also @ TechSpot: Cookie-blocking browser plugin Ghostery feeds data to the ad industry

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

[A] Unnamed virus, black screen, no access to task manager or any icons or files

Discussion in 'Virus and Malware Removal' started by tapersteve, Oct 1, 2012.

Page 1 of 4

tapersteve Newcomer, in training Posts: 52

Well, most of the time, when I rarely get infected with a virus, I am able to clean it up myself. But, this one is a doozy. I have no desktop, or any way to navigate anywhere, when I log on as myself as the user. I am able to access "Safe mode," but like my regular desktop, there are no icons there either, just a black screen. I logged on as Administrator, which gave me access to task manager, and I have run both Avast and MBAM, both of which found pieces of this virus, and I had them quarantine the pieces, but even after rebooting from these programs, there is still no screen, and task manager is locked, except when I am logged in as administrator, which is where I am now.

Any help in beating this thing would be most appreciated. You guys were wonderful a year or more ago when I got hit with a different virus, but you got me up and running again. I am fairly adept at working with the computer, so I know how to follow your instructions, run the necessary programs and post logs here.

Thank you in advance. Steve

tapersteve, Oct 1, 2012

#1
tapersteve Newcomer, in training Posts: 52

[HJT log removed by Broni]

tapersteve, Oct 1, 2012

#2
Broni Malware Annihilator Posts: 40,073 +187
Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
Broni, Oct 1, 2012

#3
tapersteve Newcomer, in training Posts: 52

Broni, Thank you for assisting me. I only posted the HJI log, since I thought that was a common way to get an initial look, but I will try to follow all of the rest of the instructions exactly. I am generally pretty adept at dealing with the computer, so you are not working with someone that you have to spoon feed, instruction by instruction. That being said, I am pasting the MBAM log file and the DDs log files below. I attempted to run GMER, at least three times. The only way that I can access the computer right now, is by logging on as administrator in Safe Mode. Otherwise, it has that lovely FBI moneypak garbage, even under MY username, in Safe Mode. Each time that I ran GMER, after about a half hour, there would be the BSOD, with an error message that I can type out if you want it. I was running it in Safe Mode, and even tried unchecking the "Devices" box, but still got another BSOD. So, if you have any other suggestions regarding GMER, let me know. I will await your response. If it makes any difference, I am up very late at night. Thank you again. Steve

--------------------------------------------------------------------------------
MBAM LOG:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.01.05

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.5730.13
Administrator :: STEVE-QUAD [administrator]

Protection: Disabled

10/1/2012 12:45:18 PM
mbam-log-2012-10-01 (12-45-18).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 334270
Time elapsed: 31 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\RECYCLER\S-1-5-18\$ed84b369ffbb44a099bb1ee356d33099\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijacked.Shell) -> Bad: (C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe) Good: (explorer.exe) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\System Volume Information\_restore{E5CD8885-81EB-4EA5-9C7D-F91E4C407EEE}\RP1418\A0410176.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E5CD8885-81EB-4EA5-9C7D-F91E4C407EEE}\RP1418\A0410177.exe (Trojan.Medfos) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E5CD8885-81EB-4EA5-9C7D-F91E4C407EEE}\RP1418\A0410178.ini (Trojan.0access) -> Quarantined and deleted successfully.

(end)

-----------------------------------------------------------
DDS Logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_31
Run by Administrator at 21:20:23 on 2012-10-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2850 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Shell=c:\documents and settings\steve kwartin\application data\wsf3CmCT.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [jICc7n9BYxBTRVw] c:\documents and settings\steve kwartin\application data\wsf3CmCT.exe
mRun: [CheckPoint Cleanup] c:\docume~1\admini~1.st~\locals~1\temp\cpes_clean_launcher.exe c:\docume~1\admini~1.st~\locals~1\temp\cpes_clean.exe
mRunOnce: [*Restore] c:\windows\system32\restore\rstrui.exe -I
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BA1C7DD3-2BA9-4643-AC50-C1558133AD4F} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - c:\program files\sharp\sharpdesk\ExplorerExtensions.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator.steve-quad\application data\mozilla\firefox\profiles\8sohzsm4.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
S0 jrsrfvwy;jrsrfvwy;c:\windows\system32\drivers\dasqqmlj.sys --> c:\windows\system32\drivers\dasqqmlj.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-3 729752]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-5 355632]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-5 21256]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-5 44808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 136176]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-1 399432]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-25 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-28 253088]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\maudiodelta.sys --> c:\windows\system32\drivers\MAudioDelta.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-8-5 13192]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11010.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11010.sys [?]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-8-5 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-25 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 114144]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-8-4 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-8-4 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-8-4 136680]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-7-27 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S4 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-11-22 2358656]
.
=============== Created Last 30 ================
.
2012-10-01 22:03:52 -------- d-----w- c:\documents and settings\all users\application data\ZA_PreservedFiles
2012-10-01 11:11:03 -------- d-----w- c:\documents and settings\administrator.steve-quad\local settings\application data\Mozilla
2012-10-01 10:20:59 -------- d-----w- c:\documents and settings\administrator.steve-quad\application data\Malwarebytes
2012-09-25 15:39:17 -------- d-----w- c:\program files\Open Freely
2012-09-17 21:55:28 -------- d-----w- c:\program files\Silabs
2012-09-17 21:55:09 -------- d-----w- c:\windows\system32\Silabs
2012-09-17 21:55:02 -------- d-----w- c:\program files\Sound Devices
2012-09-09 06:26:00 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-09-08 03:36:20 -------- d-----w- c:\windows\system32\NtmsData
.
==================== Find3M ====================
.
2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 21:21:19.98 ===============

tapersteve, Oct 1, 2012

#4
Broni Malware Annihilator Posts: 40,073 +187

I still need Attach.txt part of DDS.

When done see if you can follow these instructions: http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

Broni, Oct 1, 2012

#5

tapersteve Newcomer, in training Posts: 52

I had to search to find it, but here is the DDS "Attach.txt" info. I will attempt the fixes in the post that you linked to, and will let you know if they worked. Thank you again. Steve

-------------------------------------------------------------------------------------------
DDS Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/21/2008 9:35:28 AM
System Uptime: 10/1/2012 9:15:52 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0FM586
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2394/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 62.86 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: HID Non-User Input Data Filter (KB 911895)
Device ID: HID\VID_045E&PID_00E3&MI_01&COL01\7&303B4474&0&0000
Manufacturer: Microsoft
Name: HID Non-User Input Data Filter (KB 911895)
PNP Device ID: HID\VID_045E&PID_00E3&MI_01&COL01\7&303B4474&0&0000
Service: NuidFltr
.
Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: HID Non-User Input Data Filter (KB 911895)
Device ID: HID\VID_045E&PID_00E3&MI_01&COL03\7&303B4474&0&0002
Manufacturer: Microsoft
Name: HID Non-User Input Data Filter (KB 911895)
PNP Device ID: HID\VID_045E&PID_00E3&MI_01&COL03\7&303B4474&0&0002
Service: NuidFltr
.
==== System Restore Points ===================
.
RP1412: 9/25/2012 11:41:52 AM - System Checkpoint
RP1413: 9/26/2012 12:04:46 AM - System Checkpoint
RP1414: 9/27/2012 3:27:04 AM - System Checkpoint
RP1415: 9/28/2012 3:52:47 AM - System Checkpoint
RP1416: 9/29/2012 6:06:02 AM - System Checkpoint
RP1417: 9/30/2012 7:02:10 AM - System Checkpoint
RP1418: 10/1/2012 6:47:49 AM - Restore Operation
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.2
Audacity 1.3.12 (Unicode)
Audacity Recovery Utility
Auslogics Disk Defrag
avast! Free Antivirus
BTeasy 0.2.1.5
CD Wave Editor version 1.97
CKRename
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
Dell Support Center (Support Software)
Delta
DING!
DOC Regenerator
E-Transcript Bundle Viewer
EaseUS Partition Master 9.1.1 Home Edition
ERUNT 1.1j
Exact Audio Copy 0.99pb4
File Type Assistant
FLAC 1.2.1b (remove only)
foobar2000 v0.9.5.4
Free File Viewer 2011
FreeUndelete 2.0.35248.1
G-Force
Garmin City Navigator North America NT 2010.40
GIMP 2.6.6
Glary Utilities 2.47.0.1539
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.12.0
Java Auto Updater
Java(TM) 6 Update 31
K-Lite Codec Pack 7.0.0 (Standard)
Malwarebytes Anti-Malware version 1.65.0.1400
Maxtor Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Nero Suite
Open Freely
PandoraRecovery (Remove Only)
ParetoLogic Data Recovery
PDF-Viewer
PDF-XChange Viewer
QuickTime
r8brain 1.9
Realtek High Definition Audio Driver
Recuva
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SES Driver
SHARP AM-900 Series MFP Driver
Sharpdesk
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Sonic Activation Module
Sony Sound Forge 8.0d
Sound Forge Pro 10.0
Sp5
Sp5Intl
Sp5TTInt
SpCommon
SpeedFan (remove only)
SpPhones
Spybot - Search & Destroy
SUPERAntiSpyware
System Requirements Lab for Intel
TeamViewer 6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Wireless Software Utility Application for Android - Samsung
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.2
WaveAgent
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
Wondershare Video Converter Ultimate(Build 5.5.1.0)
.
==== Event Viewer Messages From Past Week ========
.
9/30/2012 1:15:15 PM, error: Print [6161] - The document Pay Dues owned by Steve Kwartin failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 1245184. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\STEVE-QUAD. Win32 error code returned by the print processor: 6 (0x6).
9/28/2012 2:47:27 AM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
9/28/2012 2:38:48 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001D097F523C. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
9/26/2012 10:28:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm SASDIFSV SASKUTIL
9/26/2012 10:27:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/26/2012 1:16:28 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/25/2012 11:40:38 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000185' while processing the file '_362828_' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
9/25/2012 11:40:38 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.
9/25/2012 11:40:28 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\D.
11/24/2012 6:45:13 PM, error: Dhcp [1002] - The IP address lease 192.168.100.2 for the Network Card with network address 001D097F523C has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
11/24/2012 5:51:21 PM, error: Dhcp [1002] - The IP address lease 50.140.54.21 for the Network Card with network address 001D097F523C has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
11/24/2012 3:04:02 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
11/24/2012 3:03:57 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/24/2012 3:02:18 PM, error: Service Control Manager [7000] - The PfModNT service failed to start due to the following error: The system cannot find the file specified.
11/24/2012 3:02:17 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/24/2012 3:02:17 PM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The system cannot find the file specified.
11/24/2012 3:01:46 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -5273993 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|50.140.54.21:123->65.55.21.20:123) is working properly.
11/24/2012 3:01:32 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/24/2012 2:56:46 PM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s).
11/24/2012 2:56:46 PM, error: Service Control Manager [7034] - The Maxtor Service service terminated unexpectedly. It has done this 1 time(s).
11/24/2012 1:46:56 PM, error: Print [6161] - The document JANIS JOPLIN, QUICKSILVER 1967 Avalon Ballroom Benefit Concert Handbill | eBay owned by Steve Kwartin failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 3457872. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\STEVE-QUAD. Win32 error code returned by the print processor: 6 (0x6).
10/1/2012 6:44:38 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
10/1/2012 6:02:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/1/2012 5:57:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/1/2012 5:56:46 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip vsdatant
10/1/2012 5:56:46 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2012 5:56:46 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2012 5:56:46 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2012 5:56:46 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2012 5:53:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
10/1/2012 5:53:26 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/1/2012 2:26:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/21/2008 9:35:28 AM
System Uptime: 10/1/2012 9:15:52 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0FM586
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2394/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 62.86 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: HID Non-User Input Data Filter (KB 911895)
Device ID: HID\VID_045E&PID_00E3&MI_01&COL01\7&303B4474&0&0000
Manufacturer: Microsoft
Name: HID Non-User Input Data Filter (KB 911895)
PNP Device ID: HID\VID_045E&PID_00E3&MI_01&COL01\7&303B4474&0&0000
Service: NuidFltr
.
Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: HID Non-User Input Data Filter (KB 911895)
Device ID: HID\VID_045E&PID_00E3&MI_01&COL03\7&303B4474&0&0002
Manufacturer: Microsoft
Name: HID Non-User Input Data Filter (KB 911895)
PNP Device ID: HID\VID_045E&PID_00E3&MI_01&COL03\7&303B4474&0&0002
Service: NuidFltr
.
==== System Restore Points ===================
.
RP1412: 9/25/2012 11:41:52 AM - System Checkpoint
RP1413: 9/26/2012 12:04:46 AM - System Checkpoint
RP1414: 9/27/2012 3:27:04 AM - System Checkpoint
RP1415: 9/28/2012 3:52:47 AM - System Checkpoint
RP1416: 9/29/2012 6:06:02 AM - System Checkpoint
RP1417: 9/30/2012 7:02:10 AM - System Checkpoint
RP1418: 10/1/2012 6:47:49 AM - Restore Operation
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.2
Audacity 1.3.12 (Unicode)
Audacity Recovery Utility
Auslogics Disk Defrag
avast! Free Antivirus
BTeasy 0.2.1.5
CD Wave Editor version 1.97
CKRename
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
Dell Support Center (Support Software)
Delta
DING!
DOC Regenerator
E-Transcript Bundle Viewer
EaseUS Partition Master 9.1.1 Home Edition
ERUNT 1.1j
Exact Audio Copy 0.99pb4
File Type Assistant
FLAC 1.2.1b (remove only)
foobar2000 v0.9.5.4
Free File Viewer 2011
FreeUndelete 2.0.35248.1
G-Force
Garmin City Navigator North America NT 2010.40
GIMP 2.6.6
Glary Utilities 2.47.0.1539
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.12.0
Java Auto Updater
Java(TM) 6 Update 31
K-Lite Codec Pack 7.0.0 (Standard)
Malwarebytes Anti-Malware version 1.65.0.1400
Maxtor Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Nero Suite
Open Freely
PandoraRecovery (Remove Only)
ParetoLogic Data Recovery
PDF-Viewer
PDF-XChange Viewer
QuickTime
r8brain 1.9
Realtek High Definition Audio Driver
Recuva
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SES Driver
SHARP AM-900 Series MFP Driver
Sharpdesk
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Sonic Activation Module
Sony Sound Forge 8.0d
Sound Forge Pro 10.0
Sp5
Sp5Intl
Sp5TTInt
SpCommon
SpeedFan (remove only)
SpPhones
Spybot - Search & Destroy
SUPERAntiSpyware
System Requirements Lab for Intel
TeamViewer 6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Wireless Software Utility Application for Android - Samsung
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.2
WaveAgent
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
Wondershare Video Converter Ultimate(Build 5.5.1.0)
.
==== Event Viewer Messages From Past Week ========
.
9/30/2012 1:15:15 PM, error: Print [6161] - The document Pay Dues owned by Steve Kwartin failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 1245184. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\STEVE-QUAD. Win32 error code returned by the print processor: 6 (0x6).
9/28/2012 2:47:27 AM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
9/28/2012 2:38:48 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001D097F523C. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
9/26/2012 10:28:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm SASDIFSV SASKUTIL
9/26/2012 10:27:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/26/2012 1:16:28 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/25/2012 11:40:38 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000185' while processing the file '_362828_' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
9/25/2012 11:40:38 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.
9/25/2012 11:40:28 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\D.
11/24/2012 6:45:13 PM, error: Dhcp [1002] - The IP address lease 192.168.100.2 for the Network Card with network address 001D097F523C has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
11/24/2012 5:51:21 PM, error: Dhcp [1002] - The IP address lease 50.140.54.21 for the Network Card with network address 001D097F523C has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
11/24/2012 3:04:02 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
11/24/2012 3:03:57 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/24/2012 3:02:18 PM, error: Service Control Manager [7000] - The PfModNT service failed to start due to the following error: The system cannot find the file specified.
11/24/2012 3:02:17 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/24/2012 3:02:17 PM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The system cannot find the file specified.
11/24/2012 3:01:46 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -5273993 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|50.140.54.21:123->65.55.21.20:123) is working properly.
11/24/2012 3:01:32 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/24/2012 2:56:46 PM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s).
11/24/2012 2:56:46 PM, error: Service Control Manager [7034] - The Maxtor Service service terminated unexpectedly. It has done this 1 time(s).
11/24/2012 1:46:56 PM, error: Print [6161] - The document JANIS JOPLIN, QUICKSILVER 1967 Avalon Ballroom Benefit Concert Handbill | eBay owned by Steve Kwartin failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 3457872. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\STEVE-QUAD. Win32 error code returned by the print processor: 6 (0x6).
10/1/2012 6:44:38 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
10/1/2012 6:02:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/1/2012 5:57:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/1/2012 5:56:46 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip vsdatant
10/1/2012 5:56:46 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2012 5:56:46 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2012 5:56:46 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2012 5:56:46 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2012 5:53:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
10/1/2012 5:53:26 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/1/2012 2:26:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
.
==== End Of File ===========================

tapersteve, Oct 1, 2012

#6

tapersteve Newcomer, in training Posts: 52

I have downloaded the emsisoft free emergency kit, following the instructions in the bleepingcomputer link, but when I try to run the main program, I keep getting a Microsoft error message that the program is shutting itself down. I have had one of these "FBI" type infections before, and it was relatively easy to get rid of on my own. This version has a lot more protections built in, such as keeping me from accessing my desktop, application data, and other folders, and otherwise being far more resistant to prior removal methods. Do these jerks really think that someone is going to wire them money? I would be in favor of public executions of virus/spam creators. Thanks again. Steve

tapersteve, Oct 1, 2012

#7
Broni Malware Annihilator Posts: 40,073 +187
Let's try to boot your computer using the Ultimate Boot CD for Windows (UBCD4win).

Please print this guide for future reference!

You will need a blank CD, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

:step1:

1. Download and Run Ultimate Boot CD for Windows

Save it to your Desktop.

Double-Click on the UBCD4Win.EXE that you just downloaded to your desktop.

Follow all of the instructions/prompts that come up.
NOTES:

Do not install to a folder with spaces in it's name.

Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read HERE for information regarding the files that normally trigger AV software.

2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive

Double-Click on UBCD4WinBuilder.exe located in your C:\ubcd4win folder.

Click "I agree" to the Builders License.

Click NO to Search for Windows Installation Files

Make the following selections from the Main Screen that pops up:

Builder

Sourcepath to Windows installation files)

Enter the path to the drive where your XP CD is located.

You can click on the "..." button on the right to navigate to the path as well.

Custom: (include files and folders from this directory)

No information is necessary, leave blank.

Output: (C:\ubcd4win\BartPE)

Keep the default BartPE

Media output

Choose Create ISO image

Do not choose Burn to CD/DVD

Please note: If your XP install disc is SP1 then please .....

Disable- DComLaunch Service

Enable- LargeIDE Fix

This can be done by pressing the "Plugin" button and checking or unchecking the appropriate selections

Also note: If you have a Dell XP install disc you will need to follow the instructions here
http://www.ubcd4win.com/faq.htm#dell

3. Click on the "Build" button

You will see the Windows EULA message. Click on I Agree

You will now see the Build Screen. Let it run it's course

When the Build is finished you can click close, then exit

4. Burn your ISO file to CD

Please see HERE on how to burn an ISO to CD.

==========

:step2:

Next, from your clean computer:

Download Farbar Recovery Scan Tool
and save it to your flash drive.

Now plug your flashdrive back into your sick computer and follow the next instructions:

==========

:step3:

1. Restart Your sick Computer Using the UBCD4Win Disc That You Have Created

Insert the UBCD4Win disc in to one of your CD/DVD drives.

Restart your computer.

The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.

In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.

It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.

Once the desktop appears, you will receive a message asking: Do you want to start Network support?

Click on Yes if you want to use the PE environment to get online post your log and reply by way of an Ethernet connection.

You should now have a desktop that looks like this:

==========

:step4:

Single click My computer from your UBCD4W desktop to navigate to the Farbar Recovery Scan Tool you saved to your flash drive.

Double click on it to begin running the tool.

When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your next reply.
Broni, Oct 1, 2012

#8
tapersteve Newcomer, in training Posts: 52

As I indicated above, despite several tries, I was unable to run the emergency kit. I was able to run the command line scanner, the results of which are pasted below. I think that this virus has much greater capabilities to mask itself, and to block other software from locating it and removing it.

---------------------------------------
Command Line Scanner Report

C:\DOCUME~1\ADMINI~1.ST~\LOCALS~1\Temp\Rar$EX01.094>ECHO OFF

Emsisoft Commandline Scanner v. 6.5.0.6
(C) 2003-2012 Emsisoft - www.emsisoft.com

Emsisoft Commandline Scanner - Version 2.0
Last update: N/A

Scan settings:

Objects: Memory, Traces, C:\WINDOWS\, C:\PROGRAM FILES\
Scan archives: Off
ADS Scan: Off

Scan start: 10/1/2012 11:53:03 PM

C:\PROGRAM FILES\Acro Software\CutePDF Writer\README.HTM

Scanned

Objects: 518676
Traces: 471676
Cookies: 0
Processes: 0

Found

Objects: 0
Traces: 0
Cookies: 0
Processes: 0

Quarantined

Files: 0
Traces: 0
Cookies: 0
Processes: 0

Scan end: 10/2/2012 12:07:16 AM
Scan time: 0:14:13
Press any key to continue . . .

tapersteve, Oct 1, 2012

#9
tapersteve Newcomer, in training Posts: 52

I had not seen your last post, before my post above. The only problem with the next suggestion is that I do not have the XP CDs. The computer came with it loaded, and without any media at all. I do have a recovery mirror from a while back on one of my external hard drives. I am not sure if that would help, but lacking the CDs, I am not sure whether the method above will be useful. I will wait for your response before proceeding any further. Steve

tapersteve, Oct 1, 2012

#10
Broni Malware Annihilator Posts: 40,073 +187
Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.

Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

Your system should now display a REATOGO-X-PE desktop.

Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.

Double-click on the OTLPE icon.

When asked Do you wish to load the remote registry, select Yes

When asked Do you wish to load remote user profile(s) for scanning, select Yes

Ensure the box Automatically Load All Remaining Users" is checked and press OK

OTL should now start.

Press Run Scan to start the scan.

When finished, the file will be saved in drive C:\OTL.txt

Copy this file to your USB drive if you do not have internet connection on this system

Please post the contents of the OTL.txt file in your reply.
Broni, Oct 1, 2012

#11
tapersteve Newcomer, in training Posts: 52

OK. So I was able to download, install and run OTLPE. I ran the scan, and the log is below. Several notes for future reference. It did not ask me whether I wanted to use a remote registry. It did ask me about multiple user accounts. Don't know if that is a change or not. While I was able to access the internet while on that system, and could get to gmail, to e-mail myself the log, when I went to your site, the main page loaded, but if I attempted to get to the forums or anything with the word virus in it, it blocked it. I could get to other news pages, but even if I went through a number of other clicks, and then tried to access the forum, I would get blocked. This is a much nastier POS than the other version of the FBI/moneypak scam that I saw previously.
---------------------------------------------------------------------------
OTL logfile created on: 10/2/2012 3:51:41 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date
Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory |
91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% =
C:\Program Files
Drive C: | 232.82 Gb Total Space | 62.33 Gb Free Space | 26.77% Space
Free | Partition Type: NTFS
Drive D: | 698.64 Gb Total Space | 100.82 Gb Free Space | 14.43% Space
Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space
Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company
Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet005

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (stllssvr)
SRV - File not found [Auto] -- -- (MDM)
SRV - File not found [Disabled] -- -- (IDriverT)
SRV - File not found [Disabled] -- -- (AOL TopSpeedMonitor)
SRV - [2012/09/09 02:25:57 | 000,114,144 | ---- | M] (Mozilla
Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance
Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes
Corporation) [Auto] -- C:\Program Files\Malwarebytes'
Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes
Corporation) [Auto] -- C:\Program Files\Malwarebytes'
Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software)
[Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe --
(avast! Antivirus)
SRV - [2012/04/28 18:37:11 | 000,253,088 | ---- | M] (Adobe Systems
Incorporated) [On_Demand] --
C:\WINDOWS\system32\Macromed\
Flash\FlashPlayerUpdateService.exe --
(AdobeFlashPlayerUpdateSvc)
SRV - [2011/11/03 14:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH)
[Disabled] -- C:\Program
Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M]
(SUPERAntiSpyware.com) [Disabled] -- C:\Program
Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/02/02 11:57:54 | 000,052,288 | ---- | M] (NOS Microsystems
Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
-- (nosGetPlusHelper) getPlus(R)
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft,
Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
-- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service
(DellSupportCenter)
SRV - [2008/07/21 17:53:04 | 000,193,888 | ---- | M] (Seagate
Technology LLC) [Auto] -- C:\Program
Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Auto] -- -- (PfModNT)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot] -- -- (jrsrfvwy)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (EraserUtilDrv11010)
DRV - File not found [Kernel | On_Demand] -- -- (ENTECH)
DRV - File not found [Kernel | On_Demand] -- -- (DELTAII) Service for
M-Audio Delta Driver (WDM)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (A2DDA)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes
Corporation) [File_System | On_Demand] --
C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software)
[File_System | System] -- C:\WINDOWS\System32\drivers\aswSnx.sys --
(aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software)
[Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software)
[Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys --
(aswTdi)
DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software)
[File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys --
(aswMon2)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software)
[Kernel | System] -- C:\WINDOWS\System32\drivers\aswRdr.sys --
(aswRdr)
DRV - [2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software)
[Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys --
(Aavmker4)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software)
[File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys --
(aswFsBlk)
DRV - [2011/07/29 13:54:56 | 000,013,192 | ---- | M] () [Kernel |
On_Demand] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel |
On_Demand] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M]
(SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] --
C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M]
(SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] --
C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/18 12:08:54 | 000,025,240 | ---- | M] (Almico Software)
[Kernel | Boot] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2011/01/12 21:15:08 | 000,136,680 | ---- | M] (MCCI
Corporation) [Kernel | On_Demand] --
C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/12 21:15:08 | 000,121,192 | ---- | M] (MCCI
Corporation) [Kernel | On_Demand] --
C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android
USB Composite Device driver (WDM)
DRV - [2011/01/12 21:15:08 | 000,012,776 | ---- | M] (MCCI
Corporation) [Kernel | On_Demand] --
C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android
USB Modem (Filter)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel |
On_Demand] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys --
(cpudrv)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital
Technologies) [Kernel | On_Demand] --
C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/05/03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.)
[Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxopswd.sys --
(MXOPSWD)
DRV - [2007/05/02 16:21:22 | 004,403,712 | ---- | M] (Realtek
Semiconductor Corp.) [Kernel | On_Demand] --
C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
Service for Realtek HD Audio (WDM)
DRV - [2007/01/25 12:12:22 | 000,302,336 | ---- | M] (Midiman/M-Audio)
[Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\delta.sys --
(DELTA) Service for Delta Driver (WDM)
DRV - [2007/01/19 13:53:43 | 000,018,304 | ---- | M] (Printing
Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] --
C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/01/19 13:53:42 | 000,019,712 | ---- | M] (Printing
Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] --
C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant
Systems, Inc.) [Kernel | On_Demand] --
C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant
Systems, Inc.) [Kernel | On_Demand] --
C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant
Systems, Inc.) [Kernel | On_Demand] --
C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online,
Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys
-- (wanatw) WAN Miniport (ATW)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel |
Disabled] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
%SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings: "ProxyEnable" = 0

IE - HKU\Administrator.STEVE-QUAD_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet
Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet
Settings: "ProxyEnable" = 0

IE - HKU\Steve_Kwartin_ON_C\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.cnn.com/
IE - HKU\Steve_Kwartin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet
Settings: "ProxyEnable" = 0

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet
Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer
Plugin,version=1.0,application/pdf: C:\Program Files\Tracker
Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products
(Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin:
C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program
Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:
C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll (
Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5:
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97:
C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99:
C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google
Update;version=3: C:\Program
Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google
Update;version=9: C:\Program
Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange
Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker
Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products
(Canada) Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com:
C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/09/05 18:33:39
| 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox
15.0.1\extensions\\Components: C:\Program Files\Mozilla
Firefox\components [2012/09/09 02:26:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox
15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011/11/08 01:01:32 | 000,000,000 | ---D | M]

[2012/10/01 07:11:10 | 000,000,000 | ---D | M] (No name found) --
C:\Documents and Settings\Administrator.STEVE-QUAD\Application
Data\Mozilla\Extensions
[2012/06/11 11:32:11 | 000,000,000 | ---D | M] (No name found) --
C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2012/09/09 02:25:59 | 000,266,720 | ---- | M] (Mozilla Foundation) --
C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/27 11:35:22 | 000,476,904 | ---- | M] (Sun Microsystems,
Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/14 17:49:30 | 000,171,136 | ---- | M] (Tracker Software
Products (Canada) Ltd.) -- C:\Program Files\mozilla
firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/09/09 02:25:53 | 000,002,465 | ---- | M] () -- C:\Program
Files\mozilla firefox\searchplugins\bing.xml
[2012/09/09 02:25:53 | 000,002,253 | ---- | M] () -- C:\Program
Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/06 16:36:57 | 000,443,883 | R--- | M]) -
C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15244 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems
Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -
C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST
Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) -
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil
Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\Steve_Kwartin_ON_C\..\Toolbar\WebBrowser: (no name) -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\Steve_Kwartin_ON_C\..\Toolbar\WebBrowser: (no name) -
{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
O3 - HKU\Steve_Kwartin_ON_C\..\Toolbar\WebBrowser: (no name) -
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil
Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CheckPoint Cleanup] File not found
O4 - HKLM..\Run: [jICc7n9BYxBTRVw] C:\Documents and Settings\Steve
Kwartin\Application Data\wsf3CmCT.exe ()
O4 - HKU\Steve_Kwartin_ON_C..\Run: [jICc7n9BYxBTRVw] C:\Documents and
Settings\Steve Kwartin\Application Data\wsf3CmCT.exe ()
O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\System32\restore\rstrui.exe
(Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program
Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes
Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)]
C:\Documents and Settings\All Users\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes
Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveAutoRun = 67108863
O7 - HKU\Administrator.STEVE-QUAD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O7 - HKU\Steve_Kwartin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O7 - HKU\Steve_Kwartin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveAutoRun = 67108863
O7 - HKU\Steve_Kwartin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDesktop = 1
O7 - HKU\Steve_Kwartin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:
DisableRegistryTools = 1
O7 - HKU\Steve_Kwartin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:
DisableTaskMgr = 1
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
75.75.75.75 75.75.76.76
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} -
C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP
CORPORATION)
O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Steve
Kwartin\Application Data\wsf3CmCT.exe) - C:\Documents and
Settings\Steve Kwartin\Application Data\wsf3CmCT.exe ()
O20 - HKU\Steve_Kwartin_ON_C Winlogon: Shell - (C:\Documents and
Settings\Steve Kwartin\Application Data\wsf3CmCT.exe) - C:\Documents
and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program
Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program
Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. -
Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 09:33:29 | 000,000,000 | ---- | M] ()
- C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/31 15:17:24 | 000,000,118 | ---- | M] ()
- D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] ()
- X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: ddessrvc - (C:\WINDOWS\system32\clipipv6.dll) -
File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days
==========

[2012/11/24 15:25:44 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Steve Kwartin\Desktop\Virus
[2012/10/01 23:15:38 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\My Documents\Run
[2012/10/01 23:14:14 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Application Data\EurekaLog
[2012/10/01 23:12:30 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Application Data\WinRAR
[2012/10/01 21:20:23 | 000,000,000 | R--D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\My Documents\My Videos
[2012/10/01 21:20:23 | 000,000,000 | R--D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\My Documents\My Pictures
[2012/10/01 21:20:23 | 000,000,000 | R--D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\My Documents\My Music
[2012/10/01 21:20:23 | 000,000,000 | R--D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Start Menu\Programs\Administrative
Tools
[2012/10/01 20:31:23 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Steve Kwartin\My Documents\virus
[2012/10/01 18:03:52 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\All Users\Application Data\ZA_PreservedFiles
[2012/10/01 15:32:33 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\My Documents\Downloads
[2012/10/01 07:12:07 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Application Data\Macromedia
[2012/10/01 07:11:03 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Local Settings\Application
Data\Mozilla
[2012/10/01 07:11:03 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Application Data\Mozilla
[2012/10/01 06:20:59 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Application Data\Malwarebytes
[2012/10/01 06:05:02 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Application Data\Adobe
[2012/10/01 05:55:54 | 000,000,000 | --SD | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Application Data\Microsoft
[2012/10/01 05:55:54 | 000,000,000 | R--D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Start Menu\Programs\Startup
[2012/10/01 05:55:54 | 000,000,000 | R--D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Start Menu
[2012/10/01 05:55:54 | 000,000,000 | R--D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\SendTo
[2012/10/01 05:55:54 | 000,000,000 | R--D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Application Data
[2012/10/01 05:55:54 | 000,000,000 | R--D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Start Menu\Programs\Accessories
[2012/10/01 05:55:54 | 000,000,000 | -HSD | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Cookies
[2012/10/01 05:55:54 | 000,000,000 | -H-D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Local Settings
[2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Templates
[2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Recent
[2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\PrintHood
[2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\NetHood
[2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\My Documents
[2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Local Settings\Application
Data\Microsoft
[2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Favorites
[2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Desktop
[2012/10/01 04:41:34 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Steve Kwartin\Application Data\Roaming
[2012/09/25 11:39:27 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\All Users\Start Menu\Programs\Open Freely
[2012/09/25 11:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Open Freely
[2012/09/20 17:00:53 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\All Users\Start Menu\Programs\PDF-XChange PDF Viewer
[2012/09/17 18:08:27 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Steve Kwartin\Application Data\Sound Devices
[2012/09/17 17:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Silabs
[2012/09/17 17:55:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Silabs
[2012/09/17 17:55:06 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\All Users\Start Menu\Programs\Sound Devices
[2012/09/17 17:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\Sound Devices
[2012/09/12 22:05:26 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\All Users\Start Menu\Programs\ERUNT
[2012/09/12 22:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/09/07 23:36:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[5 C:\Documents and Settings\Steve Kwartin\My Documents\*.tmp files ->
C:\Documents and Settings\Steve Kwartin\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/24 13:39:57 | 000,199,046 | ---- | M] () -- C:\Documents and
Settings\Steve Kwartin\Desktop\Thank you for your Order2!.pdf
[2012/11/24 13:37:41 | 000,166,662 | ---- | M] () -- C:\Documents and
Settings\Steve Kwartin\Desktop\Shopping cart3.pdf
[2012/11/24 13:35:26 | 000,198,523 | ---- | M] () -- C:\Documents and
Settings\Steve Kwartin\Desktop\Thank you for your Order!.pdf
[2012/11/24 13:30:28 | 000,167,294 | ---- | M] () -- C:\Documents and
Settings\Steve Kwartin\Desktop\Shopping cart2.pdf
[2012/10/02 02:42:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/02 02:37:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/02 00:52:49 | 000,000,664 | ---- | M] () --
C:\WINDOWS\System32\d3d9caps.dat
[2012/10/01 23:36:15 | 000,811,138 | ---- | M] () -- C:\Documents and
Settings\Administrator.STEVE-QUAD\My Documents\152 Order Adopting
Report and Recommendations re Attorneys Fees.pdf
[2012/10/01 21:14:03 | 000,000,318 | -H-- | M] () --
C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/01 21:13:56 | 000,000,328 | ---- | M] () --
C:\WINDOWS\tasks\GlaryInitialize.job
[2012/10/01 21:13:52 | 000,000,394 | ---- | M] () --
C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2012/10/01 21:13:51 | 000,000,896 | ---- | M] () --
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/01 21:13:49 | 000,000,260 | ---- | M] () --
C:\WINDOWS\tasks\WGASetup.job
[2012/10/01 20:17:23 | 000,000,440 | RHS- | M] () -- C:\Documents and
Settings\Steve Kwartin\ntuser.pol
[2012/10/01 17:22:32 | 000,000,440 | RHS- | M] () -- C:\Documents and
Settings\Administrator.STEVE-QUAD\ntuser.pol
[2012/10/01 12:44:20 | 000,000,784 | ---- | M] () -- C:\Documents and
Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/01 04:40:56 | 000,283,495 | ---- | M] () -- C:\Documents and
Settings\Steve Kwartin\Application Data\wsf3CmCT.exe
[2012/10/01 03:58:00 | 000,000,900 | ---- | M] () --
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/01 03:57:00 | 000,000,830 | ---- | M] () --
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/30 18:00:00 | 000,000,458 | ---- | M] () --
C:\WINDOWS\tasks\ParetoLogic Registration.job
[2012/09/30 14:48:32 | 000,081,792 | ---- | M] () -- C:\Documents and
Settings\Steve Kwartin\Desktop\Scanned Image 122740000.jpg
[2012/09/29 19:42:48 | 000,000,063 | ---- | M] () -- C:\Documents and
Settings\Steve Kwartin\Application Data\bteasy.ini
[2012/09/29 18:56:32 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012/09/28 14:54:02 | 000,521,038 | ---- | M] () --
C:\WINDOWS\System32\perfh009.dat
[2012/09/28 14:54:02 | 000,095,478 | ---- | M] () --
C:\WINDOWS\System32\perfc009.dat
[2012/09/28 14:36:02 | 000,000,256 | -HS- | M] () -- C:\boot.ini
[2012/09/28 12:16:15 | 000,187,238 | ---- | M] () -- C:\Documents and
Settings\Steve Kwartin\My Documents\Ticketmaster Confirmation.pdf
[2012/09/27 01:20:00 | 000,000,432 | ---- | M] () --
C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2012/09/26 23:29:52 | 000,000,745 | ---- | M] () -- C:\Documents and
Settings\Steve Kwartin\Application Data\Microsoft\Internet
Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2012/09/26 23:01:31 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/09/26 22:49:05 | 000,000,815 | ---- | M] () -- C:\Documents and
Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick
Launch\Launch Internet Explorer Browser.lnk
[2012/09/26 22:28:21 | 000,001,337 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/25 11:39:27 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Start Menu\Programs\Open Freely
[2012/09/24 12:20:44 | 000,181,703 | ---- | M] () -- C:\Documents and
Settings\Steve Kwartin\Desktop\Confirm Order.pdf
[2012/09/22 01:24:04 | 000,000,706 | ---- | M] () -- C:\Documents and
Settings\Steve Kwartin\Application Data\Microsoft\Internet
Explorer\Quick Launch\foobar2000.lnk
[2012/09/21 19:03:38 | 000,068,565 | ---- | M] () -- C:\Documents and
Settings\Steve Kwartin\Desktop\The Who - Posters.pdf
[2012/09/20 17:00:53 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Start Menu\Programs\PDF-XChange PDF Viewer
[2012/09/19 20:57:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/09/17 17:55:06 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Start Menu\Programs\Sound Devices
[2012/09/15 18:40:31 | 000,102,300 | ---- | M] () -- C:\Documents and
Settings\Steve Kwartin\Desktop\axel-rosales-most-piercings-on-face_dsc5560.jpg
[2012/09/12 22:05:26 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Start Menu\Programs\ERUNT
[2012/09/09 02:37:37 | 000,000,548 | ---- | M] () --
C:\WINDOWS\tasks\Rescue Reminder for 2HAA48PR.job
[2012/09/08 12:58:00 | 004,503,728 | ---- | M] () -- C:\Documents and
Settings\All Users\Application Data\dsgsdgdsgdsgw.pad
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes
Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/05 18:33:46 | 000,002,626 | ---- | M] () --
C:\WINDOWS\System32\CONFIG.NT
[5 C:\Documents and Settings\Steve Kwartin\My Documents\*.tmp files ->
C:\Documents and Settings\Steve Kwartin\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/24 13:39:56 | 000,199,046 | ---- | C] () -- C:\Documents and
Settings\Steve Kwartin\Desktop\Thank you for your Order2!.pdf
[2012/11/24 13:37:40 | 000,166,662 | ---- | C] () -- C:\Documents and
Settings\Steve Kwartin\Desktop\Shopping cart3.pdf
[2012/11/24 13:35:25 | 000,198,523 | ---- | C] () -- C:\Documents and
Settings\Steve Kwartin\Desktop\Thank you for your Order!.pdf
[2012/11/24 13:30:27 | 000,167,294 | ---- | C] () -- C:\Documents and
Settings\Steve Kwartin\Desktop\Shopping cart2.pdf
[2012/10/01 23:36:15 | 000,811,138 | ---- | C] () -- C:\Documents and
Settings\Administrator.STEVE-QUAD\My Documents\152 Order Adopting
Report and Recommendations re Attorneys Fees.pdf
[2012/10/01 12:44:20 | 000,000,784 | ---- | C] () -- C:\Documents and
Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/01 06:44:31 | 000,000,440 | RHS- | C] () -- C:\Documents and
Settings\Administrator.STEVE-QUAD\ntuser.pol
[2012/10/01 05:55:55 | 000,001,599 | ---- | C] () -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Start Menu\Programs\Remote
Assistance.lnk
[2012/10/01 05:55:55 | 000,000,792 | ---- | C] () -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Start Menu\Programs\Windows Media
Player.lnk
[2012/10/01 04:40:57 | 000,283,495 | ---- | C] () -- C:\Documents and
Settings\Steve Kwartin\Application Data\wsf3CmCT.exe
[2012/09/30 14:46:08 | 000,081,792 | ---- | C] () -- C:\Documents and
Settings\Steve Kwartin\Desktop\Scanned Image 122740000.jpg
[2012/09/28 12:16:13 | 000,187,238 | ---- | C] () -- C:\Documents and
Settings\Steve Kwartin\My Documents\Ticketmaster Confirmation.pdf
[2012/09/26 23:29:52 | 000,000,745 | ---- | C] () -- C:\Documents and
Settings\Steve Kwartin\Application Data\Microsoft\Internet
Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2012/09/24 12:20:42 | 000,181,703 | ---- | C] () -- C:\Documents and
Settings\Steve Kwartin\Desktop\Confirm Order.pdf
[2012/09/22 01:24:04 | 000,000,706 | ---- | C] () -- C:\Documents and
Settings\Steve Kwartin\Application Data\Microsoft\Internet
Explorer\Quick Launch\foobar2000.lnk
[2012/09/21 19:03:37 | 000,068,565 | ---- | C] () -- C:\Documents and
Settings\Steve Kwartin\Desktop\The Who - Posters.pdf
[2012/09/15 18:46:42 | 000,102,300 | ---- | C] () -- C:\Documents and
Settings\Steve Kwartin\Desktop\axel-rosales-most-piercings-on-face_dsc5560.jpg
[2012/09/12 22:02:33 | 000,000,440 | RHS- | C] () -- C:\Documents and
Settings\Steve Kwartin\ntuser.pol
[2012/09/04 19:14:17 | 004,503,728 | ---- | C] () -- C:\Documents and
Settings\All Users\Application Data\dsgsdgdsgdsgw.pad
[2012/08/14 03:46:24 | 083,023,306 | ---- | C] () -- C:\Documents and
Settings\All Users\Application Data\ism_0_llatsni.pad
[2012/08/06 13:04:53 | 004,503,728 | ---- | C] () -- C:\Documents and
Settings\All Users\Application Data\rat_0ybba.pad
[2012/08/05 14:25:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bench32.INI
[2012/08/05 03:28:39 | 000,019,840 | ---- | C] () --
C:\WINDOWS\System32\EuEpmGdi.dll
[2012/08/05 03:28:37 | 002,468,520 | ---- | C] () --
C:\WINDOWS\System32\BootMan.exe
[2012/08/05 03:28:37 | 000,086,408 | ---- | C] () --
C:\WINDOWS\System32\setupempdrv03.exe
[2012/08/05 03:28:37 | 000,013,192 | ---- | C] () --
C:\WINDOWS\System32\epmntdrv.sys
[2012/08/05 03:28:37 | 000,008,456 | ---- | C] () --
C:\WINDOWS\System32\EuGdiDrv.sys
[2012/08/02 19:27:20 | 000,178,688 | ---- | C] () --
C:\WINDOWS\System32\unrar.dll
[2012/07/26 12:19:07 | 004,503,728 | ---- | C] () -- C:\Documents and
Settings\All Users\Application Data\z7_0ytr.pad
[2012/07/13 19:18:42 | 000,000,664 | ---- | C] () --
C:\WINDOWS\System32\d3d9caps.dat
[2012/07/13 17:50:51 | 000,003,584 | ---- | C] () -- C:\Documents and
Settings\Guest\Local Settings\Application
Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/20 18:54:29 | 000,156,864 | ---- | C] () -- C:\Documents and
Settings\LocalService\Local Settings\Application
Data\FontCache3.0.0.0.dat
[2012/01/06 18:10:20 | 000,000,088 | ---- | C] () -- C:\Documents and
Settings\Steve Kwartin\default.pls
[2012/01/06 16:30:50 | 000,156,160 | ---- | C] () --
C:\WINDOWS\System32\WS_ContextMenu.dll
[2011/10/26 17:10:24 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/09/11 15:31:07 | 000,000,918 | ---- | C] () -- C:\Documents and
Settings\Steve Kwartin\.recently-used.xbel
[2011/01/08 16:19:10 | 000,074,703 | ---- | C] () --
C:\WINDOWS\System32\mfc45.dll
[2011/01/05 17:35:49 | 000,004,212 | ---- | C] () --
C:\WINDOWS\System32\zllictbl.dat
[2011/01/05 13:49:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/12/13 02:18:45 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/12 01:00:18 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/02/12 12:26:33 | 000,492,118 | ---- | C] () -- C:\Documents and
Settings\Steve Kwartin\Application Data\fontlst2.opf
[2009/02/03 15:15:15 | 000,000,543 | ---- | C] () -- C:\WINDOWS\OPHC.ini
[2008/12/07 22:53:20 | 000,021,504 | ---- | C] () -- C:\Documents and
Settings\Steve Kwartin\Local Settings\Application
Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/20 23:46:29 | 135,124,796 | ---- | C] () -- C:\Documents and
Settings\Steve Kwartin\Dg24.wav
[2008/11/20 23:46:21 | 130,717,148 | ---- | C] () -- C:\Documents and
Settings\Steve Kwartin\Dg23.wav
[2008/11/19 15:38:52 | 000,087,552 | ---- | C] () --
C:\WINDOWS\System32\cpwmon2k.dll
[2008/11/03 23:15:06 | 000,131,584 | ---- | C] () --
C:\WINDOWS\System32\SpoonUninstall.exe
[2008/11/03 21:54:53 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/11/02 23:39:59 | 000,000,063 | ---- | C] () -- C:\Documents and
Settings\Steve Kwartin\Application Data\bteasy.ini
[2008/11/02 21:25:18 | 000,561,086 | ---- | C] () -- C:\Documents and
Settings\LocalService\Application Data\fontlst2.opf
[2008/10/23 18:26:12 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2008/10/23 18:17:28 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/23 18:09:19 | 000,020,480 | ---- | C] () --
C:\WINDOWS\System32\SPZLPO__.DLL
[2008/08/09 18:04:56 | 000,000,203 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/08/09 17:34:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/07/21 19:30:17 | 000,204,800 | ---- | C] () --
C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/07/21 19:29:28 | 000,049,152 | ---- | C] () --
C:\WINDOWS\System32\ChCfg.exe
[2008/07/21 13:37:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/21 09:35:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/21 09:31:08 | 000,021,640 | ---- | C] () --
C:\WINDOWS\System32\emptyregdb.dat
[2008/07/21 05:25:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/21 05:24:32 | 000,263,824 | ---- | C] () --
C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/21 19:48:05 | 013,107,200 | ---- | C] () --
C:\WINDOWS\System32\oembios.bin
[2005/03/21 19:48:05 | 000,004,627 | ---- | C] () --
C:\WINDOWS\System32\oembios.dat
[2004/08/06 20:00:42 | 000,045,056 | ---- | C] () --
C:\WINDOWS\System32\WINREGP.DLL
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () --
C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,521,038 | ---- | C] () --
C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () --
C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () --
C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,095,478 | ---- | C] () --
C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () --
C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () --
C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () --
C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () --
C:\WINDOWS\System32\noise.dat
[2004/02/06 13:05:22 | 000,014,848 | ---- | C] () --
C:\WINDOWS\System32\TERNT.DLL
[2004/02/06 13:00:04 | 000,015,872 | ---- | C] () --
C:\WINDOWS\System32\TER9X.DLL
[2003/12/14 02:03:42 | 001,107,472 | ---- | C] () --
C:\WINDOWS\System32\OWL52.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () --
C:\WINDOWS\System32\OUTLPERF.INI
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () --
C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2012/10/02 00:57:34 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Administrator.STEVE-QUAD\Application Data\EurekaLog
[2008/11/02 21:25:22 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\LocalService\Application Data\Sharpdesk
[2011/05/16 12:03:31 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\.oit
[2012/07/27 15:51:55 | 000,000,000 | -H-D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\0FF73A05
[2012/09/30 17:23:15 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\Audacity
[2012/08/04 18:48:36 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\Auslogics
[2011/01/05 17:39:26 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\CheckPoint
[2011/01/20 17:08:36 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\DriverCure
[2012/09/22 15:10:37 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\foobar2000
[2011/11/04 13:52:44 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\FreeFileViewer
[2011/07/26 01:42:59 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\GARMIN
[2012/08/04 16:57:02 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\GlarySoft
[2010/09/01 16:22:31 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\gtk-2.0
[2011/07/12 02:04:17 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\IVONA ControlCenter
[2011/05/22 17:11:12 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\OfficeRecovery
[2010/05/25 17:43:32 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\PandoraRecovery
[2011/01/20 17:08:35 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\ParetoLogic
[2008/08/03 14:42:54 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\Publish Providers
[2012/10/01 04:41:34 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\Roaming
[2008/12/05 16:53:11 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\Sharpdesk
[2010/07/27 19:13:23 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\Sony
[2010/07/26 23:28:51 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\Sony Setup
[2012/09/18 13:14:44 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\Sound Devices
[2011/07/23 01:26:39 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\SoundSpectrum
[2012/06/11 17:24:31 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\Southwest Airlines
[2011/07/23 01:43:03 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\SystemRequirementsLab
[2012/08/16 06:33:08 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\TeamViewer
[2011/01/05 01:07:53 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\Tific
[2012/08/04 16:13:44 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\Uniblue
[2012/10/01 04:46:30 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Steve Kwartin\Application Data\uTorrent
[2011/01/05 17:25:44 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Alwil Software
[2008/08/02 20:05:50 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\AT&T
[2011/05/22 15:50:24 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Cached Installations
[2012/04/23 15:50:00 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\ClubSanDisk
[2011/07/26 01:42:59 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\GARMIN
[2012/01/06 16:26:16 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\InstallMate
[2011/01/08 16:19:15 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\iolo
[2010/01/01 14:34:24 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Maxtor
[2011/01/05 17:20:24 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\MFAData
[2010/06/29 16:03:50 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\MSScanAppDataDir
[2011/05/22 15:51:11 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\ParetoLogic
[2011/01/06 01:27:42 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\PassMark
[2011/08/04 06:24:16 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Samsung
[2011/01/05 01:41:39 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\SecTaskMan
[2008/10/23 18:18:43 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Sharpdesk
[2010/07/27 18:51:36 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Sony
[2011/01/08 15:52:01 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\SupportSoft
[2012/08/04 17:01:18 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\TEMP
[2012/01/06 18:18:17 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\xml_param
[2012/10/01 18:03:52 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\ZA_PreservedFiles
[2012/10/01 21:14:03 | 000,000,318 | -H-- | M] () --
C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012/10/01 21:13:52 | 000,000,394 | ---- | M] () --
C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job
[2012/10/01 21:13:56 | 000,000,328 | ---- | M] () --
C:\WINDOWS\Tasks\GlaryInitialize.job
[2012/09/30 18:00:00 | 000,000,458 | ---- | M] () --
C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2012/09/27 01:20:00 | 000,000,432 | ---- | M] () --
C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2012/09/09 02:37:37 | 000,000,548 | ---- | M] () --
C:\WINDOWS\Tasks\Rescue Reminder for 2HAA48PR.job
[2012/10/01 21:13:49 | 000,000,260 | ---- | M] () --
C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All
Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve
Kwartin\My Documents\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve
Kwartin\Desktop\Widespread_Panic_2008-10-28_Fillmore_Miami_Beach_FL_TLM-170_FOB.flac16:Roxio
EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve
Kwartin\Desktop\CODETKRSO08013.WAV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve
Kwartin\Desktop\CODETKRSO08012.WAV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve
Kwartin\Desktop\Buckethead_2008-10-26_Culture_Room_Ft._Lauderdale_FL_TLM-170:Roxio
EMC Stream
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All
Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All
Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All
Users\Application Data\TEMP:5D432CE3
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All
Users\Application Data\TEMP1B5B4F1
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All
Users\Application Data\TEMP:FA5F15C4
< End of report >

tapersteve, Oct 2, 2012

#12

Broni Malware Annihilator Posts: 40,073 +187

Make sure you disable "word wrap" in Notepad.
I had a heck of a time to read your log.

======================================

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code:

:OTL
DRV - File not found [Kernel | Boot] -- -- (jrsrfvwy)
O3 - HKU\Steve_Kwartin_ON_C\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\Steve_Kwartin_ON_C\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
O3 - HKU\Steve_Kwartin_ON_C\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [CheckPoint Cleanup] File not found
O4 - HKLM..\Run: [jICc7n9BYxBTRVw] C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe ()
O4 - HKU\Steve_Kwartin_ON_C..\Run: [jICc7n9BYxBTRVw] C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe ()
O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe) - C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe ()
O20 - HKU\Steve_Kwartin_ON_C Winlogon: Shell - (C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe) - C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe ()
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
[2012/10/01 04:40:56 | 000,283,495 | ---- | M] () -- C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe
[2012/09/04 19:14:17 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad
[2012/08/14 03:46:24 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ism_0_llatsni.pad
[2012/08/06 13:04:53 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rat_0ybba.pad
[2012/07/26 12:19:07 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\z7_0ytr.pad
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve Kwartin\My Documents\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve Kwartin\Desktop\Widespread_Panic_2008-10-28_Fillmore_Miami_Beach_FL_TLM-170_FOB.flac16:Roxio
EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve Kwartin\Desktop\CODETKRSO08013.WAV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve Kwartin\Desktop\CODETKRSO08012.WAV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve Kwartin\Desktop\Buckethead_2008-10-26_Culture_Room_Ft._Lauderdale_FL_TLM-170:Roxio
EMC Stream
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D432CE3
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4

:Services

:Reg

:Files

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick)
Remove the CD and shut down computer manually.
Attempt to reboot normally into Windows.

Let me know how things are.

Broni, Oct 2, 2012

#13

tapersteve Newcomer, in training Posts: 52

Broni,

First, I want to thank you for your ongoing help. It appears that we are making progress. I followed the instructions and ran the fix.txt file in OTLPE. But, then the computer locked up, and would not let me access the Start button to shut down, so I did a hard shut down, and re-did what I had just done. It locked up again, so I had to do another hard shut down. I am posting the .txt file below from the second effort of running OTLPE.

I then removed the CD and rebooted normally. I am posting from my normal account, but at the end of the boot process, it indicated that it tried to do a system restore to September 27, but could not do so successfully, so no changes were made. I also got the system configuration utility message, indicating that changes had been made, but I just left things as they were.

The computer continued to boot, and for the first time, I now have a task bar again, but no desktop icons. I can access the internet through my normal account, without the virus blocking me, as it had done before. Let me know how to proceed from here. Thank you very much. Steve

P.S. This is the only way to paste the data from the .txt file. There is no word wrap option that I could see in the menu. If there is another way to do this, or to insert the .txt file, let me know, and I will turn it right around.

========== OTL ==========
Service\Driver key jrsrfvwy not found.
Registry value HKEY_USERS\Steve_Kwartin_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_USERS\Steve_Kwartin_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}\ not found.
Registry value HKEY_USERS\Steve_Kwartin_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CheckPoint Cleanup not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jICc7n9BYxBTRVw not found.
File C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe not found.
Registry value HKEY_USERS\Steve_Kwartin_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\jICc7n9BYxBTRVw not found.
File C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe deleted successfully.
File C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe not found.
Registry value HKEY_USERS\Steve_Kwartin_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe deleted successfully.
File C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ not found.
File C:\Documents and Settings\Steve Kwartin\Application Data\wsf3CmCT.exe not found.
File C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad not found.
File C:\Documents and Settings\All Users\Application Data\ism_0_llatsni.pad not found.
File C:\Documents and Settings\All Users\Application Data\rat_0ybba.pad not found.
File C:\Documents and Settings\All Users\Application Data\z7_0ytr.pad not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 .
Unable to delete ADS C:\Documents and Settings\Steve Kwartin\My Documents\My Videos:Roxio EMC Stream .
Unable to delete ADS C:\Documents and Settings\Steve Kwartin\Desktop\Widespread_Panic_2008-10-28_Fillmore_Miami_Beach_FL_TLM-170_FOB.flac16:Roxio .
Unable to delete ADS C:\Documents and Settings\Steve Kwartin\Desktop\CODETKRSO08013.WAV:Roxio EMC Stream .
Unable to delete ADS C:\Documents and Settings\Steve Kwartin\Desktop\CODETKRSO08012.WAV:Roxio EMC Stream .
Unable to delete ADS C:\Documents and Settings\Steve Kwartin\Desktop\Buckethead_2008-10-26_Culture_Room_Ft._Lauderdale_FL_TLM-170:Roxio .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:5D432CE3 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 10032012_012615

tapersteve, Oct 2, 2012

#14
Broni Malware Annihilator Posts: 40,073 +187
Well done

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

====================================

Download RogueKiller on the desktop

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

==================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
Broni, Oct 2, 2012

#15
tapersteve Newcomer, in training Posts: 52

Broni,

I will post them one at a time. TDSSKiller showed no infected or suspicious files. Here is the log:

03:30:00.0125 0456 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
03:30:01.0765 0456 ============================================================
03:30:01.0765 0456 Current date / time: 2012/10/03 03:30:01.0765
03:30:01.0765 0456 SystemInfo:
03:30:01.0765 0456
03:30:01.0765 0456 OS Version: 5.1.2600 ServicePack: 3.0
03:30:01.0765 0456 Product type: Workstation
03:30:01.0765 0456 ComputerName: STEVE-QUAD
03:30:01.0765 0456 UserName: Steve Kwartin
03:30:01.0765 0456 Windows directory: C:\WINDOWS
03:30:01.0765 0456 System windows directory: C:\WINDOWS
03:30:01.0765 0456 Processor architecture: Intel x86
03:30:01.0765 0456 Number of processors: 4
03:30:01.0765 0456 Page size: 0x1000
03:30:01.0765 0456 Boot type: Normal boot
03:30:01.0765 0456 ============================================================
03:30:02.0546 0456 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
03:30:02.0562 0456 Drive \Device\Harddisk1\DR2 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
03:30:02.0562 0456 ============================================================
03:30:02.0562 0456 \Device\Harddisk0\DR0:
03:30:02.0562 0456 MBR partitions:
03:30:02.0562 0456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1A4F3A
03:30:02.0562 0456 \Device\Harddisk1\DR2:
03:30:02.0562 0456 MBR partitions:
03:30:02.0562 0456 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2
03:30:02.0562 0456 ============================================================
03:30:02.0625 0456 C: <-> \Device\Harddisk0\DR0\Partition1
03:30:02.0625 0456 H: <-> \Device\Harddisk1\DR2\Partition1
03:30:02.0625 0456 ============================================================
03:30:02.0625 0456 Initialize success
03:30:02.0625 0456 ============================================================
03:30:12.0359 2612 ============================================================
03:30:12.0375 2612 Scan started
03:30:12.0375 2612 Mode: Manual;
03:30:12.0375 2612 ============================================================
03:30:12.0515 2612 ================ Scan system memory ========================
03:30:12.0531 2612 System memory - ok
03:30:12.0531 2612 ================ Scan services =============================
03:30:12.0625 2612 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
03:30:12.0625 2612 !SASCORE - ok
03:30:12.0734 2612 A2DDA - ok
03:30:14.0390 2612 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
03:30:14.0390 2612 Aavmker4 - ok
03:30:14.0390 2612 Abiosdsk - ok
03:30:14.0406 2612 abp480n5 - ok
03:30:14.0437 2612 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:30:14.0437 2612 ACPI - ok
03:30:14.0453 2612 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
03:30:14.0468 2612 ACPIEC - ok
03:30:14.0515 2612 [ 459AC130C6AB892B1CD5D7544626EFC5 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
03:30:14.0531 2612 AdobeFlashPlayerUpdateSvc - ok
03:30:14.0531 2612 adpu160m - ok
03:30:14.0578 2612 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
03:30:14.0578 2612 aec - ok
03:30:14.0609 2612 [ 355556D9E580915118CD7EF736653A89 ] AFD C:\WINDOWS\System32\drivers\afd.sys
03:30:14.0609 2612 AFD - ok
03:30:14.0625 2612 Aha154x - ok
03:30:14.0640 2612 aic78u2 - ok
03:30:14.0656 2612 aic78xx - ok
03:30:14.0687 2612 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
03:30:14.0703 2612 Alerter - ok
03:30:14.0718 2612 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
03:30:14.0718 2612 ALG - ok
03:30:14.0734 2612 AliIde - ok
03:30:14.0750 2612 amsint - ok
03:30:14.0781 2612 AOL TopSpeedMonitor - ok
03:30:14.0812 2612 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
03:30:14.0812 2612 AppMgmt - ok
03:30:14.0828 2612 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
03:30:14.0828 2612 Arp1394 - ok
03:30:14.0843 2612 asc - ok
03:30:14.0859 2612 asc3350p - ok
03:30:14.0875 2612 asc3550 - ok
03:30:15.0234 2612 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
03:30:15.0281 2612 aspnet_state - ok
03:30:15.0281 2612 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
03:30:15.0281 2612 aswFsBlk - ok
03:30:15.0296 2612 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
03:30:15.0296 2612 aswMon2 - ok
03:30:15.0312 2612 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
03:30:15.0312 2612 aswRdr - ok
03:30:15.0375 2612 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
03:30:15.0375 2612 aswSnx - ok
03:30:15.0390 2612 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
03:30:15.0390 2612 aswSP - ok
03:30:15.0406 2612 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
03:30:15.0406 2612 aswTdi - ok
03:30:15.0421 2612 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:30:15.0421 2612 AsyncMac - ok
03:30:15.0437 2612 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
03:30:15.0437 2612 atapi - ok
03:30:15.0453 2612 Atdisk - ok
03:30:15.0468 2612 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:30:15.0468 2612 Atmarpc - ok
03:30:15.0500 2612 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
03:30:15.0500 2612 AudioSrv - ok
03:30:15.0546 2612 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
03:30:15.0546 2612 audstub - ok
03:30:15.0593 2612 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
03:30:15.0593 2612 avast! Antivirus - ok
03:30:15.0640 2612 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
03:30:15.0640 2612 Beep - ok
03:30:15.0656 2612 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
03:30:15.0671 2612 BITS - ok
03:30:15.0687 2612 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
03:30:15.0687 2612 Browser - ok
03:30:15.0718 2612 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
03:30:15.0718 2612 cbidf2k - ok
03:30:15.0718 2612 cd20xrnt - ok
03:30:15.0734 2612 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
03:30:15.0734 2612 Cdaudio - ok
03:30:15.0750 2612 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
03:30:15.0750 2612 Cdfs - ok
03:30:15.0765 2612 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:30:15.0765 2612 Cdrom - ok
03:30:15.0796 2612 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
03:30:15.0812 2612 cercsr6 - ok
03:30:15.0812 2612 Changer - ok
03:30:15.0843 2612 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
03:30:15.0843 2612 CiSvc - ok
03:30:15.0859 2612 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
03:30:15.0875 2612 ClipSrv - ok
03:30:15.0953 2612 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:30:16.0031 2612 clr_optimization_v2.0.50727_32 - ok
03:30:16.0062 2612 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:30:16.0187 2612 clr_optimization_v4.0.30319_32 - ok
03:30:16.0203 2612 CmdIde - ok
03:30:16.0218 2612 COMSysApp - ok
03:30:16.0250 2612 Cpqarray - ok
03:30:16.0296 2612 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
03:30:16.0296 2612 cpudrv - ok
03:30:16.0312 2612 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
03:30:16.0328 2612 CryptSvc - ok
03:30:16.0343 2612 dac2w2k - ok
03:30:16.0359 2612 dac960nt - ok
03:30:16.0406 2612 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
03:30:16.0406 2612 DcomLaunch - ok
03:30:16.0453 2612 [ B34DAFA517F838B82A4256B08346917F ] DELTA C:\WINDOWS\system32\DRIVERS\delta.sys
03:30:16.0453 2612 DELTA - ok
03:30:16.0468 2612 DELTAII - ok
03:30:16.0500 2612 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
03:30:16.0500 2612 Dhcp - ok
03:30:16.0531 2612 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
03:30:16.0531 2612 Disk - ok
03:30:16.0546 2612 dmadmin - ok
03:30:16.0578 2612 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
03:30:16.0578 2612 dmboot - ok
03:30:16.0593 2612 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
03:30:16.0593 2612 dmio - ok
03:30:16.0625 2612 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
03:30:16.0625 2612 dmload - ok
03:30:16.0640 2612 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
03:30:16.0640 2612 dmserver - ok
03:30:16.0671 2612 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
03:30:16.0671 2612 DMusic - ok
03:30:16.0703 2612 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
03:30:16.0718 2612 Dnscache - ok
03:30:16.0734 2612 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
03:30:16.0734 2612 Dot3svc - ok
03:30:16.0750 2612 dpti2o - ok
03:30:16.0765 2612 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
03:30:16.0781 2612 drmkaud - ok
03:30:16.0781 2612 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
03:30:16.0796 2612 e1express - ok
03:30:16.0812 2612 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
03:30:16.0828 2612 EapHost - ok
03:30:16.0828 2612 ENTECH - ok
03:30:16.0875 2612 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys
03:30:16.0875 2612 epmntdrv - ok
03:30:16.0890 2612 EraserUtilDrv11010 - ok
03:30:16.0921 2612 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
03:30:16.0921 2612 ERSvc - ok
03:30:16.0937 2612 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys
03:30:16.0937 2612 EuGdiDrv - ok
03:30:16.0984 2612 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
03:30:16.0984 2612 Eventlog - ok
03:30:17.0000 2612 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
03:30:17.0015 2612 EventSystem - ok
03:30:17.0031 2612 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
03:30:17.0031 2612 Fastfat - ok
03:30:17.0062 2612 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
03:30:17.0078 2612 FastUserSwitchingCompatibility - ok
03:30:17.0093 2612 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
03:30:17.0093 2612 Fdc - ok
03:30:17.0125 2612 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
03:30:17.0125 2612 Fips - ok
03:30:17.0140 2612 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
03:30:17.0140 2612 Flpydisk - ok
03:30:17.0171 2612 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
03:30:17.0171 2612 FltMgr - ok
03:30:17.0234 2612 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
03:30:17.0234 2612 FontCache3.0.0.0 - ok
03:30:17.0234 2612 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:30:17.0250 2612 Fs_Rec - ok
03:30:17.0265 2612 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:30:17.0281 2612 Ftdisk - ok
03:30:17.0312 2612 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
03:30:17.0312 2612 giveio - ok
03:30:17.0328 2612 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:30:17.0328 2612 Gpc - ok
03:30:17.0390 2612 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
03:30:17.0406 2612 gupdate - ok
03:30:17.0406 2612 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
03:30:17.0406 2612 gupdatem - ok
03:30:17.0421 2612 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
03:30:17.0437 2612 HDAudBus - ok
03:30:17.0484 2612 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
03:30:17.0500 2612 helpsvc - ok
03:30:17.0515 2612 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
03:30:17.0531 2612 HidServ - ok
03:30:17.0546 2612 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:30:17.0546 2612 hidusb - ok
03:30:17.0578 2612 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
03:30:17.0578 2612 hkmsvc - ok
03:30:17.0593 2612 hpn - ok
03:30:17.0640 2612 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
03:30:17.0640 2612 HSFHWBS2 - ok
03:30:17.0703 2612 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
03:30:17.0703 2612 HSF_DP - ok
03:30:17.0750 2612 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
03:30:17.0750 2612 HTTP - ok
03:30:17.0781 2612 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
03:30:17.0796 2612 HTTPFilter - ok
03:30:17.0796 2612 i2omgmt - ok
03:30:17.0812 2612 i2omp - ok
03:30:17.0843 2612 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
03:30:17.0843 2612 i8042prt - ok
03:30:17.0906 2612 [ C5DB546F9028CD00E64335091860D8F3 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
03:30:17.0937 2612 ialm - ok
03:30:17.0953 2612 IDriverT - ok
03:30:18.0015 2612 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:30:18.0015 2612 idsvc - ok
03:30:18.0031 2612 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
03:30:18.0046 2612 Imapi - ok
03:30:18.0078 2612 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
03:30:18.0078 2612 ImapiService - ok
03:30:18.0093 2612 ini910u - ok
03:30:18.0203 2612 [ 17BBBABB21F86B650B2626045A9D016C ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
03:30:18.0265 2612 IntcAzAudAddService - ok
03:30:18.0265 2612 IntelIde - ok
03:30:18.0296 2612 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
03:30:18.0296 2612 intelppm - ok
03:30:18.0312 2612 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
03:30:18.0312 2612 Ip6Fw - ok
03:30:18.0343 2612 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:30:18.0343 2612 IpFilterDriver - ok
03:30:18.0343 2612 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:30:18.0359 2612 IpInIp - ok
03:30:18.0390 2612 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:30:18.0390 2612 IpNat - ok
03:30:18.0406 2612 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:30:18.0406 2612 IPSec - ok
03:30:18.0421 2612 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
03:30:18.0421 2612 IRENUM - ok
03:30:18.0453 2612 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:30:18.0453 2612 isapnp - ok
03:30:18.0578 2612 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
03:30:18.0578 2612 JavaQuickStarterService - ok
03:30:18.0593 2612 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:30:18.0593 2612 Kbdclass - ok
03:30:18.0593 2612 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
03:30:18.0593 2612 kbdhid - ok
03:30:18.0609 2612 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
03:30:18.0625 2612 kmixer - ok
03:30:18.0640 2612 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
03:30:18.0640 2612 KSecDD - ok
03:30:18.0687 2612 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
03:30:18.0687 2612 lanmanserver - ok
03:30:18.0734 2612 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
03:30:18.0734 2612 lanmanworkstation - ok
03:30:18.0750 2612 lbrtfdc - ok
03:30:18.0781 2612 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
03:30:18.0781 2612 LmHosts - ok
03:30:18.0890 2612 [ 1BDB34A492109198CAB0575F2743BE70 ] Maxtor Sync Service C:\Program Files\Maxtor\Sync\SyncServices.exe
03:30:18.0890 2612 Maxtor Sync Service - ok
03:30:18.0906 2612 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
03:30:18.0906 2612 MBAMProtector - ok
03:30:18.0953 2612 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
03:30:18.0953 2612 MBAMScheduler - ok
03:30:18.0984 2612 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
03:30:18.0984 2612 MBAMService - ok
03:30:19.0015 2612 [ 4F74184920B2D6E33024409B4C5C57C1 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
03:30:19.0015 2612 McciCMService - ok
03:30:19.0062 2612 MDM - ok
03:30:19.0093 2612 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
03:30:19.0093 2612 mdmxsdk - ok
03:30:19.0125 2612 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
03:30:19.0125 2612 Messenger - ok
03:30:19.0156 2612 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
03:30:19.0156 2612 mnmdd - ok
03:30:19.0171 2612 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
03:30:19.0187 2612 mnmsrvc - ok
03:30:19.0203 2612 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
03:30:19.0203 2612 Modem - ok
03:30:19.0218 2612 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
03:30:19.0218 2612 MODEMCSA - ok
03:30:19.0250 2612 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:30:19.0250 2612 Mouclass - ok
03:30:19.0265 2612 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:30:19.0265 2612 mouhid - ok
03:30:19.0265 2612 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
03:30:19.0265 2612 MountMgr - ok
03:30:19.0328 2612 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
03:30:19.0328 2612 MozillaMaintenance - ok
03:30:19.0328 2612 mraid35x - ok
03:30:19.0359 2612 [ 80B2EC735495823AE5771A5F603E73BD ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
03:30:19.0375 2612 MREMP50 - ok
03:30:19.0390 2612 [ 37D7C22F7E26DA90E2D2D260E5D27846 ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
03:30:19.0390 2612 MRESP50 - ok
03:30:19.0406 2612 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:30:19.0406 2612 MRxDAV - ok
03:30:19.0437 2612 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:30:19.0437 2612 MRxSmb - ok
03:30:19.0453 2612 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
03:30:19.0453 2612 MSDTC - ok
03:30:19.0468 2612 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
03:30:19.0484 2612 Msfs - ok
03:30:19.0484 2612 MSIServer - ok
03:30:19.0531 2612 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:30:19.0531 2612 MSKSSRV - ok
03:30:19.0546 2612 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:30:19.0546 2612 MSPCLOCK - ok
03:30:19.0546 2612 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
03:30:19.0546 2612 MSPQM - ok
03:30:19.0562 2612 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:30:19.0562 2612 mssmbios - ok
03:30:19.0609 2612 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
03:30:19.0609 2612 Mup - ok
03:30:19.0640 2612 [ 216AC775320F64DE28CFEB7C179C4FF9 ] MXOPSWD C:\WINDOWS\system32\DRIVERS\mxopswd.sys
03:30:19.0640 2612 MXOPSWD - ok
03:30:19.0656 2612 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
03:30:19.0671 2612 napagent - ok
03:30:19.0687 2612 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
03:30:19.0687 2612 NDIS - ok
03:30:19.0718 2612 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:30:19.0718 2612 NdisTapi - ok
03:30:19.0734 2612 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:30:19.0734 2612 Ndisuio - ok
03:30:19.0734 2612 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:30:19.0750 2612 NdisWan - ok
03:30:19.0781 2612 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
03:30:19.0781 2612 NDProxy - ok
03:30:19.0796 2612 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
03:30:19.0796 2612 NetBIOS - ok
03:30:19.0812 2612 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
03:30:19.0812 2612 NetBT - ok
03:30:19.0843 2612 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
03:30:19.0859 2612 NetDDE - ok
03:30:19.0859 2612 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
03:30:19.0859 2612 NetDDEdsdm - ok
03:30:19.0890 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
03:30:19.0890 2612 Netlogon - ok
03:30:19.0906 2612 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
03:30:19.0906 2612 Netman - ok
03:30:19.0937 2612 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
03:30:19.0984 2612 NetTcpPortSharing - ok
03:30:20.0015 2612 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
03:30:20.0015 2612 NIC1394 - ok
03:30:20.0031 2612 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
03:30:20.0031 2612 Nla - ok
03:30:20.0078 2612 [ 25D6B2EB0A1FC4AB413AFE7EC4793EC1 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
03:30:20.0093 2612 nosGetPlusHelper - ok
03:30:20.0109 2612 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
03:30:20.0109 2612 Npfs - ok
03:30:20.0140 2612 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
03:30:20.0156 2612 Ntfs - ok
03:30:20.0171 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
03:30:20.0171 2612 NtLmSsp - ok
03:30:20.0203 2612 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
03:30:20.0203 2612 NtmsSvc - ok
03:30:20.0250 2612 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
03:30:20.0250 2612 NuidFltr - ok
03:30:20.0265 2612 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
03:30:20.0265 2612 Null - ok
03:30:20.0296 2612 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:30:20.0312 2612 NwlnkFlt - ok
03:30:20.0312 2612 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:30:20.0312 2612 NwlnkFwd - ok
03:30:20.0343 2612 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
03:30:20.0343 2612 ohci1394 - ok
03:30:20.0390 2612 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:30:20.0390 2612 ose - ok
03:30:20.0421 2612 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
03:30:20.0421 2612 Parport - ok
03:30:20.0437 2612 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
03:30:20.0437 2612 PartMgr - ok
03:30:20.0453 2612 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
03:30:20.0453 2612 ParVdm - ok
03:30:20.0484 2612 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
03:30:20.0484 2612 PCI - ok
03:30:20.0484 2612 PCIDump - ok
03:30:20.0500 2612 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
03:30:20.0500 2612 PCIIde - ok
03:30:20.0515 2612 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
03:30:20.0515 2612 Pcmcia - ok
03:30:20.0531 2612 PDCOMP - ok
03:30:20.0546 2612 PDFRAME - ok
03:30:20.0562 2612 PDRELI - ok
03:30:20.0578 2612 PDRFRAME - ok
03:30:20.0593 2612 perc2 - ok
03:30:20.0609 2612 perc2hib - ok
03:30:20.0640 2612 PfModNT - ok
03:30:20.0656 2612 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
03:30:20.0671 2612 PlugPlay - ok
03:30:20.0671 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
03:30:20.0687 2612 PolicyAgent - ok
03:30:20.0703 2612 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:30:20.0703 2612 PptpMiniport - ok
03:30:20.0718 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
03:30:20.0718 2612 ProtectedStorage - ok
03:30:20.0734 2612 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
03:30:20.0734 2612 PSched - ok
03:30:20.0750 2612 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:30:20.0750 2612 Ptilink - ok
03:30:20.0765 2612 ql1080 - ok
03:30:20.0781 2612 Ql10wnt - ok
03:30:20.0796 2612 ql12160 - ok
03:30:20.0796 2612 ql1240 - ok
03:30:20.0812 2612 ql1280 - ok
03:30:20.0843 2612 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:30:20.0843 2612 RasAcd - ok
03:30:20.0859 2612 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
03:30:20.0875 2612 RasAuto - ok
03:30:20.0890 2612 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:30:20.0890 2612 Rasl2tp - ok
03:30:20.0921 2612 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
03:30:20.0921 2612 RasMan - ok
03:30:20.0937 2612 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:30:20.0937 2612 RasPppoe - ok
03:30:20.0937 2612 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
03:30:20.0953 2612 Raspti - ok
03:30:20.0968 2612 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:30:20.0968 2612 Rdbss - ok
03:30:20.0968 2612 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:30:20.0968 2612 RDPCDD - ok
03:30:21.0000 2612 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:30:21.0000 2612 rdpdr - ok
03:30:21.0031 2612 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
03:30:21.0031 2612 RDPWD - ok
03:30:21.0062 2612 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
03:30:21.0062 2612 RDSessMgr - ok
03:30:21.0093 2612 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
03:30:21.0093 2612 redbook - ok
03:30:21.0140 2612 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
03:30:21.0156 2612 RemoteAccess - ok
03:30:21.0187 2612 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
03:30:21.0187 2612 RemoteRegistry - ok
03:30:21.0203 2612 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
03:30:21.0203 2612 RpcLocator - ok
03:30:21.0234 2612 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
03:30:21.0234 2612 RpcSs - ok
03:30:21.0250 2612 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
03:30:21.0265 2612 RSVP - ok
03:30:21.0265 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
03:30:21.0265 2612 SamSs - ok
03:30:21.0312 2612 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
03:30:21.0312 2612 SASDIFSV - ok
03:30:21.0312 2612 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
03:30:21.0312 2612 SASKUTIL - ok
03:30:21.0359 2612 [ B244960E5A1DB8E9D5D17086DE37C1E4 ] sbp2port C:\WINDOWS\system32\DRIVERS\sbp2port.sys
03:30:21.0359 2612 sbp2port - ok
03:30:21.0375 2612 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
03:30:21.0375 2612 SCardSvr - ok
03:30:21.0390 2612 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
03:30:21.0390 2612 Schedule - ok
03:30:21.0453 2612 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:30:21.0453 2612 Secdrv - ok
03:30:21.0453 2612 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
03:30:21.0468 2612 seclogon - ok
03:30:21.0468 2612 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
03:30:21.0484 2612 SENS - ok
03:30:21.0500 2612 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
03:30:21.0500 2612 Serial - ok
03:30:21.0546 2612 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
03:30:21.0546 2612 Sfloppy - ok
03:30:21.0578 2612 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
03:30:21.0593 2612 ShellHWDetection - ok
03:30:21.0593 2612 Simbad - ok
03:30:21.0625 2612 Sparrow - ok
03:30:21.0687 2612 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\WINDOWS\system32\speedfan.sys
03:30:21.0687 2612 speedfan - ok
03:30:21.0718 2612 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
03:30:21.0718 2612 splitter - ok
03:30:21.0734 2612 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
03:30:21.0750 2612 Spooler - ok
03:30:21.0796 2612 [ 777115C9CC675BD98127660712D2F784 ] sprtsvc_DellSupportCenter C:\Program Files\Dell Support Center\bin\sprtsvc.exe
03:30:21.0796 2612 sprtsvc_DellSupportCenter - ok
03:30:21.0812 2612 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
03:30:21.0812 2612 sr - ok
03:30:21.0828 2612 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
03:30:21.0828 2612 srservice - ok
03:30:21.0859 2612 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
03:30:21.0875 2612 Srv - ok
03:30:21.0875 2612 [ 48F44A1BE434830B7C90FB730745F65A ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
03:30:21.0875 2612 ssadbus - ok
03:30:21.0906 2612 [ 9630B486B62CC0ADB0A89152ED0218D7 ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
03:30:21.0906 2612 ssadmdfl - ok
03:30:21.0937 2612 [ 9AFAA23421622C392B55508FA9613949 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
03:30:21.0937 2612 ssadmdm - ok
03:30:21.0953 2612 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
03:30:21.0968 2612 SSDPSRV - ok
03:30:21.0984 2612 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
03:30:21.0984 2612 stisvc - ok
03:30:22.0000 2612 stllssvr - ok
03:30:22.0015 2612 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
03:30:22.0031 2612 swenum - ok
03:30:22.0031 2612 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
03:30:22.0031 2612 swmidi - ok
03:30:22.0046 2612 SwPrv - ok
03:30:22.0062 2612 symc810 - ok
03:30:22.0078 2612 symc8xx - ok
03:30:22.0093 2612 sym_hi - ok
03:30:22.0109 2612 sym_u3 - ok
03:30:22.0125 2612 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
03:30:22.0125 2612 sysaudio - ok
03:30:22.0140 2612 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
03:30:22.0156 2612 SysmonLog - ok
03:30:22.0171 2612 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
03:30:22.0187 2612 TapiSrv - ok
03:30:22.0218 2612 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:30:22.0218 2612 Tcpip - ok
03:30:22.0234 2612 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
03:30:22.0234 2612 TDPIPE - ok
03:30:22.0250 2612 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
03:30:22.0250 2612 TDTCP - ok
03:30:22.0359 2612 [ 01A402D34732CA3DA91786ADCC765069 ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
03:30:22.0375 2612 TeamViewer6 - ok
03:30:22.0375 2612 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
03:30:22.0390 2612 TermDD - ok
03:30:22.0421 2612 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
03:30:22.0421 2612 TermService - ok
03:30:22.0437 2612 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
03:30:22.0453 2612 Themes - ok
03:30:22.0468 2612 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
03:30:22.0468 2612 TlntSvr - ok
03:30:22.0484 2612 TosIde - ok
03:30:22.0500 2612 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
03:30:22.0500 2612 TrkWks - ok
03:30:22.0515 2612 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
03:30:22.0515 2612 Udfs - ok
03:30:22.0531 2612 ultra - ok
03:30:22.0562 2612 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
03:30:22.0562 2612 UMWdf - ok
03:30:22.0578 2612 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
03:30:22.0578 2612 Update - ok
03:30:22.0609 2612 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
03:30:22.0609 2612 upnphost - ok
03:30:22.0625 2612 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
03:30:22.0625 2612 UPS - ok
03:30:22.0687 2612 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
03:30:22.0687 2612 usbccgp - ok
03:30:22.0718 2612 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:30:22.0718 2612 usbehci - ok
03:30:22.0734 2612 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:30:22.0734 2612 usbhub - ok
03:30:22.0750 2612 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
03:30:22.0750 2612 usbprint - ok
03:30:22.0781 2612 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
03:30:22.0781 2612 usbscan - ok
03:30:22.0812 2612 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:30:22.0812 2612 USBSTOR - ok
03:30:22.0828 2612 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
03:30:22.0828 2612 usbuhci - ok
03:30:22.0843 2612 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
03:30:22.0843 2612 VgaSave - ok
03:30:22.0859 2612 ViaIde - ok
03:30:22.0875 2612 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
03:30:22.0890 2612 VolSnap - ok
03:30:22.0890 2612 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
03:30:22.0906 2612 VSS - ok
03:30:22.0921 2612 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
03:30:22.0937 2612 W32Time - ok
03:30:22.0953 2612 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:30:22.0953 2612 Wanarp - ok
03:30:22.0984 2612 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
03:30:23.0000 2612 wanatw - ok
03:30:23.0015 2612 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
03:30:23.0015 2612 WDC_SAM - ok
03:30:23.0046 2612 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
03:30:23.0062 2612 Wdf01000 - ok
03:30:23.0062 2612 WDICA - ok
03:30:23.0078 2612 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
03:30:23.0078 2612 wdmaud - ok
03:30:23.0109 2612 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
03:30:23.0109 2612 WebClient - ok
03:30:23.0140 2612 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
03:30:23.0156 2612 winachsf - ok
03:30:23.0234 2612 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
03:30:23.0234 2612 winmgmt - ok
03:30:23.0281 2612 [ 581176F60885AEF8F78C6E38DCC3CDF9 ] WMDM PMSP Service C:\WINDOWS\system32\MsPMSPSv.exe
03:30:23.0281 2612 WMDM PMSP Service - ok
03:30:23.0328 2612 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
03:30:23.0328 2612 WmdmPmSN - ok
03:30:23.0375 2612 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
03:30:23.0375 2612 Wmi - ok
03:30:23.0390 2612 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
03:30:23.0390 2612 WmiApSrv - ok
03:30:23.0421 2612 [ C1B3D9D75C3FB735F5FA3A5806ADED57 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
03:30:23.0421 2612 WpdUsb - ok
03:30:23.0484 2612 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
03:30:23.0484 2612 WPFFontCache_v0400 - ok
03:30:23.0546 2612 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
03:30:23.0546 2612 WudfPf - ok
03:30:23.0593 2612 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
03:30:23.0625 2612 WudfSvc - ok
03:30:23.0656 2612 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
03:30:23.0656 2612 WZCSVC - ok
03:30:23.0703 2612 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
03:30:23.0703 2612 xmlprov - ok
03:30:23.0718 2612 ================ Scan global ===============================
03:30:23.0750 2612 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
03:30:23.0781 2612 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
03:30:23.0781 2612 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
03:30:23.0812 2612 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
03:30:23.0812 2612 [Global] - ok
03:30:23.0812 2612 ================ Scan MBR ==================================
03:30:23.0843 2612 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
03:30:24.0187 2612 \Device\Harddisk0\DR0 - ok
03:30:24.0203 2612 [ A4A15D6782E6FE1DCE41A606CB3AFFE3 ] \Device\Harddisk1\DR2
03:30:24.0437 2612 \Device\Harddisk1\DR2 - ok
03:30:24.0437 2612 ================ Scan VBR ==================================
03:30:24.0437 2612 [ 7287B6128035F6C254E1167D319B7DAB ] \Device\Harddisk0\DR0\Partition1
03:30:24.0437 2612 \Device\Harddisk0\DR0\Partition1 - ok
03:30:24.0453 2612 [ 929749AC877032ADA46FEA5E036CB138 ] \Device\Harddisk1\DR2\Partition1
03:30:24.0453 2612 \Device\Harddisk1\DR2\Partition1 - ok
03:30:24.0468 2612 ============================================================
03:30:24.0468 2612 Scan finished
03:30:24.0468 2612 ============================================================
03:30:24.0500 3828 Detected object count: 0
03:30:24.0500 3828 Actual detected object count: 0

tapersteve, Oct 2, 2012

#16
tapersteve Newcomer, in training Posts: 52

Broni,

Here is the RogueKiller report. It seemed to have found and deleted a number of items. I already have MBAM installed, so I am going to update it, and run as instructed, and will post the log next. Thank you again. Steve

RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Steve Kwartin [Admin rights]
Mode : Remove -- Date : 10/03/2012 03:34:40

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[SHELL][SUSP PATH] HKCU\[...]\Winlogon : Shell (c:\documents and settings\steve kwartin\application data\wsf3cmct.exe) -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (1) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\RECYCLER\S-1-5-21-1993962763-682003330-725345543-1003\$ed84b369ffbb44a099bb1ee356d33099\n.) -> REPLACED (C:\WINDOWS\system32\shell32.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\WINDOWS\Installer\{ed84b369-ffbb-44a0-99bb-1ee356d33099}\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\WINDOWS\Installer\{ed84b369-ffbb-44a0-99bb-1ee356d33099}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\WINDOWS\Installer\{ed84b369-ffbb-44a0-99bb-1ee356d33099}\L --> REMOVED
[ZeroAccess][FILE] @ : C:\Documents and Settings\Steve Kwartin\Local Settings\Application Data\{ed84b369-ffbb-44a0-99bb-1ee356d33099}\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Documents and Settings\Steve Kwartin\Local Settings\Application Data\{ed84b369-ffbb-44a0-99bb-1ee356d33099}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Documents and Settings\Steve Kwartin\Local Settings\Application Data\{ed84b369-ffbb-44a0-99bb-1ee356d33099}\L --> REMOVED
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-18\$ed84b369ffbb44a099bb1ee356d33099\@ --> REMOVED
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-21-1993962763-682003330-725345543-1003\$ed84b369ffbb44a099bb1ee356d33099\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-18\$ed84b369ffbb44a099bb1ee356d33099\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-1993962763-682003330-725345543-1003\$ed84b369ffbb44a099bb1ee356d33099\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\RECYCLER\S-1-5-18\$ed84b369ffbb44a099bb1ee356d33099\L\00000004.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-18\$ed84b369ffbb44a099bb1ee356d33099\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-1993962763-682003330-725345543-1003\$ed84b369ffbb44a099bb1ee356d33099\L --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST1000DL002-9TT153 +++++
--- User ---
[MBR] 0da6599973a2edc24d3d0c3c92d75c99
[BSP] b828249d42599fbb248fb22eb05d2b61 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238409 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Maxtor OneTouch USB Device +++++
--- User ---
[MBR] 3f7ad32bf8ccb5754a79597e581aed30
[BSP] 8ac8edf5d743ff7e3de380919894c726 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715402 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

tapersteve, Oct 2, 2012

#17
tapersteve Newcomer, in training Posts: 52

Broni.

MBAM found one infected item. Here is the log:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.02.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Steve Kwartin :: STEVE-QUAD [administrator]

Protection: Enabled

10/3/2012 3:39:17 AM
mbam-log-2012-10-03 (03-39-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242389
Time elapsed: 10 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

tapersteve, Oct 2, 2012

#18
tapersteve Newcomer, in training Posts: 52

Broni,

Here is an update. After running all of the scans above, and then rebooting the computer, I intitially still did not have a visible desktop. But when I hit the "Show Desktop" icon in the quick start tray, it appeared. But, it would disappear when I clicked on a program, but could be brought back if I hit the icon again.

Then, I had to download ZoneAlarm again, as the only way that I was able to disable it during the scans you wanted done without any anti-virus or firewalls running was to uninstall it. After I installed it, and rebooted again, my desktop is now back, and things seem pretty normal. I ran a full MBAM scan overnight, and the log is posted below. Aside from the items that it found, MBAM today has reported several attempts by something in my computer trying to access what MBAM refers to as potentially unsafe websites.

I can't thank you enough for your help. You have been a life saver here. I will await further instructions. Steve

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.03.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Steve Kwartin :: STEVE-QUAD [administrator]

Protection: Enabled

10/3/2012 3:49:28 AM
mbam-log-2012-10-03 (03-49-28).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 336361
Time elapsed: 1 hour(s), 55 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\Steve Kwartin\desktop\Virus\eoox23.exe (RootKit.0Access.PE) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve Kwartin\desktop\Program Files\openfreely_d161683.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
c:\documents and settings\steve kwartin\my documents\virus\wsf3cmct.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
c:\documents and settings\steve kwartin\my documents\virus\new folder\wgsdgsdgdsgsd.exe (Trojan.Ransom) -> Quarantined and deleted successfully.

(end)

tapersteve, Oct 3, 2012

#19
Broni Malware Annihilator Posts: 40,073 +187
Well done

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

===============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If restarting doesn't help use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
Broni, Oct 3, 2012

#20

Page 1 of 4

Topic Status:: Not open for further replies.

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.