Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wifi kboard not workin fom welcome/ mouse works


  • Please log in to reply
18 replies to this topic

#1 paul rigshy

paul rigshy

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 07 January 2013 - 07:12 PM

hopin someone can help . typin on screen so goin 2 shortin up. been at this 4 2 days. pissin me off. iv tried many different apprchs.

1.batterys
2.takin apart ,check connects,hung keys
3.drivers, rollback,uninstall,*times
4.safemode[doestwork] works n setup n conole recovery
5.error code 41 whn install devic n drvrs
6.kybdclass.sys[looked ok 2 me]
7.ran mulple scans only p.u.p.s but some rootkit scans showin odd things and hidden ,lckd items that shouldnt b[usbstor,aptapi]

i now iv done more but tkis on screen kb is killin me. no other wired bord to try.please n thx


File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2145464320, free: 1593384960

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:54 AM

Posted 09 January 2013 - 11:15 PM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the boxes next to Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.


:step2:

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.


:step3:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.


:step4:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 paul rigshy

paul rigshy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 09 January 2013 - 11:21 PM

k, and thx so much in advance. let me switch to PC. o will post back asap.

#4 paul rigshy

paul rigshy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 10 January 2013 - 12:27 AM

here r those first logs.

23:54:47.0906 2256 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:54:48.0312 2256 ============================================================
23:54:48.0312 2256 Current date / time: 2013/01/09 23:54:48.0312
23:54:48.0312 2256 SystemInfo:
23:54:48.0312 2256
23:54:48.0312 2256 OS Version: 5.1.2600 ServicePack: 3.0
23:54:48.0312 2256 Product type: Workstation
23:54:48.0312 2256 ComputerName: USER-0DF0AB7DE6
23:54:48.0312 2256 UserName: Randy
23:54:48.0312 2256 Windows directory: C:\WINDOWS
23:54:48.0312 2256 System windows directory: C:\WINDOWS
23:54:48.0312 2256 Processor architecture: Intel x86
23:54:48.0312 2256 Number of processors: 2
23:54:48.0312 2256 Page size: 0x1000
23:54:48.0312 2256 Boot type: Normal boot
23:54:48.0312 2256 ============================================================
23:54:49.0468 2256 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:54:49.0484 2256 ============================================================
23:54:49.0484 2256 \Device\Harddisk0\DR0:
23:54:49.0484 2256 MBR partitions:
23:54:49.0484 2256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
23:54:49.0484 2256 ============================================================
23:54:49.0515 2256 C: <-> \Device\Harddisk0\DR0\Partition1
23:54:49.0625 2256 ============================================================
23:54:49.0625 2256 Initialize success
23:54:49.0625 2256 ============================================================
23:56:27.0312 2520 ============================================================
23:56:27.0312 2520 Scan started
23:56:27.0312 2520 Mode: Manual; SigCheck; TDLFS;
23:56:27.0312 2520 ============================================================
23:56:27.0468 2520 ================ Scan system memory ========================
23:56:27.0468 2520 System memory - ok
23:56:27.0468 2520 ================ Scan services =============================
23:56:27.0703 2520 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
23:56:28.0015 2520 6to4 - ok
23:56:28.0046 2520 Abiosdsk - ok
23:56:28.0062 2520 abp480n5 - ok
23:56:28.0093 2520 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:56:28.0234 2520 ACPI - ok
23:56:28.0281 2520 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:56:28.0437 2520 ACPIEC - ok
23:56:28.0531 2520 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:56:28.0562 2520 AdobeFlashPlayerUpdateSvc - ok
23:56:28.0562 2520 adpu160m - ok
23:56:28.0609 2520 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:56:28.0765 2520 aec - ok
23:56:28.0812 2520 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:56:28.0890 2520 AFD - ok
23:56:29.0031 2520 [ 91B76D91C781E9DD49D9D03A2AB3E8C3 ] AffinegyService C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
23:56:29.0062 2520 AffinegyService - ok
23:56:29.0125 2520 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] AFGSp50 C:\WINDOWS\system32\Drivers\AFGSp50.sys
23:56:29.0140 2520 AFGSp50 - ok
23:56:29.0156 2520 Aha154x - ok
23:56:29.0156 2520 aic78u2 - ok
23:56:29.0171 2520 aic78xx - ok
23:56:29.0234 2520 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:56:29.0390 2520 Alerter - ok
23:56:29.0406 2520 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:56:29.0500 2520 ALG - ok
23:56:29.0515 2520 AliIde - ok
23:56:29.0515 2520 amsint - ok
23:56:29.0640 2520 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:56:29.0656 2520 Apple Mobile Device - ok
23:56:29.0703 2520 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:56:29.0765 2520 AppMgmt - ok
23:56:29.0781 2520 asc - ok
23:56:29.0781 2520 asc3350p - ok
23:56:29.0796 2520 asc3550 - ok
23:56:29.0937 2520 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:56:30.0062 2520 aspnet_state - ok
23:56:30.0125 2520 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:56:30.0265 2520 AsyncMac - ok
23:56:30.0296 2520 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:56:30.0437 2520 atapi - ok
23:56:30.0453 2520 Atdisk - ok
23:56:30.0515 2520 [ 4DEAA162480367B232F3EE3A6D34084B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
23:56:30.0625 2520 Ati HotKey Poller - ok
23:56:30.0703 2520 [ 3483E6D18B811229A337FF1D105270D9 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
23:56:30.0734 2520 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
23:56:30.0734 2520 ATI Smart - detected UnsignedFile.Multi.Generic (1)
23:56:30.0812 2520 [ F0D0B0CDEC0BE32D775F404CAC2604BF ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:56:30.0859 2520 ati2mtag - ok
23:56:30.0890 2520 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:56:31.0046 2520 Atmarpc - ok
23:56:31.0078 2520 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:56:31.0218 2520 AudioSrv - ok
23:56:31.0281 2520 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:56:31.0421 2520 audstub - ok
23:56:31.0515 2520 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
23:56:31.0546 2520 BBSvc - ok
23:56:31.0578 2520 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
23:56:31.0609 2520 BBUpdate - ok
23:56:31.0671 2520 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:56:31.0812 2520 Beep - ok
23:56:31.0890 2520 [ DEFCE42FE9EED1A0DC4A28FDDFF603C9 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
23:56:31.0906 2520 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - warning
23:56:31.0906 2520 Belkin Local Backup Service - detected UnsignedFile.Multi.Generic (1)
23:56:31.0937 2520 [ E23AF2900A4E3CA7FF22F1C80A013305 ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
23:56:31.0937 2520 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - warning
23:56:31.0937 2520 Belkin Network USB Helper - detected UnsignedFile.Multi.Generic (1)
23:56:32.0000 2520 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:56:32.0531 2520 BITS - ok
23:56:32.0609 2520 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:56:32.0625 2520 Bonjour Service - ok
23:56:32.0703 2520 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:56:32.0781 2520 Browser - ok
23:56:32.0796 2520 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:56:32.0968 2520 cbidf2k - ok
23:56:33.0078 2520 [ 20F89E232173985A455BC9A5F70D1166 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
23:56:33.0109 2520 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
23:56:33.0109 2520 CCALib8 - detected UnsignedFile.Multi.Generic (1)
23:56:33.0109 2520 cd20xrnt - ok
23:56:33.0171 2520 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:56:33.0328 2520 Cdaudio - ok
23:56:33.0343 2520 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:56:33.0500 2520 Cdfs - ok
23:56:33.0546 2520 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:56:33.0718 2520 Cdrom - ok
23:56:33.0765 2520 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
23:56:33.0781 2520 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
23:56:33.0781 2520 cercsr6 - detected UnsignedFile.Multi.Generic (1)
23:56:33.0968 2520 [ BE1F516898DEC9819369CC95B168DEEA ] CESR C:\DOCUME~1\paul\LOCALS~1\Temp\CESR.exe
23:56:34.0046 2520 CESR ( UnsignedFile.Multi.Generic ) - warning
23:56:34.0046 2520 CESR - detected UnsignedFile.Multi.Generic (1)
23:56:34.0109 2520 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:56:34.0250 2520 CiSvc - ok
23:56:34.0281 2520 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:56:34.0453 2520 ClipSrv - ok
23:56:34.0546 2520 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:56:34.0625 2520 clr_optimization_v2.0.50727_32 - ok
23:56:34.0687 2520 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:56:34.0984 2520 clr_optimization_v4.0.30319_32 - ok
23:56:35.0000 2520 CmdIde - ok
23:56:35.0031 2520 COMSysApp - ok
23:56:35.0046 2520 Cpqarray - ok
23:56:35.0093 2520 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:56:35.0234 2520 CryptSvc - ok
23:56:35.0250 2520 dac2w2k - ok
23:56:35.0250 2520 dac960nt - ok
23:56:35.0312 2520 [ 1BF671EE0D320A85520F60D87B674BED ] Dbgv C:\WINDOWS\system32\Drivers\Dbgv.sys
23:56:35.0359 2520 Dbgv ( UnsignedFile.Multi.Generic ) - warning
23:56:35.0359 2520 Dbgv - detected UnsignedFile.Multi.Generic (1)
23:56:35.0406 2520 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:56:35.0468 2520 DcomLaunch - ok
23:56:35.0578 2520 [ 59D90B6A7FBC4CC712DD7C5868618480 ] DeviceMonitorService C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
23:56:35.0609 2520 DeviceMonitorService - ok
23:56:35.0656 2520 [ 6CC6C4B9D7B906A151AA094CA087B9F0 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
23:56:35.0718 2520 dg_ssudbus - ok
23:56:35.0781 2520 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:56:35.0937 2520 Dhcp - ok
23:56:35.0968 2520 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:56:36.0109 2520 Disk - ok
23:56:36.0125 2520 dmadmin - ok
23:56:36.0171 2520 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:56:36.0375 2520 dmboot - ok
23:56:36.0390 2520 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:56:36.0546 2520 dmio - ok
23:56:36.0593 2520 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:56:36.0734 2520 dmload - ok
23:56:36.0796 2520 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:56:36.0968 2520 dmserver - ok
23:56:36.0984 2520 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:56:37.0125 2520 DMusic - ok
23:56:37.0187 2520 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:56:37.0343 2520 Dnscache - ok
23:56:37.0359 2520 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:56:37.0515 2520 Dot3svc - ok
23:56:37.0515 2520 dpti2o - ok
23:56:37.0546 2520 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:56:37.0703 2520 drmkaud - ok
23:56:37.0781 2520 [ D57A8FC800B501AC05B10D00F66D127A ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:56:37.0796 2520 E100B - ok
23:56:37.0875 2520 [ FDB237AD1A4DF9A67AB1A345D66B2BF3 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
23:56:37.0890 2520 eamon - ok
23:56:37.0921 2520 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:56:38.0093 2520 EapHost - ok
23:56:38.0140 2520 [ 65FA62F80E3D2A6646B44811947904AF ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
23:56:38.0156 2520 ehdrv - ok
23:56:38.0312 2520 [ 52F63774A1866258BF64488A75CA1757 ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
23:56:38.0359 2520 ekrn - ok
23:56:38.0421 2520 [ 87C004FE66F62D2609E273D23E5C8AC5 ] epfw C:\WINDOWS\system32\DRIVERS\epfw.sys
23:56:38.0437 2520 epfw - ok
23:56:38.0468 2520 [ EDAC14B606259B441CF096612A87F261 ] Epfwndis C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
23:56:38.0500 2520 Epfwndis - ok
23:56:38.0531 2520 [ 232D022088F8EAFAFA6A972E5CC65643 ] epfwtdi C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
23:56:38.0546 2520 epfwtdi - ok
23:56:38.0609 2520 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:56:38.0750 2520 ERSvc - ok
23:56:38.0828 2520 [ 1844809A7A1893A6DB7473223D74D0F8 ] EULMQTNB C:\DOCUME~1\paul\LOCALS~1\Temp\EULMQTNB.exe
23:56:38.0843 2520 EULMQTNB ( UnsignedFile.Multi.Generic ) - warning
23:56:38.0843 2520 EULMQTNB - detected UnsignedFile.Multi.Generic (1)
23:56:38.0906 2520 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:56:38.0937 2520 Eventlog - ok
23:56:39.0015 2520 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:56:39.0109 2520 EventSystem - ok
23:56:39.0171 2520 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:56:39.0343 2520 Fastfat - ok
23:56:39.0406 2520 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:56:39.0468 2520 FastUserSwitchingCompatibility - ok
23:56:39.0546 2520 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
23:56:39.0703 2520 Fax - ok
23:56:39.0734 2520 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
23:56:39.0875 2520 Fdc - ok
23:56:39.0921 2520 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:56:40.0078 2520 Fips - ok
23:56:40.0109 2520 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:56:40.0281 2520 Flpydisk - ok
23:56:40.0328 2520 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:56:40.0468 2520 FltMgr - ok
23:56:40.0593 2520 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:56:40.0609 2520 FontCache3.0.0.0 - ok
23:56:40.0625 2520 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:56:40.0765 2520 Fs_Rec - ok
23:56:40.0812 2520 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:56:40.0968 2520 Ftdisk - ok
23:56:41.0000 2520 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:56:41.0015 2520 GEARAspiWDM - ok
23:56:41.0062 2520 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:56:41.0218 2520 Gpc - ok
23:56:41.0234 2520 [ 04F76BC3AFF4DD42A0FF860C8E70ACC8 ] gtfjzvjf C:\WINDOWS\system32\Drivers\gtfjzvjf.sys
23:56:41.0250 2520 gtfjzvjf - ok
23:56:41.0421 2520 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9b1a4a9d200f8 C:\Program Files\Google\Update\GoogleUpdate.exe
23:56:41.0437 2520 gupdate1c9b1a4a9d200f8 - ok
23:56:41.0453 2520 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:56:41.0468 2520 gupdatem - ok
23:56:41.0500 2520 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:56:41.0515 2520 gusvc - ok
23:56:41.0609 2520 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:56:41.0750 2520 helpsvc - ok
23:56:41.0812 2520 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
23:56:41.0968 2520 HidServ - ok
23:56:42.0000 2520 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:56:42.0140 2520 HidUsb - ok
23:56:42.0203 2520 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:56:42.0375 2520 hkmsvc - ok
23:56:42.0375 2520 hpn - ok
23:56:42.0421 2520 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:56:42.0515 2520 HPZid412 - ok
23:56:42.0531 2520 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:56:42.0609 2520 HPZipr12 - ok
23:56:42.0625 2520 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:56:42.0703 2520 HPZius12 - ok
23:56:42.0765 2520 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:56:42.0875 2520 HTTP - ok
23:56:42.0921 2520 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:56:43.0093 2520 HTTPFilter - ok
23:56:43.0109 2520 i2omp - ok
23:56:43.0156 2520 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:56:43.0296 2520 i8042prt - ok
23:56:43.0406 2520 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:56:43.0468 2520 idsvc - ok
23:56:43.0562 2520 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe
23:56:43.0640 2520 IISADMIN - ok
23:56:43.0687 2520 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:56:43.0843 2520 Imapi - ok
23:56:43.0906 2520 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:56:44.0046 2520 ImapiService - ok
23:56:44.0062 2520 ini910u - ok
23:56:44.0140 2520 [ FCAB28FFD3A8964581E16455EFAF81C8 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys
23:56:44.0187 2520 IntelC51 ( UnsignedFile.Multi.Generic ) - warning
23:56:44.0187 2520 IntelC51 - detected UnsignedFile.Multi.Generic (1)
23:56:44.0281 2520 [ A288E7E3A6255255B9066686D860FBC5 ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys
23:56:44.0312 2520 IntelC52 ( UnsignedFile.Multi.Generic ) - warning
23:56:44.0312 2520 IntelC52 - detected UnsignedFile.Multi.Generic (1)
23:56:44.0328 2520 [ D5E5A1ABF6BDBA7CA49941A044F04598 ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys
23:56:44.0343 2520 IntelC53 ( UnsignedFile.Multi.Generic ) - warning
23:56:44.0343 2520 IntelC53 - detected UnsignedFile.Multi.Generic (1)
23:56:44.0375 2520 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
23:56:44.0531 2520 IntelIde - ok
23:56:44.0562 2520 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:56:44.0687 2520 intelppm - ok
23:56:44.0703 2520 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:56:44.0859 2520 Ip6Fw - ok
23:56:44.0875 2520 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:56:45.0046 2520 IpFilterDriver - ok
23:56:45.0078 2520 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:56:45.0250 2520 IpInIp - ok
23:56:45.0281 2520 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:56:45.0421 2520 IpNat - ok
23:56:45.0515 2520 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:56:45.0593 2520 iPod Service - ok
23:56:45.0640 2520 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:56:45.0781 2520 IPSec - ok
23:56:45.0843 2520 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:56:45.0906 2520 IRENUM - ok
23:56:45.0937 2520 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:56:46.0109 2520 isapnp - ok
23:56:46.0296 2520 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
23:56:46.0328 2520 JavaQuickStarterService - ok
23:56:46.0375 2520 [ 326C9934B94DEAB560C339B7E15EF8DD ] JSKRSP C:\DOCUME~1\paul\LOCALS~1\Temp\JSKRSP.exe
23:56:46.0453 2520 JSKRSP ( UnsignedFile.Multi.Generic ) - warning
23:56:46.0453 2520 JSKRSP - detected UnsignedFile.Multi.Generic (1)
23:56:46.0468 2520 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:56:46.0609 2520 Kbdclass - ok
23:56:46.0640 2520 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:56:46.0781 2520 kbdhid - ok
23:56:46.0812 2520 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:56:46.0968 2520 kmixer - ok
23:56:47.0000 2520 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:56:47.0125 2520 KSecDD - ok
23:56:47.0156 2520 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:56:47.0218 2520 lanmanserver - ok
23:56:47.0265 2520 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:56:47.0375 2520 lanmanworkstation - ok
23:56:47.0421 2520 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:56:47.0562 2520 LmHosts - ok
23:56:47.0625 2520 [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
23:56:47.0781 2520 LPDSVC - ok
23:56:47.0875 2520 [ D1D8CFBEF7C608B2D40D0E0E9FBC8E52 ] lxdmCATSCustConnectService C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdmserv.exe
23:56:47.0890 2520 lxdmCATSCustConnectService - ok
23:56:47.0937 2520 lxdm_device - ok
23:56:47.0984 2520 [ F850A6521951414F3504667ACCEBBC46 ] massfilter_hs C:\WINDOWS\system32\drivers\massfilter_hs.sys
23:56:48.0015 2520 massfilter_hs - ok
23:56:48.0078 2520 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:56:48.0234 2520 Messenger - ok
23:56:48.0296 2520 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:56:48.0453 2520 mnmdd - ok
23:56:48.0500 2520 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:56:48.0656 2520 mnmsrvc - ok
23:56:48.0687 2520 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:56:48.0828 2520 Modem - ok
23:56:48.0875 2520 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
23:56:49.0015 2520 MODEMCSA - ok
23:56:49.0046 2520 [ C6A08C4F34B3048A73BBB2951150F98D ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys
23:56:49.0062 2520 mohfilt ( UnsignedFile.Multi.Generic ) - warning
23:56:49.0062 2520 mohfilt - detected UnsignedFile.Multi.Generic (1)
23:56:49.0203 2520 [ 11AAA0083D30F4677AD2B218EE7F5CE9 ] Motorola Device Manager C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
23:56:49.0218 2520 Motorola Device Manager - ok
23:56:49.0234 2520 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:56:49.0390 2520 Mouclass - ok
23:56:49.0453 2520 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:56:49.0578 2520 mouhid - ok
23:56:49.0609 2520 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:56:49.0750 2520 MountMgr - ok
23:56:49.0750 2520 mraid35x - ok
23:56:49.0765 2520 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:56:49.0906 2520 MRxDAV - ok
23:56:49.0953 2520 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:56:50.0031 2520 MRxSmb - ok
23:56:50.0093 2520 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:56:50.0234 2520 MSDTC - ok
23:56:50.0250 2520 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:56:50.0406 2520 Msfs - ok
23:56:50.0437 2520 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] MSFtpsvc C:\WINDOWS\system32\inetsrv\inetinfo.exe
23:56:50.0500 2520 MSFtpsvc - ok
23:56:50.0500 2520 MSIServer - ok
23:56:50.0562 2520 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:56:50.0718 2520 MSKSSRV - ok
23:56:50.0750 2520 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:56:50.0875 2520 MSPCLOCK - ok
23:56:50.0921 2520 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:56:51.0078 2520 MSPQM - ok
23:56:51.0109 2520 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:56:51.0250 2520 mssmbios - ok
23:56:51.0296 2520 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:56:51.0343 2520 Mup - ok
23:56:51.0375 2520 [ 63D074073D5FDA93163517C2A8F2BA5A ] MxlW2k C:\WINDOWS\system32\drivers\MxlW2k.sys
23:56:51.0390 2520 MxlW2k ( UnsignedFile.Multi.Generic ) - warning
23:56:51.0390 2520 MxlW2k - detected UnsignedFile.Multi.Generic (1)
23:56:51.0437 2520 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:56:51.0578 2520 napagent - ok
23:56:51.0609 2520 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:56:51.0734 2520 NDIS - ok
23:56:51.0781 2520 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:56:51.0843 2520 NdisTapi - ok
23:56:51.0875 2520 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:56:52.0015 2520 Ndisuio - ok
23:56:52.0031 2520 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:56:52.0171 2520 NdisWan - ok
23:56:52.0203 2520 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:56:52.0281 2520 NDProxy - ok
23:56:52.0312 2520 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:56:52.0468 2520 NetBIOS - ok
23:56:52.0484 2520 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:56:52.0625 2520 NetBT - ok
23:56:52.0656 2520 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:56:52.0812 2520 NetDDE - ok
23:56:52.0812 2520 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:56:52.0953 2520 NetDDEdsdm - ok
23:56:52.0984 2520 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:56:53.0125 2520 Netlogon - ok
23:56:53.0171 2520 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:56:53.0312 2520 Netman - ok
23:56:53.0343 2520 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:56:53.0406 2520 NetTcpPortSharing - ok
23:56:53.0437 2520 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:56:53.0484 2520 Nla - ok
23:56:53.0515 2520 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:56:53.0671 2520 Npfs - ok
23:56:53.0718 2520 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:56:53.0906 2520 Ntfs - ok
23:56:53.0921 2520 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:56:54.0062 2520 NtLmSsp - ok
23:56:54.0109 2520 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:56:54.0281 2520 NtmsSvc - ok
23:56:54.0296 2520 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:56:54.0437 2520 Null - ok
23:56:54.0484 2520 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:56:54.0640 2520 NwlnkFlt - ok
23:56:54.0671 2520 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:56:54.0843 2520 NwlnkFwd - ok
23:56:54.0906 2520 ODHH - ok
23:56:54.0953 2520 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
23:56:54.0953 2520 OMCI ( UnsignedFile.Multi.Generic ) - warning
23:56:54.0953 2520 OMCI - detected UnsignedFile.Multi.Generic (1)
23:56:55.0000 2520 [ 7F1E6BE9DAE420BB4B8A10B1A3B974BA ] OVPMWV C:\DOCUME~1\paul\LOCALS~1\Temp\OVPMWV.exe
23:56:55.0109 2520 OVPMWV ( UnsignedFile.Multi.Generic ) - warning
23:56:55.0109 2520 OVPMWV - detected UnsignedFile.Multi.Generic (1)
23:56:55.0156 2520 [ 403D451531D023E1D6275D3939F5F631 ] OVTBJQB C:\DOCUME~1\paul\LOCALS~1\Temp\OVTBJQB.exe
23:56:55.0203 2520 OVTBJQB ( UnsignedFile.Multi.Generic ) - warning
23:56:55.0203 2520 OVTBJQB - detected UnsignedFile.Multi.Generic (1)
23:56:55.0234 2520 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:56:55.0375 2520 Parport - ok
23:56:55.0406 2520 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:56:55.0546 2520 PartMgr - ok
23:56:55.0609 2520 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:56:55.0750 2520 ParVdm - ok
23:56:55.0828 2520 PASPSO - ok
23:56:55.0859 2520 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:56:56.0000 2520 PCI - ok
23:56:56.0046 2520 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:56:56.0187 2520 PCIIde - ok
23:56:56.0250 2520 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:56:56.0421 2520 Pcmcia - ok
23:56:56.0421 2520 perc2 - ok
23:56:56.0437 2520 perc2hib - ok
23:56:56.0468 2520 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:56:56.0500 2520 PlugPlay - ok
23:56:56.0515 2520 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:56:56.0640 2520 PolicyAgent - ok
23:56:56.0796 2520 PORTMON - ok
23:56:56.0812 2520 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:56:56.0968 2520 PptpMiniport - ok
23:56:56.0984 2520 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:56:57.0109 2520 ProtectedStorage - ok
23:56:57.0125 2520 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:56:57.0265 2520 PSched - ok
23:56:57.0312 2520 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
23:56:57.0343 2520 PSI_SVC_2 - ok
23:56:57.0390 2520 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:56:57.0546 2520 Ptilink - ok
23:56:57.0546 2520 ql1080 - ok
23:56:57.0562 2520 Ql10wnt - ok
23:56:57.0562 2520 ql12160 - ok
23:56:57.0578 2520 ql1240 - ok
23:56:57.0578 2520 ql1280 - ok
23:56:57.0609 2520 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:56:57.0734 2520 RasAcd - ok
23:56:57.0812 2520 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:56:57.0968 2520 RasAuto - ok
23:56:57.0968 2520 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:56:58.0125 2520 Rasl2tp - ok
23:56:58.0171 2520 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:56:58.0312 2520 RasMan - ok
23:56:58.0328 2520 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:56:58.0468 2520 RasPppoe - ok
23:56:58.0500 2520 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:56:58.0625 2520 Raspti - ok
23:56:58.0656 2520 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:56:58.0781 2520 Rdbss - ok
23:56:58.0828 2520 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:56:58.0968 2520 RDPCDD - ok
23:56:58.0984 2520 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:56:59.0125 2520 rdpdr - ok
23:56:59.0171 2520 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:56:59.0281 2520 RDPWD - ok
23:56:59.0343 2520 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:56:59.0484 2520 RDSessMgr - ok
23:56:59.0546 2520 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
23:56:59.0578 2520 RealNetworks Downloader Resolver Service - ok
23:56:59.0593 2520 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:56:59.0734 2520 redbook - ok
23:56:59.0781 2520 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:56:59.0937 2520 RemoteAccess - ok
23:56:59.0968 2520 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:57:00.0109 2520 RemoteRegistry - ok
23:57:00.0109 2520 RO - ok
23:57:00.0156 2520 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
23:57:00.0296 2520 RpcLocator - ok
23:57:00.0343 2520 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:57:00.0390 2520 RpcSs - ok
23:57:00.0453 2520 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:57:00.0593 2520 RSVP - ok
23:57:00.0609 2520 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:57:00.0734 2520 SamSs - ok
23:57:00.0781 2520 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:57:00.0921 2520 SCardSvr - ok
23:57:00.0968 2520 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:57:01.0109 2520 Schedule - ok
23:57:01.0156 2520 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:57:01.0250 2520 Secdrv - ok
23:57:01.0281 2520 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:57:01.0421 2520 seclogon - ok
23:57:01.0515 2520 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
23:57:01.0593 2520 senfilt - ok
23:57:01.0656 2520 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:57:01.0781 2520 SENS - ok
23:57:01.0812 2520 [ 227DF2E68510D25462EE80136722374E ] ser2plms C:\WINDOWS\system32\DRIVERS\ser2plms.sys
23:57:01.0890 2520 ser2plms - ok
23:57:01.0937 2520 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:57:02.0062 2520 serenum - ok
23:57:02.0093 2520 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:57:02.0234 2520 Serial - ok
23:57:02.0281 2520 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:57:02.0421 2520 Sfloppy - ok
23:57:02.0468 2520 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:57:02.0609 2520 SharedAccess - ok
23:57:02.0640 2520 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:57:02.0656 2520 ShellHWDetection - ok
23:57:02.0671 2520 Simbad - ok
23:57:02.0687 2520 [ 32933B07FC16D9F778BEE12545FA1B1A ] SimpTcp C:\WINDOWS\system32\tcpsvcs.exe
23:57:02.0828 2520 SimpTcp - ok
23:57:02.0875 2520 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] SMTPSVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
23:57:02.0937 2520 SMTPSVC - ok
23:57:03.0000 2520 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
23:57:03.0046 2520 smwdm - ok
23:57:03.0078 2520 [ 60C377BE6B3CC83F6A8584934B181D2E ] SNMP C:\WINDOWS\System32\snmp.exe
23:57:03.0218 2520 SNMP - ok
23:57:03.0265 2520 [ 80A050795A107A76C2B1CD4CFBE010E6 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
23:57:03.0421 2520 SNMPTRAP - ok
23:57:03.0421 2520 Sparrow - ok
23:57:03.0453 2520 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:57:03.0593 2520 splitter - ok
23:57:03.0640 2520 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:57:03.0703 2520 Spooler - ok
23:57:03.0750 2520 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:57:03.0828 2520 sr - ok
23:57:03.0875 2520 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:57:03.0953 2520 srservice - ok
23:57:04.0000 2520 [ 58CA0690268B85EBA331ABAAA577239E ] SRS_AE_Service C:\WINDOWS\system32\drivers\SRS_AE_i386.sys
23:57:04.0031 2520 SRS_AE_Service - ok
23:57:04.0093 2520 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:57:04.0171 2520 Srv - ok
23:57:04.0218 2520 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:57:04.0296 2520 SSDPSRV - ok
23:57:04.0343 2520 [ 359FEE084F1173FFFFD7F9CCBD43D47F ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
23:57:04.0375 2520 ssudmdm - ok
23:57:04.0421 2520 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:57:04.0578 2520 stisvc - ok
23:57:04.0609 2520 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:57:04.0734 2520 swenum - ok
23:57:04.0796 2520 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:57:04.0953 2520 swmidi - ok
23:57:04.0968 2520 SwPrv - ok
23:57:05.0015 2520 [ C8A43978DADCF12B7E40A0577227DFBC ] sxuptp C:\WINDOWS\system32\DRIVERS\sxuptp.sys
23:57:05.0031 2520 sxuptp - ok
23:57:05.0046 2520 symc810 - ok
23:57:05.0046 2520 symc8xx - ok
23:57:05.0062 2520 sym_hi - ok
23:57:05.0078 2520 sym_u3 - ok
23:57:05.0093 2520 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:57:05.0218 2520 sysaudio - ok
23:57:05.0265 2520 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:57:05.0437 2520 SysmonLog - ok
23:57:05.0468 2520 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:57:05.0593 2520 TapiSrv - ok
23:57:05.0640 2520 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:57:05.0687 2520 Tcpip - ok
23:57:05.0734 2520 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
23:57:05.0765 2520 Tcpip6 - ok
23:57:05.0812 2520 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:57:05.0968 2520 TDPIPE - ok
23:57:06.0000 2520 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:57:06.0156 2520 TDTCP - ok
23:57:06.0187 2520 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:57:06.0312 2520 TermDD - ok
23:57:06.0359 2520 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:57:06.0500 2520 TermService - ok
23:57:06.0515 2520 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:57:06.0531 2520 Themes - ok
23:57:06.0578 2520 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:57:06.0671 2520 TlntSvr - ok
23:57:06.0687 2520 TosIde - ok
23:57:06.0718 2520 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:57:06.0859 2520 TrkWks - ok
23:57:06.0890 2520 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
23:57:07.0046 2520 tunmp - ok
23:57:07.0093 2520 [ BE1EC15E573179919C8417A694FB4F77 ] UCAF C:\DOCUME~1\paul\LOCALS~1\Temp\UCAF.exe
23:57:07.0156 2520 UCAF ( UnsignedFile.Multi.Generic ) - warning
23:57:07.0156 2520 UCAF - detected UnsignedFile.Multi.Generic (1)
23:57:07.0171 2520 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:57:07.0296 2520 Udfs - ok
23:57:07.0328 2520 ultra - ok
23:57:07.0359 2520 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:57:07.0500 2520 Update - ok
23:57:07.0546 2520 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:57:07.0640 2520 upnphost - ok
23:57:07.0671 2520 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:57:07.0843 2520 UPS - ok
23:57:07.0875 2520 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
23:57:07.0953 2520 USBAAPL - ok
23:57:07.0984 2520 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:57:08.0125 2520 usbccgp - ok
23:57:08.0171 2520 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:57:08.0296 2520 usbehci - ok
23:57:08.0328 2520 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:57:08.0468 2520 usbhub - ok
23:57:08.0500 2520 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:57:08.0640 2520 usbprint - ok
23:57:08.0671 2520 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:57:08.0796 2520 usbscan - ok
23:57:08.0843 2520 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:57:08.0968 2520 USBSTOR - ok
23:57:09.0015 2520 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:57:09.0140 2520 usbuhci - ok
23:57:09.0171 2520 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
23:57:09.0328 2520 usb_rndisx - ok
23:57:09.0359 2520 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:57:09.0500 2520 VgaSave - ok
23:57:09.0500 2520 ViaIde - ok
23:57:09.0531 2520 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:57:09.0671 2520 VolSnap - ok
23:57:09.0734 2520 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:57:09.0828 2520 VSS - ok
23:57:09.0843 2520 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:57:09.0984 2520 W32Time - ok
23:57:10.0000 2520 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] W3SVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
23:57:10.0078 2520 W3SVC - ok
23:57:10.0109 2520 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:57:10.0250 2520 Wanarp - ok
23:57:10.0296 2520 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
23:57:10.0328 2520 Wdf01000 - ok
23:57:10.0390 2520 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:57:10.0515 2520 wdmaud - ok
23:57:10.0562 2520 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:57:10.0703 2520 WebClient - ok
23:57:10.0796 2520 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:57:10.0937 2520 winmgmt - ok
23:57:11.0000 2520 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
23:57:11.0218 2520 WinRM - ok
23:57:11.0296 2520 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
23:57:11.0328 2520 WinUSB - ok
23:57:11.0343 2520 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\windows\system32\MsPMSNSv.dll
23:57:11.0421 2520 WmdmPmSN - ok
23:57:11.0484 2520 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:57:11.0578 2520 Wmi - ok
23:57:11.0625 2520 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:57:11.0781 2520 WmiApSrv - ok
23:57:11.0875 2520 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:57:11.0937 2520 WMPNetworkSvc - ok
23:57:11.0984 2520 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:57:12.0000 2520 WpdUsb - ok
23:57:12.0093 2520 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:57:12.0140 2520 WPFFontCache_v0400 - ok
23:57:12.0187 2520 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:57:12.0328 2520 WS2IFSL - ok
23:57:12.0359 2520 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:57:12.0500 2520 wscsvc - ok
23:57:12.0500 2520 WSearch - ok
23:57:12.0531 2520 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:57:12.0671 2520 wuauserv - ok
23:57:12.0734 2520 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:57:12.0812 2520 WudfPf - ok
23:57:12.0843 2520 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:57:12.0875 2520 WudfRd - ok
23:57:12.0906 2520 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:57:13.0000 2520 WudfSvc - ok
23:57:13.0078 2520 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:57:13.0218 2520 WZCSVC - ok
23:57:13.0265 2520 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:57:13.0453 2520 xmlprov - ok
23:57:13.0515 2520 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:57:13.0562 2520 YahooAUService - ok
23:57:13.0562 2520 ================ Scan global ===============================
23:57:13.0640 2520 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:57:13.0671 2520 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:57:13.0687 2520 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:57:13.0703 2520 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:57:13.0718 2520 [Global] - ok
23:57:13.0718 2520 ================ Scan MBR ==================================
23:57:13.0734 2520 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:57:14.0015 2520 \Device\Harddisk0\DR0 - ok
23:57:14.0015 2520 ================ Scan VBR ==================================
23:57:14.0015 2520 [ 4685D5547AD2683C11EE296DFFF05D5C ] \Device\Harddisk0\DR0\Partition1
23:57:14.0015 2520 \Device\Harddisk0\DR0\Partition1 - ok
23:57:14.0015 2520 ============================================================
23:57:14.0015 2520 Scan finished
23:57:14.0015 2520 ============================================================
23:57:14.0125 3584 Detected object count: 18
23:57:14.0125 3584 Actual detected object count: 18
23:58:56.0687 3584 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
23:58:56.0687 3584 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:58:56.0687 3584 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:58:56.0687 3584 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:58:56.0687 3584 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - skipped by user
23:58:56.0687 3584 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:58:56.0687 3584 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
23:58:56.0687 3584 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:58:56.0703 3584 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
23:58:56.0703 3584 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:58:56.0703 3584 CESR ( UnsignedFile.Multi.Generic ) - skipped by user
23:58:56.0703 3584 CESR ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:58:56.0703 3584 Dbgv ( UnsignedFile.Multi.Generic ) - skipped by user
23:58:56.0703 3584 Dbgv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:58:56.0703 3584 EULMQTNB ( UnsignedFile.Multi.Generic ) - skipped by user
23:58:56.0703 3584 EULMQTNB ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:58:56.0703 3584 IntelC51 ( UnsignedFile.Multi.Generic ) - skipped by user
23:58:56.0703 3584 IntelC51 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:58:56.0703 3584 IntelC52 ( UnsignedFile.Multi.Generic ) - skipped by user
23:58:56.0703 3584 IntelC52 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:58:56.0703 3584 IntelC53 ( UnsignedFile.Multi.Generic ) - skipped by user
23:58:56.0718 3584 IntelC53 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:58:56.0718 3584 JSKRSP ( UnsignedFile.Multi.Generic ) - skipped by user
23:58:56.0718 3584 JSKRSP ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:58:56.0718 3584 mohfilt ( UnsignedFile.Multi.Generic ) - skipped by user
23:58:56.0718 3584 mohfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:58:56.0718 3584 MxlW2k ( UnsignedFile.Multi.Generic ) - skipped by user
23:58:56.0718 3584 MxlW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:58:56.0718 3584 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user
23:58:56.0718 3584 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:58:56.0718 3584 OVPMWV ( UnsignedFile.Multi.Generic ) - skipped by user
23:58:56.0718 3584 OVPMWV ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:58:56.0718 3584 OVTBJQB ( UnsignedFile.Multi.Generic ) - skipped by user
23:58:56.0734 3584 OVTBJQB ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:58:56.0734 3584 UCAF ( UnsignedFile.Multi.Generic ) - skipped by user
23:58:56.0734 3584 UCAF ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:01:38.0406 2948 Deinitialize success

# AdwCleaner v2.105 - Logfile created 01/10/2013 at 00:10:19
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Randy - USER-0DF0AB7DE6
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Randy\My Documents\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\3sy9i2fd.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Cindy\Application Data\Mozilla\Firefox\Profiles\191w6fnd.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Family&Friends\Application Data\Mozilla\Firefox\Profiles\sn3s6bbv.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\LESLIE RIGSBY\Application Data\Mozilla\Firefox\Profiles\k4bud39f.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e7i4cgzc.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Cindy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\LESLIE RIGSBY\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\paul\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [3380 octets] - [10/01/2013 00:10:19]
AdwCleaner[S8].txt - [1480 octets] - [09/01/2013 09:51:49]

########## EOF - C:\AdwCleaner[R2].txt - [3500 octets] ##########

Farbar Service Scanner Version: 05-01-2013
Ran by Randy (administrator) on 10-01-2013 at 00:14:35
Running from "C:\Documents and Settings\Randy\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Epfwndis(15) epfwtdi(17) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) Tcpip6(11)
0x1100000005000000010000000200000003000000040000000B00000011000000100000000E0000000C000000060000000700000008000000090000000A0000000D0000000F000000
IpSec Tag value is correct.

**** End of log ****

MiniToolBox by Farbar Version:08-01-2013
Ran by Randy (administrator) on 10-01-2013 at 00:16:27
Running from "C:\Documents and Settings\Randy\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : user-0df0ab7de6

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Belkin



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : Belkin

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-30-1E-1E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.6

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : 2601:0:6680:a:8d7d:596:8ab0:666e

IP Address. . . . . . . . . . . . : 2601:0:6680:a:213:20ff:fe30:1e1e

IP Address. . . . . . . . . . . . : fe80::213:20ff:fe30:1e1e%5

Default Gateway . . . . . . . . . : 192.168.2.1

fe80::a86:3bff:fe64:db9e%5

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Lease Obtained. . . . . . . . . . : Thursday, January 10, 2013 12:14:04 AM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%4

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . : Belkin

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-02-06

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.2.6%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: router.Belkin
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.140.100, 74.125.140.102, 74.125.140.113, 74.125.140.138
74.125.140.101, 74.125.140.139



Pinging google.com [2607:f8b0:4002:c03::66] with 32 bytes of data:



Reply from 2607:f8b0:4002:c03::66: time=22ms

Reply from 2607:f8b0:4002:c03::66: time=21ms



Ping statistics for 2607:f8b0:4002:c03::66:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 21ms, Maximum = 22ms, Average = 21ms

Server: router.Belkin
Address: 192.168.2.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=112ms TTL=49

Reply from 98.138.253.109: bytes=32 time=64ms TTL=49



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 64ms, Maximum = 112ms, Average = 88ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 13 20 30 1e 1e ...... Intel® PRO/100 VE Network Connection - Eset Personal Firewall Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.6 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.2.6 192.168.2.6 20
192.168.2.0 255.255.255.0 192.168.2.6 192.168.2.6 20
192.168.2.6 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.6 192.168.2.6 20
224.0.0.0 240.0.0.0 192.168.2.6 192.168.2.6 20
255.255.255.255 255.255.255.255 192.168.2.6 192.168.2.6 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/09/2013 07:59:24 PM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1716.5060kb27425971033643finstallx865.1.2600.2.3.0.2560

Error: (01/09/2013 07:59:23 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.

Error: (01/09/2013 07:59:17 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (01/09/2013 07:25:13 PM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1716.5060kb27425971033643finstallx865.1.2600.2.3.0.2560

Error: (01/09/2013 07:25:12 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.

Error: (01/09/2013 07:25:05 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (01/09/2013 02:21:20 PM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1716.5060kb27425971033643finstallx865.1.2600.2.3.0.2560

Error: (01/09/2013 02:21:20 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.

Error: (01/09/2013 02:21:13 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (01/09/2013 01:44:49 PM) (Source: Application Error) (User: )
Description: Faulting application OVTBJQB.exe, version 1.71.0.0, faulting module OVTBJQB.exe, version 1.71.0.0, fault address 0x00022490.
Processing media-specific event for [OVTBJQB.exe!ws!]


System errors:
=============
Error: (01/10/2013 00:04:09 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde

Error: (01/09/2013 11:55:08 PM) (Source: NetDDE) (User: )
Description: Listen failed: 23: The ncb_lana_num member did not specify a valid network number.

Error: (01/09/2013 11:30:04 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde

Error: (01/09/2013 07:59:24 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).

Error: (01/09/2013 07:29:46 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.

Error: (01/09/2013 07:27:47 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde

Error: (01/09/2013 07:25:13 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).

Error: (01/09/2013 07:16:13 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde

Error: (01/09/2013 02:21:21 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).

Error: (01/09/2013 02:18:59 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (01/09/2013 07:59:24 PM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1716.5060kb27425971033643finstallx865.1.2600.2.3.0.2560

Error: (01/09/2013 07:59:23 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{6C298884-91FD-408C-9D90-5A59D2C29FD1}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log(NULL)

Error: (01/09/2013 07:59:17 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (01/09/2013 07:25:13 PM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1716.5060kb27425971033643finstallx865.1.2600.2.3.0.2560

Error: (01/09/2013 07:25:12 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{6C298884-91FD-408C-9D90-5A59D2C29FD1}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log(NULL)

Error: (01/09/2013 07:25:05 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (01/09/2013 02:21:20 PM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1716.5060kb27425971033643finstallx865.1.2600.2.3.0.2560

Error: (01/09/2013 02:21:20 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{6C298884-91FD-408C-9D90-5A59D2C29FD1}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log(NULL)

Error: (01/09/2013 02:21:13 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (01/09/2013 01:44:49 PM) (Source: Application Error)(User: )
Description: OVTBJQB.exe1.71.0.0OVTBJQB.exe1.71.0.000022490


=========================== Installed Programs ============================

µTorrent (Version: 3.2.3.28705)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Akamai NetSession Interface
ATI Display Driver (Version: 8.051-040825a-019641C-Dell)
CCleaner (Version: 3.26)
Dell ResourceCD
ESET Smart Security (Version: 6.0.115.0)
File Type Assistant (Version: 2012.11.29)
Google Chrome (Version: 23.0.1271.97)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
ImgBurn (Version: 2.5.7.0)
Intel® 537EP V9x DF PCI Modem
Intel® Processor ID Utility (Version: 4.55.0000)
Intel® PROSet for Wired Connections (Version: 8.00.5000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Microsoft Word 2002 (Version: 10.0.6626.0)
Microsoft Works (Version: 08.04.0623)
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word (Version: 8.0.0.0000)
Modem Helper (Version: 2.28)
Modem On Hold (Version: 1.12)
MotoCast (Version: 2.0.31)
Motorola Device Manager (Version: 2.2.35)
Motorola Device Software Update (Version: 1.0.41)
MOTOROLA MEDIA LINK (Version: 1.9.0002.0)
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MUSICMATCH® Jukebox
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
RealUpgrade 1.1 (Version: 1.1.0)
Samsung Kies (Version: 2.5.0.12114_1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
swMSM (Version: 12.0.0.1)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
WebFldrs XP
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Works Upgrade (Version: 8.0.0.0000)
ZTE Handset USB Driver
ZTE Handset USB Driver (Version: 5.2066.1.A14B03)

========================= Devices: ================================

Name: HID Keyboard Device
Description: HID Keyboard Device
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: kbdhid
Problem: : Windows successfully loaded the device driver for this hardware but cannot find the hardware device. (Code 41)
Resolution: A driver was loaded but Windows cannot find the device. This happens when Windows does not detect a non-Plug and Play device.
If the device was removed, uninstall the driver, install the device, and then click "Scan for hardware changes" to reinstall the driver. If the hardware was not removed, obtain a new or updated driver for the device.
If the device is a non-Plug and Play device, a newer version of the driver might be needed. To install non-Plug and Play devices, use the Add Hardware wizard.
Click "Performance and Maintenance" on "Control Panel", click "System", and on the "Hardware" tab, click "Add Hardware Wizard".

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name:
Description:
Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 2046.07 MB
Available physical RAM: 1487.53 MB
Total Pagefile: 10892.86 MB
Available Pagefile: 10504.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.84 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.52 GB) (Free:17.76 GB) NTFS

========================= Users: ========================================

User accounts for \\USER-0DF0AB7DE6

Ad-man_80 ASPNET Cindy
Guest HelpAssistant IUSR_USER-0DF0AB7DE6
IWAM_USER-0DF0AB7DE6 LESLIE RIGSBY paul
Randy SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

05-01-2013 08:46:12 System Checkpoint
05-01-2013 09:44:26 Software Distribution Service 3.0
05-01-2013 21:30:43 Installed Driver Tool.
05-01-2013 22:07:06 Installed Akamai NetSession Interface
05-01-2013 22:27:05 Installed Akamai NetSession Interface
05-01-2013 22:58:05 Installed Modem Helper
05-01-2013 23:00:47 Installed Intel® PROSet for Wired Connections
05-01-2013 23:13:41 Installed Modem Helper
05-01-2013 23:15:06 Installed Modem On Hold
05-01-2013 23:18:42 Installed Dell System Software
05-01-2013 23:19:38 Installed Desktop System Software
06-01-2013 03:33:22 Software Distribution Service 3.0
07-01-2013 04:28:00 System Checkpoint
09-01-2013 11:59:54 Software Distribution Service 3.0
09-01-2013 13:09:10 Software Distribution Service 3.0
09-01-2013 19:20:16 Software Distribution Service 3.0
10-01-2013 00:24:08 Software Distribution Service 3.0
10-01-2013 00:58:24 Software Distribution Service 3.0

**** End of log ****

#5 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:54 AM

Posted 10 January 2013 - 01:03 PM

Hi

Please do the following next:

:step1:

Going over your logs I noticed that you have utorrent installed.
  • Avoid peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • P2p programs share a directory or set of directories on your computer to the world. Anyone can type in a search, and potentially download something from your computer. This makes the machine an open web server -- massively increasing the attack surface of the machine.
  • To reduce the risk of infection avoid using any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall utorrent, however that choice is up to you.

If you choose to remove these programs, you can do so via:

  • Click the Posted Image button.
  • Click Control Panel then Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


:step2:

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam-download.php to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes'
    Anti-Malware
    and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

If requested by MBAM, restart the computer.

The log can also be found here:
C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Users\<Username>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt


:step3:

I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


:step4:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


:step5:

How is the computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#6 paul rigshy

paul rigshy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 10 January 2013 - 08:50 PM

so i decided to go back over everything i had tried while i was waitin to here from malware tech. i got to focusing on the Error code 41. that took me to the registry. i was looking for devices in device manager. so im looking into
HKL\system\currentcontrolset\control\class\{4D36E96B-E325-11CE-BFC1-08002BE10318} key. this is keyboard. after i opened the value i looked thru list at right for upper filters and or lower filters. u might hv both or one. or maybe none. i was looking for the data at kbdclass because i had run avast security before and know the scanner driver for that would sometimes causes my problem. this driver is aswMBR. and it was glarring right at me. some how when i had looked over weekend i missed it. so i deleted the aswMBR data entry. exited. rebooted. and i was golden. i also read u can delete the who upper and lower filter entry for this same error code. but before u go deleting things in the registry please make urself a backup. u can really screw urself if u dont. iv accidently deleted the boot.ini file with using no confirm before delete and no recycle bin. so things happen but its nice to have a backup. anyways still running thru virus scans. couldnt hurt. hope this can help someon else avoid the headache i had. i learned a lesson again that i learned in elemantary math. Double Check ur Work. thx again for replies. anyways im still running scans now since i got home. will post logs in a few just gettin ready to do ESET. other was clean. but could u look at one i ran over weekend from RootRepeal. thx again for ur support. this is not from ur tools

Edited by paul rigshy, 10 January 2013 - 08:51 PM.


#7 paul rigshy

paul rigshy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 10 January 2013 - 08:55 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2013/01/06 12:24
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: aswMBR.sys
Image Path: C:\DOCUME~1\Randy\LOCALS~1\Temp\aswMBR.sys
Address: 0xB96B1000 Size: 46848 File Visible: No Signed: -
Status: -

Name: atapi
Image Path: \Driver\atapi
Address: 0x8976F000 Size: 96512 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xBA259000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79AF000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9989000 Size: 49152 File Visible: No Signed: -
Status: -

Name: USBSTOR
Image Path: \Driver\USBSTOR
Address: 0x89787000 Size: 26368 File Visible: No Signed: -
Status: Hidden from the Windows API!

Hidden/Locked Files
-------------------
Path: c:\documents and settings\randy\local settings\temp\etilqs_dkennwfy0laxivq
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\documents and settings\randy\local settings\temp\etilqs_mhctpifgslkx4nm
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\randy\local settings\temp\etilqs_p8nkdgip92mhjdm
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.InstallManager.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.InstallManager.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\WQNAB300.RN5\P85G0NPT.CGA\manifests\DellSystemDetect.Localization.resources.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\mbamchameleon.sys" at address 0xb98aac4c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\drivers\mbamchameleon.sys" at address 0xb98aad3c

Stealth Objects
-------------------
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x8978c218 Size: 1735

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x8978c218 Size: 1735

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x8978c23c Size: 1699

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x8978c23c Size: 1699

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8978c180 Size: 1887

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x897879e6 Size: 1562

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x8978b5f0 Size: 2577

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89789a6e Size: 1426

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x8978b932 Size: 1743

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x897796f2 Size: 2319

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x897796f2 Size: 2319

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89779712 Size: 2287

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89775852 Size: 1966

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x8977973c Size: 2245

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89780336 Size: 3274

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x89780302 Size: 3326

Hidden Services
-------------------
Service Name: mbamswissarmy
Image Path: C:\WINDOWS\system32\drivers\mbamswissarmy.sys

==EOF==

#8 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:54 AM

Posted 11 January 2013 - 08:52 AM

Hi

I have asked for assistance on the Rootrepeal log.

Please follow the steps in my previous post next.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#9 paul rigshy

paul rigshy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 11 January 2013 - 09:03 AM

Thx for checking on that. I was just interested and didn't find a whole lot on net. If got both our last scans done. I just need to get on PC . Will post within next couple hours.. thx again for time.

#10 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:54 AM

Posted 11 January 2013 - 09:08 AM

:thumbup2:

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#11 paul rigshy

paul rigshy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 11 January 2013 - 10:18 PM

just got to pc. the first time been able to sit all day. so sorry for delay. but i turned on pc and the logs i had on desktop r gone so im goin to have to scan with the last products one more time. and they take some time if remember. so probablly b tomarro afternoon before i can get back to u. and did u get anything from rootrepeal log or was the hidden and stealth items normal. thx again and if i find logs will post

#12 paul rigshy

paul rigshy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 11 January 2013 - 10:27 PM

he# AdwCleaner v2.105 - Logfile created 01/10/2013 at 00:10:19
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Randy - USER-0DF0AB7DE6
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Randy\My Documents\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\3sy9i2fd.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Cindy\Application Data\Mozilla\Firefox\Profiles\191w6fnd.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Family&Friends\Application Data\Mozilla\Firefox\Profiles\sn3s6bbv.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\LESLIE RIGSBY\Application Data\Mozilla\Firefox\Profiles\k4bud39f.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e7i4cgzc.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Cindy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\LESLIE RIGSBY\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\paul\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [3380 octets] - [10/01/2013 00:10:19]
AdwCleaner[S8].txt - [1480 octets] - [09/01/2013 09:51:49]

########## EOF - C:\AdwCleaner[R2].txt - [3500 octets] ##########
re is the Adware log but i still couldnt find Eset scan log. will run and post

Edited by paul rigshy, 11 January 2013 - 10:27 PM.


#13 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:54 AM

Posted 12 January 2013 - 09:22 PM

Hi

but i turned on pc and the logs i had on desktop r gone

Strange. Do other users have use of the computer on your account?

did u get anything from rootrepeal log or was the hidden and stealth items normal.

We would like to see the TDSSkiller log(s) to have more information first.

Please post the below logs in your next reply.

:step1:

TDSSkiller log(s):
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).


:step2:

ESET log:
C:\Program Files\ESET\ESET Online Scanner\log.txt


:step3:

MBAM log:
C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#14 paul rigshy

paul rigshy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 12 January 2013 - 09:54 PM

yes others have access . default admin (ad-man_81), Randy,Cindy,leslie,and Paul. guest is deactivated. there used to be a family&friends but i believe i had deleted it. the paul i had just created when i couldnt access admin when keyboard wasnt workin. so i will be deactivating default admin. here soon. just got home so and i remembered i had went thru and deleted logs so will run now and post ASAP.thx again and sorry for the confusion

#15 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:54 AM

Posted 13 January 2013 - 08:45 AM

Ok. Please don't delete any logs from tools until we have finished helping you.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users