Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Password Stealing


  • Please log in to reply
11 replies to this topic

#1 tcharleschapman

tcharleschapman

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 28 October 2012 - 10:21 AM

Hello. I have a Dell Dimension 8250 from 2003 with one upgrade to 512 mb of Ram (I know, fast, right?). Recently I have had problems logging into facebook. I input my name and password and it redirects to the login screen. This happened on another computer and it turned out to be a password-stealing trojan/virus. Could use some help getting rid of this one. Probably happens on gmail, too, but I would like to not find that out and have my account get hacked again. Thanks!

Tom

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:38 AM

Posted 28 October 2012 - 02:03 PM

Hello and welcome,Tom. Let's run a few and see what shows before we change the passwords.

Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




Please Download

TDSSkiller


Launch it. Click on change parameters-Select TDLFS file system

Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.


[list]
[*]Close all open programs and internet browsers.
[*]Double click on adwcleaner.exe to run the tool.
[*]Click on Delete.
[*]Confirm each time with Ok.
[*]You will be prompted to restart your computer. A text file will open after the restart.
[*]Please post the contents of that logfile with your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 tcharleschapman

tcharleschapman
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 31 October 2012 - 07:43 PM

MiniToolBox Log

MiniToolBox by Farbar Version: 23-07-2012
Ran by Tom Chapman (administrator) on 01-12-2012 at 18:30:09
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================






















127.0.0.1 localhost

========================= IP Configuration: ================================

Linksys Wireless-G PCI Adapter = Wireless Network Connection (Connected)
Intel® PRO/100 M Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : me-2wu0fo8g9yqz

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/100 M Network Connection

Physical Address. . . . . . . . . : 00-07-E9-87-76-2B



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Linksys Wireless-G PCI Adapter

Physical Address. . . . . . . . . : 00-12-17-63-D4-88

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Saturday, December 01, 2012 6:27:24 PM

Lease Expires . . . . . . . . . . : Sunday, December 02, 2012 6:27:24 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.197, 74.125.225.206, 74.125.225.195, 74.125.225.194
74.125.225.201, 74.125.225.199, 74.125.225.192, 74.125.225.200, 74.125.225.198
74.125.225.196, 74.125.225.193



Pinging google.com [74.125.225.162] with 32 bytes of data:



Reply from 74.125.225.162: bytes=32 time=14ms TTL=55

Reply from 74.125.225.162: bytes=32 time=14ms TTL=55



Ping statistics for 74.125.225.162:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 14ms, Maximum = 14ms, Average = 14ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=47ms TTL=50

Reply from 72.30.38.140: bytes=32 time=142ms TTL=50



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 47ms, Maximum = 142ms, Average = 94ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 07 e9 87 76 2b ...... Intel® PRO/100 M Network Connection - Packet Scheduler Miniport
0x3 ...00 12 17 63 d4 88 ...... Linksys Wireless-G PCI Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.2 192.168.1.2 20
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 25
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 25
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 25
255.255.255.255 255.255.255.255 192.168.1.2 2 1
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/30/2012 05:14:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6562

Error: (11/30/2012 05:14:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6562

Error: (11/30/2012 05:14:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/30/2012 05:14:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4547

Error: (11/30/2012 05:14:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4547

Error: (11/30/2012 05:14:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/30/2012 05:14:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2375

Error: (11/30/2012 05:14:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2375

Error: (11/30/2012 05:14:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/30/2012 04:50:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 120933750


System errors:
=============
Error: (12/01/2012 06:27:18 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.2 on the
Network Card with network address 00121763D488.

Error: (11/30/2012 04:50:56 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.2 on the
Network Card with network address 00121763D488.

Error: (11/24/2012 08:22:57 PM) (Source: W32Time) (User: )
Description: The time service has detected that the system time needs to be
changed by -2681997 seconds. The time service will not change the system
time by more than -54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->65.55.21.13:123) is working properly.

Error: (10/23/2012 03:29:57 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.3 for the Network Card with network address 00121763D488 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (10/22/2012 05:58:04 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.3 on the
Network Card with network address 00121763D488.

Error: (10/21/2012 09:14:37 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1

Error: (10/21/2012 09:13:33 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1

Error: (10/21/2012 09:12:29 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1

Error: (10/13/2012 04:59:57 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/13/2012 04:59:57 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (11/30/2012 05:14:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6562

Error: (11/30/2012 05:14:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6562

Error: (11/30/2012 05:14:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/30/2012 05:14:37 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4547

Error: (11/30/2012 05:14:37 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4547

Error: (11/30/2012 05:14:37 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/30/2012 05:14:35 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2375

Error: (11/30/2012 05:14:35 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2375

Error: (11/30/2012 05:14:35 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/30/2012 04:50:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 120933750


=========================== Installed Programs ============================

Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 10 Plugin (Version: 10.0.22.87)
Adobe Photoshop Elements (Version: 1.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Ahead Nero - Burning Rom
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.2.6
AVG Security Toolbar (Version: 13.2.0.1)
Battle.net
BCM V.92 56K Modem
BitTorrent
Bonjour (Version: 3.0.0.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
Diablo II
DivX Setup (Version: 2.3.0.20)
Dungeon Crafter v1.4.1
ESET Online Scanner v3
Finale 2008 (Version: 13.0.28)
Free M4a to MP3 Converter 7.0
Google Chrome (Version: 22.0.1229.94)
Google Talk (remove only)
Hero Editor V0.96
Hero Editor V1.04
Hero Lab 4.0c (Version: 4.0c)
HiJackThis (Version: 1.0.0)
HP Memories Disc (Version: 1.0.4.805)
Intel® PRO Ethernet Adapter and Software
Interactive Dungeon
iTunes (Version: 10.7.0.21)
J2SE Runtime Environment 5.0 Update 10 (Version: 1.5.0.100)
J2SE Runtime Environment 5.0 Update 11 (Version: 1.5.0.110)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
J2SE Runtime Environment 5.0 Update 9 (Version: 1.5.0.90)
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 33 (Version: 6.0.330)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
LiveReg (Symantec Corporation) (Version: 2.2.5.1678)
LiveUpdate 1.80 (Symantec Corporation) (Version: 1.80.19.0)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliPoint
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows XP Video Decoder Checkup Utility
Morrowind
MSN Music Assistant
MUSICMATCH® Jukebox
Myst for Windows 95
NeoAudio
Netflix Movie Viewer (Version: 1.2.211)
Norton WMI Update (Version: 2005.1.2.20)
NVIDIA Display Driver
NVIDIA Drivers
OpenOffice.org 3.3 (Version: 3.3.9567)
Palm (Version: 4.1.0420)
Pando Media Booster (Version: 2.6.0.1)
PDFCanvas V1.5
PDFCreator (Version: 0.9.3)
pdfsam (Version: 2.2.1)
Poser 5
PowerDVD
QuickTime (Version: 7.72.80.56)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
RealUpgrade 1.1 (Version: 1.1.0)
Shockwave
Spybot - Search & Destroy (Version: 1.6.2)
Spybot - Search & Destroy 1.5.2.20
TableSmith
TES Construction Set
Transcribe!
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB Storage Toolbox
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Viewpoint Media Player
VoiceOver Kit (Version: 1.42.128.0)
WebFldrs XP (Version: 9.50.5318)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Media 8 Encoding Utility
Windows Media Format 11 runtime
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WinZip
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 71%
Total physical RAM: 510.98 MB
Available physical RAM: 145.82 MB
Total Pagefile: 917.95 MB
Available Pagefile: 325.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.26 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:39.06 GB) (Free:8.62 GB) NTFS
3 Drive d: (EXPANSION) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS
5 Drive f: (New Volume) (Fixed) (Total:72.7 GB) (Free:18.07 GB) NTFS

========================= Users: ========================================

User accounts for \\ME-2WU0FO8G9YQZ

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 Tom Chapman


**** End of log ****

#4 tcharleschapman

tcharleschapman
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 31 October 2012 - 07:45 PM

TDSSkiller Log

18:40:40.0531 3392 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
18:40:41.0031 3392 ============================================================
18:40:41.0031 3392 Current date / time: 2012/12/01 18:40:41.0031
18:40:41.0031 3392 SystemInfo:
18:40:41.0031 3392
18:40:41.0031 3392 OS Version: 5.1.2600 ServicePack: 3.0
18:40:41.0031 3392 Product type: Workstation
18:40:41.0031 3392 ComputerName: ME-2WU0FO8G9YQZ
18:40:41.0031 3392 UserName: Tom Chapman
18:40:41.0031 3392 Windows directory: C:\WINDOWS
18:40:41.0031 3392 System windows directory: C:\WINDOWS
18:40:41.0031 3392 Processor architecture: Intel x86
18:40:41.0031 3392 Number of processors: 1
18:40:41.0031 3392 Page size: 0x1000
18:40:41.0031 3392 Boot type: Normal boot
18:40:41.0031 3392 ============================================================
18:40:43.0093 3392 Drive \Device\Harddisk0\DR0 - Size: 0x1BF08EB000 (111.76 Gb), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:40:43.0093 3392 ============================================================
18:40:43.0093 3392 \Device\Harddisk0\DR0:
18:40:43.0093 3392 MBR partitions:
18:40:43.0093 3392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
18:40:43.0093 3392 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E1EE2B, BlocksNum 0x9164E92
18:40:43.0093 3392 ============================================================
18:40:43.0125 3392 C: <-> \Device\Harddisk0\DR0\Partition1
18:40:43.0156 3392 F: <-> \Device\Harddisk0\DR0\Partition2
18:40:43.0171 3392 ============================================================
18:40:43.0171 3392 Initialize success
18:40:43.0171 3392 ============================================================
18:41:05.0562 1804 ============================================================
18:41:05.0562 1804 Scan started
18:41:05.0562 1804 Mode: Manual; TDLFS;
18:41:05.0562 1804 ============================================================
18:41:07.0484 1804 ================ Scan system memory ========================
18:41:07.0500 1804 System memory - ok
18:41:07.0500 1804 ================ Scan services =============================
18:41:08.0531 1804 Abiosdsk - ok
18:41:08.0546 1804 abp480n5 - ok
18:41:08.0609 1804 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
18:41:08.0609 1804 ac97intc - ok
18:41:08.0687 1804 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:41:08.0703 1804 ACPI - ok
18:41:08.0750 1804 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:41:08.0750 1804 ACPIEC - ok
18:41:08.0750 1804 adpu160m - ok
18:41:08.0812 1804 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:41:08.0812 1804 aec - ok
18:41:08.0859 1804 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:41:08.0859 1804 AFD - ok
18:41:08.0906 1804 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
18:41:08.0906 1804 AFS2K - ok
18:41:08.0937 1804 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
18:41:08.0953 1804 agp440 - ok
18:41:08.0953 1804 Aha154x - ok
18:41:09.0000 1804 aic78u2 - ok
18:41:09.0046 1804 aic78xx - ok
18:41:09.0078 1804 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:41:09.0093 1804 Alerter - ok
18:41:09.0109 1804 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:41:09.0109 1804 ALG - ok
18:41:09.0140 1804 AliIde - ok
18:41:09.0156 1804 amsint - ok
18:41:09.0359 1804 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:41:09.0375 1804 Apple Mobile Device - ok
18:41:09.0406 1804 AppMgmt - ok
18:41:09.0421 1804 asc - ok
18:41:09.0468 1804 asc3350p - ok
18:41:09.0484 1804 asc3550 - ok
18:41:09.0609 1804 Aspi32 - ok
18:41:09.0890 1804 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:41:10.0000 1804 aspnet_state - ok
18:41:10.0031 1804 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:41:10.0031 1804 AsyncMac - ok
18:41:10.0062 1804 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:41:10.0062 1804 atapi - ok
18:41:10.0093 1804 Atdisk - ok
18:41:10.0140 1804 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:41:10.0140 1804 Atmarpc - ok
18:41:10.0187 1804 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:41:10.0187 1804 AudioSrv - ok
18:41:10.0250 1804 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:41:10.0250 1804 audstub - ok
18:41:10.0296 1804 avgtp - ok
18:41:10.0531 1804 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
18:41:10.0671 1804 BCMModem - ok
18:41:10.0781 1804 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:41:10.0796 1804 Beep - ok
18:41:10.0875 1804 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:41:10.0953 1804 BITS - ok
18:41:11.0093 1804 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:41:11.0125 1804 Bonjour Service - ok
18:41:11.0187 1804 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
18:41:11.0187 1804 Browser - ok
18:41:11.0234 1804 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:41:11.0234 1804 cbidf2k - ok
18:41:11.0250 1804 cd20xrnt - ok
18:41:11.0281 1804 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:41:11.0281 1804 Cdaudio - ok
18:41:11.0312 1804 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:41:11.0312 1804 Cdfs - ok
18:41:11.0343 1804 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:41:11.0343 1804 Cdrom - ok
18:41:11.0375 1804 Changer - ok
18:41:11.0406 1804 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\System32\cisvc.exe
18:41:11.0406 1804 cisvc - ok
18:41:11.0453 1804 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:41:11.0453 1804 ClipSrv - ok
18:41:11.0515 1804 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:41:11.0593 1804 clr_optimization_v2.0.50727_32 - ok
18:41:11.0671 1804 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:41:12.0218 1804 clr_optimization_v4.0.30319_32 - ok
18:41:12.0250 1804 CmdIde - ok
18:41:12.0359 1804 COMSysApp - ok
18:41:12.0531 1804 Cpqarray - ok
18:41:12.0625 1804 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:41:12.0640 1804 CryptSvc - ok
18:41:12.0718 1804 dac2w2k - ok
18:41:12.0750 1804 dac960nt - ok
18:41:12.0812 1804 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:41:12.0953 1804 DcomLaunch - ok
18:41:13.0015 1804 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:41:13.0031 1804 Dhcp - ok
18:41:13.0078 1804 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:41:13.0093 1804 Disk - ok
18:41:13.0109 1804 dmadmin - ok
18:41:13.0171 1804 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:41:13.0265 1804 dmboot - ok
18:41:13.0312 1804 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:41:13.0312 1804 dmio - ok
18:41:13.0390 1804 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:41:13.0390 1804 dmload - ok
18:41:13.0421 1804 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:41:13.0437 1804 dmserver - ok
18:41:13.0484 1804 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:41:13.0500 1804 DMusic - ok
18:41:13.0531 1804 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:41:13.0531 1804 Dnscache - ok
18:41:13.0609 1804 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:41:13.0640 1804 Dot3svc - ok
18:41:13.0640 1804 dpti2o - ok
18:41:13.0687 1804 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:41:13.0687 1804 drmkaud - ok
18:41:13.0734 1804 [ 12ACA694B50EA53563C1E7C99E7BB27D ] dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys
18:41:13.0765 1804 dtscsi - ok
18:41:13.0843 1804 [ 842C20BA5D00FA40E5A25B20FECD0F57 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:41:13.0859 1804 E100B - ok
18:41:13.0937 1804 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:41:13.0968 1804 EapHost - ok
18:41:14.0015 1804 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:41:14.0015 1804 ERSvc - ok
18:41:14.0062 1804 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:41:14.0062 1804 Eventlog - ok
18:41:14.0125 1804 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
18:41:14.0171 1804 EventSystem - ok
18:41:14.0187 1804 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:41:14.0187 1804 Fastfat - ok
18:41:14.0250 1804 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:41:14.0265 1804 FastUserSwitchingCompatibility - ok
18:41:14.0296 1804 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:41:14.0296 1804 Fdc - ok
18:41:14.0312 1804 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:41:14.0312 1804 Fips - ok
18:41:14.0359 1804 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:41:14.0359 1804 Flpydisk - ok
18:41:14.0375 1804 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:41:14.0375 1804 FltMgr - ok
18:41:14.0468 1804 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:41:14.0484 1804 FontCache3.0.0.0 - ok
18:41:14.0515 1804 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:41:14.0515 1804 Fs_Rec - ok
18:41:14.0562 1804 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:41:14.0562 1804 Ftdisk - ok
18:41:14.0609 1804 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:41:14.0609 1804 GEARAspiWDM - ok
18:41:14.0640 1804 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:41:14.0640 1804 Gpc - ok
18:41:14.0734 1804 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:41:14.0734 1804 helpsvc - ok
18:41:14.0796 1804 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
18:41:14.0796 1804 HidServ - ok
18:41:14.0812 1804 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:41:14.0812 1804 HidUsb - ok
18:41:14.0921 1804 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:41:14.0921 1804 hkmsvc - ok
18:41:14.0937 1804 hpn - ok
18:41:14.0968 1804 hpt3xx - ok
18:41:15.0015 1804 [ 863CC3A82C63C9F60ACF2E85D5310620 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:41:15.0015 1804 HPZid412 - ok
18:41:15.0031 1804 [ 08CB72E95DD75B61F2966B311D0E4366 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:41:15.0031 1804 HPZipr12 - ok
18:41:15.0109 1804 [ CA990306ED4EF732AF9695BFF24FC96F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:41:15.0109 1804 HPZius12 - ok
18:41:15.0156 1804 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:41:15.0187 1804 HTTP - ok
18:41:15.0250 1804 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:41:15.0265 1804 HTTPFilter - ok
18:41:15.0312 1804 i2omgmt - ok
18:41:15.0343 1804 i2omp - ok
18:41:15.0390 1804 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:41:15.0390 1804 i8042prt - ok
18:41:15.0468 1804 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:41:15.0500 1804 IDriverT - ok
18:41:15.0687 1804 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:41:15.0796 1804 idsvc - ok
18:41:15.0859 1804 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:41:15.0875 1804 Imapi - ok
18:41:15.0937 1804 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
18:41:15.0953 1804 ImapiService - ok
18:41:16.0000 1804 ini910u - ok
18:41:16.0046 1804 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
18:41:16.0046 1804 IntelIde - ok
18:41:16.0093 1804 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:41:16.0093 1804 intelppm - ok
18:41:16.0125 1804 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:41:16.0125 1804 Ip6Fw - ok
18:41:16.0203 1804 [ 0F42B3DB32C7325755C24BC5DE3FFF78 ] IPFilter C:\WINDOWS\system32\DRIVERS\IPFilter.sys
18:41:16.0203 1804 IPFilter - ok
18:41:16.0250 1804 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:41:16.0250 1804 IpFilterDriver - ok
18:41:16.0265 1804 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:41:16.0265 1804 IpInIp - ok
18:41:16.0312 1804 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:41:16.0328 1804 IpNat - ok
18:41:16.0484 1804 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:41:16.0640 1804 iPod Service - ok
18:41:16.0656 1804 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:41:16.0656 1804 IPSec - ok
18:41:16.0703 1804 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:41:16.0703 1804 IRENUM - ok
18:41:16.0750 1804 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:41:16.0750 1804 isapnp - ok
18:41:16.0906 1804 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
18:41:16.0921 1804 JavaQuickStarterService - ok
18:41:16.0953 1804 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:41:16.0953 1804 Kbdclass - ok
18:41:17.0000 1804 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:41:17.0000 1804 kbdhid - ok
18:41:17.0046 1804 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:41:17.0062 1804 kmixer - ok
18:41:17.0109 1804 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:41:17.0109 1804 KSecDD - ok
18:41:17.0140 1804 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:41:17.0156 1804 lanmanserver - ok
18:41:17.0187 1804 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:41:17.0203 1804 lanmanworkstation - ok
18:41:17.0218 1804 lbrtfdc - ok
18:41:17.0265 1804 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:41:17.0265 1804 LmHosts - ok
18:41:17.0312 1804 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:41:17.0312 1804 Messenger - ok
18:41:17.0375 1804 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:41:17.0375 1804 mnmdd - ok
18:41:17.0421 1804 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
18:41:17.0421 1804 mnmsrvc - ok
18:41:17.0468 1804 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:41:17.0484 1804 Modem - ok
18:41:17.0531 1804 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:41:17.0531 1804 MODEMCSA - ok
18:41:17.0546 1804 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:41:17.0546 1804 Mouclass - ok
18:41:17.0593 1804 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:41:17.0593 1804 mouhid - ok
18:41:17.0625 1804 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:41:17.0640 1804 MountMgr - ok
18:41:17.0656 1804 mraid35x - ok
18:41:17.0687 1804 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:41:17.0718 1804 MRxDAV - ok
18:41:17.0812 1804 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:41:17.0890 1804 MRxSmb - ok
18:41:17.0921 1804 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
18:41:17.0921 1804 MSDTC - ok
18:41:17.0953 1804 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:41:17.0953 1804 Msfs - ok
18:41:18.0000 1804 MSIServer - ok
18:41:18.0062 1804 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:41:18.0062 1804 MSKSSRV - ok
18:41:18.0078 1804 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:41:18.0078 1804 MSPCLOCK - ok
18:41:18.0093 1804 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:41:18.0093 1804 MSPQM - ok
18:41:18.0140 1804 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:41:18.0140 1804 mssmbios - ok
18:41:18.0203 1804 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:41:18.0218 1804 Mup - ok
18:41:18.0296 1804 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:41:18.0328 1804 napagent - ok
18:41:18.0343 1804 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:41:18.0406 1804 NDIS - ok
18:41:18.0453 1804 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:41:18.0468 1804 NdisTapi - ok
18:41:18.0484 1804 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:41:18.0484 1804 Ndisuio - ok
18:41:18.0515 1804 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:41:18.0515 1804 NdisWan - ok
18:41:18.0578 1804 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:41:18.0593 1804 NDProxy - ok
18:41:18.0593 1804 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:41:18.0593 1804 NetBIOS - ok
18:41:18.0640 1804 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:41:18.0640 1804 NetBT - ok
18:41:18.0687 1804 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:41:18.0687 1804 NetDDE - ok
18:41:18.0703 1804 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:41:18.0703 1804 NetDDEdsdm - ok
18:41:18.0765 1804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
18:41:18.0781 1804 Netlogon - ok
18:41:18.0828 1804 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:41:18.0890 1804 Netman - ok
18:41:19.0687 1804 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:41:19.0796 1804 NetTcpPortSharing - ok
18:41:20.0343 1804 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:41:20.0515 1804 Nla - ok
18:41:20.0625 1804 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:41:20.0656 1804 Npfs - ok
18:41:20.0828 1804 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:41:21.0031 1804 Ntfs - ok
18:41:21.0062 1804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
18:41:21.0062 1804 NtLmSsp - ok
18:41:21.0484 1804 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:41:21.0718 1804 NtmsSvc - ok
18:41:21.0781 1804 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:41:21.0812 1804 Null - ok
18:41:22.0578 1804 [ 71DBDC08DF86B80511E72953FA1AD6B0 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:41:23.0250 1804 nv - ok
18:41:23.0312 1804 [ 5ED834603C36414B579979B3A9C90F54 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
18:41:23.0328 1804 NVSvc - ok
18:41:23.0406 1804 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:41:23.0421 1804 NwlnkFlt - ok
18:41:23.0437 1804 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:41:23.0437 1804 NwlnkFwd - ok
18:41:23.0765 1804 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
18:41:23.0765 1804 NwlnkIpx - ok
18:41:23.0828 1804 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
18:41:23.0859 1804 NwlnkNb - ok
18:41:24.0031 1804 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
18:41:24.0078 1804 NwlnkSpx - ok
18:41:24.0328 1804 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
18:41:24.0343 1804 OMCI - ok
18:41:24.0421 1804 [ 240C0D4049A833B16B63B636ACF01672 ] PalmUSBD C:\WINDOWS\system32\drivers\PalmUSBD.sys
18:41:24.0421 1804 PalmUSBD - ok
18:41:24.0453 1804 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:41:24.0453 1804 Parport - ok
18:41:24.0515 1804 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:41:24.0515 1804 PartMgr - ok
18:41:24.0562 1804 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:41:24.0562 1804 ParVdm - ok
18:41:24.0562 1804 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:41:24.0562 1804 PCI - ok
18:41:24.0609 1804 PCIDump - ok
18:41:24.0625 1804 PCIIde - ok
18:41:24.0671 1804 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:41:24.0671 1804 Pcmcia - ok
18:41:24.0703 1804 PDCOMP - ok
18:41:24.0750 1804 PDFRAME - ok
18:41:24.0750 1804 PDRELI - ok
18:41:24.0796 1804 PDRFRAME - ok
18:41:24.0843 1804 perc2 - ok
18:41:24.0859 1804 perc2hib - ok
18:41:25.0000 1804 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:41:25.0000 1804 PlugPlay - ok
18:41:25.0015 1804 [ FB03F341FF5380394BF2EE52F1979925 ] Pml Driver HPZ12 C:\WINDOWS\System32\HPZipm12.exe
18:41:25.0015 1804 Pml Driver HPZ12 - ok
18:41:25.0062 1804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
18:41:25.0062 1804 PolicyAgent - ok
18:41:25.0093 1804 [ 09A88B59AC787BDCA15861CD7F7A6E18 ] PPJoyBus C:\WINDOWS\system32\drivers\PPJoyBus.sys
18:41:25.0093 1804 PPJoyBus - ok
18:41:25.0140 1804 [ 77281E386F96765062D85791F9E6A011 ] PPortJoystick C:\WINDOWS\system32\drivers\PPortJoy.sys
18:41:25.0140 1804 PPortJoystick - ok
18:41:25.0171 1804 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:41:25.0171 1804 PptpMiniport - ok
18:41:25.0203 1804 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
18:41:25.0203 1804 Processor - ok
18:41:25.0218 1804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:41:25.0234 1804 ProtectedStorage - ok
18:41:25.0281 1804 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:41:25.0281 1804 PSched - ok
18:41:25.0359 1804 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:41:25.0359 1804 Ptilink - ok
18:41:25.0437 1804 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
18:41:25.0437 1804 PxHelp20 - ok
18:41:25.0453 1804 ql1080 - ok
18:41:25.0500 1804 Ql10wnt - ok
18:41:25.0515 1804 ql12160 - ok
18:41:25.0546 1804 ql1240 - ok
18:41:25.0593 1804 ql1280 - ok
18:41:25.0640 1804 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:41:25.0640 1804 RasAcd - ok
18:41:25.0718 1804 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:41:25.0718 1804 RasAuto - ok
18:41:25.0781 1804 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:41:25.0781 1804 Rasl2tp - ok
18:41:25.0859 1804 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:41:25.0875 1804 RasMan - ok
18:41:25.0890 1804 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:41:25.0890 1804 RasPppoe - ok
18:41:25.0953 1804 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:41:25.0953 1804 Raspti - ok
18:41:26.0031 1804 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:41:26.0062 1804 Rdbss - ok
18:41:26.0093 1804 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:41:26.0093 1804 RDPCDD - ok
18:41:26.0234 1804 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:41:26.0265 1804 RDPWD - ok
18:41:26.0281 1804 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:41:26.0312 1804 RDSessMgr - ok
18:41:26.0343 1804 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:41:26.0375 1804 redbook - ok
18:41:26.0453 1804 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:41:26.0453 1804 RemoteAccess - ok
18:41:26.0484 1804 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
18:41:26.0484 1804 RpcLocator - ok
18:41:26.0609 1804 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:41:26.0609 1804 RpcSs - ok
18:41:26.0656 1804 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
18:41:26.0671 1804 RSVP - ok
18:41:26.0734 1804 [ E2988349FE0567CBE4161CC653575A8E ] RT2500 C:\WINDOWS\system32\DRIVERS\RT2500.sys
18:41:26.0796 1804 RT2500 - ok
18:41:27.0109 1804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:41:27.0140 1804 SamSs - ok
18:41:27.0343 1804 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:41:27.0531 1804 SCardSvr - ok
18:41:28.0328 1804 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:41:28.0406 1804 Schedule - ok
18:41:28.0890 1804 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:41:29.0015 1804 Secdrv - ok
18:41:29.0156 1804 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:41:29.0203 1804 seclogon - ok
18:41:29.0234 1804 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:41:29.0250 1804 SENS - ok
18:41:29.0359 1804 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:41:29.0359 1804 serenum - ok
18:41:29.0484 1804 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:41:29.0515 1804 Serial - ok
18:41:29.0656 1804 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:41:29.0671 1804 Sfloppy - ok
18:41:29.0765 1804 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:41:29.0812 1804 SharedAccess - ok
18:41:29.0843 1804 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:41:29.0843 1804 ShellHWDetection - ok
18:41:29.0875 1804 Simbad - ok
18:41:29.0953 1804 Sparrow - ok
18:41:30.0125 1804 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:41:30.0140 1804 splitter - ok
18:41:30.0281 1804 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:41:30.0312 1804 Spooler - ok
18:41:30.0640 1804 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
18:41:30.0640 1804 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
18:41:30.0640 1804 sptd ( LockedFile.Multi.Generic ) - warning
18:41:30.0640 1804 sptd - detected LockedFile.Multi.Generic (1)
18:41:30.0718 1804 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:41:30.0765 1804 sr - ok
18:41:30.0812 1804 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
18:41:30.0812 1804 srservice - ok
18:41:30.0875 1804 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:41:30.0906 1804 Srv - ok
18:41:30.0937 1804 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:41:30.0953 1804 SSDPSRV - ok
18:41:31.0015 1804 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:41:31.0062 1804 stisvc - ok
18:41:31.0109 1804 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:41:31.0125 1804 swenum - ok
18:41:31.0171 1804 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:41:31.0171 1804 swmidi - ok
18:41:31.0187 1804 SwPrv - ok
18:41:31.0234 1804 symc810 - ok
18:41:31.0265 1804 symc8xx - ok
18:41:31.0375 1804 [ 67C5AF84809468061121FBCBECB19285 ] SymWSC C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
18:41:31.0453 1804 SymWSC - ok
18:41:31.0484 1804 sym_hi - ok
18:41:31.0500 1804 sym_u3 - ok
18:41:31.0562 1804 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:41:31.0562 1804 sysaudio - ok
18:41:31.0593 1804 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:41:31.0609 1804 SysmonLog - ok
18:41:31.0640 1804 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:41:31.0687 1804 TapiSrv - ok
18:41:31.0859 1804 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:41:31.0921 1804 Tcpip - ok
18:41:31.0953 1804 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:41:31.0968 1804 TDPIPE - ok
18:41:32.0031 1804 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:41:32.0031 1804 TDTCP - ok
18:41:32.0078 1804 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:41:32.0078 1804 TermDD - ok
18:41:32.0171 1804 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:41:32.0281 1804 TermService - ok
18:41:32.0390 1804 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:41:32.0390 1804 Themes - ok
18:41:32.0468 1804 TosIde - ok
18:41:32.0562 1804 [ 003058D77DD952B872CC0F8E14CF3BC5 ] TPkd C:\WINDOWS\system32\drivers\TPkd.sys
18:41:32.0578 1804 TPkd - ok
18:41:32.0640 1804 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:41:32.0640 1804 TrkWks - ok
18:41:32.0953 1804 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:41:32.0968 1804 Udfs - ok
18:41:32.0984 1804 ultra - ok
18:41:33.0062 1804 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:41:33.0171 1804 Update - ok
18:41:33.0218 1804 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:41:33.0234 1804 upnphost - ok
18:41:33.0281 1804 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:41:33.0281 1804 UPS - ok
18:41:33.0328 1804 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
18:41:33.0328 1804 USBAAPL - ok
18:41:33.0406 1804 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:41:33.0421 1804 usbccgp - ok
18:41:33.0468 1804 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:41:33.0468 1804 usbehci - ok
18:41:33.0500 1804 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:41:33.0500 1804 usbhub - ok
18:41:33.0546 1804 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:41:33.0546 1804 usbprint - ok
18:41:33.0593 1804 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:41:33.0609 1804 usbscan - ok
18:41:33.0671 1804 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:41:33.0671 1804 USBSTOR - ok
18:41:33.0687 1804 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:41:33.0687 1804 usbuhci - ok
18:41:33.0828 1804 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:41:33.0843 1804 VgaSave - ok
18:41:33.0984 1804 [ 7F62C4ADFBC6E653D740A5E93B0DC446 ] vhidmini C:\WINDOWS\system32\DRIVERS\vjoy.sys
18:41:34.0062 1804 vhidmini - ok
18:41:34.0078 1804 ViaIde - ok
18:41:34.0187 1804 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:41:34.0187 1804 VolSnap - ok
18:41:34.0234 1804 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:41:34.0296 1804 VSS - ok
18:41:34.0328 1804 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
18:41:34.0359 1804 W32Time - ok
18:41:34.0375 1804 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:41:34.0375 1804 Wanarp - ok
18:41:34.0453 1804 [ 56242D5BE3BFC8F2A212E6D1F9A16697 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
18:41:34.0453 1804 wceusbsh - ok
18:41:34.0453 1804 WDICA - ok
18:41:34.0531 1804 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:41:34.0531 1804 wdmaud - ok
18:41:34.0578 1804 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:41:34.0593 1804 WebClient - ok
18:41:34.0765 1804 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:41:34.0796 1804 winmgmt - ok
18:41:34.0875 1804 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:41:34.0875 1804 WmdmPmSN - ok
18:41:34.0953 1804 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
18:41:34.0953 1804 WmiApSrv - ok
18:41:35.0078 1804 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
18:41:35.0234 1804 WMPNetworkSvc - ok
18:41:35.0312 1804 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
18:41:35.0312 1804 WpdUsb - ok
18:41:35.0593 1804 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:41:35.0703 1804 WPFFontCache_v0400 - ok
18:41:35.0734 1804 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:41:35.0734 1804 WS2IFSL - ok
18:41:35.0812 1804 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:41:35.0875 1804 wscsvc - ok
18:41:35.0906 1804 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:41:35.0921 1804 wuauserv - ok
18:41:35.0953 1804 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:41:35.0968 1804 WudfPf - ok
18:41:36.0015 1804 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:41:36.0015 1804 WudfRd - ok
18:41:36.0062 1804 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:41:36.0062 1804 WudfSvc - ok
18:41:36.0125 1804 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:41:36.0187 1804 WZCSVC - ok
18:41:36.0218 1804 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:41:36.0234 1804 xmlprov - ok
18:41:36.0250 1804 ================ Scan global ===============================
18:41:36.0312 1804 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:41:36.0359 1804 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:41:36.0453 1804 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:41:36.0468 1804 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:41:36.0484 1804 [Global] - ok
18:41:36.0484 1804 ================ Scan MBR ==================================
18:41:36.0515 1804 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:41:41.0953 1804 \Device\Harddisk0\DR0 - ok
18:41:41.0953 1804 ================ Scan VBR ==================================
18:41:41.0953 1804 [ 2B42710D6FC3A32D95417ACAB2A9DF50 ] \Device\Harddisk0\DR0\Partition1
18:41:41.0968 1804 \Device\Harddisk0\DR0\Partition1 - ok
18:41:42.0015 1804 [ 2D03A2A769F2CD0DAE9F0AF9F5208EFE ] \Device\Harddisk0\DR0\Partition2
18:41:42.0031 1804 \Device\Harddisk0\DR0\Partition2 - ok
18:41:42.0046 1804 ============================================================
18:41:42.0046 1804 Scan finished
18:41:42.0046 1804 ============================================================
18:41:42.0062 1104 Detected object count: 1
18:41:42.0078 1104 Actual detected object count: 1
18:42:33.0562 1104 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:42:33.0562 1104 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#5 tcharleschapman

tcharleschapman
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 31 October 2012 - 07:59 PM

Junkware Removal Tool Log

Junkware Removal Tool (JRT) by Thisisu
Version: 2.3.5 (10.31.2012)
OS: Microsoft Windows XP x86
Ran by Tom Chapman on Sat 12/01/2012 at 18:40:32.18
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{25d8bacf-3de2-4b48-ae22-d659b8d835b0}



*** Files: 0 Detections



*** Folders: 0 Detections



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Sat 12/01/2012 at 18:58:37.79
End of Report

#6 tcharleschapman

tcharleschapman
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 31 October 2012 - 08:02 PM

ADW Cleaner Log

# AdwCleaner v2.006 - Logfile created 12/01/2012 at 18:59:35
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Tom Chapman - ME-2WU0FO8G9YQZ
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Tom Chapman\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\DOCUME~1\TOMCHA~1\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\Tom Chapman\Application Data\Mozilla\Firefox\Profiles\gis6ttzs.default\searchplugins\search.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Tom Chapman\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
Key Deleted : HKCU\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\P2P Networking
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{224530A0-C9CB-4AEE-9C0F-54AC1B533211}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.11

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Documents and Settings\Tom Chapman\Application Data\Mozilla\Firefox\Profiles\gis6ttzs.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Documents and Settings\Tom Chapman\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4322 octets] - [01/12/2012 18:53:16]
AdwCleaner[S1].txt - [3967 octets] - [01/12/2012 18:59:35]

########## EOF - C:\AdwCleaner[S1].txt - [4027 octets] ##########

That should be it for now.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:38 AM

Posted 02 November 2012 - 10:21 PM

Hello a hurricane came thru and knocked us off the web for a few days.. Hiow is it running now as there are a few things to clean up.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 tcharleschapman

tcharleschapman
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 03 November 2012 - 06:51 PM

Hi, sorry to hear that.

Still appears to be password stealing. Tried to sign into Facebook and it redirects to the sign-in page.

Thanks!

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:38 AM

Posted 03 November 2012 - 07:25 PM

Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the prompts in the Fix it wizard







Finally,I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 tcharleschapman

tcharleschapman
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 09 November 2012 - 07:26 PM

ESET Scan Results

C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-839522115-1935655697-1801674531-1004\Dc35.exe Win32/TopMedia.A application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-839522115-1935655697-1801674531-1004\Dc96.crdownload Win32/Adware.1ClickDownload.G application cleaned by deleting - quarantined
C:\WINDOWS\system32\bi2.exe Win32/TrojanDropper.Agent.OG trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\EGDHTML_1030.dll_tobedeleted Win32/TrojanDownloader.Wintrim.Y trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\ezSt3.exe a variant of Win32/Adware.Ezula application cleaned by deleting - quarantined
C:\WINDOWS\system32\ezStub3.dll a variant of Win32/Adware.Ezula application deleted - quarantined
C:\WINDOWS\system32\GrlNt01.dll a variant of Win32/Adware.F1Organizer application cleaned by deleting - quarantined
C:\WINDOWS\system32\GrlNt0i.dll a variant of Win32/Adware.F1Organizer application cleaned by deleting - quarantined
C:\WINDOWS\system32\Process.exe Win32/PrcView application cleaned by deleting - quarantined

#11 tcharleschapman

tcharleschapman
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 09 November 2012 - 07:28 PM

Ran the scan and whatever it fixed seems to have worked. Logging in to Facebook and Gmail worked without a redirect.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:38 AM

Posted 09 November 2012 - 10:17 PM

Hello, thats good news,possibly something from a torrent download.

Anyway a couple things to clean up.

Remove this,its outdated, HiJackThis (Version: 1.0.0)


Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.




Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u9-windows-i586.exe (or jre-7u9-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

Edited by boopme, 09 November 2012 - 10:18 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users