Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

a few problems


  • Please log in to reply
21 replies to this topic

#1 somae

somae

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 04 July 2012 - 06:14 AM

Several problems.

The computer was having alot of problems after updating avira. Avira found nothing, but eset found 3 viruses and malwarebytes found 1. We kept getting an error when we would start firefox that I wasn't able to get rid of by removing and reinstalling the program so I deleted the user name and reinstalled it. SuperAntispyware is not finding anything although we're still going to the same sites that would cause many spyware hits.

This is what eset found:

C:\Documents and Settings\Administrator\Local Settings\Temp\is754907076\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\downloads\movie_player_1280.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\downloads\mozilla-firefox.exe a variant of Win32/InstallCore.X application cleaned by deleting - quarantined

Malwarebytes put this in quarantine: PUP.BundleOffers.IIQ

There were a number of "babylon" programs that came with the installation of firefox that I declined to install.

We've got a dell computer - pentium4 - 2.8GHz and 800MB RAM - running windows xp pro.

Also, I've been unable to install 2 security updates for windows. They're for the microsoft .NET framework.

Help appreciated.

Edited by somae, 04 July 2012 - 06:18 AM.


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:02 PM

Posted 04 July 2012 - 11:01 AM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

Step 1

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Step 2

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 3

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step 4

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 somae

somae
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 05 July 2012 - 10:02 AM

These are the results.

I was having trouble installing a printer driver and looked at "processes" in the task manager and saw that there was something called "mbamservices.exe" (I think). I don't know why this was running. I didn't ok anything to run automatically from mbam.

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.3
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.0.3
Java™ 7 Update 3
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.3.300.262
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Tall Emu Online Armor OAcat.exe
Tall Emu Online Armor oasrv.exe
Tall Emu Online Armor oaui.exe
Tall Emu Online Armor OAhlp.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````


Farbar Service Scanner Version: 02-07-2012
Ran by admin (administrator) on 05-07-2012 at 10:41:05
Running from "C:\Documents and Settings\admin\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(2) Gpc(3) IPSec(5) NetBT(6) OAmon(1) Tcpip(4)



**** End of log ****


MiniToolBox by Farbar Version: 25-06-2012
Ran by admin (administrator) on 05-07-2012 at 10:46:27
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 14220 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : DELL-TOP

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : Yes

DNS Suffix Search List. . . . . . : westell.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : westell.com

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-0C-F1-E9-AE-61

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.33

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Thursday, July 05, 2012 10:11:15 AM

Lease Expires . . . . . . . . . . : Friday, July 06, 2012 10:11:15 AM

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.43.6, 173.194.43.9, 173.194.43.7, 173.194.43.2
173.194.43.1, 173.194.43.3, 173.194.43.14, 173.194.43.5, 173.194.43.4
173.194.43.8, 173.194.43.0



Pinging google.com [173.194.43.0] with 32 bytes of data:



Reply from 173.194.43.0: bytes=32 time=33ms TTL=55

Reply from 173.194.43.0: bytes=32 time=33ms TTL=55



Ping statistics for 173.194.43.0:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 33ms, Maximum = 33ms, Average = 33ms

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=228ms TTL=56

Reply from 72.30.38.140: bytes=32 time=140ms TTL=56



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 140ms, Maximum = 228ms, Average = 184ms

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0c f1 e9 ae 61 ...... Intel® PRO/100 VE Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.33 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.33 192.168.1.33 20
192.168.1.33 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.33 192.168.1.33 20
224.0.0.0 240.0.0.0 192.168.1.33 192.168.1.33 20
255.255.255.255 255.255.255.255 192.168.1.33 192.168.1.33 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/05/2012 09:14:08 AM) (Source: Application Hang) (User: )
Description: Hanging application SamsungUniversalPrintDriver.exe, version 1.0.0.7, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/05/2012 09:14:08 AM) (Source: Application Hang) (User: )
Description: Hanging application SamsungUniversalPrintDriver.exe, version 1.0.0.7, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/05/2012 08:37:13 AM) (Source: MsiInstaller) (User: DELL-TOP)DELL-TOP
Description: Product: Document Express DjVu Plug-in -- Error 1704. An installation for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Error: (07/03/2012 10:34:02 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 13.0.1.4548, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (07/03/2012 08:45:28 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80029C4A from line 4068 of d:\comxp_sp3\com\com1x\src\events\tier1\agent.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (07/03/2012 07:48:25 AM) (Source: HotFixInstaller) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2656369, P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.

Error: (07/03/2012 07:48:23 AM) (Source: MsiInstaller) (User: DELL-TOP)DELL-TOP
Description: Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2656369v2' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\admin\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB2656369_20120703_114620437-Msi0.txt.

Error: (07/03/2012 07:48:23 AM) (Source: MsiInstaller) (User: DELL-TOP)DELL-TOP
Description:

Error: (07/03/2012 07:48:23 AM) (Source: MsiInstaller) (User: DELL-TOP)DELL-TOP
Description:

Error: (07/03/2012 07:47:43 AM) (Source: MsiInstaller) (User: DELL-TOP)DELL-TOP
Description:


System errors:
=============
Error: (07/05/2012 10:11:47 AM) (Source: 0) (User: )
Description:

Error: (07/05/2012 09:12:17 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (07/05/2012 08:54:18 AM) (Source: 0) (User: )
Description:

Error: (07/05/2012 07:27:42 AM) (Source: 0) (User: )
Description:

Error: (07/04/2012 08:28:46 PM) (Source: 0) (User: )
Description:

Error: (07/04/2012 00:25:56 PM) (Source: 0) (User: )
Description:

Error: (07/04/2012 06:49:14 AM) (Source: 0) (User: )
Description:

Error: (07/03/2012 10:45:09 PM) (Source: 0) (User: )
Description:

Error: (07/03/2012 10:35:12 PM) (Source: 0) (User: )
Description: \Device\LanmanServer

Error: (07/03/2012 10:34:12 PM) (Source: 0) (User: )
Description: \Device\LanmanServer


Microsoft Office Sessions:
=========================
Error: (07/05/2012 09:14:08 AM) (Source: Application Hang)(User: )
Description: SamsungUniversalPrintDriver.exe1.0.0.7hungapp0.0.0.000000000

Error: (07/05/2012 09:14:08 AM) (Source: Application Hang)(User: )
Description: SamsungUniversalPrintDriver.exe1.0.0.7hungapp0.0.0.000000000

Error: (07/05/2012 08:37:13 AM) (Source: MsiInstaller)(User: DELL-TOP)DELL-TOP
Description: Product: Document Express DjVu Plug-in -- Error 1704. An installation for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL)

Error: (07/03/2012 10:34:02 PM) (Source: Application Error)(User: )
Description: plugin-container.exe13.0.1.45480.0.0.000000000

Error: (07/03/2012 08:45:28 AM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\agent.cpp406880029C4A

Error: (07/03/2012 07:48:25 AM) (Source: HotFixInstaller)(User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb265636910331603msif9.0.40215.0installx86xp1711

Error: (07/03/2012 07:48:23 AM) (Source: MsiInstaller)(User: DELL-TOP)DELL-TOP
Description: Microsoft .NET Framework 2.0 Service Pack 2KB2656369v21603C:\DOCUME~1\admin\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB2656369_20120703_114620437-Msi0.txt

Error: (07/03/2012 07:48:23 AM) (Source: MsiInstaller)(User: DELL-TOP)DELL-TOP
Description: (NULL)(NULL)(NULL)

Error: (07/03/2012 07:48:23 AM) (Source: MsiInstaller)(User: DELL-TOP)DELL-TOP
Description: (NULL)(NULL)(NULL)

Error: (07/03/2012 07:47:43 AM) (Source: MsiInstaller)(User: DELL-TOP)DELL-TOP
Description: (NULL)(NULL)(NULL)


=========================== Installed Programs ============================

1600 (Version: 47.0.1.000)
1600_Help (Version: 47.1.14.000)
1600Trb (Version: 47.1.14.000)
Adobe Acrobat 6.0.1 Standard (Version: 006.000.001)
Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Ahead InCD
AiO_Scan (Version: 47.0.1.000)
AiOSoftware (Version: 47.0.1.000)
AnswerWorks Runtime
ASTRA32 - Advanced System Information Tool 2.05 (Version: 2.05)
avast! Free Antivirus (Version: 7.0.1451.0)
Avi2Dvd 0.6.4 (Version: 0.6.4)
BufferChm (Version: 45.4.157.000)
CambridgeSoft ChemDraw Plugin Net 12.0 (Version: 12.0)
Copy (Version: 45.4.157.000)
Corel Applications
CP_AtenaShokunin1Config (Version: 45.4.131.000)
cp_dwShrek2Albums1 (Version: 45.4.157.000)
cp_dwShrek2Cards1 (Version: 45.4.157.000)
CreativeProjects (Version: 45.4.157.000)
CreativeProjectsTemplates (Version: 45.4.157.000)
CueTour (Version: 45.4.157.000)
Destinations (Version: 45.4.157.000)
Director (Version: 45.4.157.000)
DocProc (Version: 4.5.0.0)
Document Express DjVu Plug-in (Version: 6.1.27999)
DocumentViewer (Version: 45.4.157.000)
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
ESET Online Scanner v3
Fax (Version: 47.0.1.000)
Free Easy Burner V 5.1 (Version: 5.1.0.0)
GnuWin32: Gzip-1.3.12-1 (Version: 1.3.12-1)
GnuWin32: OpenSSL-0.9.8h-1 (Version: 0.9.8h-1)
Haali Media Splitter
HP Extended Capabilities 4.7 (Version: 4.7)
HP Image Zone 4.7 (Version: 4.7)
HP Product Assistant (Version: 2.0.0.0)
HP PSC & OfficeJet 4.7
HP Software Update (Version: 3.0.2.991)
HPSystemDiagnostics (Version: 1.6.0.0)
ImgBurn (Version: 2.5.6.0)
InstantShare (Version: 45.4.157.000)
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4363)
Intel® PRO Network Adapters and Drivers
Intel® PROSet (Version: 6.05.2001)
IsoBuster 2.8.5 (Version: 2.8.5)
Java™ 7 Update 3 (Version: 7.0.30)
JavaFX 2.0.3 (Version: 2.0.3)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MarketResearch (Version: 45.4.158.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Word 2003 XML Viewer (Version: 1.0.6113.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word 97
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
Mplayer 0.6.9 (Version: 0.6.9)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NirSoft WebVideoCap
Online Armor 5.5 (Version: 5.5)
OpenOffice.org 3.2 (Version: 3.2.9483)
PanoStandAlone (Version: 45.4.157.000)
PDF-Viewer (Version: 2.0.42.9)
Photo Explosion Deluxe (Version: 2.0)
PhotoGallery (Version: 45.4.157.000)
Platform (Version: 1.34)
ProductContext (Version: 47.1.14.000)
QFolder (Version: 1.00.0000)
Quicken 2001 Basic
Readme (Version: 47.0.1.000)
Samsung ML-2250 Series
Scan (Version: 4.5.0.0)
ScannerCopy (Version: 4.5.0.0)
SkinsHP1 (Version: 45.4.157.000)
Smart Defrag 2 (Version: 2.3)
SoundMAX (Version: 5.12.01.5246)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.3 (Version: 4.3.0)
SUPERAntiSpyware (Version: 5.0.1118)
TrayApp (Version: 45.4.157.000)
Unload (Version: 4.5.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC 9.0 Runtime (Version: 1.0.0)
VIA Platform Device Manager (Version: 1.34)
Visual C++ 8.0 CRT (x86) WinSXS MSM (Version: 8.0.50727.762)
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM (Version: 8.0.50727.762)
VLC media player 2.0.1 (Version: 2.0.1)
WebFldrs XP (Version: 9.50.6513)
WebReg (Version: 45.4.157.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
XML Notepad 2007 (Version: 2.3.0.0)
Xvid 1.2.2 final uninstall (Version: 1.2)
Xvid Video Codec (Version: 1.3.2)
ZeroFootprint Crypt 4.03.05

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 765.98 MB
Available physical RAM: 408.3 MB
Total Pagefile: 1492.48 MB
Available Pagefile: 1183.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.43 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:189.91 GB) (Free:152.41 GB) NTFS
3 Drive d: (InCD) (CDROM) (Total:0.56 GB) (Free:0.52 GB) FS_UDF
4 Drive e: (InCD) (CDROM) (Total:0.56 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\DELL-TOP

admin Administrator ASPNET
Guest HelpAssistant soma

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

04-07-2012 02:32:27 System Checkpoint
04-07-2012 13:19:05 System Checkpoint
05-07-2012 12:37:22 Installed Document Express DjVu Plug-in
05-07-2012 13:50:06 Printer Driver Samsung ML-2250 Series Installed

**** End of log ****



10:22:52.0015 3224 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
10:22:52.0531 3224 ============================================================
10:22:52.0531 3224 Current date / time: 2012/07/05 10:22:52.0531
10:22:52.0531 3224 SystemInfo:
10:22:52.0531 3224
10:22:52.0531 3224 OS Version: 5.1.2600 ServicePack: 3.0
10:22:52.0531 3224 Product type: Workstation
10:22:52.0531 3224 ComputerName: DELL-TOP
10:22:52.0531 3224 UserName: admin
10:22:52.0531 3224 Windows directory: C:\WINDOWS
10:22:52.0531 3224 System windows directory: C:\WINDOWS
10:22:52.0531 3224 Processor architecture: Intel x86
10:22:52.0531 3224 Number of processors: 1
10:22:52.0531 3224 Page size: 0x1000
10:22:52.0531 3224 Boot type: Normal boot
10:22:52.0531 3224 ============================================================
10:22:54.0968 3224 Drive \Device\Harddisk0\DR0 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:22:54.0968 3224 ============================================================
10:22:54.0968 3224 \Device\Harddisk0\DR0:
10:22:54.0968 3224 MBR partitions:
10:22:54.0968 3224 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17BD13D8
10:22:54.0968 3224 ============================================================
10:22:55.0000 3224 C: <-> \Device\Harddisk0\DR0\Partition0
10:22:55.0000 3224 ============================================================
10:22:55.0000 3224 Initialize success
10:22:55.0000 3224 ============================================================
10:23:57.0093 3488 ============================================================
10:23:57.0093 3488 Scan started
10:23:57.0093 3488 Mode: Manual; SigCheck; TDLFS;
10:23:57.0093 3488 ============================================================
10:23:57.0296 3488 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:23:57.0562 3488 !SASCORE - ok
10:23:57.0656 3488 Aavmker4 (5803b5f166ee9865a3c763127dce02fd) C:\WINDOWS\system32\drivers\Aavmker4.sys
10:23:57.0781 3488 Aavmker4 - ok
10:23:57.0796 3488 Abiosdsk - ok
10:23:57.0812 3488 abp480n5 - ok
10:23:57.0859 3488 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:23:58.0296 3488 ACPI - ok
10:23:58.0328 3488 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:23:58.0531 3488 ACPIEC - ok
10:23:58.0546 3488 adpu160m - ok
10:23:58.0578 3488 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:23:58.0796 3488 aec - ok
10:23:58.0828 3488 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:23:58.0906 3488 AFD - ok
10:23:58.0921 3488 Aha154x - ok
10:23:58.0921 3488 aic78u2 - ok
10:23:58.0953 3488 aic78xx - ok
10:23:58.0984 3488 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:23:59.0187 3488 Alerter - ok
10:23:59.0218 3488 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:23:59.0406 3488 ALG - ok
10:23:59.0421 3488 AliIde - ok
10:23:59.0437 3488 amsint - ok
10:23:59.0484 3488 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
10:23:59.0687 3488 AppMgmt - ok
10:23:59.0703 3488 asc - ok
10:23:59.0718 3488 asc3350p - ok
10:23:59.0734 3488 asc3550 - ok
10:23:59.0859 3488 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:23:59.0921 3488 aspnet_state - ok
10:23:59.0968 3488 ASTRA32 (5fc1fed39ed5d3f71c7d2fc16a49e2a2) C:\Program Files\ASTRA32\ASTRA32.sys
10:24:00.0015 3488 ASTRA32 - ok
10:24:00.0046 3488 aswFsBlk (5679eaf49f7e2a93ceadcf0aaf6fa3a3) C:\WINDOWS\system32\drivers\aswFsBlk.sys
10:24:00.0093 3488 aswFsBlk - ok
10:24:00.0109 3488 aswMon2 (61c194bc48521cb55be2763a33f77d44) C:\WINDOWS\system32\drivers\aswMon2.sys
10:24:00.0156 3488 aswMon2 - ok
10:24:00.0171 3488 aswRdr (b221d97841c02ae79ec5c56172724f5c) C:\WINDOWS\system32\drivers\aswRdr.sys
10:24:00.0203 3488 aswRdr - ok
10:24:00.0250 3488 aswSnx (1aee85af4b664ea9e22ebe41e8f96571) C:\WINDOWS\system32\drivers\aswSnx.sys
10:24:00.0328 3488 aswSnx - ok
10:24:00.0375 3488 aswSP (3c9d1aeb0fafa8493335503ebee9a301) C:\WINDOWS\system32\drivers\aswSP.sys
10:24:00.0421 3488 aswSP - ok
10:24:00.0453 3488 aswTdi (74f58f4adafaf50b9a09cb6e17b4ee49) C:\WINDOWS\system32\drivers\aswTdi.sys
10:24:00.0484 3488 aswTdi - ok
10:24:00.0531 3488 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:24:00.0734 3488 AsyncMac - ok
10:24:00.0750 3488 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:24:00.0968 3488 atapi - ok
10:24:00.0984 3488 Atdisk - ok
10:24:01.0015 3488 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:24:01.0218 3488 Atmarpc - ok
10:24:01.0250 3488 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:24:01.0453 3488 AudioSrv - ok
10:24:01.0484 3488 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:24:01.0671 3488 audstub - ok
10:24:01.0734 3488 avast! Antivirus (b31f785751157aa8e2a33ea1cb4dc5be) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:24:01.0765 3488 avast! Antivirus - ok
10:24:01.0812 3488 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:24:02.0046 3488 Beep - ok
10:24:02.0093 3488 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
10:24:02.0312 3488 BITS - ok
10:24:02.0343 3488 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:24:02.0546 3488 Browser - ok
10:24:02.0578 3488 BsStor (d6d0f3860f022a12e888965f8237cbd9) C:\WINDOWS\system32\DRIVERS\bsstor.sys
10:24:02.0593 3488 BsStor ( UnsignedFile.Multi.Generic ) - warning
10:24:02.0593 3488 BsStor - detected UnsignedFile.Multi.Generic (1)
10:24:02.0640 3488 BsUDF (d09205ed52e399e2002d82003ceafc5c) C:\WINDOWS\system32\drivers\BsUDF.sys
10:24:02.0687 3488 BsUDF ( UnsignedFile.Multi.Generic ) - warning
10:24:02.0687 3488 BsUDF - detected UnsignedFile.Multi.Generic (1)
10:24:02.0734 3488 bvrp_pci (c915a416f265149471d74e0815c928b2) C:\WINDOWS\System32\drivers\bvrp_pci.sys
10:24:02.0750 3488 bvrp_pci ( UnsignedFile.Multi.Generic ) - warning
10:24:02.0750 3488 bvrp_pci - detected UnsignedFile.Multi.Generic (1)
10:24:02.0812 3488 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:24:03.0015 3488 cbidf2k - ok
10:24:03.0031 3488 cd20xrnt - ok
10:24:03.0062 3488 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:24:03.0281 3488 Cdaudio - ok
10:24:03.0296 3488 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:24:03.0500 3488 Cdfs - ok
10:24:03.0515 3488 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:24:03.0718 3488 Cdrom - ok
10:24:03.0734 3488 Changer - ok
10:24:03.0765 3488 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:24:04.0000 3488 CiSvc - ok
10:24:04.0031 3488 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:24:04.0234 3488 ClipSrv - ok
10:24:04.0328 3488 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:24:04.0468 3488 clr_optimization_v2.0.50727_32 - ok
10:24:04.0484 3488 CmdIde - ok
10:24:04.0484 3488 COMSysApp - ok
10:24:04.0531 3488 Cpqarray - ok
10:24:04.0562 3488 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:24:04.0765 3488 CryptSvc - ok
10:24:04.0781 3488 dac2w2k - ok
10:24:04.0796 3488 dac960nt - ok
10:24:04.0843 3488 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:24:04.0953 3488 DcomLaunch - ok
10:24:05.0000 3488 DgiVecp (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys
10:24:05.0015 3488 DgiVecp ( UnsignedFile.Multi.Generic ) - warning
10:24:05.0015 3488 DgiVecp - detected UnsignedFile.Multi.Generic (1)
10:24:05.0062 3488 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:24:05.0265 3488 Dhcp - ok
10:24:05.0281 3488 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:24:05.0484 3488 Disk - ok
10:24:05.0500 3488 dmadmin - ok
10:24:05.0562 3488 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:24:05.0828 3488 dmboot - ok
10:24:05.0859 3488 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:24:06.0062 3488 dmio - ok
10:24:06.0078 3488 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:24:06.0281 3488 dmload - ok
10:24:06.0312 3488 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:24:06.0500 3488 dmserver - ok
10:24:06.0531 3488 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:24:06.0734 3488 DMusic - ok
10:24:06.0781 3488 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
10:24:06.0875 3488 Dnscache - ok
10:24:06.0921 3488 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:24:07.0140 3488 Dot3svc - ok
10:24:07.0156 3488 dpti2o - ok
10:24:07.0187 3488 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:24:07.0390 3488 drmkaud - ok
10:24:07.0421 3488 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:24:07.0500 3488 E100B - ok
10:24:07.0531 3488 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:24:07.0750 3488 EapHost - ok
10:24:07.0796 3488 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:24:08.0031 3488 ERSvc - ok
10:24:08.0062 3488 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:24:08.0125 3488 Eventlog - ok
10:24:08.0171 3488 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
10:24:08.0265 3488 EventSystem - ok
10:24:08.0312 3488 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:24:08.0531 3488 Fastfat - ok
10:24:08.0562 3488 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:24:08.0640 3488 FastUserSwitchingCompatibility - ok
10:24:08.0656 3488 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:24:08.0859 3488 Fdc - ok
10:24:08.0890 3488 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:24:09.0093 3488 Fips - ok
10:24:09.0109 3488 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:24:09.0296 3488 Flpydisk - ok
10:24:09.0328 3488 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:24:09.0515 3488 FltMgr - ok
10:24:09.0625 3488 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:24:09.0671 3488 FontCache3.0.0.0 - ok
10:24:09.0687 3488 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:24:09.0921 3488 Fs_Rec - ok
10:24:09.0937 3488 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:24:10.0187 3488 Ftdisk - ok
10:24:10.0218 3488 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:24:10.0250 3488 GEARAspiWDM - ok
10:24:10.0296 3488 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:24:10.0484 3488 Gpc - ok
10:24:10.0546 3488 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:24:10.0734 3488 helpsvc - ok
10:24:10.0750 3488 HidServ - ok
10:24:10.0781 3488 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:24:10.0968 3488 hidusb - ok
10:24:11.0015 3488 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:24:11.0234 3488 hkmsvc - ok
10:24:11.0234 3488 hpn - ok
10:24:11.0281 3488 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:24:11.0359 3488 HPZid412 - ok
10:24:11.0375 3488 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:24:11.0437 3488 HPZipr12 - ok
10:24:11.0453 3488 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:24:11.0531 3488 HPZius12 - ok
10:24:11.0578 3488 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:24:11.0656 3488 HTTP - ok
10:24:11.0687 3488 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:24:11.0906 3488 HTTPFilter - ok
10:24:11.0921 3488 i2omgmt - ok
10:24:11.0937 3488 i2omp - ok
10:24:11.0968 3488 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:24:12.0156 3488 i8042prt - ok
10:24:12.0234 3488 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:24:12.0343 3488 ialm - ok
10:24:12.0484 3488 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:24:12.0578 3488 idsvc - ok
10:24:12.0640 3488 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:24:12.0875 3488 Imapi - ok
10:24:12.0921 3488 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
10:24:13.0125 3488 ImapiService - ok
10:24:13.0156 3488 ini910u - ok
10:24:13.0234 3488 IntelC51 (bcc7baa754e74f7588397af683e01918) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
10:24:13.0390 3488 IntelC51 - ok
10:24:13.0437 3488 IntelC52 (3ece5e32ec28bb28d84eefc6ee3a76b9) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
10:24:13.0515 3488 IntelC52 - ok
10:24:13.0531 3488 IntelC53 (c99b4d61ad43bb324771e753e8f99063) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
10:24:13.0578 3488 IntelC53 - ok
10:24:13.0593 3488 IntelIde - ok
10:24:13.0625 3488 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:24:13.0812 3488 intelppm - ok
10:24:13.0843 3488 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:24:14.0046 3488 ip6fw - ok
10:24:14.0093 3488 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:24:14.0296 3488 IpFilterDriver - ok
10:24:14.0312 3488 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:24:14.0515 3488 IpInIp - ok
10:24:14.0546 3488 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:24:14.0750 3488 IpNat - ok
10:24:14.0781 3488 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:24:15.0015 3488 IPSec - ok
10:24:15.0031 3488 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:24:15.0218 3488 IRENUM - ok
10:24:15.0250 3488 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:24:15.0453 3488 isapnp - ok
10:24:15.0562 3488 JavaQuickStarterService (d9b1e929f2464d4c23fa9cb47df4a1d4) C:\Program Files\Java\jre7\bin\jqs.exe
10:24:15.0609 3488 JavaQuickStarterService - ok
10:24:15.0640 3488 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:24:15.0828 3488 Kbdclass - ok
10:24:15.0859 3488 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:24:16.0046 3488 kbdhid - ok
10:24:16.0078 3488 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:24:16.0265 3488 kmixer - ok
10:24:16.0296 3488 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:24:16.0375 3488 KSecDD - ok
10:24:16.0406 3488 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
10:24:16.0484 3488 lanmanserver - ok
10:24:16.0531 3488 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
10:24:16.0593 3488 lanmanworkstation - ok
10:24:16.0609 3488 lbrtfdc - ok
10:24:16.0671 3488 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:24:16.0875 3488 LmHosts - ok
10:24:16.0906 3488 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
10:24:16.0953 3488 MBAMProtector - ok
10:24:17.0015 3488 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:24:17.0078 3488 MBAMService - ok
10:24:17.0140 3488 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
10:24:17.0171 3488 MDM - ok
10:24:17.0218 3488 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:24:17.0421 3488 Messenger - ok
10:24:17.0453 3488 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:24:17.0687 3488 mnmdd - ok
10:24:17.0734 3488 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
10:24:17.0921 3488 mnmsrvc - ok
10:24:17.0953 3488 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:24:18.0156 3488 Modem - ok
10:24:18.0171 3488 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:24:18.0390 3488 MODEMCSA - ok
10:24:18.0406 3488 mohfilt (0331601d3b151ee760c9206c17506f41) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
10:24:18.0453 3488 mohfilt - ok
10:24:18.0484 3488 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:24:18.0671 3488 Mouclass - ok
10:24:18.0703 3488 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:24:18.0921 3488 mouhid - ok
10:24:18.0968 3488 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:24:19.0156 3488 MountMgr - ok
10:24:19.0218 3488 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:24:19.0250 3488 MozillaMaintenance - ok
10:24:19.0265 3488 mraid35x - ok
10:24:19.0312 3488 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:24:19.0500 3488 MRxDAV - ok
10:24:19.0562 3488 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:24:19.0656 3488 MRxSmb - ok
10:24:19.0687 3488 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
10:24:19.0890 3488 MSDTC - ok
10:24:19.0906 3488 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:24:20.0109 3488 Msfs - ok
10:24:20.0109 3488 MSIServer - ok
10:24:20.0140 3488 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:24:20.0343 3488 MSKSSRV - ok
10:24:20.0359 3488 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:24:20.0531 3488 MSPCLOCK - ok
10:24:20.0562 3488 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:24:20.0750 3488 MSPQM - ok
10:24:20.0781 3488 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:24:20.0968 3488 mssmbios - ok
10:24:21.0000 3488 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:24:21.0062 3488 Mup - ok
10:24:21.0109 3488 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:24:21.0343 3488 napagent - ok
10:24:21.0375 3488 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:24:21.0562 3488 NDIS - ok
10:24:21.0593 3488 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:24:21.0656 3488 NdisTapi - ok
10:24:21.0671 3488 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:24:21.0859 3488 Ndisuio - ok
10:24:21.0875 3488 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:24:22.0078 3488 NdisWan - ok
10:24:22.0109 3488 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:24:22.0156 3488 NDProxy - ok
10:24:22.0171 3488 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:24:22.0343 3488 NetBIOS - ok
10:24:22.0375 3488 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:24:22.0578 3488 NetBT - ok
10:24:22.0609 3488 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:24:22.0812 3488 NetDDE - ok
10:24:22.0812 3488 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:24:23.0031 3488 NetDDEdsdm - ok
10:24:23.0046 3488 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
10:24:23.0250 3488 Netlogon - ok
10:24:23.0296 3488 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:24:23.0500 3488 Netman - ok
10:24:23.0609 3488 NetSvc (737351f39fef765234037770abdd72bd) C:\Program Files\Intel\NCS\Sync\NetSvc.exe
10:24:23.0625 3488 NetSvc ( UnsignedFile.Multi.Generic ) - warning
10:24:23.0625 3488 NetSvc - detected UnsignedFile.Multi.Generic (1)
10:24:23.0734 3488 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:24:23.0781 3488 NetTcpPortSharing - ok
10:24:23.0843 3488 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
10:24:23.0953 3488 Nla - ok
10:24:24.0000 3488 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:24:24.0218 3488 Npfs - ok
10:24:24.0250 3488 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:24:24.0468 3488 Ntfs - ok
10:24:24.0515 3488 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
10:24:24.0703 3488 NtLmSsp - ok
10:24:24.0750 3488 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:24:25.0000 3488 NtmsSvc - ok
10:24:25.0046 3488 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:24:25.0265 3488 Null - ok
10:24:25.0296 3488 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:24:25.0500 3488 NwlnkFlt - ok
10:24:25.0515 3488 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:24:25.0765 3488 NwlnkFwd - ok
10:24:25.0859 3488 OAcat (faef7b156e073f0450c5087f57696f0b) C:\Program Files\Tall Emu\Online Armor\OAcat.exe
10:24:25.0921 3488 OAcat - ok
10:24:25.0984 3488 OADevice (1ab8fcf4eb6826efd68edf807ee914e6) C:\WINDOWS\system32\drivers\OADriver.sys
10:24:26.0046 3488 OADevice - ok
10:24:26.0078 3488 oahlpXX (50a1c8922d0b487a7083490dbd50dafc) C:\WINDOWS\system32\drivers\oahlp32.sys
10:24:26.0109 3488 oahlpXX - ok
10:24:26.0125 3488 OAmon (0246207f177b45a84c916d1be0f295e9) C:\WINDOWS\system32\drivers\OAmon.sys
10:24:26.0171 3488 OAmon - ok
10:24:26.0203 3488 OAnet (9d17de0713a4f88b9d623336e5dc37a2) C:\WINDOWS\system32\drivers\OAnet.sys
10:24:26.0234 3488 OAnet - ok
10:24:26.0281 3488 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:24:26.0468 3488 Parport - ok
10:24:26.0500 3488 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:24:26.0703 3488 PartMgr - ok
10:24:26.0734 3488 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:24:26.0984 3488 ParVdm - ok
10:24:27.0000 3488 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:24:27.0187 3488 PCI - ok
10:24:27.0203 3488 PCIDump - ok
10:24:27.0234 3488 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:24:27.0453 3488 PCIIde - ok
10:24:27.0500 3488 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:24:27.0703 3488 Pcmcia - ok
10:24:27.0718 3488 PDCOMP - ok
10:24:27.0734 3488 PDFRAME - ok
10:24:27.0750 3488 PDRELI - ok
10:24:27.0765 3488 PDRFRAME - ok
10:24:27.0781 3488 perc2 - ok
10:24:27.0796 3488 perc2hib - ok
10:24:27.0859 3488 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
10:24:27.0890 3488 PfModNT ( UnsignedFile.Multi.Generic ) - warning
10:24:27.0890 3488 PfModNT - detected UnsignedFile.Multi.Generic (1)
10:24:27.0937 3488 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:24:28.0000 3488 PlugPlay - ok
10:24:28.0031 3488 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
10:24:28.0062 3488 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:24:28.0062 3488 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:24:28.0093 3488 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
10:24:28.0281 3488 PolicyAgent - ok
10:24:28.0328 3488 PPCLASS (534185b82676d1e8b9fcfd8c1bfe8110) C:\WINDOWS\system32\drivers\PPCLASS.sys
10:24:28.0343 3488 PPCLASS ( UnsignedFile.Multi.Generic ) - warning
10:24:28.0343 3488 PPCLASS - detected UnsignedFile.Multi.Generic (1)
10:24:28.0375 3488 PPSCAN (8ae536cf74546536f282d1fbce943324) C:\WINDOWS\system32\drivers\PPSCAN.sys
10:24:28.0406 3488 PPSCAN ( UnsignedFile.Multi.Generic ) - warning
10:24:28.0421 3488 PPSCAN - detected UnsignedFile.Multi.Generic (1)
10:24:28.0453 3488 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:24:28.0625 3488 PptpMiniport - ok
10:24:28.0671 3488 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
10:24:28.0875 3488 Processor - ok
10:24:28.0890 3488 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:24:29.0093 3488 ProtectedStorage - ok
10:24:29.0109 3488 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:24:29.0343 3488 Ptilink - ok
10:24:29.0359 3488 ql1080 - ok
10:24:29.0375 3488 Ql10wnt - ok
10:24:29.0390 3488 ql12160 - ok
10:24:29.0406 3488 ql1240 - ok
10:24:29.0421 3488 ql1280 - ok
10:24:29.0453 3488 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:24:29.0671 3488 RasAcd - ok
10:24:29.0718 3488 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:24:29.0921 3488 RasAuto - ok
10:24:29.0953 3488 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:24:30.0140 3488 Rasl2tp - ok
10:24:30.0187 3488 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:24:30.0406 3488 RasMan - ok
10:24:30.0421 3488 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:24:30.0609 3488 RasPppoe - ok
10:24:30.0625 3488 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:24:30.0843 3488 Raspti - ok
10:24:30.0890 3488 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:24:31.0171 3488 Rdbss - ok
10:24:31.0187 3488 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:24:31.0421 3488 RDPCDD - ok
10:24:31.0468 3488 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:24:31.0656 3488 rdpdr - ok
10:24:31.0703 3488 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
10:24:31.0781 3488 RDPWD - ok
10:24:31.0812 3488 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:24:32.0046 3488 RDSessMgr - ok
10:24:32.0062 3488 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:24:32.0250 3488 redbook - ok
10:24:32.0281 3488 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:24:32.0484 3488 RemoteAccess - ok
10:24:32.0500 3488 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
10:24:32.0703 3488 RemoteRegistry - ok
10:24:32.0750 3488 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
10:24:33.0000 3488 RpcLocator - ok
10:24:33.0046 3488 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:24:33.0125 3488 RpcSs - ok
10:24:33.0171 3488 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
10:24:33.0421 3488 RSVP - ok
10:24:33.0484 3488 SABProcEnum - ok
10:24:33.0515 3488 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:24:33.0703 3488 SamSs - ok
10:24:33.0734 3488 Samsung UPD Service2 (e17fe33c703ffbe1a0af66b9dcf49345) C:\WINDOWS\system32\SUPDSvc2.exe
10:24:33.0859 3488 Samsung UPD Service2 - ok
10:24:33.0921 3488 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:24:33.0968 3488 SASDIFSV - ok
10:24:33.0968 3488 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:24:34.0015 3488 SASKUTIL - ok
10:24:34.0046 3488 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:24:34.0265 3488 SCardSvr - ok
10:24:34.0312 3488 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:24:34.0531 3488 Schedule - ok
10:24:34.0578 3488 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:24:34.0781 3488 Secdrv - ok
10:24:34.0796 3488 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:24:35.0031 3488 seclogon - ok
10:24:35.0093 3488 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
10:24:35.0171 3488 senfilt - ok
10:24:35.0187 3488 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:24:35.0390 3488 SENS - ok
10:24:35.0421 3488 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:24:35.0640 3488 serenum - ok
10:24:35.0656 3488 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:24:35.0843 3488 Serial - ok
10:24:35.0890 3488 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:24:36.0093 3488 Sfloppy - ok
10:24:36.0140 3488 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
10:24:36.0359 3488 SharedAccess - ok
10:24:36.0406 3488 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:24:36.0484 3488 ShellHWDetection - ok
10:24:36.0484 3488 Simbad - ok
10:24:36.0546 3488 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
10:24:36.0593 3488 SmartDefragDriver - ok
10:24:36.0656 3488 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
10:24:36.0718 3488 smwdm - ok
10:24:36.0734 3488 Sparrow - ok
10:24:36.0765 3488 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:24:36.0984 3488 splitter - ok
10:24:37.0015 3488 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:24:37.0078 3488 Spooler - ok
10:24:37.0093 3488 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:24:37.0296 3488 sr - ok
10:24:37.0328 3488 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
10:24:37.0562 3488 srservice - ok
10:24:37.0609 3488 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:24:37.0687 3488 Srv - ok
10:24:37.0718 3488 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:24:38.0015 3488 SSDPSRV - ok
10:24:38.0046 3488 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:24:38.0281 3488 stisvc - ok
10:24:38.0546 3488 SvcOnlineArmor (578a7d52c4f7ca65e109b4e7c7ac5cb3) C:\Program Files\Tall Emu\Online Armor\oasrv.exe
10:24:38.0750 3488 SvcOnlineArmor - ok
10:24:38.0828 3488 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:24:39.0046 3488 swenum - ok
10:24:39.0093 3488 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:24:39.0281 3488 swmidi - ok
10:24:39.0296 3488 SwPrv - ok
10:24:39.0312 3488 symc810 - ok
10:24:39.0328 3488 symc8xx - ok
10:24:39.0343 3488 sym_hi - ok
10:24:39.0359 3488 sym_u3 - ok
10:24:39.0406 3488 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:24:39.0593 3488 sysaudio - ok
10:24:39.0625 3488 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:24:39.0843 3488 SysmonLog - ok
10:24:39.0890 3488 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:24:40.0109 3488 TapiSrv - ok
10:24:40.0171 3488 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:24:40.0265 3488 Tcpip - ok
10:24:40.0312 3488 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:24:40.0500 3488 TDPIPE - ok
10:24:40.0531 3488 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:24:40.0703 3488 TDTCP - ok
10:24:40.0734 3488 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:24:40.0921 3488 TermDD - ok
10:24:40.0984 3488 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:24:41.0218 3488 TermService - ok
10:24:41.0250 3488 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:24:41.0296 3488 Themes - ok
10:24:41.0343 3488 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
10:24:41.0562 3488 TlntSvr - ok
10:24:41.0578 3488 TosIde - ok
10:24:41.0593 3488 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:24:41.0812 3488 TrkWks - ok
10:24:41.0843 3488 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:24:42.0046 3488 Udfs - ok
10:24:42.0062 3488 ultra - ok
10:24:42.0093 3488 UMAXPCLS (931e8cafcaa536e8252cd7a375ff9794) C:\WINDOWS\system32\DRIVERS\umaxpcls.sys
10:24:42.0328 3488 UMAXPCLS - ok
10:24:42.0375 3488 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:24:42.0593 3488 Update - ok
10:24:42.0625 3488 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:24:42.0859 3488 upnphost - ok
10:24:42.0890 3488 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:24:43.0109 3488 UPS - ok
10:24:43.0140 3488 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:24:43.0343 3488 usbccgp - ok
10:24:43.0375 3488 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:24:43.0562 3488 usbehci - ok
10:24:43.0578 3488 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:24:43.0765 3488 usbhub - ok
10:24:43.0812 3488 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:24:44.0015 3488 usbprint - ok
10:24:44.0031 3488 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:24:44.0218 3488 usbscan - ok
10:24:44.0250 3488 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:24:44.0437 3488 USBSTOR - ok
10:24:44.0484 3488 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:24:44.0656 3488 usbuhci - ok
10:24:44.0687 3488 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:24:44.0875 3488 VgaSave - ok
10:24:44.0890 3488 ViaIde - ok
10:24:44.0937 3488 viamraid (79d0dcf683856593309601f4089f758a) C:\WINDOWS\system32\DRIVERS\viamraid.sys
10:24:45.0000 3488 viamraid - ok
10:24:45.0031 3488 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:24:45.0218 3488 VolSnap - ok
10:24:45.0265 3488 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:24:45.0484 3488 VSS - ok
10:24:45.0531 3488 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
10:24:45.0734 3488 W32Time - ok
10:24:45.0781 3488 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:24:45.0968 3488 Wanarp - ok
10:24:45.0984 3488 WDICA - ok
10:24:46.0031 3488 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:24:46.0218 3488 wdmaud - ok
10:24:46.0250 3488 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:24:46.0453 3488 WebClient - ok
10:24:46.0531 3488 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:24:46.0718 3488 winmgmt - ok
10:24:46.0812 3488 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
10:24:46.0890 3488 WmdmPmSN - ok
10:24:46.0953 3488 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
10:24:47.0046 3488 Wmi - ok
10:24:47.0093 3488 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
10:24:47.0296 3488 WmiApSrv - ok
10:24:47.0406 3488 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
10:24:47.0531 3488 WMPNetworkSvc - ok
10:24:47.0562 3488 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
10:24:47.0781 3488 wscsvc - ok
10:24:47.0812 3488 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:24:48.0031 3488 wuauserv - ok
10:24:48.0078 3488 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:24:48.0156 3488 WudfPf - ok
10:24:48.0171 3488 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:24:48.0218 3488 WudfRd - ok
10:24:48.0250 3488 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:24:48.0328 3488 WudfSvc - ok
10:24:48.0375 3488 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:24:48.0625 3488 WZCSVC - ok
10:24:48.0671 3488 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:24:48.0890 3488 xmlprov - ok
10:24:48.0921 3488 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:24:49.0375 3488 \Device\Harddisk0\DR0 - ok
10:24:49.0375 3488 Boot (0x1200) (90cc3307638f0d7f78526c6163548d06) \Device\Harddisk0\DR0\Partition0
10:24:49.0375 3488 \Device\Harddisk0\DR0\Partition0 - ok
10:24:49.0375 3488 ============================================================
10:24:49.0390 3488 Scan finished
10:24:49.0390 3488 ============================================================
10:24:49.0515 3448 Detected object count: 9
10:24:49.0515 3448 Actual detected object count: 9
10:27:59.0265 3448 BsStor ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:59.0265 3448 BsStor ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:59.0265 3448 BsUDF ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:59.0265 3448 BsUDF ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:59.0281 3448 bvrp_pci ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:59.0281 3448 bvrp_pci ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:59.0281 3448 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:59.0281 3448 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:59.0281 3448 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:59.0281 3448 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:59.0281 3448 PfModNT ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:59.0281 3448 PfModNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:59.0281 3448 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:59.0281 3448 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:59.0281 3448 PPCLASS ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:59.0281 3448 PPCLASS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:27:59.0296 3448 PPSCAN ( UnsignedFile.Multi.Generic ) - skipped by user
10:27:59.0296 3448 PPSCAN ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:39.0093 3164 Deinitialize success

#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:02 PM

Posted 05 July 2012 - 01:40 PM

Hi

Please do the following next:

Step 1

  • Launch Malwarebytes' Anti-Malware (MBAM)
  • Click on the tab update, then click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Then on the Scanner tab select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

Note: Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Users\<Username>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt


Step 2

I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 somae

somae
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 09 July 2012 - 08:19 AM

Here's the logs:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.08.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: DELL-TOP [administrator]

Protection: Disabled

7/8/2012 9:54:22 AM
mbam-log-2012-07-08 (09-54-22).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 304384
Time elapsed: 1 hour(s), 10 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
-------------------------------------------------------------------
ESET:
C:\Documents and Settings\Administrator\Local Settings\Temp\nst491\nss492.tmp\SetupDataMngr_Searchqu.exe a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined

#6 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:02 PM

Posted 09 July 2012 - 08:24 AM

How is the computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#7 somae

somae
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 10 July 2012 - 09:19 AM

After one reboot -- still having problems. Waiting for report after next reboot.

Thanks.

#8 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:02 PM

Posted 10 July 2012 - 09:25 AM

:thumbup2:

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#9 somae

somae
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 12 July 2012 - 07:09 AM

I tried to install the security update for the microsoft .NET framework 2.0 sp2 and have had to reboot several times in order to recover from it. I'm unable to install the security update and the computer goes haywire after trying. The other person who uses the computer told me she's been having problems but I don't know what they are yet.

#10 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:02 PM

Posted 12 July 2012 - 07:32 AM

Hi

I'm unable to install the security update and the computer goes haywire after trying.

Please explain what happens, in detail, when trying to install the update?
Do you get any error messages for example?

Edited by dev00790, 12 July 2012 - 07:33 AM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#11 somae

somae
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 13 July 2012 - 09:32 PM

I tried installing the security update again today and this time internet explorer disappeared. There were no error messages. The computer then was extremely lagged. I ended up doing a hard reboot. After the reboot I went back to the microsoft update page and saw that the update had not installed but there was no record of the attempt (I assume because I shut the computer down by pressing the on/off button.)

#12 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:02 PM

Posted 15 July 2012 - 06:03 AM

Often Microsoft provides a Knowledge Base number for updates in the form: (KBXXXXXXX) where X's are numbers.
- If the KB number is listed for the update, please mention it in your next reply.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#13 somae

somae
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 20 July 2012 - 06:55 PM

I've been working on this with people from microsoft. Link to threads: http://answers.microsoft.com/en-us/windows/forum/windows_xp-windows_update/unable-to-install-security-update-for-microsoft/28abcec7-5c6c-412d-9db0-35586885ff53

also

http://blogs.msdn.com/b/astebner/archive/2008/03/07/8108332.aspx (my posts are at the end of the blog)

The KB# seems to be: KB2656369

Edited by somae, 20 July 2012 - 07:06 PM.


#14 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:02 PM

Posted 20 July 2012 - 07:05 PM

Hi

Thank you for the info.

Since you are receiving help in another forum, do you wish to be helped there or here? - Both is not advisable.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#15 somae

somae
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 21 July 2012 - 08:00 AM

Hello

The person at microsoft recommended either working with you until you say there are no more infections, or doing a clean install of windows. He also said it's not safe to use the computer on the internet or connected to another computer. I was wondering how dangerous you think it is to continue to use the computer on the internet or otherwise?

I had tried reinstalling the windows installer 4.5 (as recommended by Aaron Stebner) and was able to install the .NET framework 1.1 with no trouble. However, the service pack 1 for that version failed and gave an error message "sl1398.tmp - strong name validation failed".

Thanks.

Edited by somae, 21 July 2012 - 08:08 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users