Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Chrome Opera Safari Google CDN


  • Please log in to reply
26 replies to this topic

#1 karlbleepingcomputer

karlbleepingcomputer

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 24 June 2012 - 05:23 AM

After hours searching for a solution and more than once finding myself back on these forums, looks the best place to get some constructive help.

This started a couple of weeks again when Safari would not launch then chrome followed by opera and now when accessing any resource provided by google ie the cdn for jquery - gmail etc the screen is filled with rubbish characters. IE still works although not my fav browser.

Running:

win xp pro v2002 sp3
amd athlon x4 640 3.1ghz

Browsers
Firefox 13
Safari chrome opera - latest version cant open it so dont know

AV
Norton

System restore - don't us it although considering after these problems

Have run malwarebytes which cleared alot of trojans but the problem with the browsers is really annoying.

Any help greatly appreciated.

Karl

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:15 PM

Posted 24 June 2012 - 06:45 AM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

Step 1

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Step 2

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 3

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step 4

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 karlbleepingcomputer

karlbleepingcomputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 24 June 2012 - 09:02 AM

Firstly thanks for the help as requested log results from programs run.

1. TDSSKILLER LOG

14:35:52.0203 6616 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
14:35:53.0343 6616 ============================================================
14:35:53.0343 6616 Current date / time: 2012/06/24 14:35:53.0343
14:35:53.0343 6616 SystemInfo:
14:35:53.0343 6616
14:35:53.0343 6616 OS Version: 5.1.2600 ServicePack: 3.0
14:35:53.0343 6616 Product type: Workstation
14:35:53.0343 6616 ComputerName: OFFICE
14:35:53.0343 6616 UserName: karl
14:35:53.0343 6616 Windows directory: C:\WINDOWS
14:35:53.0343 6616 System windows directory: C:\WINDOWS
14:35:53.0343 6616 Processor architecture: Intel x86
14:35:53.0343 6616 Number of processors: 4
14:35:53.0343 6616 Page size: 0x1000
14:35:53.0343 6616 Boot type: Normal boot
14:35:53.0343 6616 ============================================================
14:35:54.0187 6616 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:35:54.0203 6616 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:35:54.0234 6616 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
14:35:54.0234 6616 ============================================================
14:35:54.0234 6616 \Device\Harddisk0\DR0:
14:35:54.0234 6616 MBR partitions:
14:35:54.0234 6616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F6BF3
14:35:54.0234 6616 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x124F6C32, BlocksNum 0x12F36A8F
14:35:54.0234 6616 \Device\Harddisk1\DR1:
14:35:54.0234 6616 MBR partitions:
14:35:54.0234 6616 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x13582A2B
14:35:54.0250 6616 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x13582AA9, BlocksNum 0x9C41AD8
14:35:54.0250 6616 \Device\Harddisk2\DR2:
14:35:54.0250 6616 MBR partitions:
14:35:54.0250 6616 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
14:35:54.0250 6616 ============================================================
14:35:54.0265 6616 C: <-> \Device\Harddisk2\DR2\Partition0
14:35:54.0281 6616 D: <-> \Device\Harddisk0\DR0\Partition0
14:35:54.0328 6616 E: <-> \Device\Harddisk0\DR0\Partition1
14:35:54.0359 6616 F: <-> \Device\Harddisk1\DR1\Partition0
14:35:54.0359 6616 G: <-> \Device\Harddisk1\DR1\Partition1
14:35:54.0359 6616 ============================================================
14:35:54.0359 6616 Initialize success
14:35:54.0359 6616 ============================================================
14:36:42.0046 5716 ============================================================
14:36:42.0046 5716 Scan started
14:36:42.0046 5716 Mode: Manual; SigCheck; TDLFS;
14:36:42.0046 5716 ============================================================
14:36:42.0296 5716 Abiosdsk - ok
14:36:42.0296 5716 abp480n5 - ok
14:36:42.0359 5716 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:36:43.0890 5716 ACPI - ok
14:36:43.0937 5716 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:36:44.0109 5716 ACPIEC - ok
14:36:44.0187 5716 Adobe LM Service (01ef7fb1990732f84d8db4eadfd68dfd) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
14:36:44.0250 5716 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
14:36:44.0250 5716 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
14:36:44.0296 5716 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:36:44.0312 5716 AdobeFlashPlayerUpdateSvc - ok
14:36:44.0328 5716 adpu160m - ok
14:36:44.0359 5716 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:36:44.0531 5716 aec - ok
14:36:44.0562 5716 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:36:44.0640 5716 AFD - ok
14:36:44.0656 5716 Aha154x - ok
14:36:44.0656 5716 aic78u2 - ok
14:36:44.0671 5716 aic78xx - ok
14:36:44.0703 5716 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:36:44.0828 5716 Alerter - ok
14:36:44.0859 5716 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:36:44.0968 5716 ALG - ok
14:36:44.0968 5716 AliIde - ok
14:36:45.0046 5716 AMBFilt (57221ef8a056b5fb47cdda3ba28dd377) C:\WINDOWS\system32\drivers\AMBFilt.sys
14:36:45.0218 5716 AMBFilt - ok
14:36:45.0296 5716 amsint - ok
14:36:45.0406 5716 Apache2.2 (e6058125bb2a573c7bcfe14312fd0be8) C:\xampp\apache\bin\httpd.exe
14:36:45.0453 5716 Apache2.2 ( UnsignedFile.Multi.Generic ) - warning
14:36:45.0453 5716 Apache2.2 - detected UnsignedFile.Multi.Generic (1)
14:36:45.0484 5716 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:36:45.0562 5716 AppMgmt - ok
14:36:45.0593 5716 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:36:45.0718 5716 Arp1394 - ok
14:36:45.0718 5716 asc - ok
14:36:45.0718 5716 asc3350p - ok
14:36:45.0734 5716 asc3550 - ok
14:36:45.0796 5716 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:36:45.0921 5716 aspnet_state - ok
14:36:45.0921 5716 AsrCDDrv - ok
14:36:45.0937 5716 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:36:46.0062 5716 AsyncMac - ok
14:36:46.0093 5716 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:36:46.0218 5716 atapi - ok
14:36:46.0218 5716 Atdisk - ok
14:36:46.0250 5716 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:36:46.0359 5716 Atmarpc - ok
14:36:46.0390 5716 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:36:46.0531 5716 AudioSrv - ok
14:36:46.0578 5716 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:36:46.0687 5716 audstub - ok
14:36:46.0734 5716 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:36:46.0859 5716 Beep - ok
14:36:46.0890 5716 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:36:47.0093 5716 BITS - ok
14:36:47.0203 5716 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:36:47.0265 5716 Bonjour Service - ok
14:36:47.0312 5716 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:36:47.0437 5716 Browser - ok
14:36:47.0468 5716 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
14:36:47.0578 5716 BthEnum - ok
14:36:47.0609 5716 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
14:36:47.0718 5716 BTHMODEM - ok
14:36:47.0765 5716 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
14:36:47.0875 5716 BthPan - ok
14:36:47.0906 5716 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
14:36:47.0984 5716 BTHPORT - ok
14:36:48.0015 5716 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
14:36:48.0140 5716 BthServ - ok
14:36:48.0171 5716 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
14:36:48.0296 5716 BTHUSB - ok
14:36:48.0343 5716 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\WINDOWS\system32\DRIVERS\Camdrl.sys
14:36:48.0484 5716 CamDrL - ok
14:36:48.0515 5716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:36:48.0656 5716 cbidf2k - ok
14:36:48.0671 5716 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:36:48.0828 5716 CCDECODE - ok
14:36:48.0828 5716 cd20xrnt - ok
14:36:48.0843 5716 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:36:48.0968 5716 Cdaudio - ok
14:36:49.0015 5716 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:36:49.0109 5716 Cdfs - ok
14:36:49.0125 5716 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:36:49.0265 5716 Cdrom - ok
14:36:49.0281 5716 Changer - ok
14:36:49.0312 5716 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:36:49.0437 5716 CiSvc - ok
14:36:49.0453 5716 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:36:49.0578 5716 ClipSrv - ok
14:36:49.0640 5716 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:36:49.0750 5716 clr_optimization_v2.0.50727_32 - ok
14:36:49.0750 5716 CmdIde - ok
14:36:49.0750 5716 COMSysApp - ok
14:36:49.0765 5716 Cpqarray - ok
14:36:49.0796 5716 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:36:49.0906 5716 CryptSvc - ok
14:36:49.0906 5716 dac2w2k - ok
14:36:49.0921 5716 dac960nt - ok
14:36:49.0968 5716 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:36:50.0031 5716 DcomLaunch - ok
14:36:50.0140 5716 DefWatch (9b6a7d04ba24d609b30773e97632908d) C:\Program Files\NavNT\defwatch.exe
14:36:50.0187 5716 DefWatch ( UnsignedFile.Multi.Generic ) - warning
14:36:50.0187 5716 DefWatch - detected UnsignedFile.Multi.Generic (1)
14:36:50.0203 5716 dg_ssudbus (8d949255edc6f4aa87730b8472106591) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
14:36:50.0234 5716 dg_ssudbus - ok
14:36:50.0281 5716 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:36:50.0406 5716 Dhcp - ok
14:36:50.0421 5716 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:36:50.0546 5716 Disk - ok
14:36:50.0546 5716 dmadmin - ok
14:36:50.0593 5716 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:36:50.0718 5716 dmboot - ok
14:36:50.0734 5716 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:36:50.0890 5716 dmio - ok
14:36:50.0890 5716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:36:51.0000 5716 dmload - ok
14:36:51.0015 5716 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:36:51.0140 5716 dmserver - ok
14:36:51.0156 5716 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:36:51.0281 5716 DMusic - ok
14:36:51.0296 5716 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:36:51.0390 5716 Dnscache - ok
14:36:51.0437 5716 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:36:51.0546 5716 Dot3svc - ok
14:36:51.0562 5716 dpti2o - ok
14:36:51.0578 5716 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:36:51.0703 5716 drmkaud - ok
14:36:51.0703 5716 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:36:51.0843 5716 EapHost - ok
14:36:51.0937 5716 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:36:51.0984 5716 eeCtrl - ok
14:36:52.0031 5716 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:36:52.0156 5716 ERSvc - ok
14:36:52.0187 5716 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:36:52.0250 5716 Eventlog - ok
14:36:52.0296 5716 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:36:52.0375 5716 EventSystem - ok
14:36:52.0390 5716 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:36:52.0515 5716 Fastfat - ok
14:36:52.0562 5716 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:36:52.0656 5716 FastUserSwitchingCompatibility - ok
14:36:52.0671 5716 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:36:52.0812 5716 Fdc - ok
14:36:52.0843 5716 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:36:52.0968 5716 Fips - ok
14:36:52.0984 5716 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:36:53.0109 5716 Flpydisk - ok
14:36:53.0140 5716 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:36:53.0250 5716 FltMgr - ok
14:36:53.0328 5716 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:36:53.0359 5716 FontCache3.0.0.0 - ok
14:36:53.0390 5716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:36:53.0500 5716 Fs_Rec - ok
14:36:53.0515 5716 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:36:53.0625 5716 Ftdisk - ok
14:36:53.0656 5716 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:36:53.0796 5716 Gpc - ok
14:36:53.0921 5716 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:36:53.0937 5716 gupdate - ok
14:36:53.0953 5716 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:36:53.0968 5716 gupdatem - ok
14:36:54.0015 5716 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:36:54.0062 5716 gusvc - ok
14:36:54.0078 5716 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:36:54.0203 5716 HDAudBus - ok
14:36:54.0281 5716 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:36:54.0406 5716 helpsvc - ok
14:36:54.0421 5716 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys
14:36:54.0546 5716 HidBth - ok
14:36:54.0546 5716 HidServ - ok
14:36:54.0593 5716 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:36:54.0734 5716 hidusb - ok
14:36:54.0750 5716 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:36:54.0890 5716 hkmsvc - ok
14:36:54.0890 5716 hpn - ok
14:36:54.0937 5716 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:36:55.0078 5716 HPZid412 - ok
14:36:55.0078 5716 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:36:55.0187 5716 HPZipr12 - ok
14:36:55.0203 5716 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:36:55.0296 5716 HPZius12 - ok
14:36:55.0343 5716 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:36:55.0421 5716 HTTP - ok
14:36:55.0468 5716 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:36:55.0593 5716 HTTPFilter - ok
14:36:55.0593 5716 i2omgmt - ok
14:36:55.0609 5716 i2omp - ok
14:36:55.0640 5716 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
14:36:55.0765 5716 i8042prt - ok
14:36:55.0843 5716 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:36:55.0921 5716 idsvc - ok
14:36:55.0953 5716 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:36:56.0078 5716 Imapi - ok
14:36:56.0109 5716 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:36:56.0250 5716 ImapiService - ok
14:36:56.0265 5716 ini910u - ok
14:36:56.0265 5716 IntelIde - ok
14:36:56.0296 5716 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:36:56.0421 5716 Ip6Fw - ok
14:36:56.0437 5716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:36:56.0546 5716 IpFilterDriver - ok
14:36:56.0578 5716 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:36:56.0687 5716 IpInIp - ok
14:36:56.0734 5716 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:36:56.0875 5716 IpNat - ok
14:36:56.0890 5716 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:36:57.0031 5716 IPSec - ok
14:36:57.0046 5716 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:36:57.0109 5716 IRENUM - ok
14:36:57.0140 5716 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:36:57.0250 5716 isapnp - ok
14:36:57.0359 5716 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
14:36:57.0406 5716 JavaQuickStarterService - ok
14:36:57.0453 5716 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:36:57.0562 5716 Kbdclass - ok
14:36:57.0578 5716 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:36:57.0687 5716 kbdhid - ok
14:36:57.0734 5716 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:36:57.0875 5716 kmixer - ok
14:36:57.0906 5716 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:36:58.0015 5716 KSecDD - ok
14:36:58.0062 5716 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:36:58.0109 5716 lanmanserver - ok
14:36:58.0125 5716 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:36:58.0203 5716 lanmanworkstation - ok
14:36:58.0203 5716 lbrtfdc - ok
14:36:58.0250 5716 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:36:58.0390 5716 LmHosts - ok
14:36:58.0468 5716 LVcKap (9a3d4fc6b86e7e36473079ab76ac703d) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
14:36:58.0562 5716 LVcKap - ok
14:36:58.0765 5716 LVMVDrv (0acbc11f19320af6c19f2e20013d9095) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
14:36:58.0921 5716 LVMVDrv - ok
14:36:58.0953 5716 LVPr2Mon (12866641284ebb41e627bb53c04da959) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
14:36:58.0984 5716 LVPr2Mon - ok
14:36:59.0015 5716 LVPrcSrv (995d0b52870c7a5caf3ea165fd674a35) c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
14:36:59.0062 5716 LVPrcSrv - ok
14:36:59.0078 5716 LVSrvLauncher (a005cee9be199c5e375faa559ca9a7a9) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
14:36:59.0125 5716 LVSrvLauncher - ok
14:36:59.0140 5716 LVUSBSta (64bc29c3a0388bfc580bb8b1346f7659) C:\WINDOWS\system32\drivers\LVUSBSta.sys
14:36:59.0171 5716 LVUSBSta - ok
14:36:59.0218 5716 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
14:36:59.0234 5716 MBAMProtector - ok
14:36:59.0312 5716 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:36:59.0406 5716 MBAMService - ok
14:36:59.0453 5716 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:36:59.0593 5716 Messenger - ok
14:36:59.0625 5716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:36:59.0750 5716 mnmdd - ok
14:36:59.0765 5716 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:36:59.0890 5716 mnmsrvc - ok
14:36:59.0921 5716 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:37:00.0046 5716 Modem - ok
14:37:00.0093 5716 MonFilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\MonFilt.sys
14:37:00.0234 5716 MonFilt - ok
14:37:00.0250 5716 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:37:00.0375 5716 Mouclass - ok
14:37:00.0421 5716 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:37:00.0546 5716 mouhid - ok
14:37:00.0562 5716 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:37:00.0687 5716 MountMgr - ok
14:37:00.0796 5716 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:37:00.0875 5716 MozillaMaintenance - ok
14:37:00.0890 5716 mraid35x - ok
14:37:00.0921 5716 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:37:01.0078 5716 MRxDAV - ok
14:37:01.0109 5716 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:37:01.0156 5716 MRxSmb - ok
14:37:01.0187 5716 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:37:01.0328 5716 MSDTC - ok
14:37:01.0328 5716 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:37:01.0437 5716 Msfs - ok
14:37:01.0437 5716 MSIServer - ok
14:37:01.0484 5716 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:37:01.0609 5716 MSKSSRV - ok
14:37:01.0625 5716 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:37:01.0750 5716 MSPCLOCK - ok
14:37:01.0765 5716 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:37:01.0890 5716 MSPQM - ok
14:37:01.0921 5716 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:37:02.0046 5716 mssmbios - ok
14:37:02.0062 5716 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:37:02.0171 5716 MSTEE - ok
14:37:02.0203 5716 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:37:02.0250 5716 Mup - ok
14:37:02.0546 5716 MySQL (53524145b4c49b4f7fd1c1e1bac5c305) C:\xampp\mysql\bin\mysqld.exe
14:37:02.0843 5716 MySQL ( UnsignedFile.Multi.Generic ) - warning
14:37:02.0843 5716 MySQL - detected UnsignedFile.Multi.Generic (1)
14:37:03.0015 5716 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:37:03.0140 5716 NABTSFEC - ok
14:37:03.0187 5716 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:37:03.0296 5716 napagent - ok
14:37:03.0406 5716 NAVAP (69b2c32f9382ff0ab458d43415cd9460) C:\Program Files\NavNT\NAVAP.sys
14:37:03.0453 5716 NAVAP ( UnsignedFile.Multi.Generic ) - warning
14:37:03.0453 5716 NAVAP - detected UnsignedFile.Multi.Generic (1)
14:37:03.0484 5716 NAVAPEL (d488113cfbaa3a4a7c2822662923a3e9) C:\Program Files\NavNT\NAVAPEL.SYS
14:37:03.0515 5716 NAVAPEL ( UnsignedFile.Multi.Generic ) - warning
14:37:03.0515 5716 NAVAPEL - detected UnsignedFile.Multi.Generic (1)
14:37:03.0593 5716 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVENG.sys
14:37:03.0625 5716 NAVENG - ok
14:37:03.0718 5716 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVEX15.sys
14:37:03.0812 5716 NAVEX15 - ok
14:37:03.0906 5716 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:37:04.0015 5716 NDIS - ok
14:37:04.0046 5716 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:37:04.0156 5716 NdisIP - ok
14:37:04.0187 5716 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:37:04.0265 5716 NdisTapi - ok
14:37:04.0281 5716 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:37:04.0406 5716 Ndisuio - ok
14:37:04.0437 5716 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:37:04.0546 5716 NdisWan - ok
14:37:04.0578 5716 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:37:04.0640 5716 NDProxy - ok
14:37:04.0656 5716 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:37:04.0781 5716 NetBIOS - ok
14:37:04.0812 5716 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:37:04.0953 5716 NetBT - ok
14:37:04.0968 5716 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:37:05.0093 5716 NetDDE - ok
14:37:05.0093 5716 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:37:05.0187 5716 NetDDEdsdm - ok
14:37:05.0218 5716 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:37:05.0343 5716 Netlogon - ok
14:37:05.0375 5716 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:37:05.0484 5716 Netman - ok
14:37:05.0593 5716 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:37:05.0625 5716 NetTcpPortSharing - ok
14:37:05.0671 5716 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:37:05.0812 5716 NIC1394 - ok
14:37:05.0843 5716 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:37:05.0859 5716 Nla - ok
14:37:05.0890 5716 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\WINDOWS\system32\drivers\ccdcmb.sys
14:37:06.0234 5716 nmwcd - ok
14:37:06.0265 5716 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
14:37:06.0359 5716 nmwcdc - ok
14:37:06.0468 5716 Norton AntiVirus Server (4739c7c6bd87efff6f033dd7db3a4dbd) C:\Program Files\NavNT\rtvscan.exe
14:37:06.0531 5716 Norton AntiVirus Server ( UnsignedFile.Multi.Generic ) - warning
14:37:06.0531 5716 Norton AntiVirus Server - detected UnsignedFile.Multi.Generic (1)
14:37:06.0562 5716 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:37:06.0687 5716 Npfs - ok
14:37:06.0718 5716 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:37:06.0859 5716 Ntfs - ok
14:37:06.0890 5716 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:37:06.0984 5716 NtLmSsp - ok
14:37:07.0031 5716 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:37:07.0156 5716 NtmsSvc - ok
14:37:07.0187 5716 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:37:07.0312 5716 Null - ok
14:37:07.0468 5716 nv (02e3a5cf6de77dba144550fd1c4a4cd9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:37:07.0796 5716 nv - ok
14:37:07.0937 5716 NVENETFD (70217a23470f4bb4c8fb4abe06813081) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
14:37:08.0015 5716 NVENETFD - ok
14:37:08.0031 5716 nvgts (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
14:37:08.0046 5716 nvgts - ok
14:37:08.0078 5716 nvnetbus (be8513730653384939a4d2d977c81027) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
14:37:08.0156 5716 nvnetbus - ok
14:37:08.0203 5716 NVSvc (679b4bd1152079fb65f4a28d7e3bd5d8) C:\WINDOWS\system32\nvsvc32.exe
14:37:08.0265 5716 NVSvc - ok
14:37:08.0312 5716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:37:08.0437 5716 NwlnkFlt - ok
14:37:08.0437 5716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:37:08.0578 5716 NwlnkFwd - ok
14:37:08.0625 5716 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:37:08.0734 5716 ohci1394 - ok
14:37:08.0812 5716 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:37:08.0859 5716 ose - ok
14:37:08.0906 5716 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:37:09.0031 5716 Parport - ok
14:37:09.0046 5716 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:37:09.0140 5716 PartMgr - ok
14:37:09.0187 5716 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:37:09.0281 5716 ParVdm - ok
14:37:09.0312 5716 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
14:37:09.0390 5716 pccsmcfd - ok
14:37:09.0390 5716 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:37:09.0500 5716 PCI - ok
14:37:09.0515 5716 PCIDump - ok
14:37:09.0531 5716 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:37:09.0640 5716 PCIIde - ok
14:37:09.0671 5716 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:37:09.0781 5716 Pcmcia - ok
14:37:09.0781 5716 PDCOMP - ok
14:37:09.0796 5716 PDFRAME - ok
14:37:09.0796 5716 PDRELI - ok
14:37:09.0812 5716 PDRFRAME - ok
14:37:09.0812 5716 perc2 - ok
14:37:09.0828 5716 perc2hib - ok
14:37:09.0890 5716 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:37:09.0906 5716 PlugPlay - ok
14:37:09.0937 5716 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe
14:37:10.0015 5716 Pml Driver HPZ12 - ok
14:37:10.0046 5716 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:37:10.0140 5716 PolicyAgent - ok
14:37:10.0171 5716 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:37:10.0296 5716 PptpMiniport - ok
14:37:10.0328 5716 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:37:10.0437 5716 Processor - ok
14:37:10.0453 5716 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:37:10.0546 5716 ProtectedStorage - ok
14:37:10.0546 5716 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:37:10.0671 5716 PSched - ok
14:37:10.0687 5716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:37:10.0796 5716 Ptilink - ok
14:37:10.0812 5716 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:37:10.0828 5716 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
14:37:10.0828 5716 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
14:37:10.0828 5716 ql1080 - ok
14:37:10.0843 5716 Ql10wnt - ok
14:37:10.0843 5716 ql12160 - ok
14:37:10.0859 5716 ql1240 - ok
14:37:10.0859 5716 ql1280 - ok
14:37:10.0875 5716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:37:11.0000 5716 RasAcd - ok
14:37:11.0015 5716 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:37:11.0125 5716 RasAuto - ok
14:37:11.0140 5716 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:37:11.0265 5716 Rasl2tp - ok
14:37:11.0296 5716 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:37:11.0406 5716 RasMan - ok
14:37:11.0437 5716 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:37:11.0562 5716 RasPppoe - ok
14:37:11.0578 5716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:37:11.0687 5716 Raspti - ok
14:37:11.0718 5716 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:37:11.0812 5716 Rdbss - ok
14:37:11.0828 5716 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:37:11.0921 5716 RDPCDD - ok
14:37:11.0937 5716 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:37:12.0062 5716 rdpdr - ok
14:37:12.0093 5716 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
14:37:12.0171 5716 RDPWD - ok
14:37:12.0187 5716 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:37:12.0296 5716 RDSessMgr - ok
14:37:12.0328 5716 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:37:12.0453 5716 redbook - ok
14:37:12.0484 5716 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:37:12.0593 5716 RemoteAccess - ok
14:37:12.0625 5716 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
14:37:12.0750 5716 RemoteRegistry - ok
14:37:12.0781 5716 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
14:37:12.0890 5716 RFCOMM - ok
14:37:12.0921 5716 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:37:13.0031 5716 RpcLocator - ok
14:37:13.0062 5716 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:37:13.0109 5716 RpcSs - ok
14:37:13.0125 5716 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:37:13.0250 5716 RSVP - ok
14:37:13.0281 5716 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:37:13.0375 5716 SamSs - ok
14:37:13.0421 5716 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
14:37:13.0531 5716 sbp2port - ok
14:37:13.0578 5716 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:37:13.0703 5716 SCardSvr - ok
14:37:13.0718 5716 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:37:13.0859 5716 Schedule - ok
14:37:13.0890 5716 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:37:13.0953 5716 Secdrv - ok
14:37:13.0968 5716 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:37:14.0078 5716 seclogon - ok
14:37:14.0093 5716 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:37:14.0187 5716 SENS - ok
14:37:14.0218 5716 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:37:14.0343 5716 serenum - ok
14:37:14.0359 5716 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:37:14.0468 5716 Serial - ok
14:37:14.0609 5716 ServiceLayer (c15b813f2fdb44f87f23312472c6e790) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
14:37:14.0671 5716 ServiceLayer - ok
14:37:14.0703 5716 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:37:14.0828 5716 Sfloppy - ok
14:37:14.0859 5716 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:37:14.0984 5716 SharedAccess - ok
14:37:15.0015 5716 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:37:15.0046 5716 ShellHWDetection - ok
14:37:15.0062 5716 Simbad - ok
14:37:15.0093 5716 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
14:37:15.0281 5716 SkypeUpdate - ok
14:37:15.0312 5716 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:37:15.0437 5716 SLIP - ok
14:37:15.0437 5716 Sparrow - ok
14:37:15.0453 5716 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:37:15.0562 5716 splitter - ok
14:37:15.0593 5716 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:37:15.0656 5716 Spooler - ok
14:37:15.0687 5716 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:37:15.0765 5716 sr - ok
14:37:15.0796 5716 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:37:15.0859 5716 srservice - ok
14:37:15.0906 5716 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:37:15.0968 5716 Srv - ok
14:37:15.0984 5716 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:37:16.0078 5716 SSDPSRV - ok
14:37:16.0093 5716 ssudmdm (15376507e439f73610f83947f1727e84) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
14:37:16.0140 5716 ssudmdm - ok
14:37:16.0187 5716 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:37:16.0312 5716 stisvc - ok
14:37:16.0328 5716 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:37:16.0437 5716 streamip - ok
14:37:16.0468 5716 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:37:16.0578 5716 swenum - ok
14:37:16.0593 5716 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:37:16.0718 5716 swmidi - ok
14:37:16.0718 5716 SwPrv - ok
14:37:16.0734 5716 symc810 - ok
14:37:16.0734 5716 symc8xx - ok
14:37:16.0828 5716 SymEvent (a769203607d8af4efa01148ae86697d5) C:\Program Files\Symantec\SYMEVENT.SYS
14:37:16.0875 5716 SymEvent ( UnsignedFile.Multi.Generic ) - warning
14:37:16.0875 5716 SymEvent - detected UnsignedFile.Multi.Generic (1)
14:37:16.0875 5716 sym_hi - ok
14:37:16.0890 5716 sym_u3 - ok
14:37:16.0921 5716 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:37:17.0031 5716 sysaudio - ok
14:37:17.0062 5716 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:37:17.0171 5716 SysmonLog - ok
14:37:17.0203 5716 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:37:17.0328 5716 TapiSrv - ok
14:37:17.0375 5716 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:37:17.0421 5716 Tcpip - ok
14:37:17.0437 5716 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:37:17.0546 5716 TDPIPE - ok
14:37:17.0578 5716 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:37:17.0671 5716 TDTCP - ok
14:37:17.0703 5716 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:37:17.0828 5716 TermDD - ok
14:37:17.0859 5716 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:37:17.0984 5716 TermService - ok
14:37:18.0015 5716 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:37:18.0031 5716 Themes - ok
14:37:18.0078 5716 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
14:37:18.0156 5716 TlntSvr - ok
14:37:18.0156 5716 TosIde - ok
14:37:18.0171 5716 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:37:18.0296 5716 TrkWks - ok
14:37:18.0328 5716 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:37:18.0453 5716 Udfs - ok
14:37:18.0453 5716 ultra - ok
14:37:18.0531 5716 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:37:18.0671 5716 Update - ok
14:37:18.0703 5716 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:37:18.0781 5716 upnphost - ok
14:37:18.0812 5716 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
14:37:18.0890 5716 upperdev - ok
14:37:18.0906 5716 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:37:19.0015 5716 UPS - ok
14:37:19.0046 5716 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:37:19.0156 5716 usbaudio - ok
14:37:19.0171 5716 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:37:19.0265 5716 usbccgp - ok
14:37:19.0281 5716 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:37:19.0375 5716 usbehci - ok
14:37:19.0421 5716 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:37:19.0515 5716 usbhub - ok
14:37:19.0546 5716 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:37:19.0671 5716 usbohci - ok
14:37:19.0703 5716 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:37:19.0828 5716 usbprint - ok
14:37:19.0828 5716 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:37:19.0937 5716 usbscan - ok
14:37:19.0968 5716 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
14:37:20.0078 5716 usbser - ok
14:37:20.0109 5716 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
14:37:20.0171 5716 UsbserFilt - ok
14:37:20.0171 5716 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:37:20.0312 5716 USBSTOR - ok
14:37:20.0343 5716 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:37:20.0468 5716 usbuhci - ok
14:37:20.0531 5716 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:37:20.0656 5716 VgaSave - ok
14:37:20.0718 5716 VIAHdAudAddService (f29bfd0c5cccc9823e5fcdee71dbc054) C:\WINDOWS\system32\drivers\viahduaa.sys
14:37:20.0828 5716 VIAHdAudAddService - ok
14:37:20.0921 5716 ViaIde - ok
14:37:20.0953 5716 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:37:21.0046 5716 VolSnap - ok
14:37:21.0078 5716 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:37:21.0156 5716 VSS - ok
14:37:21.0187 5716 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:37:21.0281 5716 W32Time - ok
14:37:21.0312 5716 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:37:21.0437 5716 Wanarp - ok
14:37:21.0468 5716 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
14:37:21.0515 5716 Wdf01000 - ok
14:37:21.0515 5716 WDICA - ok
14:37:21.0546 5716 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:37:21.0671 5716 wdmaud - ok
14:37:21.0718 5716 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:37:21.0828 5716 WebClient - ok
14:37:21.0906 5716 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:37:22.0015 5716 winmgmt - ok
14:37:22.0062 5716 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
14:37:22.0078 5716 WinUSB - ok
14:37:22.0109 5716 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:37:22.0156 5716 WmdmPmSN - ok
14:37:22.0203 5716 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
14:37:22.0265 5716 Wmi - ok
14:37:22.0296 5716 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:37:22.0421 5716 WmiApSrv - ok
14:37:22.0437 5716 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:37:22.0468 5716 WpdUsb - ok
14:37:22.0515 5716 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:37:22.0625 5716 wscsvc - ok
14:37:22.0656 5716 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:37:22.0765 5716 WSTCODEC - ok
14:37:22.0781 5716 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:37:22.0875 5716 wuauserv - ok
14:37:22.0906 5716 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:37:22.0953 5716 WudfPf - ok
14:37:22.0984 5716 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:37:23.0015 5716 WudfRd - ok
14:37:23.0031 5716 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
14:37:23.0078 5716 WudfSvc - ok
14:37:23.0125 5716 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:37:23.0250 5716 WZCSVC - ok
14:37:23.0281 5716 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:37:23.0375 5716 xmlprov - ok
14:37:23.0421 5716 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk0\DR0
14:37:23.0500 5716 \Device\Harddisk0\DR0 - ok
14:37:23.0500 5716 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
14:37:23.0906 5716 \Device\Harddisk1\DR1 - ok
14:37:23.0937 5716 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
14:37:24.0312 5716 \Device\Harddisk2\DR2 - ok
14:37:24.0312 5716 Boot (0x1200) (0c6f4a77bd7863c1e34930e49a8d8498) \Device\Harddisk0\DR0\Partition0
14:37:24.0312 5716 \Device\Harddisk0\DR0\Partition0 - ok
14:37:24.0343 5716 Boot (0x1200) (38bdc7912eea5948f2eeec79803a3a2d) \Device\Harddisk0\DR0\Partition1
14:37:24.0343 5716 \Device\Harddisk0\DR0\Partition1 - ok
14:37:24.0359 5716 Boot (0x1200) (2762cc060afa0977ad9253baed099b78) \Device\Harddisk1\DR1\Partition0
14:37:24.0359 5716 \Device\Harddisk1\DR1\Partition0 - ok
14:37:24.0359 5716 Boot (0x1200) (b867895c749fc8f0176d707a5179dd82) \Device\Harddisk1\DR1\Partition1
14:37:24.0359 5716 \Device\Harddisk1\DR1\Partition1 - ok
14:37:24.0390 5716 Boot (0x1200) (92ec60bb75bee743f92a8c470b99ed3b) \Device\Harddisk2\DR2\Partition0
14:37:24.0390 5716 \Device\Harddisk2\DR2\Partition0 - ok
14:37:24.0390 5716 ============================================================
14:37:24.0390 5716 Scan finished
14:37:24.0390 5716 ============================================================
14:37:24.0500 7612 Detected object count: 9
14:37:24.0500 7612 Actual detected object count: 9
14:38:28.0187 7612 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:28.0187 7612 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:28.0187 7612 Apache2.2 ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:28.0187 7612 Apache2.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:28.0187 7612 DefWatch ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:28.0187 7612 DefWatch ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:28.0203 7612 MySQL ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:28.0203 7612 MySQL ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:28.0203 7612 NAVAP ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:28.0203 7612 NAVAP ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:28.0203 7612 NAVAPEL ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:28.0203 7612 NAVAPEL ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:28.0203 7612 Norton AntiVirus Server ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:28.0203 7612 Norton AntiVirus Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:28.0218 7612 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:28.0218 7612 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:28.0218 7612 SymEvent ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:28.0218 7612 SymEvent ( UnsignedFile.Multi.Generic ) - User select action: Skip

--------

2. security checkup log

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 22
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.262
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
karl Desktop karl malware issues SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 20% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

-------

3. Farbar log

Farbar Service Scanner Version: 23-06-2012
Ran by karl (administrator) on 24-06-2012 at 14:51:43
Running from "C:\Documents and Settings\karl\Desktop\karl malware issues"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****

--------

4. Minitoolbox log

MiniToolBox by Farbar Version: 09-06-2012
Ran by karl (administrator) on 24-06-2012 at 14:54:10
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 4

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

-------

#4 karlbleepingcomputer

karlbleepingcomputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 24 June 2012 - 10:13 AM

For reference not sure it will help but here is the last malware bytes log which is still reporting trojans.

2012/06/24 08:28:51 +0100 OFFICE MESSAGE Starting protection
2012/06/24 08:29:07 +0100 OFFICE MESSAGE Protection started successfully
2012/06/24 08:29:10 +0100 OFFICE MESSAGE Starting IP protection
2012/06/24 08:30:31 +0100 OFFICE karl MESSAGE IP Protection started successfully
2012/06/24 08:34:22 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\C7.tmp.exe Trojan.Agent DENY
2012/06/24 08:34:22 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\C7.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 08:37:57 +0100 OFFICE karl IP-BLOCK 103.246.248.155 (Type: outgoing)
2012/06/24 08:38:00 +0100 OFFICE karl IP-BLOCK 103.246.248.155 (Type: outgoing)
2012/06/24 08:38:06 +0100 OFFICE karl IP-BLOCK 103.246.248.155 (Type: outgoing)
2012/06/24 08:39:57 +0100 OFFICE karl IP-BLOCK 103.246.248.155 (Type: outgoing)
2012/06/24 08:40:00 +0100 OFFICE karl IP-BLOCK 103.246.248.155 (Type: outgoing)
2012/06/24 08:40:06 +0100 OFFICE karl IP-BLOCK 103.246.248.155 (Type: outgoing)
2012/06/24 08:40:23 +0100 OFFICE karl MESSAGE Executing scheduled update: Daily
2012/06/24 08:40:30 +0100 OFFICE karl MESSAGE Scheduled update executed successfully: database updated from version v2012.06.23.02 to version v2012.06.24.01
2012/06/24 08:40:30 +0100 OFFICE karl MESSAGE Starting database refresh
2012/06/24 08:40:31 +0100 OFFICE karl MESSAGE Stopping IP protection
2012/06/24 08:40:31 +0100 OFFICE karl MESSAGE IP Protection stopped
2012/06/24 08:40:35 +0100 OFFICE karl MESSAGE Database refreshed successfully
2012/06/24 08:40:35 +0100 OFFICE karl MESSAGE Starting IP protection
2012/06/24 08:40:47 +0100 OFFICE karl MESSAGE IP Protection started successfully
2012/06/24 08:49:45 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\122.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 08:52:29 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\E0.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 09:23:14 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\E1.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 09:23:14 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\E1.tmp.exe Trojan.Agent DENY
2012/06/24 09:23:14 +0100 OFFICE karl ERROR Quarantine failed: SDKQuarantine failed with error code 2
2012/06/24 09:51:41 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\EC.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 09:51:41 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\EC.tmp.exe Trojan.Agent DENY
2012/06/24 09:51:41 +0100 OFFICE karl ERROR Quarantine failed: SDKQuarantine failed with error code 2
2012/06/24 10:29:05 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\F5.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 11:10:56 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\FC.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 11:10:56 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\FC.tmp.exe Trojan.Agent DENY
2012/06/24 11:10:56 +0100 OFFICE karl ERROR Quarantine failed: SDKQuarantine failed with error code 2
2012/06/24 14:33:04 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\FD.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 14:33:04 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\FD.tmp.exe Trojan.Agent DENY
2012/06/24 14:33:04 +0100 OFFICE karl ERROR Quarantine failed: SDKQuarantine failed with error code 2
2012/06/24 14:52:15 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\21A.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 14:52:15 +0100 OFFICE karl ERROR Quarantine failed: SDKQuarantine failed with error code 2
2012/06/24 15:15:11 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\21D.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 16:05:51 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\21E.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 16:05:51 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\21E.tmp.exe Trojan.Agent DENY
2012/06/24 16:05:51 +0100 OFFICE karl ERROR Quarantine failed: SDKQuarantine failed with error code 2

#5 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:15 PM

Posted 24 June 2012 - 10:22 AM

Hi

The Minitoolbox log you posted was incomplete. Please post the full contents of that log in your next reply.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#6 karlbleepingcomputer

karlbleepingcomputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 24 June 2012 - 10:47 AM

Interesting doing a ctr a ctr c in notepad++ although all the text is highlight the resulting ctr v only pastes as far the host content so using notepad.exe and here is the complete log. Apologies karl


MiniToolBox by Farbar Version: 09-06-2012
Ran by karl (administrator) on 24-06-2012 at 14:54:10
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 4

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce 10/100 Mbps Ethernet = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Bluetooth Network Connection"

set address name="Bluetooth Network Connection" source=dhcp
set dns name="Bluetooth Network Connection" source=dhcp register=PRIMARY
set wins name="Bluetooth Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : office

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet

Physical Address. . . . . . . . . : 00-25-22-7A-29-AA

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.66

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : 24 June 2012 08:28:26

Lease Expires . . . . . . . . . . : 14 July 2012 08:28:26



Ethernet adapter Bluetooth Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #5

Physical Address. . . . . . . . . : 00-40-05-52-7F-C7

Server: api.home
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.41.97, 173.194.41.102, 173.194.41.103, 173.194.41.96
173.194.41.99, 173.194.41.104, 173.194.41.101, 173.194.41.98, 173.194.41.105
173.194.41.110, 173.194.41.100



Pinging google.com [173.194.41.98] with 32 bytes of data:



Reply from 173.194.41.98: bytes=32 time=24ms TTL=52

Reply from 173.194.41.98: bytes=32 time=21ms TTL=52



Ping statistics for 173.194.41.98:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 21ms, Maximum = 24ms, Average = 22ms

Server: api.home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=295ms TTL=45

Reply from 72.30.38.140: bytes=32 time=202ms TTL=45



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 202ms, Maximum = 295ms, Average = 248ms

Server: api.home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 25 22 7a 29 aa ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
0x10004 ...00 40 05 52 7f c7 ...... Bluetooth Device (Personal Area Network) #5
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.66 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.66 192.168.1.66 20
192.168.1.0 255.255.255.0 192.168.1.66 192.168.1.66 20
192.168.1.66 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.66 192.168.1.66 20
224.0.0.0 240.0.0.0 192.168.1.66 192.168.1.66 20
255.255.255.255 255.255.255.255 192.168.1.66 192.168.1.66 1
255.255.255.255 255.255.255.255 192.168.1.66 10004 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/23/2012 06:01:41 PM) (Source: Application Error) (User: )
Description: Fault bucket -1264370443.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (06/23/2012 05:58:01 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]

Error: (06/22/2012 11:26:59 PM) (Source: Application Error) (User: )
Description: Fault bucket 223870309.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (06/22/2012 11:05:23 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]

Error: (06/15/2012 08:18:23 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]

Error: (06/13/2012 04:47:14 PM) (Source: Microsoft Office 11) (User: )
Description: Rejected Safe Mode action : Microsoft Office Outlook.


System errors:
=============
Error: (06/22/2012 11:39:30 PM) (Source: Service Control Manager) (User: )
Description: The Apache2.2 service terminated with service-specific error 1 (0x1).

Error: (06/22/2012 05:34:50 PM) (Source: Service Control Manager) (User: )
Description: The Apache2.2 service terminated with service-specific error 1 (0x1).

Error: (06/22/2012 10:04:28 AM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverDELLD600NetBT_Tcpip_{696DD1D8-1129-4147-

Error: (06/20/2012 11:32:42 PM) (Source: Service Control Manager) (User: )
Description: The Apache2.2 service terminated with service-specific error 1 (0x1).

Error: (06/18/2012 11:21:16 PM) (Source: Service Control Manager) (User: )
Description: The Apache2.2 service terminated with service-specific error 1 (0x1).

Error: (06/15/2012 08:42:27 AM) (Source: Service Control Manager) (User: )
Description: The Apache2.2 service terminated with service-specific error 1 (0x1).

Error: (06/14/2012 10:26:52 PM) (Source: Service Control Manager) (User: )
Description: The Apache2.2 service terminated with service-specific error 1 (0x1).

Error: (06/13/2012 11:25:54 PM) (Source: Service Control Manager) (User: )
Description: The Apache2.2 service terminated with service-specific error 1 (0x1).

Error: (06/12/2012 11:18:33 PM) (Source: Service Control Manager) (User: )
Description: The Apache2.2 service terminated with service-specific error 1 (0x1).

Error: (06/11/2012 09:18:49 PM) (Source: Service Control Manager) (User: )
Description: The Apache2.2 service terminated with service-specific error 1 (0x1).


Microsoft Office Sessions:
=========================
Error: (06/23/2012 06:01:41 PM) (Source: Application Error)(User: )
Description: -1264370443

Error: (06/23/2012 05:58:01 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.3.300.262ntdll.dll5.1.2600.6055000113c0

Error: (06/22/2012 11:26:59 PM) (Source: Application Error)(User: )
Description: 223870309

Error: (06/22/2012 11:05:23 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.000000000

Error: (06/15/2012 08:18:23 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.000000000

Error: (06/13/2012 04:47:14 PM) (Source: Microsoft Office 11)(User: )
Description: Microsoft Office Outlook


=========================== Installed Programs ============================

Adobe Acrobat - Reader 6.0.2 Update (Version: 6.0.2)
Adobe Acrobat 6.0.1 Professional (Version: 006.000.001)
Adobe Acrobat and Reader 6.0.3 Update (Version: 6.0.3)
Adobe Acrobat and Reader 6.0.4 Update (Version: 6.0.4)
Adobe Acrobat and Reader 6.0.5 Update (Version: 6.0.5)
Adobe Acrobat and Reader 6.0.6 Update (Version: 6.0.6)
Adobe AIR (Version: 2.6.0.19140)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Bridge 1.0 (Version: 1.0.1.1)
Adobe Common File Installer (Version: 1.00.002)
Adobe Digital Editions
Adobe Encore DVD 2.0 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Help Center 2.0 (Version: 2.0.0)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Adobe Stock Photos 1.0 (Version: 1.0.2)
AiO_Scan_CDA (Version: 70.0.231.000)
AiOSoftwareNPI (Version: 70.0.231.000)
Apple Application Support (Version: 2.1.6)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 70.0.170.000)
C3100 (Version: 70.0.231.000)
c3100_Help (Version: 70.0.231.000)
calibre (Version: 0.8.55)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
ConTEXT v0.98.6
CSVed 2.1.4 (Version: 2.1.4)
CustomerResearchQFolder (Version: 1.00.0000)
DebugMode Wink
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 7.0.0.0)
DocProcQFolder (Version: 1.00.0000)
DVD Shrink 3.2
DVDStyler v2.1
EPSON Printer Software
eSupportQFolder (Version: 1.00.0000)
FastStone Photo Resizer 2.9 (Version: 2.9)
Fax_CDA (Version: 70.0.231.000)
FileZilla Client 3.5.3 (Version: 3.5.3)
Flash Renamer 4.61
FormatFactory 2.90 (Version: 2.90)
FreeOCR 3.0 (Version: 3.0)
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 19.0.1084.56)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Gears (Version: 0.5.3600)
Google Update Helper (Version: 1.3.21.111)
HP Customer Participation Program 7.0 (Version: 7.0)
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart Essential (Version: 1.9.1.3)
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant (Version: 100.000.001.000)
HP Solution Center 7.0 (Version: 7.0)
HP Update (Version: 5.003.001.001)
HPPhotoSmartExpress (Version: 70.0.170.000)
HPProductAssistant (Version: 70.0.170.000)
IETester v0.4.11 (remove only) (Version: 0.4.11)
Inkscape 0.48.0 (Version: 0.48.0)
InstantShareAlert (Version: 1.00.0000)
InstantShareDevicesMFC (Version: 70.0.170.000)
IrfanView (remove only) (Version: 4.28)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 31 (Version: 6.0.310)
Just Great Software EditPad Lite 6.6.4 (Version: 6.6.4)
Kindle Collection Manager (Version: 0.5.3)
LiveUpdate 1.6 (Symantec Corporation)
Logitech Audio Echo Cancellation Component (Version: 10.51.2027)
Logitech QuickCam (Version: 10.51.2029)
Logitech Video Enumerator (Version: 10.51.2027)
Logitech® Camera Driver
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MarketResearch (Version: 70.0.170.000)
MediaMonkey 4.0 (Version: 4.0)
Meracl ImageMap Generator v3.5.3
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WinUsb 1.0
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Mozilla Firefox 13.0.1 (x86 en-GB) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSVC80_x86 (Version: 1.0.1.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MVision (Version: 10.51.2027)
MyPhoneExplorer (Version: 1.7.6)
Nero 6 Enterprise Edition
NewCopy_CDA (Version: 70.0.231.000)
Nokia Connectivity Cable Driver (Version: 7.1.78.0)
Nokia PC Suite (Version: 7.1.30.9)
Nokia Software Updater (Version: 3.0.655)
Nokia Suite (Version: 3.4.49.0)
Norton AntiVirus Corporate Edition (Version: 7.6.0.0000)
Notepad++ (Version: 6.1.3)
NVIDIA Drivers (Version: 1.3)
OCR Software by I.R.I.S 7.0 (Version: 7.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera 11.62 (Version: 11.62.1347)
Paint Shop Pro 5.0
PanoStandAlone (Version: 70.0.170.000)
PC Connectivity Solution (Version: 12.0.17.0)
Picasa 3 (Version: 3.8)
Platform (Version: 1.34)
PNGGauntlet (Version: 2.1.3)
ProductContextNPI (Version: 70.0.231.000)
Quake II
QuickTime (Version: 7.71.80.42)
Readme (Version: 70.0.231.000)
Roblox for karl
Safari (Version: 5.34.57.2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2200.0)
SBSH SafeWallet
Scan (Version: 7.0.0.0)
ScannerCopy (Version: 7.0.0.0)
SeaMonkey (2.10.1) (Version: 2.10.1 (en-GB))
Skype™ 5.9 (Version: 5.9.123)
SolutionCenter (Version: 70.0.170.000)
SQLXML Bulkload in .NET Code Sample (Version: 1.0.0)
Status (Version: 70.0.170.000)
Stickman 5 (Version: 5.5)
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49 (Version: v2011.build.49)
swMSM (Version: 12.0.0.1)
Toolbox (Version: 70.0.170.000)
TrayApp (Version: 70.0.170.000)
Unity Web Player (Version: )
Unload (Version: 7.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VIA Platform Device Manager (Version: 1.34)
VLC media player 1.1.11 (Version: 1.1.11)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 70.0.170.000)
Windows Driver Package - Nokia Modem (06/01/2009 4.1) (Version: 06/01/2009 4.1)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3) (Version: 06/01/2009 7.01.0.3)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinHTTrack Website Copier 3.44-1 (Version: 3.44.1)
WinRAR archiver
WinSCP 5.0.6 beta (Version: 5.0.6 beta)
WinZip (Version: 9.0 (6028))
Xfire (remove only)
Xvid MPEG-4 Video Codec
YouTube Downloader 3.3

========================= Devices: ================================

Name: N8-00
Description: N8-00
Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 73%
Total physical RAM: 1791.23 MB
Available physical RAM: 482.18 MB
Total Pagefile: 5639.66 MB
Available Pagefile: 4303.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.39 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:426.27 GB) NTFS
2 Drive d: (D drive 320) (Fixed) (Total:146.48 GB) (Free:130.37 GB) NTFS
3 Drive e: (E Drive 320) (Fixed) (Total:151.61 GB) (Free:125.11 GB) NTFS
4 Drive f: (c drive old) (Fixed) (Total:154.76 GB) (Free:122.51 GB) NTFS
5 Drive g: (D DRIVE OLD) (Fixed) (Total:78.11 GB) (Free:67.62 GB) FAT32

========================= Users: ========================================

User accounts for \\OFFICE

Administrator Guest HelpAssistant
karl SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini011112-01.dmp
========================= Restore Points ==================================


**** End of log ****

#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:15 PM

Posted 24 June 2012 - 11:11 AM

Hi

Please do the following next:

Step 1

  • Launch Malwarebytes' Anti-Malware (MBAM)
  • Click on the tab update, then click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Then on the Scanner tab select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

Note: Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Users\<Username>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


Step 2

I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step 3

How is the computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#8 karlbleepingcomputer

karlbleepingcomputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 25 June 2012 - 07:59 AM

In answer to your question is the computer running better - I still have the issue with Chrome Safari Opera not opening when clicking on the either a shortcut or directly from the exe. Neither does the process appear in the task manager. When using firefox to access a website that calls the jquery cdn or any google product page ie gmail (not maps) the screen is filled with ascii characters.


2012/06/24 08:28:51 +0100 OFFICE MESSAGE Starting protection
2012/06/24 08:29:07 +0100 OFFICE MESSAGE Protection started successfully
2012/06/24 08:29:10 +0100 OFFICE MESSAGE Starting IP protection
2012/06/24 08:30:31 +0100 OFFICE karl MESSAGE IP Protection started successfully
2012/06/24 08:34:22 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\C7.tmp.exe Trojan.Agent DENY
2012/06/24 08:34:22 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\C7.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 08:37:57 +0100 OFFICE karl IP-BLOCK 103.246.248.155 (Type: outgoing)
2012/06/24 08:38:00 +0100 OFFICE karl IP-BLOCK 103.246.248.155 (Type: outgoing)
2012/06/24 08:38:06 +0100 OFFICE karl IP-BLOCK 103.246.248.155 (Type: outgoing)
2012/06/24 08:39:57 +0100 OFFICE karl IP-BLOCK 103.246.248.155 (Type: outgoing)
2012/06/24 08:40:00 +0100 OFFICE karl IP-BLOCK 103.246.248.155 (Type: outgoing)
2012/06/24 08:40:06 +0100 OFFICE karl IP-BLOCK 103.246.248.155 (Type: outgoing)
2012/06/24 08:40:23 +0100 OFFICE karl MESSAGE Executing scheduled update: Daily
2012/06/24 08:40:30 +0100 OFFICE karl MESSAGE Scheduled update executed successfully: database updated from version v2012.06.23.02 to version v2012.06.24.01
2012/06/24 08:40:30 +0100 OFFICE karl MESSAGE Starting database refresh
2012/06/24 08:40:31 +0100 OFFICE karl MESSAGE Stopping IP protection
2012/06/24 08:40:31 +0100 OFFICE karl MESSAGE IP Protection stopped
2012/06/24 08:40:35 +0100 OFFICE karl MESSAGE Database refreshed successfully
2012/06/24 08:40:35 +0100 OFFICE karl MESSAGE Starting IP protection
2012/06/24 08:40:47 +0100 OFFICE karl MESSAGE IP Protection started successfully
2012/06/24 08:49:45 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\122.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 08:52:29 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\E0.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 09:23:14 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\E1.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 09:23:14 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\E1.tmp.exe Trojan.Agent DENY
2012/06/24 09:23:14 +0100 OFFICE karl ERROR Quarantine failed: SDKQuarantine failed with error code 2
2012/06/24 09:51:41 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\EC.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 09:51:41 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\EC.tmp.exe Trojan.Agent DENY
2012/06/24 09:51:41 +0100 OFFICE karl ERROR Quarantine failed: SDKQuarantine failed with error code 2
2012/06/24 10:29:05 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\F5.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 11:10:56 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\FC.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 11:10:56 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\FC.tmp.exe Trojan.Agent DENY
2012/06/24 11:10:56 +0100 OFFICE karl ERROR Quarantine failed: SDKQuarantine failed with error code 2
2012/06/24 14:33:04 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\FD.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 14:33:04 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\FD.tmp.exe Trojan.Agent DENY
2012/06/24 14:33:04 +0100 OFFICE karl ERROR Quarantine failed: SDKQuarantine failed with error code 2
2012/06/24 14:52:15 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\21A.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 14:52:15 +0100 OFFICE karl ERROR Quarantine failed: SDKQuarantine failed with error code 2
2012/06/24 15:15:11 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\21D.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 16:05:51 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\21E.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 16:05:51 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\21E.tmp.exe Trojan.Agent DENY
2012/06/24 16:05:51 +0100 OFFICE karl ERROR Quarantine failed: SDKQuarantine failed with error code 2
2012/06/24 16:39:44 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\21F.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 16:39:44 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\21F.tmp.exe Trojan.Agent DENY
2012/06/24 16:39:44 +0100 OFFICE karl ERROR Quarantine failed: SDKQuarantine failed with error code 2
2012/06/24 16:59:12 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\220.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 16:59:12 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\220.tmp.exe Trojan.Agent DENY
2012/06/24 16:59:12 +0100 OFFICE karl ERROR Quarantine failed: SDKQuarantine failed with error code 2
2012/06/24 17:57:59 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\221.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 17:57:59 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\221.tmp.exe Trojan.Agent DENY
2012/06/24 17:57:59 +0100 OFFICE karl ERROR Quarantine failed: SDKQuarantine failed with error code 2
2012/06/24 19:34:20 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\222.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 19:34:20 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\222.tmp.exe Trojan.Agent DENY
2012/06/24 19:34:20 +0100 OFFICE karl ERROR Quarantine failed: SDKQuarantine failed with error code 2
2012/06/24 23:31:51 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\223.tmp.exe Trojan.Agent QUARANTINE
2012/06/24 23:31:51 +0100 OFFICE karl DETECTION C:\Documents and Settings\karl\Local Settings\Temp\223.tmp.exe Trojan.Agent DENY
2012/06/24 23:31:51 +0100 OFFICE karl ERROR Quarantine failed: SDKQuarantine failed with error code 2


ESET Log

E:\software\SUPERsetup this has lots of toolbars you need to disable .exe Win32/OpenCandy application cleaned by deleting - quarantined
E:\software\YouTubeDownloaderSetup33.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
E:\software\mobile_stuff\nokia\n8\bestjotter_MobiDhoom.Com\bestjotter_MobiDhoom.Com.rar a variant of Win32/Keygen.BV application deleted - quarantined
E:\software\mobile_stuff\nokia\n8\bestjotter_MobiDhoom.Com\keygen.exe a variant of Win32/Keygen.BV application cleaned by deleting - quarantined
G:\desktop\Nokia\bestjotter_MobiDhoom.Com\bestjotter_MobiDhoom.Com.rar a variant of Win32/Keygen.BV application deleted - quarantined
G:\desktop\Nokia\bestjotter_MobiDhoom.Com\keygen.exe a variant of Win32/Keygen.BV application cleaned by deleting - quarantined

Edited by karlbleepingcomputer, 25 June 2012 - 08:03 AM.


#9 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:15 PM

Posted 25 June 2012 - 10:46 AM

Hi

Please post the latest MBAM log, which can be found below in your next reply:

C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#10 karlbleepingcomputer

karlbleepingcomputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 25 June 2012 - 10:51 AM

This is the latest log file from MBAM

2012/06/25 08:09:18 +0100 OFFICE MESSAGE Starting protection
2012/06/25 08:09:29 +0100 OFFICE MESSAGE Executing scheduled update: Daily
2012/06/25 08:09:34 +0100 OFFICE MESSAGE Protection started successfully
2012/06/25 08:09:37 +0100 OFFICE MESSAGE Starting IP protection
2012/06/25 08:09:45 +0100 OFFICE MESSAGE Scheduled update executed successfully: database updated from version v2012.06.24.01 to version v2012.06.25.05
2012/06/25 08:11:07 +0100 OFFICE karl MESSAGE IP Protection started successfully
2012/06/25 08:11:08 +0100 OFFICE karl MESSAGE Starting database refresh
2012/06/25 08:11:08 +0100 OFFICE karl MESSAGE Stopping IP protection
2012/06/25 08:11:08 +0100 OFFICE karl MESSAGE IP Protection stopped
2012/06/25 08:11:12 +0100 OFFICE karl MESSAGE Database refreshed successfully
2012/06/25 08:11:12 +0100 OFFICE karl MESSAGE Starting IP protection
2012/06/25 08:11:26 +0100 OFFICE karl MESSAGE IP Protection started successfully
2012/06/25 13:07:13 +0100 OFFICE MESSAGE Starting protection
2012/06/25 13:07:29 +0100 OFFICE MESSAGE Protection started successfully
2012/06/25 13:07:32 +0100 OFFICE MESSAGE Starting IP protection
2012/06/25 13:08:47 +0100 OFFICE karl MESSAGE IP Protection started successfully

#11 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:15 PM

Posted 25 June 2012 - 11:13 AM

Hi

Usually the logs made by MBAM I'm looking for are in a different format. I'll post an example of one in a few minutes.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#12 karlbleepingcomputer

karlbleepingcomputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 25 June 2012 - 11:33 AM

Here is the one from the location specified sorry I took the log file from the MBAM gui. This was a full scan.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.22.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
karl :: OFFICE [administrator]

Protection: Enabled

22/06/2012 19:18:19
mbam-log-2012-06-22 (19-18-19).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 687980
Time elapsed: 4 hour(s), 8 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by karlbleepingcomputer, 25 June 2012 - 11:35 AM.


#13 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:15 PM

Posted 25 June 2012 - 11:45 AM

Hi

Thats the right log, but it's outdated - 22nd June. - Please post the logs since this date.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#14 karlbleepingcomputer

karlbleepingcomputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 25 June 2012 - 11:48 AM

Ok will do, going to take about 4 hours to complete. More later as they say. Thanks

#15 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:15 PM

Posted 25 June 2012 - 12:26 PM

:thumbup2:

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users