416 Aha154x - ok
19:11:47.0765 0416 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:11:47.0781 0416 aic78u2 - ok
19:11:47.0796 0416 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:11:47.0796 0416 aic78xx - ok
19:11:47.0828 0416 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:11:47.0828 0416 Alerter - ok
19:11:47.0843 0416 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:11:47.0843 0416 ALG - ok
19:11:47.0859 0416 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:11:47.0859 0416 AliIde - ok
19:11:47.0859 0416 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:11:47.0859 0416 alim1541 - ok
19:11:47.0890 0416 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:11:47.0890 0416 amdagp - ok
19:11:47.0890 0416 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
19:11:47.0890 0416 amsint - ok
19:11:48.0015 0416 AMTUSI (f940f63ef7d94382a7ce865c1d628984) C:\DOCUME~1\admin1\LOCALS~1\Temp\AMTUSI.exe
19:11:48.0015 0416 AMTUSI - ok
19:11:48.0062 0416 AnyDVD (d3ec1da048a10d6f4e4f02570c1fd5c2) C:\WINDOWS\system32\Drivers\AnyDVD.sys
19:11:48.0062 0416 AnyDVD - ok
19:11:48.0187 0416 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:11:48.0187 0416 Apple Mobile Device - ok
19:11:48.0218 0416 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:11:48.0218 0416 AppMgmt - ok
19:11:48.0250 0416 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:11:48.0250 0416 Arp1394 - ok
19:11:48.0281 0416 ASAPIW2k (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\Drivers\ASAPIW2K.sys
19:11:48.0281 0416 ASAPIW2k - ok
19:11:48.0296 0416 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
19:11:48.0296 0416 asc - ok
19:11:48.0312 0416 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:11:48.0312 0416 asc3350p - ok
19:11:48.0328 0416 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:11:48.0328 0416 asc3550 - ok
19:11:48.0375 0416 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
19:11:48.0375 0416 Aspi32 - ok
19:11:48.0468 0416 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:11:48.0484 0416 aspnet_state - ok
19:11:48.0515 0416 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:11:48.0515 0416 AsyncMac - ok
19:11:48.0515 0416 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:11:48.0531 0416 atapi - ok
19:11:48.0531 0416 Atdisk - ok
19:11:48.0562 0416 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:11:48.0562 0416 Atmarpc - ok
19:11:48.0609 0416 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:11:48.0609 0416 AudioSrv - ok
19:11:48.0640 0416 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:11:48.0640 0416 audstub - ok
19:11:48.0703 0416 Autodesk Licensing Service (ea2d28bbe98256654397cd1f6eaebdd8) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
19:11:48.0703 0416 Autodesk Licensing Service - ok
19:11:48.0734 0416 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:11:48.0734 0416 Beep - ok
19:11:48.0781 0416 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:11:48.0828 0416 BITS - ok
19:11:48.0875 0416 BOCDRIVE (88905c1604faded38ede4a04b74dfca7) C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
19:11:48.0875 0416 BOCDRIVE - ok
19:11:48.0890 0416 BOCore (bcf4991f20f13936c85765c7387ae25b) C:\Program Files\Comodo\CBOClean\BOCORE.exe
19:11:48.0890 0416 BOCore - ok
19:11:48.0953 0416 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
19:11:48.0968 0416 Bonjour Service - ok
19:11:49.0000 0416 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:11:49.0000 0416 Browser - ok
19:11:49.0078 0416 catchme - ok
19:11:49.0156 0416 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:11:49.0156 0416 cbidf - ok
19:11:49.0171 0416 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:11:49.0171 0416 cbidf2k - ok
19:11:49.0234 0416 CCALib8 (5753532c476b83119d85aa43b1b10ab3) C:\Program Files\Canon\CAL\CALMAIN.exe
19:11:49.0234 0416 CCALib8 - ok
19:11:49.0250 0416 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:11:49.0250 0416 CCDECODE - ok
19:11:49.0265 0416 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:11:49.0265 0416 cd20xrnt - ok
19:11:49.0281 0416 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:11:49.0296 0416 Cdaudio - ok
19:11:49.0296 0416 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:11:49.0296 0416 Cdfs - ok
19:11:49.0343 0416 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
19:11:49.0343 0416 Cdr4_xp - ok
19:11:49.0343 0416 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
19:11:49.0343 0416 Cdralw2k - ok
19:11:49.0359 0416 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:11:49.0359 0416 Cdrom - ok
19:11:49.0390 0416 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:11:49.0390 0416 CiSvc - ok
19:11:49.0421 0416 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:11:49.0421 0416 ClipSrv - ok
19:11:49.0515 0416 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:11:49.0609 0416 clr_optimization_v2.0.50727_32 - ok
19:11:49.0671 0416 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:11:49.0718 0416 clr_optimization_v4.0.30319_32 - ok
19:11:49.0734 0416 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:11:49.0734 0416 CmdIde - ok
19:11:49.0750 0416 COMSysApp - ok
19:11:49.0765 0416 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:11:49.0765 0416 Cpqarray - ok
19:11:49.0796 0416 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:11:49.0796 0416 CryptSvc - ok
19:11:49.0843 0416 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
19:11:49.0843 0416 d347bus - ok
19:11:49.0859 0416 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\System32\Drivers\d347prt.sys
19:11:49.0859 0416 d347prt - ok
19:11:49.0875 0416 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:11:49.0875 0416 dac2w2k - ok
19:11:49.0875 0416 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:11:49.0875 0416 dac960nt - ok
19:11:49.0921 0416 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys
19:11:49.0921 0416 DCamUSBEMPIA - ok
19:11:49.0953 0416 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:11:49.0968 0416 DcomLaunch - ok
19:11:50.0000 0416 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:11:50.0015 0416 Dhcp - ok
19:11:50.0031 0416 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:11:50.0031 0416 Disk - ok
19:11:50.0046 0416 dmadmin - ok
19:11:50.0093 0416 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:11:50.0093 0416 dmboot - ok
19:11:50.0125 0416 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:11:50.0125 0416 dmio - ok
19:11:50.0156 0416 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:11:50.0156 0416 dmload - ok
19:11:50.0171 0416 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:11:50.0171 0416 dmserver - ok
19:11:50.0187 0416 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:11:50.0187 0416 DMusic - ok
19:11:50.0203 0416 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:11:50.0203 0416 Dnscache - ok
19:11:50.0250 0416 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:11:50.0250 0416 Dot3svc - ok
19:11:50.0250 0416 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:11:50.0265 0416 dpti2o - ok
19:11:50.0265 0416 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:11:50.0281 0416 drmkaud - ok
19:11:50.0312 0416 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:11:50.0312 0416 E100B - ok
19:11:50.0328 0416 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:11:50.0328 0416 EapHost - ok
19:11:50.0406 0416 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
19:11:50.0406 0416 ehRecvr - ok
19:11:50.0421 0416 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
19:11:50.0421 0416 ehSched - ok
19:11:50.0453 0416 ElbyCDIO (28cb0b64134ad62c2acf77db8501a619) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
19:11:50.0453 0416 ElbyCDIO - ok
19:11:50.0500 0416 emAudio (ffa45148a2d5d05dbb3c0997e579fc9c) C:\WINDOWS\system32\drivers\emAudio.sys
19:11:50.0500 0416 emAudio - ok
19:11:50.0515 0416 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:11:50.0515 0416 ERSvc - ok
19:11:50.0562 0416 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:11:50.0578 0416 Eventlog - ok
19:11:50.0609 0416 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:11:50.0609 0416 EventSystem - ok
19:11:50.0656 0416 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:11:50.0656 0416 Fastfat - ok
19:11:50.0703 0416 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:11:50.0703 0416 FastUserSwitchingCompatibility - ok
19:11:50.0718 0416 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:11:50.0718 0416 Fdc - ok
19:11:50.0750 0416 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys
19:11:50.0750 0416 FiltUSBEMPIA - ok
19:11:50.0765 0416 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:11:50.0765 0416 Fips - ok
19:11:50.0906 0416 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:11:50.0906 0416 FLEXnet Licensing Service - ok
19:11:50.0921 0416 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:11:50.0937 0416 Flpydisk - ok
19:11:50.0953 0416 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:11:50.0953 0416 FltMgr - ok
19:11:51.0031 0416 FolderSize (5043f0d9a22aabf550508b3165c5b0fd) C:\Program Files\FolderSize\FolderSizeSvc.exe
19:11:51.0031 0416 FolderSize - ok
19:11:51.0125 0416 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:11:51.0125 0416 FontCache3.0.0.0 - ok
19:11:51.0156 0416 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:11:51.0156 0416 Fs_Rec - ok
19:11:51.0171 0416 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:11:51.0171 0416 Ftdisk - ok
19:11:51.0203 0416 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:11:51.0203 0416 GEARAspiWDM - ok
19:11:51.0265 0416 getPlusHelper (fd7e9aba274df75e08320420b8e9a1d5) C:\Program Files\NOS\bin\getPlus_Helper.dll
19:11:51.0265 0416 getPlusHelper - ok
19:11:51.0312 0416 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:11:51.0312 0416 Gpc - ok
19:11:51.0375 0416 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
19:11:51.0375 0416 gupdate - ok
19:11:51.0375 0416 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
19:11:51.0375 0416 gupdatem - ok
19:11:51.0421 0416 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:11:51.0421 0416 HDAudBus - ok
19:11:51.0484 0416 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:11:51.0500 0416 helpsvc - ok
19:11:51.0500 0416 HidServ - ok
19:11:51.0531 0416 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:11:51.0531 0416 HidUsb - ok
19:11:51.0562 0416 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:11:51.0562 0416 hkmsvc - ok
19:11:51.0593 0416 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
19:11:51.0593 0416 hpn - ok
19:11:51.0609 0416 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:11:51.0625 0416 HPZid412 - ok
19:11:51.0625 0416 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:11:51.0625 0416 HPZipr12 - ok
19:11:51.0625 0416 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:11:51.0640 0416 HPZius12 - ok
19:11:51.0671 0416 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
19:11:51.0687 0416 HSFHWBS2 - ok
19:11:51.0750 0416 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
19:11:51.0765 0416 HSF_DP - ok
19:11:51.0843 0416 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
19:11:51.0859 0416 HSF_DPV - ok
19:11:51.0906 0416 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:11:51.0906 0416 HTTP - ok
19:11:51.0921 0416 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:11:51.0921 0416 HTTPFilter - ok
19:11:51.0953 0416 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:11:51.0953 0416 i2omgmt - ok
19:11:51.0968 0416 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:11:51.0968 0416 i2omp - ok
19:11:51.0984 0416 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:11:51.0984 0416 i8042prt - ok
19:11:52.0062 0416 ialm (85d42b7f0dd406adf5e3ec7659a279ec) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:11:52.0078 0416 ialm - ok
19:11:52.0187 0416 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:11:52.0187 0416 IDriverT - ok
19:11:52.0390 0416 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:11:52.0406 0416 idsvc - ok
19:11:52.0484 0416 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:11:52.0484 0416 Imapi - ok
19:11:52.0515 0416 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:11:52.0515 0416 ImapiService - ok
19:11:52.0546 0416 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:11:52.0546 0416 ini910u - ok
19:11:52.0546 0416 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:11:52.0546 0416 IntelIde - ok
19:11:52.0593 0416 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:11:52.0593 0416 intelppm - ok
19:11:52.0609 0416 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:11:52.0609 0416 Ip6Fw - ok
19:11:52.0640 0416 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:11:52.0640 0416 IpFilterDriver - ok
19:11:52.0656 0416 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:11:52.0656 0416 IpInIp - ok
19:11:52.0687 0416 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:11:52.0687 0416 IpNat - ok
19:11:52.0828 0416 iPod Service (ca9d4b998bff311a539604ed87318fa0) C:\Program Files\iPod\bin\iPodService.exe
19:11:52.0843 0416 iPod Service - ok
19:11:52.0875 0416 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:11:52.0875 0416 IPSec - ok
19:11:52.0906 0416 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:11:52.0906 0416 IRENUM - ok
19:11:52.0921 0416 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:11:52.0921 0416 isapnp - ok
19:11:52.0953 0416 JavaQuickStarterService - ok
19:11:52.0968 0416 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:11:52.0984 0416 Kbdclass - ok
19:11:53.0000 0416 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:11:53.0000 0416 kmixer - ok
19:11:53.0015 0416 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:11:53.0015 0416 KSecDD - ok
19:11:53.0046 0416 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:11:53.0046 0416 lanmanserver - ok
19:11:53.0078 0416 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:11:53.0093 0416 lanmanworkstation - ok
19:11:53.0125 0416 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:11:53.0140 0416 LmHosts - ok
19:11:53.0171 0416 MagicTune (f627e9da4d3d8dc05a15b68944302f14) C:\WINDOWS\system32\drivers\MTictwl.sys
19:11:53.0171 0416 MagicTune - ok
19:11:53.0218 0416 MarvinBus (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
19:11:53.0218 0416 MarvinBus - ok
19:11:53.0234 0416 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
19:11:53.0234 0416 MBAMProtector - ok
19:11:53.0328 0416 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:11:53.0343 0416 MBAMService - ok
19:11:53.0343 0416 McAfeeEngineService - ok
19:11:53.0359 0416 McAfeeFramework - ok
19:11:53.0437 0416 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
19:11:53.0437 0416 McrdSvc - ok
19:11:53.0437 0416 McShield - ok
19:11:53.0453 0416 McTaskManager - ok
19:11:53.0500 0416 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:11:53.0500 0416 MDM - ok
19:11:53.0609 0416 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:11:53.0609 0416 mdmxsdk - ok
19:11:53.0640 0416 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:11:53.0640 0416 Messenger - ok
19:11:53.0640 0416 mfeapfk - ok
19:11:53.0656 0416 mfeavfk - ok
19:11:53.0656 0416 mfebopk - ok
19:11:53.0656 0416 mfehidk - ok
19:11:53.0671 0416 mferkdet - ok
19:11:53.0671 0416 mferkdk - ok
19:11:53.0687 0416 mfetdik - ok
19:11:53.0687 0416 mfevtp - ok
19:11:53.0718 0416 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
19:11:53.0718 0416 MHN - ok
19:11:53.0750 0416 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:11:53.0750 0416 MHNDRV - ok
19:11:53.0765 0416 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:11:53.0765 0416 mnmdd - ok
19:11:53.0796 0416 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:11:53.0796 0416 mnmsrvc - ok
19:11:53.0812 0416 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:11:53.0812 0416 Modem - ok
19:11:53.0828 0416 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:11:53.0828 0416 Mouclass - ok
19:11:53.0859 0416 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:11:53.0859 0416 mouhid - ok
19:11:53.0890 0416 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:11:53.0906 0416 MountMgr - ok
19:11:53.0937 0416 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:11:53.0937 0416 MozillaMaintenance - ok
19:11:53.0953 0416 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:11:53.0953 0416 mraid35x - ok
19:11:54.0000 0416 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:11:54.0000 0416 MRxDAV - ok
19:11:54.0046 0416 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:11:54.0046 0416 MRxSmb - ok
19:11:54.0078 0416 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:11:54.0078 0416 MSDTC - ok
19:11:54.0093 0416 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:11:54.0093 0416 Msfs - ok
19:11:54.0109 0416 MSIServer - ok
19:11:54.0109 0416 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:11:54.0125 0416 MSKSSRV - ok
19:11:54.0125 0416 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:11:54.0125 0416 MSPCLOCK - ok
19:11:54.0140 0416 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:11:54.0140 0416 MSPQM - ok
19:11:54.0171 0416 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:11:54.0171 0416 mssmbios - ok
19:11:54.0203 0416 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:11:54.0203 0416 MSTEE - ok
19:11:54.0218 0416 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:11:54.0218 0416 Mup - ok
19:11:54.0250 0416 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
19:11:54.0250 0416 mxnic - ok
19:11:54.0281 0416 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:11:54.0281 0416 NABTSFEC - ok
19:11:54.0312 0416 NaiAvFilter1 (93941b922810f9dfa68dfffc6ad67a77) C:\WINDOWS\system32\drivers\naiavf5x.sys
19:11:54.0312 0416 NaiAvFilter1 - ok
19:11:54.0375 0416 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:11:54.0375 0416 napagent - ok
19:11:54.0421 0416 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:11:54.0421 0416 NDIS - ok
19:11:54.0437 0416 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:11:54.0437 0416 NdisIP - ok
19:11:54.0484 0416 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:11:54.0484 0416 NdisTapi - ok
19:11:54.0484 0416 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:11:54.0484 0416 Ndisuio - ok
19:11:54.0500 0416 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:11:54.0500 0416 NdisWan - ok
19:11:54.0531 0416 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:11:54.0531 0416 NDProxy - ok
19:11:54.0546 0416 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:11:54.0546 0416 NetBIOS - ok
19:11:54.0562 0416 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:11:54.0562 0416 NetBT - ok
19:11:54.0593 0416 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:11:54.0609 0416 NetDDE - ok
19:11:54.0609 0416 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:11:54.0609 0416 NetDDEdsdm - ok
19:11:54.0640 0416 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:11:54.0640 0416 Netlogon - ok
19:11:54.0656 0416 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:11:54.0656 0416 Netman - ok
19:11:54.0750 0416 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:11:54.0765 0416 NetTcpPortSharing - ok
19:11:54.0796 0416 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:11:54.0796 0416 NIC1394 - ok
19:11:54.0843 0416 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:11:54.0843 0416 Nla - ok
19:11:54.0859 0416 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
19:11:54.0875 0416 nm - ok
19:11:54.0890 0416 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:11:54.0890 0416 Npfs - ok
19:11:54.0921 0416 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:11:54.0921 0416 Ntfs - ok
19:11:54.0968 0416 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:11:54.0968 0416 NtLmSsp - ok
19:11:55.0015 0416 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:11:55.0031 0416 NtmsSvc - ok
19:11:55.0062 0416 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:11:55.0062 0416 Null - ok
19:11:55.0140 0416 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:11:55.0171 0416 nv - ok
19:11:55.0312 0416 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:11:55.0312 0416 NwlnkFlt - ok
19:11:55.0343 0416 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:11:55.0343 0416 NwlnkFwd - ok
19:11:55.0453 0416 OFOD (cc95e3664a4b21f78bd6fb3564772280) C:\DOCUME~1\admin1\LOCALS~1\Temp\OFOD.exe
19:11:55.0468 0416 OFOD - ok
19:11:55.0515 0416 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:11:55.0515 0416 ohci1394 - ok
19:11:55.0671 0416 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:11:55.0703 0416 ose - ok
19:11:55.0718 0416 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
19:11:55.0734 0416 P3 - ok
19:11:55.0734 0416 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:11:55.0750 0416 Parport - ok
19:11:55.0750 0416 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:11:55.0750 0416 PartMgr - ok
19:11:55.0796 0416 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:11:55.0796 0416 ParVdm - ok
19:11:55.0843 0416 PBU (b70d719c27bc34977d53983f9b3481bb) C:\DOCUME~1\admin1\LOCALS~1\Temp\PBU.exe
19:11:55.0875 0416 PBU - ok
19:11:55.0890 0416 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:11:55.0890 0416 PCI - ok
19:11:55.0890 0416 PCIDump - ok
19:11:55.0906 0416 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:11:55.0906 0416 PCIIde - ok
19:11:55.0937 0416 PCLEPCI (14d4fe0a208cdd66e5a97af26b1f54e5) C:\WINDOWS\system32\drivers\pclepci.sys
19:11:55.0937 0416 PCLEPCI - ok
19:11:55.0953 0416 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:11:55.0953 0416 Pcmcia - ok
19:11:56.0015 0416 PCPitstop Scheduling (f3fe2f3b43500a1f508311e6039d923d) C:\Program Files\Total Defense\PCPitstopScheduleService.exe
19:11:56.0015 0416 PCPitstop Scheduling - ok
19:11:56.0031 0416 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
19:11:56.0031 0416 perc2 - ok
19:11:56.0046 0416 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:11:56.0046 0416 perc2hib - ok
19:11:56.0093 0416 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:11:56.0109 0416 PlugPlay - ok
19:11:56.0140 0416 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
19:11:56.0140 0416 Pml Driver HPZ12 - ok
19:11:56.0171 0416 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:11:56.0171 0416 PolicyAgent - ok
19:11:56.0203 0416 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:11:56.0203 0416 PptpMiniport - ok
19:11:56.0296 0416 PrismXL (33d7285f12d934268a34206dfc4ad1b3) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
19:11:56.0296 0416 PrismXL - ok
19:11:56.0296 0416 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:11:56.0296 0416 ProtectedStorage - ok
19:11:56.0328 0416 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:11:56.0328 0416 PSched - ok
19:11:56.0343 0416 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:11:56.0343 0416 Ptilink - ok
19:11:56.0375 0416 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:11:56.0375 0416 PxHelp20 - ok
19:11:56.0406 0416 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:11:56.0406 0416 ql1080 - ok
19:11:56.0406 0416 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:11:56.0406 0416 Ql10wnt - ok
19:11:56.0421 0416 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:11:56.0421 0416 ql12160 - ok
19:11:56.0421 0416 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:11:56.0437 0416 ql1240 - ok
19:11:56.0437 0416 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:11:56.0437 0416 ql1280 - ok
19:11:56.0468 0416 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:11:56.0468 0416 RasAcd - ok
19:11:56.0500 0416 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:11:56.0500 0416 RasAuto - ok
19:11:56.0515 0416 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:11:56.0515 0416 Rasl2tp - ok
19:11:56.0562 0416 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:11:56.0562 0416 RasMan - ok
19:11:56.0562 0416 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:11:56.0562 0416 RasPppoe - ok
19:11:56.0578 0416 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:11:56.0578 0416 Raspti - ok
19:11:56.0593 0416 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:11:56.0593 0416 Rdbss - ok
19:11:56.0609 0416 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:11:56.0609 0416 RDPCDD - ok
19:11:56.0625 0416 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:11:56.0625 0416 rdpdr - ok
19:11:56.0671 0416 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:11:56.0671 0416 RDPWD - ok
19:11:56.0703 0416 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:11:56.0718 0416 RDSessMgr - ok
19:11:56.0750 0416 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:11:56.0750 0416 redbook - ok
19:11:56.0781 0416 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:11:56.0781 0416 RemoteAccess - ok
19:11:56.0812 0416 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:11:56.0812 0416 RemoteRegistry - ok
19:11:56.0859 0416 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
19:11:56.0859 0416 Revoflt - ok
19:11:56.0937 0416 rpcapd (67c607857ccd6ebffe768dad5b2ca239) C:\Program Files\WinPcap\rpcapd.exe
19:11:56.0937 0416 rpcapd - ok
19:11:56.0968 0416 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:11:56.0968 0416 RpcLocator - ok
19:11:57.0000 0416 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
19:11:57.0015 0416 RpcSs - ok
19:11:57.0046 0416 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:11:57.0062 0416 RSVP - ok
19:11:57.0093 0416 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:11:57.0093 0416 SamSs - ok
19:11:57.0156 0416 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:11:57.0156 0416 SASDIFSV - ok
19:11:57.0156 0416 SASENUM - ok
19:11:57.0171 0416 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:11:57.0171 0416 SASKUTIL - ok
19:11:57.0203 0416 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys
19:11:57.0203 0416 ScanUSBEMPIA - ok
19:11:57.0234 0416 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:11:57.0234 0416 SCardSvr - ok
19:11:57.0296 0416 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:11:57.0296 0416 Schedule - ok
19:11:57.0343 0416 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:11:57.0343 0416 Secdrv - ok
19:11:57.0359 0416 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:11:57.0359 0416 seclogon - ok
19:11:57.0359 0416 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:11:57.0359 0416 SENS - ok
19:11:57.0390 0416 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:11:57.0390 0416 Serenum - ok
19:11:57.0421 0416 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:11:57.0421 0416 Serial - ok
19:11:57.0453 0416 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:11:57.0453 0416 Sfloppy - ok
19:11:57.0484 0416 sfng32 (cecdd7cb5db385775790d30fa10f0507) C:\WINDOWS\system32\drivers\sfng32.sys
19:11:57.0484 0416 sfng32 - ok
19:11:57.0515 0416 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:11:57.0531 0416 SharedAccess - ok
19:11:57.0562 0416 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:11:57.0562 0416 ShellHWDetection - ok
19:11:57.0578 0416 Simbad - ok
19:11:57.0609 0416 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:11:57.0609 0416 sisagp - ok
19:11:57.0640 0416 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:11:57.0640 0416 SLIP - ok
19:11:57.0671 0416 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:11:57.0671 0416 Sparrow - ok
19:11:57.0687 0416 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:11:57.0687 0416 splitter - ok
19:11:57.0734 0416 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:11:57.0734 0416 Spooler - ok
19:11:57.0734 0416 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:11:57.0734 0416 sr - ok
19:11:57.0781 0416 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:11:57.0781 0416 srservice - ok
19:11:57.0828 0416 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:11:57.0828 0416 Srv - ok
19:11:57.0875 0416 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:11:57.0875 0416 SSDPSRV - ok
19:11:57.0937 0416 STHDA (6ad7569cc5e40b94932ec56097c5dccd) C:\WINDOWS\system32\drivers\sthda.sys
19:11:57.0953 0416 STHDA - ok
19:11:58.0078 0416 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:11:58.0093 0416 stisvc - ok
19:11:58.0140 0416 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:11:58.0140 0416 streamip - ok
19:11:58.0156 0416 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys
19:11:58.0156 0416 SunkFilt - ok
19:11:58.0171 0416 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:11:58.0171 0416 swenum - ok
19:11:58.0187 0416 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:11:58.0187 0416 swmidi - ok
19:11:58.0187 0416 SwPrv - ok
19:11:58.0234 0416 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
19:11:58.0234 0416 symc810 - ok
19:11:58.0234 0416 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:11:58.0250 0416 symc8xx - ok
19:11:58.0250 0416 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:11:58.0250 0416 sym_hi - ok
19:11:58.0265 0416 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:11:58.0281 0416 sym_u3 - ok
19:11:58.0328 0416 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:11:58.0328 0416 sysaudio - ok
19:11:58.0375 0416 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:11:58.0375 0416 SysmonLog - ok
19:11:58.0421 0416 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:11:58.0437 0416 TapiSrv - ok
19:11:58.0484 0416 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:11:58.0484 0416 Tcpip - ok
19:11:58.0531 0416 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:11:58.0531 0416 TDPIPE - ok
19:11:58.0546 0416 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:11:58.0546 0416 TDTCP - ok
19:11:58.0562 0416 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:11:58.0562 0416 TermDD - ok
19:11:58.0578 0416 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:11:58.0593 0416 TermService - ok
19:11:58.0625 0416 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:11:58.0625 0416 Themes - ok
19:11:58.0656 0416 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:11:58.0671 0416 TlntSvr - ok
19:11:58.0687 0416 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
19:11:58.0687 0416 TosIde - ok
19:11:58.0750 0416 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:11:58.0750 0416 TrkWks - ok
19:11:58.0781 0416 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:11:58.0781 0416 Udfs - ok
19:11:58.0796 0416 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
19:11:58.0796 0416 ultra - ok
19:11:58.0843 0416 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:11:58.0843 0416 Update - ok
19:11:58.0906 0416 UPHClean (3f9a3232e5f942874488981f3242c989) C:\Program Files\UPHClean\uphclean.exe
19:11:58.0906 0416 UPHClean - ok
19:11:58.0953 0416 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:11:58.0953 0416 upnphost - ok
19:11:58.0968 0416 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:11:58.0968 0416 UPS - ok
19:11:59.0015 0416 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:11:59.0015 0416 USBAAPL - ok
19:11:59.0046 0416 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:11:59.0062 0416 usbccgp - ok
19:11:59.0093 0416 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:11:59.0093 0416 usbehci - ok
19:11:59.0109 0416 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:11:59.0109 0416 usbhub - ok
19:11:59.0125 0416 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:11:59.0125 0416 usbprint - ok
19:11:59.0125 0416 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:11:59.0125 0416 usbscan - ok
19:11:59.0140 0416 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:11:59.0140 0416 USBSTOR - ok
19:11:59.0140 0416 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:11:59.0140 0416 usbuhci - ok
19:11:59.0171 0416 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:11:59.0171 0416 usbvideo - ok
19:11:59.0203 0416 UxTuneUp (d3986793dedc6bb93db4da5a793e42ce) C:\WINDOWS\System32\uxtuneup.dll
19:11:59.0218 0416 UxTuneUp - ok
19:11:59.0218 0416 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:11:59.0218 0416 VgaSave - ok
19:11:59.0234 0416 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:11:59.0250 0416 viaagp - ok
19:11:59.0265 0416 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:11:59.0265 0416 ViaIde - ok
19:11:59.0265 0416 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:11:59.0265 0416 VolSnap - ok
19:11:59.0312 0416 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:11:59.0328 0416 VSS - ok
19:11:59.0343 0416 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:11:59.0359 0416 W32Time - ok
19:11:59.0390 0416 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:11:59.0390 0416 Wanarp - ok
19:11:59.0437 0416 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
19:11:59.0437 0416 wanatw - ok
19:11:59.0453 0416 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:11:59.0453 0416 wdmaud - ok
19:11:59.0468 0416 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:11:59.0468 0416 WebClient - ok
19:11:59.0531 0416 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:11:59.0546 0416 winachsf - ok
19:11:59.0640 0416 WinDefend (581061776e1b7c4c7771e97ae5eaf377) C:\Program Files\Windows Defender\MsMpEng.exe
19:11:59.0640 0416 WinDefend - ok
19:11:59.0734 0416 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:11:59.0734 0416 winmgmt - ok
19:11:59.0812 0416 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
19:11:59.0843 0416 WinRM - ok
19:11:59.0890 0416 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:11:59.0890 0416 WmdmPmSN - ok
19:11:59.0937 0416 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:11:59.0953 0416 Wmi - ok
19:12:00.0031 0416 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:12:00.0031 0416 WmiApSrv - ok
19:12:00.0156 0416 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:12:00.0171 0416 WMPNetworkSvc - ok
19:12:00.0375 0416 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:12:00.0437 0416 WPFFontCache_v0400 - ok
19:12:00.0515 0416 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:12:00.0515 0416 WS2IFSL - ok
19:12:00.0562 0416 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:12:00.0578 0416 wscsvc - ok
19:12:00.0609 0416 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:12:00.0609 0416 WSTCODEC - ok
19:12:00.0656 0416 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:12:00.0656 0416 wuauserv - ok
19:12:00.0687 0416 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:12:00.0687 0416 WudfPf - ok
19:12:00.0703 0416 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:12:00.0703 0416 WudfRd - ok
19:12:00.0718 0416 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:12:00.0718 0416 WudfSvc - ok
19:12:00.0781 0416 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:12:00.0812 0416 WZCSVC - ok
19:12:00.0828 0416 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:12:00.0828 0416 xmlprov - ok
19:12:00.0953 0416 YVDKPAGBU (2af7af68274ae06c9cf83ad095a73db0) C:\DOCUME~1\admin1\LOCALS~1\Temp\YVDKPAGBU.exe
19:12:00.0953 0416 YVDKPAGBU - ok
19:12:00.0984 0416 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:12:01.0125 0416 \Device\Harddisk0\DR0 - ok
19:12:01.0140 0416 MBR (0x1B8) (531fc014d164cd37522434edd791ec31) \Device\Harddisk1\DR1
19:12:01.0265 0416 \Device\Harddisk1\DR1 - ok
19:12:01.0265 0416 Boot (0x1200) (a4c4d1d05860e01bd91d4ff191803c57) \Device\Harddisk0\DR0\Partition0
19:12:01.0265 0416 \Device\Harddisk0\DR0\Partition0 - ok
19:12:01.0281 0416 Boot (0x1200) (d1c046c7f811d6689a23cdcf5fad9182) \Device\Harddisk0\DR0\Partition1
19:12:01.0281 0416 \Device\Harddisk0\DR0\Partition1 - ok
19:12:01.0281 0416 Boot (0x1200) (4cfaa1523843e0c43b1a33e1dece6083) \Device\Harddisk1\DR1\Partition0
19:12:01.0281 0416 \Device\Harddisk1\DR1\Partition0 - ok
19:12:01.0296 0416 ============================================================
19:12:01.0296 0416 Scan finished
19:12:01.0296 0416 ============================================================
19:12:01.0296 1328 Detected object count: 0
19:12:01.0296 1328 Actual detected object count: 0
19:15:08.0234 1520 Deinitialize success



aswMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-04 19:15:56
-----------------------------
19:15:56.500 OS Version: Windows 5.1.2600 Service Pack 3
19:15:56.500 Number of processors: 2 586 0x404
19:15:56.500 ComputerName: D820LIVINGSTON UserName: admin1
19:15:57.140 Initialize success
19:20:09.000 AVAST engine defs: 12050401
19:20:51.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
19:20:51.015 Disk 0 Vendor: HDT722525DLA380 V44OA91A Size: 238475MB BusType: 3
19:20:51.031 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-22
19:20:51.031 Disk 1 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
19:20:51.046 Disk 0 MBR read successfully
19:20:51.062 Disk 0 MBR scan
19:20:51.125 Disk 0 Windows XP default MBR code
19:20:51.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 233711 MB offset 9751455
19:20:51.156 Disk 0 Partition 2 00 0B FAT32 RECOVERY 4761 MB offset 63
19:20:51.156 Disk 0 scanning sectors +488392065
19:20:51.234 Disk 0 scanning C:\WINDOWS\system32\drivers
19:21:09.046 Service scanning
19:21:31.953 Modules scanning
19:21:39.437 Disk 0 trace - called modules:
19:21:39.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:21:39.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b1eeab8]
19:21:39.515 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\0000009a[0x8b1fa9c8]
19:21:39.531 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8b1f6d98]
19:21:40.156 AVAST engine scan C:\WINDOWS
19:21:50.593 AVAST engine scan C:\WINDOWS\system32
19:25:37.000 AVAST engine scan C:\WINDOWS\system32\drivers
19:26:19.656 AVAST engine scan C:\Documents and Settings\admin1
19:33:58.859 AVAST engine scan C:\Documents and Settings\All Users
19:39:15.171 Scan finished successfully
19:42:13.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\admin1\Desktop\log collections\aswMBR\MBR.dat"
19:42:13.015 The log file has been saved successfully to "C:\Documents and Settings\admin1\Desktop\log collections\aswMBR\aswMBR.txt"


and COMBOFIX
ComboFix 12-05-04.03 - admin1 04/05/2012 20:06:07.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2321 [GMT -4:00]
Running from: c:\documents and settings\admin1\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\admin1\Local Settings\Application Data\SetupAnyDVD6412_50635.exe
c:\documents and settings\All Users\Application Data\TEMP\5C321E34.TMP
c:\documents and settings\All Users\Application Data\TEMP\7D1026FC.TMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\aShortcut to procexp.exe.lnk
c:\program files\UNWISE.EXE
c:\windows\system32\nsc118.tmp
c:\windows\system32\nsh117.tmp
c:\windows\system32\nsn116.tmp
c:\windows\system32\nsn11B.tmp
c:\windows\system32\nss115.tmp
c:\windows\system32\nss11A.tmp
c:\windows\system32\nsx114.tmp
c:\windows\system32\nsx119.tmp
c:\windows\system32\perf for disk issues.htm
c:\windows\system32\SET44.tmp
c:\windows\system32\SET45.tmp
c:\windows\system32\SET8C.tmp
c:\windows\system32\SET8E.tmp
c:\windows\system32\SET91.tmp
c:\windows\system32\SETC5.tmp
c:\windows\system32\SETCE.tmp
c:\windows\system32\SETD0.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\SETED.tmp
c:\windows\system32\SETEF.tmp
c:\windows\system32\SETFE.tmp
D:\Autorun.inf
G:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MSAPI32SVC
-------\Legacy_USNJSVC
.
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-01 00:21 . 2012-05-01 00:21 -------- d-----w- c:\documents and settings\admin1\Application Data\SUPERAntiSpyware.com
2012-05-01 00:18 . 2012-05-01 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-30 16:59 . 2012-04-30 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup
2012-04-30 05:44 . 2012-04-30 05:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-30 05:44 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-30 05:40 . 2012-04-30 05:40 -------- d-----w- c:\program files\ERUNT
2012-04-29 23:50 . 2012-04-29 23:50 -------- d-----w- c:\documents and settings\admin2
2012-04-29 20:58 . 2012-04-29 20:58 -------- d-----w- c:\program files\Seagate
2012-04-29 16:34 . 2012-04-29 22:52 -------- d-----w- c:\documents and settings\admin1\Local Settings\Application Data\LogMeIn Rescue Applet
2012-04-28 23:06 . 2012-04-28 23:06 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-28 23:06 . 2012-04-28 23:06 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-28 23:06 . 2012-04-28 23:06 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-27 15:59 . 2012-04-27 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco Systems
2012-04-23 00:52 . 2012-04-23 02:27 -------- d-----w- c:\program files\Total Defense
2012-04-22 23:03 . 2012-04-22 23:03 -------- d-----w- c:\documents and settings\admin1\Local Settings\Application Data\Sun
2012-04-22 23:02 . 2012-04-22 23:02 -------- d-----w- c:\program files\Oracle
2012-04-22 23:02 . 2012-04-22 23:02 -------- d-----w- c:\documents and settings\admin1\Application Data\Oracle
2012-04-22 23:02 . 2012-01-10 17:57 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-22 19:44 . 2001-08-17 16:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-04-22 19:43 . 2001-08-17 17:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2012-04-22 19:42 . 2001-08-18 02:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2012-04-22 19:41 . 2008-04-14 00:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2012-04-22 19:40 . 2001-08-17 17:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2012-04-22 19:39 . 2001-08-18 02:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2012-04-22 19:38 . 2001-08-17 16:12 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
2012-04-22 19:37 . 2001-08-17 17:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-04-22 19:36 . 2001-08-17 16:50 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2012-04-22 19:35 . 2004-08-10 19:00 9728 -c--a-w- c:\windows\system32\dllcache\query.exe
2012-04-22 19:34 . 2004-08-10 19:00 20992 -c--a-w- c:\windows\system32\dllcache\permchk.dll
2012-04-22 19:33 . 2001-08-17 18:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2012-04-22 19:33 . 2001-08-17 17:28 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-04-22 19:33 . 2001-08-17 16:12 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2012-04-22 19:33 . 2001-08-17 16:12 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2012-04-22 19:33 . 2001-08-17 16:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2012-04-22 19:33 . 2001-08-17 16:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2012-04-22 19:33 . 2001-08-18 02:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2012-04-22 19:33 . 2001-08-18 02:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2012-04-22 19:33 . 2001-08-17 16:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2012-04-22 19:33 . 2001-08-17 17:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2012-04-22 19:33 . 2001-08-17 17:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-04-22 19:33 . 2008-04-13 18:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2012-04-22 19:33 . 2008-04-14 10:42 226816 -c--a-w- c:\windows\system32\dllcache\npdrmv2.dll
2012-04-22 18:13 . 2001-08-17 16:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2012-04-22 18:13 . 2001-08-17 16:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2012-04-22 18:13 . 2004-08-10 19:00 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll
2012-04-22 18:13 . 2001-08-17 16:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-04-22 18:13 . 2004-08-04 02:31 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-04-22 18:13 . 2001-08-17 16:11 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2012-04-22 18:13 . 2001-08-17 16:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-04-22 18:13 . 2001-08-18 02:36 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2012-04-22 18:13 . 2001-08-17 17:49 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2012-04-22 18:13 . 2001-08-17 18:56 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2012-04-22 18:13 . 2001-08-17 16:50 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2012-04-22 18:11 . 2008-04-13 18:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2012-04-22 18:10 . 2001-08-17 17:28 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2012-04-22 18:09 . 2001-08-18 02:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2012-04-22 18:08 . 2001-08-17 17:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2012-04-22 18:07 . 2001-08-18 02:36 126976 -c--a-w- c:\windows\system32\dllcache\hpgt34tk.dll
2012-04-22 18:06 . 2001-08-17 16:14 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2012-04-22 18:05 . 2001-08-17 17:50 114944 -c--a-w- c:\windows\system32\dllcache\epstw2k.sys
2012-04-22 18:04 . 2001-08-17 16:13 91305 -c--a-w- c:\windows\system32\dllcache\dimaint.sys
2012-04-22 18:03 . 2004-08-10 19:00 56320 -c--a-w- c:\windows\system32\dllcache\convlog.exe
2012-04-22 18:02 . 2008-04-13 18:46 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2012-04-22 18:01 . 2004-08-10 19:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2012-04-22 18:01 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-04-22 18:00 . 2004-08-10 19:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2012-04-22 18:00 . 2004-08-10 19:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2012-04-22 18:00 . 2004-08-10 19:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2012-04-22 18:00 . 2004-08-10 19:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2012-04-22 18:00 . 2004-08-10 19:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2012-04-22 18:00 . 2004-08-10 19:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2012-04-22 03:38 . 2012-04-22 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2012-04-22 03:29 . 2012-04-22 03:29 -------- d-----w- c:\documents and settings\admin1\Application Data\SMART Technologies Inc
2012-04-21 21:17 . 2012-04-21 21:17 -------- d-----w- c:\program files\Speccy
2012-04-19 03:46 . 2012-04-19 03:46 -------- d-----w- c:\documents and settings\admin1\Application Data\Malwarebytes
2012-04-19 03:46 . 2012-04-19 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-18 02:50 . 2010-03-26 00:07 23864 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2012-04-18 02:46 . 2012-04-18 02:49 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP
2012-04-07 05:03 . 2012-04-07 05:03 -------- d-----w- c:\documents and settings\admin1\Application Data\Safer Networking
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 00:14 . 2012-04-03 22:28 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-18 00:14 . 2011-05-28 17:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2005-04-13 16:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2005-04-13 16:55 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2005-04-13 16:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2005-04-13 16:56 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2005-04-13 16:55 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2005-04-13 16:55 385024 ----a-w- c:\windows\system32\html.iec
2006-05-27 16:16 . 2006-05-27 16:16 2720336 ----a-w- c:\program files\MPEG4Decoder.exe
2006-04-10 14:45 . 2006-04-10 14:45 455 ----a-w- c:\program files\layout.bin
2004-04-19 01:10 . 2004-04-19 01:10 116688 ----a-w- c:\program files\setup.exe
2006-05-06 16:42 . 2006-06-12 21:36 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2012-04-28 23:06 . 2011-04-16 17:05 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-03-26 00:07 . 2012-04-18 02:50 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-04-27 312328]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SacReminder"="c:\documents and settings\All Users\Application Data\OfficeGuardian\reminder\SacReminder.exe" [2009-03-27 825152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-01-23 196608]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2005-12-21 73728]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-15 202256]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2003-11-10 406016]
"PCLEUSBTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-01-23 196608]
"PCLEPCI"="c:\progra~1\Pinnacle\PPE\PPE.EXE" [2004-08-30 36864]
"Name of App"="c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2011-11-23 692307]
"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.2\SetHook.exe" [2005-03-28 53248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"CHotkey"="zHotkey.exe" [2005-05-03 543232]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bomgar_Cleanup_ZD771718750"="rd" [X]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\admin1\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Color Calibration.lnk - c:\program files\SEC\MagicTune3.5_Client\GammaTray.exe [2006-1-18 36864]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2005-8-12 729088]
MagicTune3.5.lnk - c:\program files\SEC\MagicTune3.5_Client\MagicTuneTray.exe [2006-1-18 45056]
NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2006-1-18 155715]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-11-21 233472]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2008-08-22 14:56 2173888 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
2005-07-20 07:55 7090176 ----a-w- c:\program files\Intel Audio Studio\IntelAudioStudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
c:\program files\McAfee\Common Framework\udaterui.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McTaskManager"=2 (0x2)
"McShield"=2 (0x2)
"McAfeeFramework"=2 (0x2)
"McAfeeEngineService"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Persistence"=c:\windows\system32\igfxpers.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"<NO NAME>"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\uTorrent2_2_1\\uTorrent.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\WS_FTP6\\WS_FTP95.exe"=
"c:\\Program Files\\SMART Ideas 5\\bin\\Ideas.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:Windows Remote Management
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 7:38 PM 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [30/04/2012 1:44 AM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30/04/2012 1:44 AM 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 9:13 PM 135664]
S2 McAfeeEngineService;McAfee Engine Service;"c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe" --> c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [?]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe --> c:\windows\system32\mfevtps.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [05/10/2006 11:11 PM 13592]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [03/04/2012 6:28 PM 253088]
S3 AMTUSI;AMTUSI;c:\docume~1\admin1\LOCALS~1\Temp\AMTUSI.exe --> c:\docume~1\admin1\LOCALS~1\Temp\AMTUSI.exe [?]
S3 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCore.exe [23/03/2009 10:54 PM 73464]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 9:13 PM 135664]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys --> c:\windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [28/04/2012 7:06 PM 129976]
S3 OFOD;OFOD;c:\docume~1\admin1\LOCALS~1\Temp\OFOD.exe --> c:\docume~1\admin1\LOCALS~1\Temp\OFOD.exe [?]
S3 PBU;PBU;c:\docume~1\admin1\LOCALS~1\Temp\PBU.exe --> c:\docume~1\admin1\LOCALS~1\Temp\PBU.exe [?]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\Total Defense\PCPitstopScheduleService.exe [22/04/2012 10:27 PM 91816]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [26/04/2011 9:47 PM 27064]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [13/04/2005 12:56 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S3 YVDKPAGBU;YVDKPAGBU;c:\docume~1\admin1\LOCALS~1\Temp\YVDKPAGBU.exe --> c:\docume~1\admin1\LOCALS~1\Temp\YVDKPAGBU.exe [?]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [05/04/2009 1:26 PM 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [05/04/2009 1:26 PM 5248]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 59351952
*NewlyCreated* - ASWMBR
*Deregistered* - 59351952
*Deregistered* - aswMBR
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 00:14]
.
2012-04-30 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2006-01-11 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?ffd8ed15331a42778b6cb5e35674f9dc
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?ffd8ed15331a42778b6cb5e35674f9dc
Trusted Zone: microsoft.com\update
TCP: DhcpNameServer = 64.71.255.198
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37710.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\admin1\Application Data\Mozilla\Firefox\Profiles\2c0bt650.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WiseConvert Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{36DED058-D4AD-11D5-92D9-00A0CC63447C} - (no file)
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-04 20:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1060)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2688)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-05-04 20:45:37
ComboFix-quarantined-files.txt 2012-05-05 00:45
.
Pre-Run: 110,004,604,928 bytes free
Post-Run: 110,091,980,800 bytes free
.
- - End Of File - - FD3D31DFADE1EFD045209C4CA9D33549

*****AND the zipped file from aswMBR MBR.dat
Attached File  MBR.zip   513bytes   0 downloads

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:16 PM

Posted 05 May 2012 - 08:53 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java 6 Update 24
Java 6 Update 29
Java 7 Update 3


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.2.202.233 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

p.s.
The latest version v11.2.202.235 came out a few days ago.


Please let me know what issues persists.

#6 petegt5012

petegt5012
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 05 May 2012 - 10:00 AM

I have mcafee virusscan & antispyware, but it would not install.
I could not uninstall java earlier versions.
also could not install zonealarm.
see my original post (LINK at top of this topic) for all the specifics of these issues.

Did these scans etc. identify anything that you think would cause the issues in my original post?

Should I try all those other issues from my original post installs uninstalls again. Or just the ones you identified.
Note: I was able to install "seatools for windows" at some point since my original post.

I will start on the ones you mentioned (excluding Mcafee security scan plus , simce I already have a mcafee product, or can they co-exist together and with the others I have.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:16 PM

Posted 05 May 2012 - 10:51 AM

Just try this for now.

Download this uninstaller tool and remove All versions of Java.

http://majorgeeks.com/Revo_Uninstaller_d5706.html

Revo Uninstaller helps you to remove any unwanted application installed on your computer.

When completed try to install the latest version of Java.
If you have any error message please post it.

#8 petegt5012

petegt5012
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 05 May 2012 - 01:56 PM

Here are the steps that you outlined I kinda typed this a running log of what I did in Notepad so I could reboot or if I was forced to reboot, as apposed to posting as separate steps.

So read through to the end to see some resolutions and some odd occurrences......

Add remove programs
-- Java 1.6.0_24 click remove ... fatal error during installation
-- Java 1.6.0_29 click remove ... same error as in my original post 1.6.0_24-c-l.msi installation package. See
original topic/post http://www.bleepingcomputer.com/forums/topic451906.html
-- Java 7 update 3 removed successfully, although never reported this as an error originally.

Here are the event log errors (actually information entries... but look like errors to me).

Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 1040
Date: 05/05/2012
Time: 11:32:37 AM
User: D820LIVINGSTON\admin1
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 1040 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have the
necessary registry information or message DLL files to display messages from a remote computer. You may be able to
use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is
part of the event: {26A24AE4-039D-4CA4-87B4-2F83216024F0}, 2388, (NULL), (NULL), (NULL), , .



Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 11725
Date: 05/05/2012
Time: 11:32:54 AM
User: D820LIVINGSTON\admin1
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 11725 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have
the necessary registry information or message DLL files to display messages from a remote computer. You may be able
to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information
is part of the event: Product: Java™ 6 Update 24 -- Removal failed., (NULL), (NULL), (NULL), (NULL), , .
Data:
0000: 7b 32 36 41 32 34 41 45 {26A24AE
0008: 34 2d 30 33 39 44 2d 34 4-039D-4
0010: 43 41 34 2d 38 37 42 34 CA4-87B4
0018: 2d 32 46 38 33 32 31 36 -2F83216
0020: 30 32 34 46 30 7d 024F0}



Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 1034
Date: 05/05/2012
Time: 11:32:54 AM
User: D820LIVINGSTON\admin1
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 1034 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have the
necessary registry information or message DLL files to display messages from a remote computer. You may be able to
use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is
part of the event: Java™ 6 Update 24, 6.0.240, 1033, 1603, (NULL), , .
Data:
0000: 7b 32 36 41 32 34 41 45 {26A24AE
0008: 34 2d 30 33 39 44 2d 34 4-039D-4
0010: 43 41 34 2d 38 37 42 34 CA4-87B4
0018: 2d 32 46 38 33 32 31 36 -2F83216
0020: 30 32 34 46 30 7d 024F0}



Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 1042
Date: 05/05/2012
Time: 11:32:54 AM
User: NT AUTHORITY\SYSTEM
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 1042 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have the
necessary registry information or message DLL files to display messages from a remote computer. You may be able to
use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is
part of the event: {26A24AE4-039D-4CA4-87B4-2F83216024F0}, 2388, (NULL), (NULL), (NULL), , .



Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 1040
Date: 05/05/2012
Time: 11:35:21 AM
User: D820LIVINGSTON\admin1
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 1040 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have the
necessary registry information or message DLL files to display messages from a remote computer. You may be able to
use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is
part of the event: {26A24AE4-039D-4CA4-87B4-2F83216024FF}, 2388, (NULL), (NULL), (NULL), , .



Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 1042
Date: 05/05/2012
Time: 11:37:20 AM
User: NT AUTHORITY\SYSTEM
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 1042 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have the
necessary registry information or message DLL files to display messages from a remote computer. You may be able to
use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is
part of the event: {26A24AE4-039D-4CA4-87B4-2F83216024FF}, 2388, (NULL), (NULL), (NULL), , .



Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 1040
Date: 05/05/2012
Time: 11:37:33 AM
User: D820LIVINGSTON\admin1
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 1040 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have the
necessary registry information or message DLL files to display messages from a remote computer. You may be able to
use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is
part of the event: {26A24AE4-039D-4CA4-87B4-2F83217003FF}, 2388, (NULL), (NULL), (NULL), , .



Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 11724
Date: 05/05/2012
Time: 11:38:11 AM
User: D820LIVINGSTON\admin1
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 11724 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have
the necessary registry information or message DLL files to display messages from a remote computer. You may be able
to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information
is part of the event: Product: Java™ 7 Update 3 -- Removal completed successfully., (NULL), (NULL), (NULL),
(NULL), , .
Data:
0000: 7b 32 36 41 32 34 41 45 {26A24AE
0008: 34 2d 30 33 39 44 2d 34 4-039D-4
0010: 43 41 34 2d 38 37 42 34 CA4-87B4
0018: 2d 32 46 38 33 32 31 37 -2F83217
0020: 30 30 33 46 46 7d 003FF}



Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 1034
Date: 05/05/2012
Time: 11:38:11 AM
User: D820LIVINGSTON\admin1
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 1034 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have the
necessary registry information or message DLL files to display messages from a remote computer. You may be able to
use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is
part of the event: Java™ 7 Update 3, 7.0.30, 1033, 0, (NULL), , .
Data:
0000: 7b 32 36 41 32 34 41 45 {26A24AE
0008: 34 2d 30 33 39 44 2d 34 4-039D-4
0010: 43 41 34 2d 38 37 42 34 CA4-87B4
0018: 2d 32 46 38 33 32 31 37 -2F83217
0020: 30 30 33 46 46 7d 003FF}



Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 1042
Date: 05/05/2012
Time: 11:38:11 AM
User: NT AUTHORITY\SYSTEM
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 1042 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have the
necessary registry information or message DLL files to display messages from a remote computer. You may be able to
use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is
part of the event: {26A24AE4-039D-4CA4-87B4-2F83217003FF}, 2388, (NULL), (NULL), (NULL), , .



These last 2 were from the Mcafee (forgot to uncheck the mcafee install (maybe) ??? Not really sure
or these 2 are form something that trigger windows update ????


Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 8
Date: 05/05/2012
Time: 12:10:22 PM
User: N/A
Computer: D820LIVINGSTON
Description:
Failed auto update retrieval of third-party root list sequence number from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This
operation returned because the timeout period expired.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 8
Date: 05/05/2012
Time: 12:10:22 PM
User: N/A
Computer: D820LIVINGSTON
Description:
Failed auto update retrieval of third-party root list sequence number from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The
specified server cannot perform the requested operation.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.







Now on the topic of the Flash install I installed both flash links you pointed to.

Flash newest version seems to have installed.
Odd result: from Flash Player Settings it shows active x as version 11.2.202.235
Plug-in as version 11.2.202.235
But click on "check now" and it shows on the adobe site as 11.2.202.233 the older version.

IE shows shockwave Flash as version 9.0.16.48 from add-ons.
Firefox shows shockwave Flash as version 11.2.202.233

It did not ask me to reboot so I did not. But I will reboot now just to see. I assume it is the reboot



Have not rebooted yet

Just ran Revo Uninstaller (I have version 2.5.5 when I opened it, it wanted to upgrade to version 2.5.8 , so I did)
Your link pointed to version 1.9.3.0 probably the installer version. I did not use your link.......Hope that is ok?

It removed java 6 update 24 but the scan found many registry entries so I selected all and deleted them.
I then tried Java 6 update 29 and revo got the same error as I posted in my original post see top of this topic.
Did the scan and it found lots of entries and some pointing to update 24; I could not find anything pointing to
Java 1.6.0_24-c-l when I did a find in my registry (tried many times) but this tool found them.
So I selected all and deleted them.
I have no java in my add remove programs any longer.


I only have Java Auto Updater and JavaFX 2.0.3 still in add remove programs.... I assume these are ok.....
Will now get latest version of java.

Wait I will reboot first before getting Java. Saving text file to post later....




AFTER REBOOT

IE still shows shockwave Flash as version 9.0.16.48 from add-ons. However Firefox shows the latest version now
11.2.202.235, ..... not sure why IE is still messed up?

In IE I noticed in add-on that there is an add-on listed under unknown that has this name
Name {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}
Publisher Not Available
Status Disabled


Is this some sort of malware there does not seem to be a delete function? It is disabled however.....


Java 6 update 32 was installed successfully and both Firefox and IE both point to it... so I guess my Java issue is
solved.


Should I continue with some of my original install issues?
-Zonealarm
-MacAfee
-Total defense PC Tune-up (although I am not sure if I need this software any longer, or if it is any good). Perhaps
just curiosity about whether install will work.....

I guess I should not have installed Java 7.....



So in a nutshell was there malware on my PC? I could not tell from the logs .....

Is there anything else I should do?


I am still getting event viewer entries for MSInstaller similar to the ones I already posted earlier in this last
post.

Should I include those in a second post?
What the heck I will paste them here just in case it is something you need to see, if they are normal let me know.
I am bothered by the fact that they all refer to a remote computer. I am only using one computer here.
Confused. These are posted in the order in which they occur just as the last set was.

Lots of questions, sorry about that, but there are a lot of unknowns........


Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 1040
Date: 05/05/2012
Time: 1:57:26 PM
User: D820LIVINGSTON\admin1
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 1040 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have the
necessary registry information or message DLL files to display messages from a remote computer. You may be able to
use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is
part of the event: C:\Documents and Settings\admin1\Application Data\Sun\Java\jre1.6.0_32\jre1.6.0_32-c-l.msi, 2832,
(NULL), (NULL), (NULL), , .



Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 1042
Date: 05/05/2012
Time: 1:58:06 PM
User: NT AUTHORITY\SYSTEM
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 1042 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have the
necessary registry information or message DLL files to display messages from a remote computer. You may be able to
use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is
part of the event: C:\Documents and Settings\admin1\Application Data\Sun\Java\jre1.6.0_32\jre1.6.0_32-c-l.msi, 2832,
(NULL), (NULL), (NULL), , .



Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 11707
Date: 05/05/2012
Time: 1:58:06 PM
User: D820LIVINGSTON\admin1
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 11707 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have
the necessary registry information or message DLL files to display messages from a remote computer. You may be able
to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information
is part of the event: Product: Java™ 6 Update 32 -- Installation operation completed successfully., (NULL),
(NULL), (NULL), (NULL), , .
Data:
0000: 7b 32 36 41 32 34 41 45 {26A24AE
0008: 34 2d 30 33 39 44 2d 34 4-039D-4
0010: 43 41 34 2d 38 37 42 34 CA4-87B4
0018: 2d 32 46 38 33 32 31 36 -2F83216
0020: 30 33 32 46 46 7d 032FF}



Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 1033
Date: 05/05/2012
Time: 1:58:06 PM
User: D820LIVINGSTON\admin1
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 1033 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have the
necessary registry information or message DLL files to display messages from a remote computer. You may be able to
use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is
part of the event: Java™ 6 Update 32, 6.0.320, 1033, 0, (NULL), , .
Data:
0000: 7b 32 36 41 32 34 41 45 {26A24AE
0008: 34 2d 30 33 39 44 2d 34 4-039D-4
0010: 43 41 34 2d 38 37 42 34 CA4-87B4
0018: 2d 32 46 38 33 32 31 36 -2F83216
0020: 30 33 32 46 46 7d 032FF}



Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 1040
Date: 05/05/2012
Time: 1:58:31 PM
User: D820LIVINGSTON\admin1
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 1040 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have the
necessary registry information or message DLL files to display messages from a remote computer. You may be able to
use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is
part of the event: {4A03706F-666A-4037-7777-5F2748764D10}, 3708, (NULL), (NULL), (NULL), , .



Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 1042
Date: 05/05/2012
Time: 1:58:31 PM
User: NT AUTHORITY\SYSTEM
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 1042 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have the
necessary registry information or message DLL files to display messages from a remote computer. You may be able to
use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is
part of the event: {4A03706F-666A-4037-7777-5F2748764D10}, 3708, (NULL), (NULL), (NULL), , .



Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 1040
Date: 05/05/2012
Time: 1:58:32 PM
User: D820LIVINGSTON\admin1
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 1040 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have the
necessary registry information or message DLL files to display messages from a remote computer. You may be able to
use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is
part of the event: C:\Documents and Settings\admin1\Application Data\Sun\Java\AU\au.msi, 3192, (NULL), (NULL),
(NULL), , .



Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 11729
Date: 05/05/2012
Time: 1:58:32 PM
User: D820LIVINGSTON\admin1
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 11729 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have
the necessary registry information or message DLL files to display messages from a remote computer. You may be able
to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information
is part of the event: Product: Java Auto Updater -- Configuration failed., (NULL), (NULL), (NULL), (NULL), , .
Data:
0000: 7b 34 41 30 33 37 30 36 {4A03706
0008: 46 2d 36 36 36 41 2d 34 F-666A-4
0010: 30 33 37 2d 37 37 37 37 037-7777
0018: 2d 35 46 32 37 34 38 37 -5F27487
0020: 36 34 44 31 30 7d 64D10}



Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 1035
Date: 05/05/2012
Time: 1:58:32 PM
User: D820LIVINGSTON\admin1
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 1035 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have the
necessary registry information or message DLL files to display messages from a remote computer. You may be able to
use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is
part of the event: Java Auto Updater, 2.0.7.1, 1033, 1638, (NULL), , .
Data:
0000: 7b 34 41 30 33 37 30 36 {4A03706
0008: 46 2d 36 36 36 41 2d 34 F-666A-4
0010: 30 33 37 2d 37 37 37 37 037-7777
0018: 2d 35 46 32 37 34 38 37 -5F27487
0020: 36 34 44 31 30 7d 64D10}



Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 1042
Date: 05/05/2012
Time: 1:58:32 PM
User: NT AUTHORITY\SYSTEM
Computer: D820LIVINGSTON
Description:
The description for Event ID ( 1042 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have the
necessary registry information or message DLL files to display messages from a remote computer. You may be able to
use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is
part of the event: C:\Documents and Settings\admin1\Application Data\Sun\Java\AU\au.msi, 3192, (NULL), (NULL),
(NULL), , .


Please see all my questions embedded in throughout this post. Hopefully I have not overwhelmed you with questions.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:16 PM

Posted 06 May 2012 - 08:22 AM

-- Java 1.6.0_24 click remove ... fatal error during installation
-- Java 1.6.0_29 click remove ... same error as in my original post 1.6.0_24-c-l.msi installation package

These may still be listed in the Add/Remove programs list.
But they have been deleted.

Run the Fix it button on this Microsoft page.
http://support.microsoft.com/kb/266668/en-us#kb1
===

I only have Java Auto Updater and JavaFX 2.0.3 still in add remove programs

Keep Java Auto Updater.

JaxaFX 2.0.3 is a development tool.
If you do not use it you can remove it using the Add/Remove Programs list.
===

IE still shows shockwave Flash as version 9.0.16.48 from add-ons.

You must get the update using Internet Explorer. Have you been doing that?
===

I wish we could look at one item at a time.
Will try to fix it and move on to the other issue is any.

Can you please do that?

#10 petegt5012

petegt5012
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 06 May 2012 - 11:10 AM

Everything you have suggested so far has worked as long as I understand how to implement.

I believe Java is OK I don't have any but the most recent Java in my add remove programs. Those errors I mentioned were before using REVO. I believe that REVO fixed these issues.

I suspect the Jave error in REVO was due to no files on computer for update 24. So it may have been that there were only registry entries that were causing incorrect install/uninstall results.
I can try to uninstall update 32 and reinstall it to test, but Java 7 was always ok in this respect,

No I did not download or execute the Flash for IE, from IE. Makes sense when you think about it, just never crossed my mind. Will do that. Suspect there will be no issues there. Duh!
I did the upgraded from IE and now it seems to show the correct version. However during the upgrade it asked me to exit IE, so I did, after completion, I started IE and it still showed version 9... so I went to the about page at Adobe and it showed the latest version. went back to tools in IE and the version 9 had been updated to latest version. Weird... but all is OK now.

Was the, Microsoft fix-it for the java issue, if so do I still need to run it given the java issue is resolved?


JavaFX is now removed

only java 6 update 32 exists and Java Auto Updater . Good

Adobe is fixed


Outstanding issues:
1) MSInstaller ...... messages in event viewer is this a problem (refering to remote computer)
2)zonealarm ..... tried yesterday the setup pgm just exits and does nothing. Same as originally
3) PC tune-up ...... freezes when started with gui partially displayed
4) mcafee ...... Tried to installed yesterday seeems ok , but did get messages re framework , cannot get -> framework message .... the services for the old version were never removed ...could be causing problems? should i use REVO to totally get rid of McAFee? and start over

Which one, I assume one at a time should we tackle next?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:16 PM

Posted 06 May 2012 - 12:27 PM

4) mcafee ...... Tried to installed yesterday seeems ok , but did get messages re framework , cannot get -> framework message .... the services for the old version were never removed ...could be causing problems? should i use REVO to totally get rid of McAFee? and start over


McAfee has a removal tool.

http://mcafee-removal-tool.com/

Run it.

Then reinstall the latest version.
===

Please run Notepad and copy the following text into a new file:

sc config AMTUSI start= disabled
sc stop AMTUSI
sc delete AMTUSI


Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Locate remove.bat on the Desktop and double-click on it to run it. A DOS box will open and close, that is normal.
If any errors errors encountered please post.
When done you can delete the remove.bat file.

p.s. On a Vista/Windows7 Operating System run the remove.bat file as Administrator.

Edited by nasdaq, 06 May 2012 - 12:35 PM.


#12 petegt5012

petegt5012
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 06 May 2012 - 01:57 PM

the 4 mcafee services are still present:
McAfee Engine Service
McAfee Framework Service
McAfee Security Scan Component Host Service
McAfee Task Manager

All are automatic except the security scan component which is manual, none are started.

Should the removal tool have removed these? Should I remove them before reinstalling McAfee? how?

Add remove programs still shows Mcafee VirusScan, Antispyware, Agent and the Scan tool(Security Scan Plus) that Adobe added( i forgot to uncheck).

Should I use REVO to clean the rest or do I need to do something special for the services.

#13 petegt5012

petegt5012
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 06 May 2012 - 03:22 PM

tried to reinstall mcAfee again "Error 1920. Service McAfee Mcshield (McShield) failed to start. verify that you have sufficient privileges to start system services."

I did not get this message the first time I tried to install it. I will try again.

#14 petegt5012

petegt5012
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 06 May 2012 - 11:32 PM

McAfee seems to be OK now.
this is what I did uninstalled again, then tried to install , it failed on Error 1920 again.
I uninstalled the Security Scan Plus, and the McAfee Agent via add remove programs.
Then used Revo uninstaller to uninstall Mcafee virusscan and antispyware and deleted all files and registry entries that were displayed after the scan.
Note: all services were removed except mcafee Framework service. Tried to look for other way to remove the service but could not find any, it was already unchecked in msconfig.
Just tried to install McAfee again and all went well.

I will try zonealarm again.... after one more reboot just too make sure everything starts properly again.

#15 petegt5012

petegt5012
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 07 May 2012 - 12:05 AM

still cannot install zonealarm, double click on exe and nothing happens , just the disk starts to spin up and/or seek.

downloaded the newest version same result.

These are the files I have tried
clean.exe
zaSetup_101_079_000.exe
zaSetupWeb_101_101_000_en(3).exe
zaSetupWeb_102_047_000.exe

the clean.exe gets the furthest it gets to a window "open file - security warning" that says run or cancel. I choose run and nothing happens.

Is something intercepting this pgm? no event viewer entries.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users