Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.Boot.Harbinger.a infection and concerns


  • This topic is locked This topic is locked
18 replies to this topic

#1 Fedfan

Fedfan

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 29 July 2013 - 04:00 PM

Hello

 

     A few days ago my Dell desktop (Windows XP) began playing audio nonstop from what I assume were multiple online ads/videos after a member of my family was browsing on Internet Explorer.  There was no video from the ads, only audio from multiple sources playing simultaneously.  The screen showed the normal desktop display.  The computer was running loudly and slowing down.  The audio babble continued after I restarted the computer, and when it was disconnected from the modem. 

     By this point I was sort of freaking out a bit.  I searched the internet and found some posts of people describing similar issues being related to rootkits.  Some recommended using TDSSKiller to solve the problem.  I downloaded and ran the TDSSKiller and it uncovered Rootkit.Boot.Harbinger.a  also it showed this: \DEVICE\Harddisk0\DRO (I may have a zero/letter O mix up in there).  I clicked Cure and restarted the computer.  Also I noticed that my Microsoft Security Essentials showed a box informing me that it was automatically cleaning/removing some files.  When I checked the quarantened files, there was a Trojan of some sort, along with a handfull of Java files.  Without thinking, I deleted them before I copied them down.  After using the TDSSKiller, the audio was gone, the computer quieted down, and things seemed more or less normal again. 

     I would really like to be certain that my computer is actually clean and secure from this problem or any other nasties that I may not be aware of.  Since reading about rootkits I have become unnerved and wonder if I can trust that the issue is totally resolved.  What measures can I take to make sure my computer is clean and safe?  Also what, if anything, chould I do between now and the time it is clean to protect my personal info/passwords, etc.?  Any help would be greatly appreciated.

Thank You,

Doug

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_37
Run by Douglas Johnson at 16:15:22 on 2013-07-29
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.357 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\AOL\1170720181\ee\AOLSoftware.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/learnmore/learnmore.asp?close=true&lcode=en-us
uURLSearchHooks: AOLTBSearch Class: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: SavingsApp: {11111111-1111-1111-1111-110011461139} - c:\program files\savingsapp\SavingsApp.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [AdobeBridge] <no file>
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Lexmark X74-X75] "c:\program files\lexmark x74-x75\lxbbbmgr.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [HostManager] c:\program files\common files\aol\1170720181\ee\AOLSoftware.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\dougla~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{5A83D87D-DAA5-46E4-A418-EEDA0D0DF42F} : DHCPNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\douglas johnson\application data\mozilla\firefox\profiles\t6l0bvcx.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2011-04-22 14:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 195296]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
2013-07-29 19:44:04    7143960    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{90629311-d922-42e9-a199-7ec734168e32}\mpengine.dll
2013-07-26 19:43:07    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-07-25 21:17:28    7143960    ------w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M  ====================
.
2013-06-12 05:11:19    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 05:11:19    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-08 03:55:44    385024    ----a-w-    c:\windows\system32\html.iec
2013-06-07 21:56:06    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-06-07 21:56:06    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02    562688    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 01:40:45    1876736    ----a-w-    c:\windows\system32\win32k.sys
2013-05-25 04:17:38    826880    ----a-w-    c:\windows\system32\wmvdmod.dll
2013-05-03 01:30:20    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28:50    238872    ------w-    c:\windows\system32\MpSigStub.exe
.
============= FINISH: 16:17:10.18 ===============
 

Attached Files


Edited by Fedfan, 29 July 2013 - 04:20 PM.


BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:28 AM

Posted 30 July 2013 - 02:10 PM

Hi and Welcome!!
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to this topic so that you can see when there are new responses.
  • IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
 
Having said that.... vegeta_zps7f4345cf.gifLet's get going!!
----------
 
I know that you have already done so but could you run a fresh scan with TDSSKiller and post the new log please?  
------------
 
adwcleaner.jpgAdwCleaner

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • ----------

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 Fedfan

Fedfan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 30 July 2013 - 11:11 PM

Hi Jeff

 

Thank You so much for responding.  I have posted the logs you requested below.  Thank you so much for your help.

 

Doug

 

 

 

23:34:31.0750 3084  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:34:33.0375 3084  ============================================================
23:34:33.0375 3084  Current date / time: 2013/07/30 23:34:33.0375
23:34:33.0375 3084  SystemInfo:
23:34:33.0375 3084  
23:34:33.0375 3084  OS Version: 5.1.2600 ServicePack: 3.0
23:34:33.0375 3084  Product type: Workstation
23:34:33.0375 3084  ComputerName: XPS400
23:34:33.0421 3084  UserName: Douglas Johnson
23:34:33.0421 3084  Windows directory: C:\WINDOWS
23:34:33.0421 3084  System windows directory: C:\WINDOWS
23:34:33.0421 3084  Processor architecture: Intel x86
23:34:33.0421 3084  Number of processors: 2
23:34:33.0421 3084  Page size: 0x1000
23:34:33.0421 3084  Boot type: Normal boot
23:34:33.0421 3084  ============================================================
23:34:38.0125 3084  Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:34:38.0390 3084  ============================================================
23:34:38.0390 3084  \Device\Harddisk0\DR0:
23:34:38.0421 3084  MBR partitions:
23:34:38.0421 3084  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x8ABAC9F
23:34:38.0421 3084  ============================================================
23:34:38.0953 3084  C: <-> \Device\Harddisk0\DR0\Partition1
23:34:38.0984 3084  ============================================================
23:34:38.0984 3084  Initialize success
23:34:38.0984 3084  ============================================================
23:35:12.0171 2692  ============================================================
23:35:12.0171 2692  Scan started
23:35:12.0171 2692  Mode: Manual;
23:35:12.0171 2692  ============================================================
23:35:12.0968 2692  ================ Scan system memory ========================
23:35:12.0984 2692  System memory - ok
23:35:12.0984 2692  ================ Scan services =============================
23:35:21.0296 2692  Abiosdsk - ok
23:35:21.0375 2692  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:35:21.0406 2692  abp480n5 - ok
23:35:21.0515 2692  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:35:21.0578 2692  ACPI - ok
23:35:21.0640 2692  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
23:35:21.0687 2692  ACPIEC - ok
23:35:21.0953 2692  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:35:22.0156 2692  AdobeFlashPlayerUpdateSvc - ok
23:35:22.0265 2692  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:35:22.0312 2692  adpu160m - ok
23:35:22.0375 2692  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
23:35:22.0437 2692  aec - ok
23:35:22.0546 2692  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
23:35:22.0656 2692  AFD - ok
23:35:22.0750 2692  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
23:35:22.0781 2692  agp440 - ok
23:35:22.0828 2692  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:35:22.0843 2692  agpCPQ - ok
23:35:22.0921 2692  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:35:22.0953 2692  Aha154x - ok
23:35:23.0031 2692  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:35:23.0046 2692  aic78u2 - ok
23:35:23.0093 2692  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:35:23.0140 2692  aic78xx - ok
23:35:23.0234 2692  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
23:35:23.0296 2692  Alerter - ok
23:35:23.0359 2692  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
23:35:23.0375 2692  ALG - ok
23:35:23.0468 2692  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
23:35:23.0484 2692  AliIde - ok
23:35:23.0562 2692  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:35:23.0593 2692  alim1541 - ok
23:35:23.0671 2692  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:35:23.0703 2692  amdagp - ok
23:35:23.0750 2692  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
23:35:23.0781 2692  amsint - ok
23:35:24.0421 2692  [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS         C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
23:35:24.0484 2692  AOL ACS - ok
23:35:24.0953 2692  [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:35:25.0078 2692  Apple Mobile Device - ok
23:35:25.0171 2692  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
23:35:25.0375 2692  AppMgmt - ok
23:35:25.0484 2692  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
23:35:25.0500 2692  asc - ok
23:35:25.0546 2692  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:35:25.0578 2692  asc3350p - ok
23:35:25.0625 2692  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:35:25.0671 2692  asc3550 - ok
23:35:25.0750 2692  [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM          C:\WINDOWS\system32\drivers\ASCTRM.sys
23:35:25.0781 2692  ASCTRM - ok
23:35:26.0781 2692  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:35:27.0296 2692  aspnet_state - ok
23:35:27.0375 2692  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:35:27.0421 2692  AsyncMac - ok
23:35:27.0500 2692  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
23:35:27.0546 2692  atapi - ok
23:35:27.0546 2692  Atdisk - ok
23:35:27.0687 2692  [ ABC57A6F6070BAF9786C318F59F29F0B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
23:35:27.0906 2692  Ati HotKey Poller - ok
23:35:28.0250 2692  [ 03621F7F968FF63713943405DEB777F9 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:35:28.0796 2692  ati2mtag - ok
23:35:28.0875 2692  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:35:28.0906 2692  Atmarpc - ok
23:35:28.0984 2692  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
23:35:29.0000 2692  AudioSrv - ok
23:35:29.0109 2692  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
23:35:29.0140 2692  audstub - ok
23:35:29.0218 2692  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
23:35:29.0250 2692  Beep - ok
23:35:29.0375 2692  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
23:35:30.0250 2692  BITS - ok
23:35:30.0515 2692  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:35:30.0671 2692  Bonjour Service - ok
23:35:30.0796 2692  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
23:35:30.0875 2692  Browser - ok
23:35:30.0875 2692  bvrp_pci - ok
23:35:30.0953 2692  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:35:31.0000 2692  cbidf - ok
23:35:31.0031 2692  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
23:35:31.0031 2692  cbidf2k - ok
23:35:31.0250 2692  [ 359E5A91D26D0439933BEF1C29CEDEF7 ] CCALib8         C:\Program Files\Canon\CAL\CALMAIN.exe
23:35:31.0359 2692  CCALib8 - ok
23:35:31.0437 2692  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:35:31.0468 2692  cd20xrnt - ok
23:35:31.0531 2692  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
23:35:31.0578 2692  Cdaudio - ok
23:35:31.0671 2692  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
23:35:31.0718 2692  Cdfs - ok
23:35:31.0781 2692  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:35:31.0781 2692  Cdrom - ok
23:35:31.0796 2692  Changer - ok
23:35:31.0906 2692  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
23:35:31.0921 2692  CiSvc - ok
23:35:32.0015 2692  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
23:35:32.0031 2692  ClipSrv - ok
23:35:32.0687 2692  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:35:32.0812 2692  clr_optimization_v2.0.50727_32 - ok
23:35:32.0890 2692  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:35:34.0109 2692  clr_optimization_v4.0.30319_32 - ok
23:35:34.0187 2692  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:35:34.0218 2692  CmdIde - ok
23:35:34.0218 2692  COMSysApp - ok
23:35:34.0234 2692  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:35:34.0265 2692  Cpqarray - ok
23:35:34.0343 2692  [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
23:35:34.0406 2692  Creative Service for CDROM Access - ok
23:35:34.0484 2692  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
23:35:34.0562 2692  CryptSvc - ok
23:35:34.0718 2692  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:35:34.0828 2692  dac2w2k - ok
23:35:34.0875 2692  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:35:34.0937 2692  dac960nt - ok
23:35:35.0093 2692  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
23:35:35.0390 2692  DcomLaunch - ok
23:35:35.0515 2692  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
23:35:35.0578 2692  Dhcp - ok
23:35:35.0656 2692  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
23:35:35.0687 2692  Disk - ok
23:35:35.0687 2692  dmadmin - ok
23:35:36.0000 2692  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
23:35:36.0515 2692  dmboot - ok
23:35:36.0593 2692  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
23:35:36.0703 2692  dmio - ok
23:35:36.0765 2692  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
23:35:36.0796 2692  dmload - ok
23:35:36.0906 2692  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
23:35:36.0937 2692  dmserver - ok
23:35:37.0000 2692  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
23:35:37.0031 2692  DMusic - ok
23:35:37.0093 2692  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
23:35:37.0125 2692  Dnscache - ok
23:35:37.0234 2692  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
23:35:37.0296 2692  Dot3svc - ok
23:35:37.0359 2692  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:35:37.0390 2692  dpti2o - ok
23:35:37.0453 2692  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
23:35:37.0484 2692  drmkaud - ok
23:35:37.0546 2692  [ 96BC8F872F0270C10EDC3931F1C03776 ] drvmcdb         C:\WINDOWS\system32\drivers\drvmcdb.sys
23:35:37.0593 2692  drvmcdb - ok
23:35:37.0671 2692  [ 5AFBEC7A6AC61B211633DFDB1D9E0C89 ] drvnddm         C:\WINDOWS\system32\drivers\drvnddm.sys
23:35:39.0718 2692  drvnddm - ok
23:35:39.0843 2692  [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
23:35:39.0890 2692  DSBrokerService - ok
23:35:40.0015 2692  [ 413F2D5F9D802688242C23B38F767ECB ] DSproct         C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
23:35:40.0062 2692  DSproct - ok
23:35:40.0140 2692  [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv        C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
23:35:40.0171 2692  dsunidrv - ok
23:35:40.0218 2692  [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:35:40.0265 2692  E100B - ok
23:35:40.0421 2692  [ 0849EACDC01487573ADD86F5E470806C ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
23:35:40.0515 2692  e1express - ok
23:35:40.0593 2692  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
23:35:40.0640 2692  EapHost - ok
23:35:41.0078 2692  [ 8301243BDE5B6CD316D79C0191D50D9A ] ehRecvr         C:\WINDOWS\eHome\ehRecvr.exe
23:35:41.0296 2692  ehRecvr - ok
23:35:41.0437 2692  [ A53243709439AC2A4C216B817F8D7411 ] ehSched         C:\WINDOWS\eHome\ehSched.exe
23:35:41.0500 2692  ehSched - ok
23:35:41.0609 2692  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
23:35:41.0640 2692  ERSvc - ok
23:35:41.0718 2692  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
23:35:41.0843 2692  Eventlog - ok
23:35:41.0984 2692  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
23:35:42.0078 2692  EventSystem - ok
23:35:42.0156 2692  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
23:35:42.0265 2692  Fastfat - ok
23:35:42.0421 2692  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:35:42.0531 2692  FastUserSwitchingCompatibility - ok
23:35:42.0718 2692  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
23:35:42.0906 2692  Fax - ok
23:35:42.0937 2692  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
23:35:42.0953 2692  Fdc - ok
23:35:43.0046 2692  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
23:35:43.0109 2692  Fips - ok
23:35:43.0171 2692  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:35:43.0203 2692  Flpydisk - ok
23:35:43.0296 2692  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
23:35:43.0406 2692  FltMgr - ok
23:35:43.0578 2692  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:35:43.0609 2692  FontCache3.0.0.0 - ok
23:35:43.0625 2692  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:35:43.0640 2692  Fs_Rec - ok
23:35:43.0750 2692  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:35:43.0781 2692  Ftdisk - ok
23:35:43.0875 2692  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
23:35:43.0921 2692  GEARAspiWDM - ok
23:35:43.0984 2692  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:35:44.0015 2692  Gpc - ok
23:35:44.0156 2692  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:35:44.0281 2692  HDAudBus - ok
23:35:44.0531 2692  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:35:44.0593 2692  helpsvc - ok
23:35:44.0656 2692  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
23:35:44.0687 2692  HidServ - ok
23:35:44.0796 2692  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:35:44.0828 2692  HidUsb - ok
23:35:44.0968 2692  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
23:35:45.0031 2692  hkmsvc - ok
23:35:45.0093 2692  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
23:35:45.0109 2692  hpn - ok
23:35:45.0265 2692  [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
23:35:45.0437 2692  HSFHWBS2 - ok
23:35:45.0703 2692  [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
23:35:46.0250 2692  HSF_DP - ok
23:35:46.0390 2692  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
23:35:46.0562 2692  HTTP - ok
23:35:46.0640 2692  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
23:35:46.0656 2692  HTTPFilter - ok
23:35:46.0703 2692  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
23:35:46.0734 2692  i2omgmt - ok
23:35:46.0796 2692  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:35:46.0828 2692  i2omp - ok
23:35:46.0890 2692  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:35:46.0937 2692  i8042prt - ok
23:35:47.0250 2692  [ D43E91E271C041BB86A6223462A41D28 ] IAANTMon        C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
23:35:47.0375 2692  IAANTMon - ok
23:35:47.0625 2692  [ 9A65E42664D1534B68512CAAD0EFE963 ] iastor          C:\WINDOWS\system32\drivers\iastor.sys
23:35:47.0625 2692  iastor - ok
23:35:48.0296 2692  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:35:48.0890 2692  idsvc - ok
23:35:48.0953 2692  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
23:35:48.0984 2692  Imapi - ok
23:35:49.0093 2692  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
23:35:49.0250 2692  ImapiService - ok
23:35:49.0281 2692  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:35:49.0296 2692  ini910u - ok
23:35:49.0343 2692  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
23:35:49.0375 2692  IntelIde - ok
23:35:49.0453 2692  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:35:49.0500 2692  intelppm - ok
23:35:49.0546 2692  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
23:35:49.0578 2692  Ip6Fw - ok
23:35:49.0656 2692  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:35:49.0687 2692  IpFilterDriver - ok
23:35:49.0734 2692  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:35:49.0796 2692  IpInIp - ok
23:35:49.0906 2692  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:35:50.0000 2692  IpNat - ok
23:35:50.0375 2692  [ 33642C17C232AA272C68E446A2619899 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:35:50.0859 2692  iPod Service - ok
23:35:50.0906 2692  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:35:50.0968 2692  IPSec - ok
23:35:51.0015 2692  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
23:35:51.0031 2692  IRENUM - ok
23:35:51.0078 2692  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:35:51.0078 2692  isapnp - ok
23:35:51.0578 2692  [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
23:35:51.0625 2692  JavaQuickStarterService - ok
23:35:51.0671 2692  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:35:51.0734 2692  Kbdclass - ok
23:35:51.0781 2692  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:35:51.0828 2692  kbdhid - ok
23:35:51.0953 2692  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
23:35:52.0046 2692  kmixer - ok
23:35:52.0140 2692  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
23:35:52.0203 2692  KSecDD - ok
23:35:52.0296 2692  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
23:35:52.0359 2692  lanmanserver - ok
23:35:52.0468 2692  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:35:52.0593 2692  lanmanworkstation - ok
23:35:52.0593 2692  lbrtfdc - ok
23:35:52.0765 2692  [ 38FC5C640DDAAA062CED247B979AA648 ] LexBceS         C:\WINDOWS\system32\LEXBCES.EXE
23:35:52.0890 2692  LexBceS - ok
23:35:52.0984 2692  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
23:35:53.0031 2692  LmHosts - ok
23:35:53.0109 2692  [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc         C:\WINDOWS\ehome\mcrdsvc.exe
23:35:53.0171 2692  McrdSvc - ok
23:35:53.0234 2692  [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:35:53.0250 2692  mdmxsdk - ok
23:35:53.0328 2692  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
23:35:53.0390 2692  Messenger - ok
23:35:53.0468 2692  [ B7521F69C0A9B29D356157229376FB21 ] MHN             C:\WINDOWS\System32\mhn.dll
23:35:53.0515 2692  MHN - ok
23:35:53.0578 2692  [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV          C:\WINDOWS\system32\DRIVERS\mhndrv.sys
23:35:53.0609 2692  MHNDRV - ok
23:35:53.0703 2692  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
23:35:53.0765 2692  mnmdd - ok
23:35:53.0875 2692  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
23:35:53.0968 2692  mnmsrvc - ok
23:35:54.0062 2692  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
23:35:54.0093 2692  Modem - ok
23:35:54.0187 2692  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
23:35:54.0218 2692  MODEMCSA - ok
23:35:54.0250 2692  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:35:54.0265 2692  Mouclass - ok
23:35:54.0359 2692  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:35:54.0375 2692  mouhid - ok
23:35:54.0453 2692  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
23:35:54.0515 2692  MountMgr - ok
23:35:54.0656 2692  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:35:54.0718 2692  MozillaMaintenance - ok
23:35:54.0843 2692  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
23:35:54.0953 2692  MpFilter - ok
23:35:55.0078 2692  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:35:55.0125 2692  mraid35x - ok
23:35:55.0203 2692  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:35:55.0265 2692  MRxDAV - ok
23:35:55.0515 2692  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:35:55.0796 2692  MRxSmb - ok
23:35:55.0875 2692  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
23:35:55.0890 2692  MSDTC - ok
23:35:55.0953 2692  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
23:35:55.0984 2692  Msfs - ok
23:35:55.0984 2692  MSIServer - ok
23:35:56.0031 2692  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:35:56.0046 2692  MSKSSRV - ok
23:35:56.0171 2692  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:35:56.0218 2692  MsMpSvc - ok
23:35:56.0312 2692  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:35:56.0328 2692  MSPCLOCK - ok
23:35:56.0406 2692  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
23:35:56.0421 2692  MSPQM - ok
23:35:56.0453 2692  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:35:56.0484 2692  mssmbios - ok
23:35:56.0578 2692  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
23:35:56.0640 2692  Mup - ok
23:35:56.0734 2692  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
23:35:56.0890 2692  napagent - ok
23:35:57.0031 2692  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
23:35:57.0140 2692  NDIS - ok
23:35:57.0203 2692  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:35:57.0250 2692  NdisTapi - ok
23:35:57.0296 2692  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:35:57.0328 2692  Ndisuio - ok
23:35:57.0421 2692  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:35:57.0484 2692  NdisWan - ok
23:35:57.0562 2692  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
23:35:57.0609 2692  NDProxy - ok
23:35:57.0656 2692  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
23:35:57.0687 2692  NetBIOS - ok
23:35:57.0765 2692  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
23:35:57.0843 2692  NetBT - ok
23:35:57.0937 2692  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
23:35:58.0000 2692  NetDDE - ok
23:35:58.0015 2692  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
23:35:58.0015 2692  NetDDEdsdm - ok
23:35:58.0093 2692  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
23:35:58.0140 2692  Netlogon - ok
23:35:58.0265 2692  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
23:35:58.0437 2692  Netman - ok
23:35:58.0687 2692  [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc          C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
23:35:58.0781 2692  NetSvc - ok
23:35:58.0906 2692  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:35:58.0937 2692  NetTcpPortSharing - ok
23:35:58.0984 2692  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
23:35:59.0046 2692  Nla - ok
23:35:59.0093 2692  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
23:35:59.0093 2692  Npfs - ok
23:35:59.0265 2692  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
23:35:59.0578 2692  Ntfs - ok
23:35:59.0609 2692  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
23:35:59.0609 2692  NtLmSsp - ok
23:35:59.0781 2692  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
23:35:59.0937 2692  NtmsSvc - ok
23:36:00.0015 2692  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
23:36:00.0046 2692  Null - ok
23:36:00.0578 2692  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:36:01.0421 2692  nv - ok
23:36:01.0500 2692  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:36:01.0546 2692  NwlnkFlt - ok
23:36:01.0609 2692  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:36:01.0640 2692  NwlnkFwd - ok
23:36:01.0718 2692  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
23:36:01.0765 2692  Parport - ok
23:36:01.0796 2692  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
23:36:01.0843 2692  PartMgr - ok
23:36:01.0906 2692  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
23:36:01.0953 2692  ParVdm - ok
23:36:02.0046 2692  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
23:36:02.0109 2692  PCI - ok
23:36:02.0109 2692  PCIDump - ok
23:36:02.0171 2692  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
23:36:02.0203 2692  PCIIde - ok
23:36:02.0250 2692  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
23:36:02.0296 2692  Pcmcia - ok
23:36:02.0375 2692  [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin        C:\WINDOWS\system32\Drivers\pcouffin.sys
23:36:02.0421 2692  pcouffin - ok
23:36:02.0421 2692  PDCOMP - ok
23:36:02.0421 2692  PDFRAME - ok
23:36:02.0437 2692  PDRELI - ok
23:36:02.0437 2692  PDRFRAME - ok
23:36:02.0484 2692  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
23:36:02.0531 2692  perc2 - ok
23:36:02.0578 2692  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:36:02.0625 2692  perc2hib - ok
23:36:02.0687 2692  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
23:36:02.0687 2692  PlugPlay - ok
23:36:02.0703 2692  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
23:36:02.0703 2692  PolicyAgent - ok
23:36:02.0781 2692  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:36:02.0828 2692  PptpMiniport - ok
23:36:02.0843 2692  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:36:02.0843 2692  ProtectedStorage - ok
23:36:02.0953 2692  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
23:36:03.0000 2692  PSched - ok
23:36:03.0187 2692  [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
23:36:03.0328 2692  PSI_SVC_2 - ok
23:36:03.0437 2692  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:36:03.0484 2692  Ptilink - ok
23:36:03.0546 2692  [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:36:03.0609 2692  PxHelp20 - ok
23:36:03.0671 2692  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:36:03.0687 2692  ql1080 - ok
23:36:03.0750 2692  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:36:03.0781 2692  Ql10wnt - ok
23:36:03.0812 2692  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:36:03.0812 2692  ql12160 - ok
23:36:03.0828 2692  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:36:03.0828 2692  ql1240 - ok
23:36:03.0859 2692  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:36:03.0859 2692  ql1280 - ok
23:36:03.0906 2692  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:36:03.0953 2692  RasAcd - ok
23:36:04.0078 2692  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
23:36:04.0125 2692  RasAuto - ok
23:36:04.0156 2692  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:36:04.0187 2692  Rasl2tp - ok
23:36:04.0328 2692  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
23:36:04.0437 2692  RasMan - ok
23:36:04.0484 2692  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:36:04.0546 2692  RasPppoe - ok
23:36:04.0593 2692  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
23:36:04.0609 2692  Raspti - ok
23:36:04.0718 2692  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:36:04.0812 2692  Rdbss - ok
23:36:04.0859 2692  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:36:04.0906 2692  RDPCDD - ok
23:36:04.0984 2692  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:36:05.0109 2692  rdpdr - ok
23:36:05.0234 2692  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
23:36:05.0343 2692  RDPWD - ok
23:36:05.0468 2692  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
23:36:05.0609 2692  RDSessMgr - ok
23:36:05.0671 2692  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
23:36:05.0687 2692  redbook - ok
23:36:05.0734 2692  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
23:36:05.0750 2692  RemoteAccess - ok
23:36:05.0843 2692  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
23:36:05.0875 2692  RemoteRegistry - ok
23:36:05.0968 2692  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
23:36:06.0031 2692  RpcLocator - ok
23:36:06.0156 2692  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
23:36:06.0156 2692  RpcSs - ok
23:36:06.0296 2692  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
23:36:06.0421 2692  RSVP - ok
23:36:06.0468 2692  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
23:36:06.0468 2692  SamSs - ok
23:36:06.0531 2692  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
23:36:06.0593 2692  SCardSvr - ok
23:36:06.0687 2692  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
23:36:06.0750 2692  Schedule - ok
23:36:06.0828 2692  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:36:06.0859 2692  Secdrv - ok
23:36:06.0921 2692  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
23:36:06.0968 2692  seclogon - ok
23:36:07.0046 2692  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
23:36:07.0062 2692  SENS - ok
23:36:07.0156 2692  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
23:36:07.0187 2692  serenum - ok
23:36:07.0281 2692  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
23:36:07.0328 2692  Serial - ok
23:36:07.0421 2692  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
23:36:07.0453 2692  Sfloppy - ok
23:36:07.0546 2692  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
23:36:07.0828 2692  SharedAccess - ok
23:36:07.0921 2692  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:36:07.0921 2692  ShellHWDetection - ok
23:36:07.0921 2692  Simbad - ok
23:36:08.0000 2692  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:36:08.0046 2692  sisagp - ok
23:36:08.0109 2692  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:36:08.0140 2692  Sparrow - ok
23:36:08.0234 2692  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
23:36:08.0281 2692  splitter - ok
23:36:08.0359 2692  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
23:36:09.0218 2692  Spooler - ok
23:36:09.0343 2692  sprtsvc_dellsupportcenter - ok
23:36:09.0406 2692  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
23:36:09.0453 2692  sr - ok
23:36:09.0609 2692  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
23:36:09.0734 2692  srservice - ok
23:36:09.0859 2692  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
23:36:10.0125 2692  Srv - ok
23:36:10.0234 2692  [ 98625722AD52B40305E74AAA83C93086 ] sscdbhk5        C:\WINDOWS\system32\drivers\sscdbhk5.sys
23:36:10.0265 2692  sscdbhk5 - ok
23:36:10.0375 2692  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
23:36:10.0421 2692  SSDPSRV - ok
23:36:10.0468 2692  [ D79412E3942C8A257253487536D5A994 ] ssrtln          C:\WINDOWS\system32\drivers\ssrtln.sys
23:36:10.0515 2692  ssrtln - ok
23:36:10.0609 2692  [ 352B663A81402BE7CD7BD4EA27C9998C ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
23:36:10.0750 2692  STHDA - ok
23:36:10.0875 2692  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
23:36:11.0078 2692  stisvc - ok
23:36:11.0140 2692  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
23:36:11.0203 2692  swenum - ok
23:36:11.0281 2692  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
23:36:11.0312 2692  swmidi - ok
23:36:11.0312 2692  SwPrv - ok
23:36:11.0375 2692  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
23:36:11.0406 2692  symc810 - ok
23:36:11.0484 2692  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:36:11.0531 2692  symc8xx - ok
23:36:11.0578 2692  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:36:11.0609 2692  sym_hi - ok
23:36:11.0656 2692  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:36:11.0703 2692  sym_u3 - ok
23:36:11.0750 2692  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
23:36:11.0765 2692  sysaudio - ok
23:36:11.0828 2692  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
23:36:11.0906 2692  SysmonLog - ok
23:36:12.0031 2692  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
23:36:12.0203 2692  TapiSrv - ok
23:36:12.0375 2692  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:36:12.0546 2692  Tcpip - ok
23:36:12.0609 2692  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
23:36:12.0671 2692  TDPIPE - ok
23:36:12.0750 2692  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
23:36:12.0796 2692  TDTCP - ok
23:36:12.0828 2692  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
23:36:12.0843 2692  TermDD - ok
23:36:12.0984 2692  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
23:36:13.0171 2692  TermService - ok
23:36:13.0312 2692  [ D0177776E11B0B3F272EEBD262A69661 ] tfsnboio        C:\WINDOWS\system32\dla\tfsnboio.sys
23:36:13.0328 2692  tfsnboio - ok
23:36:13.0406 2692  [ 599804BC938B8305A5422319774DA871 ] tfsncofs        C:\WINDOWS\system32\dla\tfsncofs.sys
23:36:13.0437 2692  tfsncofs - ok
23:36:13.0484 2692  [ A1902C00ADC11C4D83F8E3ED947A6A32 ] tfsndrct        C:\WINDOWS\system32\dla\tfsndrct.sys
23:36:13.0500 2692  tfsndrct - ok
23:36:13.0546 2692  [ D8DDB3F2B1BEF15CFF6728D89C042C61 ] tfsndres        C:\WINDOWS\system32\dla\tfsndres.sys
23:36:13.0562 2692  tfsndres - ok
23:36:13.0640 2692  [ C4F2DEA75300971CDAEE311007DE138D ] tfsnifs         C:\WINDOWS\system32\dla\tfsnifs.sys
23:36:13.0718 2692  tfsnifs - ok
23:36:13.0781 2692  [ 272925BE0EA919F08286D2EE6F102B0F ] tfsnopio        C:\WINDOWS\system32\dla\tfsnopio.sys
23:36:13.0812 2692  tfsnopio - ok
23:36:13.0859 2692  [ 7B7D955E5CEBC2FB88B03EF875D52A2F ] tfsnpool        C:\WINDOWS\system32\dla\tfsnpool.sys
23:36:13.0890 2692  tfsnpool - ok
23:36:13.0984 2692  [ E3D01263109D800C1967C12C10A0B018 ] tfsnudf         C:\WINDOWS\system32\dla\tfsnudf.sys
23:36:14.0046 2692  tfsnudf - ok
23:36:14.0125 2692  [ B9E9C377906E3A65BC74598FFF7F7458 ] tfsnudfa        C:\WINDOWS\system32\dla\tfsnudfa.sys
23:36:14.0218 2692  tfsnudfa - ok
23:36:14.0312 2692  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
23:36:14.0312 2692  Themes - ok
23:36:14.0484 2692  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
23:36:14.0546 2692  TlntSvr - ok
23:36:14.0578 2692  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
23:36:14.0609 2692  TosIde - ok
23:36:14.0687 2692  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
23:36:14.0750 2692  TrkWks - ok
23:36:14.0796 2692  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
23:36:14.0906 2692  Udfs - ok
23:36:14.0968 2692  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
23:36:15.0000 2692  ultra - ok
23:36:15.0078 2692  [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
23:36:15.0109 2692  UMWdf - ok
23:36:15.0312 2692  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
23:36:15.0562 2692  Update - ok
23:36:15.0687 2692  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
23:36:15.0703 2692  upnphost - ok
23:36:15.0765 2692  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
23:36:15.0765 2692  UPS - ok
23:36:15.0843 2692  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
23:36:15.0859 2692  USBAAPL - ok
23:36:15.0921 2692  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:36:15.0937 2692  usbccgp - ok
23:36:15.0984 2692  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:36:16.0015 2692  usbehci - ok
23:36:16.0062 2692  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:36:16.0078 2692  usbhub - ok
23:36:16.0140 2692  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:36:16.0171 2692  usbprint - ok
23:36:16.0187 2692  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:36:16.0203 2692  usbscan - ok
23:36:16.0250 2692  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:36:16.0265 2692  USBSTOR - ok
23:36:16.0296 2692  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:36:16.0312 2692  usbuhci - ok
23:36:16.0406 2692  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
23:36:16.0437 2692  VgaSave - ok
23:36:16.0468 2692  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:36:16.0484 2692  viaagp - ok
23:36:16.0531 2692  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
23:36:16.0531 2692  ViaIde - ok
23:36:16.0578 2692  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
23:36:16.0609 2692  VolSnap - ok
23:36:16.0718 2692  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
23:36:16.0859 2692  VSS - ok
23:36:16.0937 2692  [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time         C:\WINDOWS\system32\w32time.dll
23:36:16.0968 2692  w32time - ok
23:36:17.0000 2692  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:36:17.0031 2692  Wanarp - ok
23:36:17.0046 2692  [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw          C:\WINDOWS\system32\DRIVERS\wanatw4.sys
23:36:17.0062 2692  wanatw - ok
23:36:17.0109 2692  [ EB9A99AB5D17B1727034FF191E6448D7 ] WANMiniportService C:\WINDOWS\wanmpsvc.exe
23:36:27.0937 2692  WANMiniportService - ok
23:36:27.0953 2692  WDICA - ok
23:36:27.0984 2692  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
23:36:28.0031 2692  wdmaud - ok
23:36:28.0171 2692  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
23:36:28.0234 2692  WebClient - ok
23:36:28.0468 2692  [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:36:28.0984 2692  winachsf - ok
23:36:29.0375 2692  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
23:36:29.0515 2692  winmgmt - ok
23:36:29.0578 2692  [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
23:36:29.0609 2692  WmdmPmSN - ok
23:36:29.0812 2692  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
23:36:30.0234 2692  Wmi - ok
23:36:30.0312 2692  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:36:30.0343 2692  WmiApSrv - ok
23:36:30.0625 2692  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:36:31.0046 2692  WPFFontCache_v0400 - ok
23:36:31.0109 2692  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
23:36:31.0296 2692  wscsvc - ok
23:36:31.0359 2692  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
23:36:31.0375 2692  wuauserv - ok
23:36:31.0531 2692  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
23:36:31.0625 2692  WZCSVC - ok
23:36:31.0687 2692  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
23:36:31.0703 2692  xmlprov - ok
23:36:31.0718 2692  ================ Scan global ===============================
23:36:31.0765 2692  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:36:31.0890 2692  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
23:36:32.0171 2692  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
23:36:32.0218 2692  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:36:32.0218 2692  [Global] - ok
23:36:32.0218 2692  ================ Scan MBR ==================================
23:36:32.0328 2692  [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0
23:36:34.0281 2692  \Device\Harddisk0\DR0 - ok
23:36:34.0281 2692  ================ Scan VBR ==================================
23:36:34.0281 2692  [ 4F4F1090A9A15F10B225FDC81F596819 ] \Device\Harddisk0\DR0\Partition1
23:36:34.0281 2692  \Device\Harddisk0\DR0\Partition1 - ok
23:36:34.0281 2692  ============================================================
23:36:34.0296 2692  Scan finished
23:36:34.0296 2692  ============================================================
23:36:34.0296 4028  Detected object count: 0
23:36:34.0296 4028  Actual detected object count: 0

 

 

 

 

# AdwCleaner v2.306 - Logfile created 07/30/2013 at 23:47:45
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Douglas Johnson - XPS400
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Douglas Johnson\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Douglas Johnson\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Douglas Johnson\Local Settings\Application Data\SavingsApp
Folder Deleted : C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\pt346xzu.default\extensions\crossriderapp4639@crossrider.com
Folder Deleted : C:\Documents and Settings\Stephen\Application Data\Viewpoint
Folder Deleted : C:\Program Files\SavingsApp
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011461139}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011461139}
Key Deleted : HKCU\Software\SavingsApp
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011461139}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022462239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033463339}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004639.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004639.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004639.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004639.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004639.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004639.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055465539}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066466639}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077467739}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044464439}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011461139}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SavingsApp
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011461139}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011461139}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavingsApp
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Douglas Johnson\Application Data\Mozilla\Firefox\Profiles\t6l0bvcx.default\prefs.js

Deleted : user_pref("plugin.blocklisted.npviewpoint", true);

File : C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\pt346xzu.default\prefs.js

Deleted : user_pref("extensions.crossriderapp4639.adsOldValue", -1);

*************************

AdwCleaner[R1].txt - [5051 octets] - [30/07/2013 23:45:12]
AdwCleaner[S1].txt - [5086 octets] - [30/07/2013 23:47:45]

########## EOF - C:\AdwCleaner[S1].txt - [5146 octets] ##########
 



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:28 AM

Posted 31 July 2013 - 06:46 AM

Good!!
 
Please read through these instructions to familarize yourself with what to expect when this tool runs
 
Download ComboFix from one of these locations:
 
Link 1
Link 2
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
 


RCUpdate1.png

 
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
 
RC2-1.png
 
Click on Yes, to continue scanning for malware.
 
When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
 
Notes:
 
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 Fedfan

Fedfan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 31 July 2013 - 11:35 AM

Hi Jeff,

 

Completed the Combofix run.  The log is below.  Thanks!

 

Doug

 

 

ComboFix 13-07-31.02 - Douglas Johnson 07/31/2013  12:03:05.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.551 [GMT -4:00]
Running from: c:\documents and settings\Douglas Johnson\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Douglas Johnson\Application Data\inst.exe
c:\documents and settings\Douglas Johnson\Application Data\Start
c:\documents and settings\Douglas Johnson\Application Data\Start\temp_BB40E0B5\flash.10.0.32.18.ocx
c:\documents and settings\Douglas Johnson\WINDOWS
c:\documents and settings\Matt\WINDOWS
c:\windows\explorer(2).exe
c:\windows\system32\bszip.dll
c:\windows\system32\SET2F.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-28 to 2013-07-31  )))))))))))))))))))))))))))))))
.
.
2013-07-31 15:39 . 2013-07-31 15:39    29904    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CADAF46-66EC-4E8F-97CB-C2A4A0B93E7C}\MpKsl586e0237.sys
2013-07-31 03:30 . 2013-07-02 06:54    7143960    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CADAF46-66EC-4E8F-97CB-C2A4A0B93E7C}\mpengine.dll
2013-07-29 19:44 . 2013-07-02 06:54    7143960    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-26 19:43 . 2013-07-26 19:43    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-07-26 19:16 . 2013-07-26 19:16    --------    d-----w-    c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2013-07-26 18:47 . 2013-07-26 18:47    --------    d-sh--w-    c:\documents and settings\NetworkService\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 05:11 . 2012-04-11 17:38    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-12 05:11 . 2011-05-18 21:16    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 03:55 . 2005-08-16 10:18    385024    ----a-w-    c:\windows\system32\html.iec
2013-06-07 21:56 . 2005-08-16 10:18    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2005-08-16 10:18    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2005-08-16 10:18    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2005-08-16 10:18    562688    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2005-08-16 10:18    1876736    ----a-w-    c:\windows\system32\win32k.sys
2013-05-25 04:17 . 2005-08-16 10:19    826880    ----a-w-    c:\windows\system32\wmvdmod.dll
2013-05-07 16:51 . 2012-09-13 20:17    348256    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2013-05-07 16:51 . 2012-09-13 20:16    348256    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2013-05-03 01:30 . 2005-08-16 10:18    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-04 04:59    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-10 26112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-06-25 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1170720181\ee\AOLSoftware.exe" [2007-04-12 42032]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Douglas Johnson\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe /noballoononstart [2009-1-3 368640]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-9 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1170720181\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
.
R1 MpKsl586e0237;MpKsl586e0237;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CADAF46-66EC-4E8F-97CB-C2A4A0B93E7C}\MpKsl586e0237.sys [7/31/2013 11:39 AM 29904]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/28/2008 8:59 PM 47360]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL586E0237
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 05:11]
.
2013-07-26 c:\windows\Tasks\AdobeAAMUpdater-1.0-XPS400-Douglas Johnson.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-03-21 09:10]
.
2013-07-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2013-07-31 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/learnmore/learnmore.asp?close=true&lcode=en-us
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
TCP: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
FF - ProfilePath - c:\documents and settings\Douglas Johnson\Application Data\Mozilla\Firefox\Profiles\t6l0bvcx.default\
FF - ExtSQL: !HIDDEN! 2011-04-22 14:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
SafeBoot-10065595.sys
AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-31 12:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3359420809-2034525351-3548360260-1005\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0Œ0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3359420809-2034525351-3548360260-1005\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0Œ0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0\ImageDataLightboxSR\ControlState]
"008b-06a9"=dword:00000001
"008b-06ab"=dword:00000000
"008b-0514"="JPEG Format"
"008b-0580"="thanks"
"008b-0583"="c:\\Documents and Settings\\Douglas Johnson\\Desktop\\thanksgiving"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-07-31  12:26:01
ComboFix-quarantined-files.txt  2013-07-31 16:25
.
Pre-Run: 6,547,726,336 bytes free
Post-Run: 7,999,762,432 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 2D1CCFB7F8D4BA92D320A517D4E5344A
B16A2359F4962B0C622D81A1C1F4B703



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:28 AM

Posted 31 July 2013 - 07:54 PM

Ok....how is your system running?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 Fedfan

Fedfan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 31 July 2013 - 10:56 PM

It seems to be running well.  The internet in particular is nice and quick. 



#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:28 AM

Posted 01 August 2013 - 06:48 AM

It seems to be running well.  The internet in particular is nice and quick. 

That is good to hear!   :)
 
Let's check for anything else hiding as well as get some updates...
 
java-1.jpgJava
 
Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:
 
http://java.com/en/download/index.jsp
----------
 
java-1.jpg
See this page for instructions on how to clear java's cache.
 
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked

    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

----------
 
mbam-3.jpgMalwarebytes
 
Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------
 
ESET Online Scanner
 
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 Fedfan

Fedfan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 01 August 2013 - 01:40 PM

Hi Jeff

 

I removed the Java programs I found in the add remove programs section of the control panel (I didn't see a section entitled 'Programs and Features').   I downloaded and installed the new Java program.  I found another old Java program/file in the downloads folder when I went to install the new Java program which I deleted also.  I did see an error message after installing the new Java.  It said: Browser Error: 2 .  I then deleted the Java temporary files as described in the instructions.  

 

I then updated and ran the Malwarebytes Quick Scan.  It didn't seem to find anything, the log is below.   

 

Lastly, I ran the ESET scan according to your instructions.  It found three threats.  For some reason I couldn't save the exported text file, so I had to copy the log to the clipboard and paste it into a text file.  Anyway, the results are also below.

 

Thanks,

Doug

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.01.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Douglas Johnson :: XPS400 [administrator]

8/1/2013 11:43:46 AM
mbam-log-2013-08-01 (11-43-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 336235
Time elapsed: 17 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

ESET Results:

 

C:\Documents and Settings\Douglas Johnson\Application Data\Sun\Java\Deployment\cache\6.0\13\2e077d4d-3fee1043    a variant of Java/Exploit.CVE-2012-1723.AF trojan

C:\Documents and Settings\Douglas Johnson\My Documents\Downloads\SetupImgBurn_2.5.7.0.exe    a variant of Win32/Bundled.Toolbar.Ask application

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2924\A0167818.dll    Win32/Toolbar.CrossRider application
 



#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:28 AM

Posted 01 August 2013 - 02:21 PM

Hi,
 
Great job!!

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    File::
    C:\Documents and Settings\Douglas Johnson\Application Data\Sun\Java\Deployment\cache\6.0\13\2e077d4d-3fee1043    
    C:\Documents and Settings\Douglas Johnson\My Documents\Downloads\SetupImgBurn_2.5.7.0.exe

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

 

Let me know what remaining malware problems you are having.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 Fedfan

Fedfan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 01 August 2013 - 03:28 PM

Here's the results log from the ComboFix scan after dragging in the CFScript.txt file.  I noticed that the CFScript file included only two of the three threats from the ESET scan.  Is there something else I need to do for the remaining one?

 

 

 

 

ComboFix 13-08-01.01 - Douglas Johnson 08/01/2013  16:04:22.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.543 [GMT -4:00]
Running from: c:\documents and settings\Douglas Johnson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Douglas Johnson\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\Douglas Johnson\Application Data\Sun\Java\Deployment\cache\6.0\13\2e077d4d-3fee1043"
"c:\documents and settings\Douglas Johnson\My Documents\Downloads\SetupImgBurn_2.5.7.0.exe"
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-01 to 2013-08-01  )))))))))))))))))))))))))))))))
.
.
2013-08-01 19:48 . 2013-08-01 19:48    29904    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02C009E9-273B-4CF0-8E9F-409B110E5242}\MpKsl36b4f673.sys
2013-08-01 18:33 . 2013-07-02 06:54    7143960    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02C009E9-273B-4CF0-8E9F-409B110E5242}\mpengine.dll
2013-08-01 16:12 . 2013-08-01 16:12    --------    d-----w-    c:\program files\ESET
2013-08-01 15:33 . 2013-08-01 15:33    --------    d-----w-    c:\documents and settings\Douglas Johnson\Local Settings\Application Data\Sun
2013-08-01 15:27 . 2013-08-01 15:27    144896    ----a-w-    c:\windows\system32\javacpl.cpl
2013-08-01 15:27 . 2013-08-01 15:27    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-31 16:29 . 2013-07-02 06:54    7143960    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-26 19:43 . 2013-07-26 19:43    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-07-26 19:16 . 2013-07-26 19:16    --------    d-----w-    c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2013-07-26 18:47 . 2013-07-26 18:47    --------    d-sh--w-    c:\documents and settings\NetworkService\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-01 15:27 . 2012-06-23 15:56    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-08-01 15:27 . 2011-07-08 16:36    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-06-12 05:11 . 2012-04-11 17:38    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-12 05:11 . 2011-05-18 21:16    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 03:55 . 2005-08-16 10:18    385024    ----a-w-    c:\windows\system32\html.iec
2013-06-07 21:56 . 2005-08-16 10:18    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2005-08-16 10:18    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2005-08-16 10:18    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2005-08-16 10:18    562688    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2005-08-16 10:18    1876736    ----a-w-    c:\windows\system32\win32k.sys
2013-05-25 04:17 . 2005-08-16 10:19    826880    ----a-w-    c:\windows\system32\wmvdmod.dll
2013-05-07 16:51 . 2012-09-13 20:17    348256    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2013-05-07 16:51 . 2012-09-13 20:16    348256    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-10 26112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-06-25 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1170720181\ee\AOLSoftware.exe" [2007-04-12 42032]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Douglas Johnson\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe /noballoononstart [2009-1-3 368640]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-9 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1170720181\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
.
R1 MpKsl36b4f673;MpKsl36b4f673;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02C009E9-273B-4CF0-8E9F-409B110E5242}\MpKsl36b4f673.sys [8/1/2013 3:48 PM 29904]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/28/2008 8:59 PM 47360]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL36B4F673
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 05:11]
.
2013-07-26 c:\windows\Tasks\AdobeAAMUpdater-1.0-XPS400-Douglas Johnson.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-03-21 09:10]
.
2013-07-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2013-08-01 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/learnmore/learnmore.asp?close=true&lcode=en-us
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
TCP: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
FF - ProfilePath - c:\documents and settings\Douglas Johnson\Application Data\Mozilla\Firefox\Profiles\t6l0bvcx.default\
FF - ExtSQL: !HIDDEN! 2011-04-22 14:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-01 16:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3359420809-2034525351-3548360260-1005\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0Œ0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3359420809-2034525351-3548360260-1005\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0Œ0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0\ImageDataLightboxSR\ControlState]
"008b-06a9"=dword:00000001
"008b-06ab"=dword:00000000
"008b-0514"="JPEG Format"
"008b-0580"="thanks"
"008b-0583"="c:\\Documents and Settings\\Douglas Johnson\\Desktop\\thanksgiving"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2172)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2013-08-01  16:20:35
ComboFix-quarantined-files.txt  2013-08-01 20:20
ComboFix2.txt  2013-07-31 16:26
.
Pre-Run: 7,630,184,448 bytes free
Post-Run: 7,684,046,848 bytes free
.
- - End Of File - - 743DDB8612D56E5137D166AAA7C2ED7E
B16A2359F4962B0C622D81A1C1F4B703



#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:28 AM

Posted 01 August 2013 - 08:51 PM

Is there something else I need to do for the remaining one?

No...the other one will be removed on its own later when we remove our tools. No worries about that one.  

 

How is your system running?  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 Fedfan

Fedfan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 02 August 2013 - 10:05 AM

Honestly, it seems like it's running great.  :) What should I do now?



#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:28 AM

Posted 03 August 2013 - 08:19 AM

Providing there are no other malware related problems...
 
IT APPEARS THAT YOUR LOGS ARE NOW CLEAN
 
This infection appears to have been cleaned, but I can not give you any absolute guarantees.  As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------
 
The following will implement some cleanup procedures as well as reset System Restore points:
 
Press the Windows key + R and this will open the Run text box.  Copy/paste the following text into the Run box as shown and click OK.
  Combofix /Uninstall
  (Note: There is a space between the ..X and the /U that needs to be there.)
 
CF.jpg
----------
 

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop. If you did not have Malwarebytes Antimalware before, I would keep it and run it weekly.
----------
 
Here are some tips to reduce the potential for spyware infection in the future:
 
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox  If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure:
NoScript
AdBlock Plus 
 
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.   **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free
Agnitum Outpost Firewall Free
 
5. Make sure you keep your Windows OS current.  Windows XP users can visit Windows update  regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.  Without these you are leaving the back door open.
 
6. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites.  WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
 
7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware.
 
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 Fedfan

Fedfan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 03 August 2013 - 12:21 PM

Hi Jeff,

 

I uninstalled the ComboFix. So am I right to assume that this uninstall has removed the threats found in the ESET scan? Would it be overkill to run another scan to see if the threats would still be detected?

 

I was wondering about the firewalls. I downloaded and installed the Outpost firewall, but it is apparently a 2009 version. Is this the latest version? The newer version seems to be a security suite that contains antivirus as well as firewall. I didn't think that would be appropriate for me as I already have Microsoft Security Essentials installed on my system. I assume the third party firewalls you mentioned are better than the windows firewall. Should the Windows firewall be turned off while using the Outpost?

 

I have taken the other measures you mentioned regarding browser settings and add ons.

 

Thanks,

Doug


Edited by Fedfan, 03 August 2013 - 12:23 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users