Computer Hope
Software => Computer viruses and spyware => Topic started by: EV on December 02, 2012, 10:18:22 AM
-
Hi, I've been struggling with this problem for some days and it seems malwarerelated, so I'll try and post here. I've tried a couple of scans (antivirus/antimalware) but some won't install and the ones which work finds stuff but aren't fixing the problems I experience.
After logging in, I get four error messages.
WindowsSearch.exe - Bad Image
The application or DLL C:\Windows\system32\TQUERY.DLL is not a valid windows Image. Please check this against your installation diskette.
APSDaemon.exe - Bad Image
The application or DLL C:\Programs Files\Common Files\Apple\Apple Application Support\ASL.dll is not a valid windows Image. Please check this against your installation diskette.
The Daemon message I get three times. Also, I can't start alot of programs such as Mozilla, some games and winamp (haven't tried them all ofc, but at least 50% aren't starting in my estimate.)
Logs:
# AdwCleaner v2.010 - Logfile created 12/02/2012 at 15:14:07
# Updated 29/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Björn - EVIL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Björn\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Documents and Settings\Björn\Application Data\OpenCandy
Folder Found : C:\Documents and Settings\Björn\Application Data\pdfforge
Folder Found : C:\Documents and Settings\Björn\Local Settings\Application Data\OpenCandy
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v16.0.2 (sv-SE)
Profile name : default
File : C:\Documents and Settings\Björn\Application Data\Mozilla\Firefox\Profiles\dgnx5vp1.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Documents and Settings\Håkan\Application Data\Mozilla\Firefox\Profiles\dtnmkt4d.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Documents and Settings\Lena\Application Data\Mozilla\Firefox\Profiles\jsy9je11.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Documents and Settings\Olof\Application Data\Mozilla\Firefox\Profiles\i287xu75.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Documents and Settings\Rolf\Application Data\Mozilla\Firefox\Profiles\uog1vc10.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v23.0.1271.95
File : C:\Documents and Settings\Björn\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1767 octets] - [02/12/2012 15:14:07]
########## EOF - C:\AdwCleaner[R1].txt - [1827 octets] ##########
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.02.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Björn :: EVIL [administrator]
Protection: Enabled
2012-12-02 15:17:26
mbam-log-2012-12-02 (15-17-26).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 360355
Time elapsed: 6 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_37
Run by Björn at 15:29:52 on 2012-12-02
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Björn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\LevelOne\LevelOne Wireless LAN Utility\RtWLan.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Björn\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Spotify\spotify.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
BHO: Länkhjälp till Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Google Update] "c:\documents and settings\björn\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [TWCU] "c:\program files\tp-link\twcu\TWCU.exe" -nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\bjrn~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\björn\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\bjrn~1\startm~1\programs\startup\skrmur~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\bjrn~1\startm~1\programs\startup\_uninst_.lnk - c:\documents and settings\björn\local settings\temp\_uninst_.bat
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\levelo~1.lnk - c:\program files\levelone\levelone wireless lan utility\RtWLan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215200522218
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352044450718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} - hxxp://74.0.208.149/program/SonySncRz25View.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{11B52850-57D2-4E1D-A24C-8F6B64EC5912} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8FDE6062-1BE0-4E17-AE70-192BBCE62AD5} : DHCPNameServer = 192.168.0.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\björn\application data\mozilla\firefox\profiles\dgnx5vp1.default\
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-12-02 14:15:51 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-12-02 14:09:14 -------- d--h--r- c:\documents and settings\björn\Recent
2012-12-02 14:04:21 -------- d-----w- c:\program files\CCleaner
2012-12-01 23:55:43 -------- d-----w- c:\documents and settings\björn\application data\SUPERAntiSpyware.com
2012-12-01 23:55:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-01 23:55:19 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-12-01 20:29:05 159608 ----a-w- c:\windows\system32\mfevtps.exe.6e9e.deleteme
2012-12-01 20:19:00 14664 ----a-w- c:\windows\stinger.sys
2012-12-01 20:18:12 159608 ----a-w- c:\windows\system32\mfevtps.exe.c130.deleteme
2012-12-01 20:17:57 -------- d-----w- c:\program files\stinger
2012-12-01 10:10:44 -------- d-----w- c:\program files\AVAST Software
2012-12-01 10:10:44 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-11-30 20:18:56 -------- d-----w- c:\documents and settings\björn\application data\Malwarebytes
2012-11-30 20:18:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-11-30 20:18:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 20:18:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-30 18:24:02 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
2012-11-30 18:08:35 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-11-30 18:08:35 -------- d-----w- c:\windows\system32\wbem\Repository
2012-11-29 21:56:38 58368 -c----w- c:\windows\system32\dllcache\synceng.dll
2012-11-29 21:34:23 -------- d-sh--w- C:\found.000
.
==================== Find3M ====================
.
2012-11-17 00:00:12 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-04 16:04:27 292700 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-11-04 16:04:27 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-11-04 16:04:17 292700 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 13:32:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 13:32:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 11:51:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 15:30:46,43 ===============
Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.3.1 - Svenska
Amazing Slow Downer (remove only)
Apple Application Support
Apple Software Update
Armageddon
ATI Display Driver
BankID säkerhetsprogram
BioWare Premium Module: Neverwinter Nights(TM) Kingmaker
BitTorrent
BUG Mod 4.4
CCleaner
CDisplay 1.8
Critical Update for Windows Media Player 11 (KB959772)
DC++ 0.770
Diablo
Diablo II
Dropbox
Encrypted FTP
Europa Universalis III
Garena
Google Chrome
GPL Ghostscript 9.00
GSview 4.9
Guild Wars
Guitar Pro 5.2
Hellfire
Heroes of Might And Magic IV: Equilibris
Heroes of Might and Magic V - Collectors Edition
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Software Update
In Nomine 3.2
Java Auto Updater
Java(TM) 6 Update 37
Java(TM) 6 Update 6
Java(TM) 6 Update 7
LevelOne Wireless LAN Driver and Utility
Malwarebytes Anti-Malware version 1.65.1.1000
Master of Mana 1.40
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (Swedish) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Swedish) 2007
Microsoft Office PowerPoint MUI (Swedish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Swedish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (Swedish) 2007
Microsoft Office Word MUI (Swedish) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (Swedish) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mordor 2: Darkness Awakening
Mozilla Firefox 16.0.2 (x86 sv-SE)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Neverwinter Nights
NVIDIA Control Panel 285.58
NVIDIA Drivers
NVIDIA Graphics Driver 285.58
NVIDIA Install Application
NVIDIA nView 135.95
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Update 1.5.20
NVIDIA Update Components
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Overland
PDFCreator
Power Tab Editor 1.7
QuickTime
Rage of Mages
Rage of Mages 2
Realtek High Definition Audio Driver
Sacrifice
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Shockwave
Sibelius 6
Sibelius Scorch (Firefox, Opera, Netscape only)
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
Sierra Utilities
Skype™ 5.10
SonicStage 4.3
SoundMAX
Spotify
Starcraft
Steam
Steinberg Cubase SX v2.2.0.35
Sunbelt Personal Firewall
SUPERAntiSpyware
TeamSpeak 3 Client
Terra Nova mod
TP-LINK Wireless Client Utility Installation Program
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Warcraft II Battle.NET Edition 2.02
WebFldrs XP
Ventrilo Client
Winamp
Winamp Detector Plug-in
Windows Desktop Search 3.01
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
VLC media player 0.9.9
Xvid Video Codec
.
==== End Of File ===========================
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Remove the Adware:
- Please close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with OK
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
*********************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
Here's the log, moving on with the next steps as we speak. Thanks for the quick reply
# AdwCleaner v2.010 - Logfile created 12/02/2012 at 20:33:46
# Updated 29/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Björn - EVIL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Björn\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\Björn\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Björn\Application Data\pdfforge
Folder Deleted : C:\Documents and Settings\Björn\Local Settings\Application Data\OpenCandy
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v16.0.2 (sv-SE)
Profile name : default
File : C:\Documents and Settings\Björn\Application Data\Mozilla\Firefox\Profiles\dgnx5vp1.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Documents and Settings\Håkan\Application Data\Mozilla\Firefox\Profiles\dtnmkt4d.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Documents and Settings\Lena\Application Data\Mozilla\Firefox\Profiles\jsy9je11.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Documents and Settings\Olof\Application Data\Mozilla\Firefox\Profiles\i287xu75.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Documents and Settings\Rolf\Application Data\Mozilla\Firefox\Profiles\uog1vc10.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v23.0.1271.95
File : C:\Documents and Settings\Björn\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1896 octets] - [02/12/2012 15:14:07]
AdwCleaner[S1].txt - [1833 octets] - [02/12/2012 20:33:46]
########## EOF - C:\AdwCleaner[S1].txt - [1893 octets] ##########
-
Combofix Log:
ComboFix 12-12-01.02 - Björn 2012-12-02 20:55:40.1.2 - x86
Running from: c:\documents and settings\Bj÷rn\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Håkan\Local Settings\Application Data\Identities\{2CB3186F-96BE-4D8B-A079-8147B29D4A1B}\Microsoft\Outlook Express\Offline.dbx
c:\windows\Rtlihvs.dll
c:\windows\system32\drivers\ch7xxnt5.dll
c:\windows\system32\nvmccs.dll
c:\windows\SYSTEM32\RtlGina\RtlGina.DLL
c:\windows\system32\SET2D.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET4F.tmp
c:\windows\system32\SET51.tmp
c:\windows\system32\SET55.tmp
c:\windows\system32\SET5B.tmp
c:\windows\system32\SET65.tmp
c:\windows\system32\SET69.tmp
c:\windows\system32\SET6D.tmp
c:\windows\system32\SET73.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\wpdshextautoplay.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))
.
.
2012-12-02 14:04 . 2012-12-02 14:04 -------- d-----w- c:\program files\CCleaner
2012-12-01 23:55 . 2012-12-01 23:55 -------- d-----w- c:\documents and settings\Björn\Application Data\SUPERAntiSpyware.com
2012-12-01 23:55 . 2012-12-01 23:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-01 23:55 . 2012-12-01 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-12-01 20:29 . 2012-12-01 20:29 159608 ----a-w- c:\windows\system32\mfevtps.exe.6e9e.deleteme
2012-12-01 20:19 . 2012-12-01 20:19 14664 ----a-w- c:\windows\stinger.sys
2012-12-01 20:18 . 2012-12-01 20:18 159608 ----a-w- c:\windows\system32\mfevtps.exe.c130.deleteme
2012-12-01 20:17 . 2012-12-01 22:34 -------- d-----w- c:\program files\stinger
2012-12-01 10:10 . 2012-12-02 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-12-01 10:10 . 2012-12-02 01:19 -------- d-----w- c:\program files\AVAST Software
2012-11-30 20:18 . 2012-11-30 20:18 -------- d-----w- c:\documents and settings\Björn\Application Data\Malwarebytes
2012-11-30 20:18 . 2012-11-30 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-11-30 20:18 . 2012-11-30 20:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-30 20:18 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 18:24 . 2012-11-30 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2012-11-30 18:08 . 2012-11-30 18:08 -------- d-----w- c:\windows\system32\wbem\Repository
2012-11-30 17:48 . 2012-11-30 17:48 -------- d-----w- c:\documents and settings\TEMP
2012-11-29 21:56 . 2012-10-02 18:04 58368 -c----w- c:\windows\system32\dllcache\synceng.dll
2012-11-29 21:34 . 2012-11-29 21:34 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-17 00:00 . 2012-04-11 09:53 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-22 08:37 . 2003-03-31 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2003-03-31 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 13:32 . 2012-06-16 09:30 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 13:32 . 2010-04-27 17:38 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 11:51 . 2012-09-18 20:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-03-31 08:09 . 2012-10-27 22:04 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 10:36 . 2012-10-27 22:04 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2012-10-27 22:04 . 2012-10-27 22:04 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Björn\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Björn\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Björn\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Björn\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]
"Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2012-10-27 1199576]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-12-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-15 348160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Rolf\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
.
c:\documents and settings\Björn\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Björn\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Skärmurklipp och start för OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
_uninst_.lnk - c:\documents and settings\Björn\Local Settings\Temp\_uninst_.bat [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BankID säkerhetsprogram.lnk - c:\program files\Personal\bin\Personal.exe [2012-10-19 1358784]
LevelOne Wireless LAN Utility.lnk - c:\program files\LevelOne\LevelOne Wireless LAN Utility\RtWLan.exe [2012-3-5 946176]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Spel\\civIV\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Spel\\civIV\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6\\RegTool.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6\\Sibelius.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Björn\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\LevelOne\\LevelOne Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\spel\\Paradox Interactive\\Europa Universalis III\\eu3.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe
R3 NETMDSHA;MDSHA031;c:\windows\system32\Drivers\MDSHA031.sys
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys
R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\DRIVERS\SMC1211.SYS
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys
S1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys
S1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS
S1 waclient;Portwise Access Client Driver;c:\windows\system32\drivers\waclient.sys
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Supplementary Scan -------
.
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Björn\Application Data\Mozilla\Firefox\Profiles\dgnx5vp1.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage -
FF - ExtSQL: 2012-10-27 23:01; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2009-07-29 20:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NVMixerTray - c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
AddRemove-Rage of Mages 2 - c:\windows\rm2uinst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-02 21:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1124)
c:\windows\system32\WININET.dll
c:\documents and settings\Björn\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-12-02 21:17:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-02 20:17
.
Pre-Run: 15 705 186 304 bytes free
Post-Run: 15 668 629 504 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - B85B5BFB54654E55E3BE4C9A2950B64A
-
- Download RogueKiller (http://tigzy.geekstogo.com/Tools/RogueKiller.exe) on the desktop
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
**********************************************
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
*****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
Hi again.
Rougekiller went fine (I'll post the logs in order below)
When I choose create log button in SysProt I got an error message stating:
Windows - Drive Not Ready
The drive is not ready for use ; its door may be open. Please check drive A: and make sure that a disk is insrted and that the drive door is closed.
I chose continue. Then the message came again and again. I tried all the other options (try again and cancel) and when I had pressed cancel twice I came to the new window (where you select scan root drive).
After that I heard a beep but couldn't find a message stating the scan was finished (maybe it was hidden behind the main window which I couldn't move.)
I did however find a log in the SysProt folder which I will post here. I suppose it went OK.
Security Check by screen 317 led to the following strange error message:
Autolt Error
Line -1:
Error: The requested action with this object has failed.
Didn't seem to affect the program's progress though, I will post that log too.
RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Björn [Admin rights]
Mode : Scan -- Date : 12/03/2012 15:14:32
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[STARTUP][SUSP PATH] _uninst_.lnk @Björn : C:\Documents and Settings\Björn\Local Settings\Temp\_uninst_.bat -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333EF80)
SSDT[37] : NtCreateFile @ 0x805790A2 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333E552)
SSDT[41] : NtCreateKey @ 0x806240F6 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333A882)
SSDT[47] : NtCreateProcess @ 0x805D1250 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333DA1A)
SSDT[48] : NtCreateProcessEx @ 0x805D119A -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333D910)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333DF2A)
SSDT[62] : NtDeleteFile @ 0x80576C4A -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333F034)
SSDT[63] : NtDeleteKey @ 0x80624592 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333AD54)
SSDT[65] : NtDeleteValueKey @ 0x80624762 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333AE70)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (\SystemRoot\system32\drivers\khips.sys @ 0xB313DF64)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (\SystemRoot\system32\drivers\khips.sys @ 0xB313E24A)
SSDT[116] : NtOpenFile @ 0x8057A1A0 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333E906)
SSDT[119] : NtOpenKey @ 0x806254D4 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333AB78)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333E0DC)
SSDT[224] : NtSetInformationFile @ 0x8057B02E -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333ECE0)
SSDT[247] : NtSetValueKey @ 0x80622668 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333B038)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS @ 0xB31F1640)
SSDT[274] : NtWriteFile @ 0x8057CF10 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB333EBB2)
¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Documents and Settings\Administrator\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT
-> D:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
-> D:\Documents and Settings\LocalService\NTUSER.DAT
-> D:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
-> D:\Documents and Settings\NetworkService\NTUSER.DAT
-> D:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
-> D:\Documents and Settings\steffe\NTUSER.DAT
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD800JB-22JJC0 +++++
--- User ---
[MBR] 531762e1b38d01a335e2d8255ca05e12
[BSP] 04b3a15b4034b4b8ab2b63bbc6b22baa : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Maxtor 6Y120P0 +++++
--- User ---
[MBR] 7cc98d6b603d25bdf6101b1a6eca0f46
[BSP] 131dd291dd5ffa75d5e0bf72fffe510b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 117232 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_12032012_02d1514.txt >>
RKreport[1]_S_12032012_02d1514.txt
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: spak.sys
Service Name: ---
Module Base: B7EA7000
Module End: B7FA7000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\a37w1lfk.SYS
Service Name: ---
Module Base: B62F4000
Module End: B632D000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B2FC8000
Module End: B2FE0000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: B860A000
Module End: B860C000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwClose
Address: B333EF80
Driver Base: B3323000
Driver End: B336C000
Driver Name: \SystemRoot\system32\drivers\fwdrv.sys
Function Name: ZwCreateFile
Address: B333E552
Driver Base: B3323000
Driver End: B336C000
Driver Name: \SystemRoot\system32\drivers\fwdrv.sys
Function Name: ZwCreateKey
Address: B333A882
Driver Base: B3323000
Driver End: B336C000
Driver Name: \SystemRoot\system32\drivers\fwdrv.sys
Function Name: ZwCreateProcess
Address: B333DA1A
Driver Base: B3323000
Driver End: B336C000
Driver Name: \SystemRoot\system32\drivers\fwdrv.sys
Function Name: ZwCreateProcessEx
Address: B333D910
Driver Base: B3323000
Driver End: B336C000
Driver Name: \SystemRoot\system32\drivers\fwdrv.sys
Function Name: ZwCreateThread
Address: B333DF2A
Driver Base: B3323000
Driver End: B336C000
Driver Name: \SystemRoot\system32\drivers\fwdrv.sys
Function Name: ZwDeleteFile
Address: B333F034
Driver Base: B3323000
Driver End: B336C000
Driver Name: \SystemRoot\system32\drivers\fwdrv.sys
Function Name: ZwDeleteKey
Address: B333AD54
Driver Base: B3323000
Driver End: B336C000
Driver Name: \SystemRoot\system32\drivers\fwdrv.sys
Function Name: ZwDeleteValueKey
Address: B333AE70
Driver Base: B3323000
Driver End: B336C000
Driver Name: \SystemRoot\system32\drivers\fwdrv.sys
Function Name: ZwEnumerateKey
Address: B7EC6CA2
Driver Base: B7EA7000
Driver End: B7FA7000
Driver Name: spak.sys
Function Name: ZwEnumerateValueKey
Address: B7EC7030
Driver Base: B7EA7000
Driver End: B7FA7000
Driver Name: spak.sys
Function Name: ZwLoadDriver
Address: B313DF64
Driver Base: B313B000
Driver End: B314C000
Driver Name: \SystemRoot\system32\drivers\khips.sys
Function Name: ZwMapViewOfSection
Address: B313E24A
Driver Base: B313B000
Driver End: B314C000
Driver Name: \SystemRoot\system32\drivers\khips.sys
Function Name: ZwOpenFile
Address: B333E906
Driver Base: B3323000
Driver End: B336C000
Driver Name: \SystemRoot\system32\drivers\fwdrv.sys
Function Name: ZwOpenKey
Address: B333AB78
Driver Base: B3323000
Driver End: B336C000
Driver Name: \SystemRoot\system32\drivers\fwdrv.sys
Function Name: ZwQueryKey
Address: B7EC7108
Driver Base: B7EA7000
Driver End: B7FA7000
Driver Name: spak.sys
Function Name: ZwQueryValueKey
Address: B7EC6F88
Driver Base: B7EA7000
Driver End: B7FA7000
Driver Name: spak.sys
Function Name: ZwResumeThread
Address: B333E0DC
Driver Base: B3323000
Driver End: B336C000
Driver Name: \SystemRoot\system32\drivers\fwdrv.sys
Function Name: ZwSetInformationFile
Address: B333ECE0
Driver Base: B3323000
Driver End: B336C000
Driver Name: \SystemRoot\system32\drivers\fwdrv.sys
Function Name: ZwSetValueKey
Address: B333B038
Driver Base: B3323000
Driver End: B336C000
Driver Name: \SystemRoot\system32\drivers\fwdrv.sys
Function Name: ZwTerminateProcess
Address: B31F1640
Driver Base: B31E7000
Driver End: B3209000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Function Name: ZwWriteFile
Address: B333EBB2
Driver Base: B3323000
Driver End: B336C000
Driver Name: \SystemRoot\system32\drivers\fwdrv.sys
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Björn\Desktop\Rep.lista tom mall 180
Status: Hidden
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
Sunbelt Personal Firewall
`````````Anti-malware/Other Utilities Check:`````````[/u]
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java(TM) 6 Update 37
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Java version out of Date!
Adobe Flash Player 11.5.502.110
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (Firefox,. Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````[/u]
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]
-
And oh, since you didn't instruct me to delete the problems found by Roguekiller, I didn't. Should I do that?
-
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber1.png)
- If an infected file is detected, the default action will be Cure, click on Continue.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber2.png)
- If a suspicious file is detected, the default action will be Skip, click on Continue.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber3.png)
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillerlastone3.png)
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
*************************************************
Please download 7-Zip (http://www.7-zip.org) and install it. If you already have it, no need to reinstall.
Then, download RootkitUnhooker (http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar) and save the setup to your Desktop.
- Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
- Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
- Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
- It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
- Once inside the interface, do not fix anything. Click on the Report tab.
- Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
- It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
- When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.
Note: You may get this warning while running Rootkit Unhooker. It is OK so just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"*****************************************************
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
-
The rootkitunhooker-link didn't work. Did you want me to do something about the problems found by Roguekiller?
Here's the TDSSKiller-report though.
08:59:34.0921 3804 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:59:36.0375 3804 ============================================================
08:59:36.0375 3804 Current date / time: 2012/12/04 08:59:36.0375
08:59:36.0375 3804 SystemInfo:
08:59:36.0375 3804
08:59:36.0375 3804 OS Version: 5.1.2600 ServicePack: 3.0
08:59:36.0375 3804 Product type: Workstation
08:59:36.0375 3804 ComputerName: EVIL
08:59:36.0375 3804 UserName: Björn
08:59:36.0375 3804 Windows directory: C:\WINDOWS
08:59:36.0375 3804 System windows directory: C:\WINDOWS
08:59:36.0375 3804 Processor architecture: Intel x86
08:59:36.0375 3804 Number of processors: 2
08:59:36.0375 3804 Page size: 0x1000
08:59:36.0375 3804 Boot type: Normal boot
08:59:36.0375 3804 ============================================================
08:59:37.0515 3804 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:59:37.0531 3804 Drive \Device\Harddisk1\DR1 - Size: 0x1C9FEF0000 (114.50 Gb), SectorSize: 0x200, Cylinders: 0x3A62, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:59:37.0531 3804 ============================================================
08:59:37.0531 3804 \Device\Harddisk0\DR0:
08:59:37.0531 3804 MBR partitions:
08:59:37.0531 3804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
08:59:37.0531 3804 \Device\Harddisk1\DR1:
08:59:37.0531 3804 MBR partitions:
08:59:37.0531 3804 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE4F80E2
08:59:37.0531 3804 ============================================================
08:59:37.0562 3804 D: <-> \Device\Harddisk1\DR1\Partition1
08:59:37.0593 3804 C: <-> \Device\Harddisk0\DR0\Partition1
08:59:37.0625 3804 ============================================================
08:59:37.0625 3804 Initialize success
08:59:37.0625 3804 ============================================================
08:59:48.0312 3664 ============================================================
08:59:48.0312 3664 Scan started
08:59:48.0312 3664 Mode: Manual;
08:59:48.0312 3664 ============================================================
08:59:49.0015 3664 ================ Scan system memory ========================
08:59:49.0015 3664 System memory - ok
08:59:49.0015 3664 ================ Scan services =============================
08:59:49.0109 3664 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:59:49.0109 3664 !SASCORE - ok
08:59:49.0203 3664 Abiosdsk - ok
08:59:49.0203 3664 abp480n5 - ok
08:59:49.0250 3664 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:59:49.0250 3664 ACPI - ok
08:59:49.0281 3664 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:59:49.0281 3664 ACPIEC - ok
08:59:49.0343 3664 [ A9F02264C4A52CC667E7B8799514C877 ] ACS C:\WINDOWS\system32\acs.exe
08:59:49.0343 3664 ACS - ok
08:59:49.0390 3664 [ EE97365199D656DDF3197FFDB091EADF ] ADIDTSFiltService C:\WINDOWS\system32\drivers\adidts.sys
08:59:49.0406 3664 ADIDTSFiltService - ok
08:59:49.0453 3664 [ 0158F4027C0808FF65ED3B3D683339C9 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
08:59:49.0453 3664 ADIHdAudAddService - ok
08:59:49.0531 3664 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:59:49.0531 3664 AdobeFlashPlayerUpdateSvc - ok
08:59:49.0531 3664 adpu160m - ok
08:59:49.0546 3664 [ 358063AB6C1C4173B735525CDFA65F94 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
08:59:49.0546 3664 AEAudio - ok
08:59:49.0578 3664 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:59:49.0593 3664 aec - ok
08:59:49.0625 3664 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
08:59:49.0625 3664 AegisP - ok
08:59:49.0703 3664 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:59:49.0703 3664 AFD - ok
08:59:49.0703 3664 Aha154x - ok
08:59:49.0703 3664 aic78u2 - ok
08:59:49.0703 3664 aic78xx - ok
08:59:49.0734 3664 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:59:49.0734 3664 Alerter - ok
08:59:49.0750 3664 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
08:59:49.0750 3664 ALG - ok
08:59:49.0750 3664 AliIde - ok
08:59:49.0781 3664 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
08:59:49.0781 3664 AmdK7 - ok
08:59:49.0781 3664 amsint - ok
08:59:49.0781 3664 AppMgmt - ok
08:59:49.0859 3664 [ 7F5F32BF855BF25D8645C375DFD95255 ] AR5416 C:\WINDOWS\system32\DRIVERS\ar5416.sys
08:59:49.0906 3664 AR5416 - ok
08:59:49.0968 3664 [ 5AF581BB431FB7A952216AD01795EF4E ] AR5523 C:\WINDOWS\system32\DRIVERS\ar5523.sys
08:59:49.0984 3664 AR5523 - ok
08:59:50.0015 3664 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:59:50.0015 3664 Arp1394 - ok
08:59:50.0015 3664 asc - ok
08:59:50.0015 3664 asc3350p - ok
08:59:50.0015 3664 asc3550 - ok
08:59:50.0093 3664 [ 688D7319F0BDB489DECC72E5CDCF42E0 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:59:50.0109 3664 aspnet_state - ok
08:59:50.0125 3664 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:59:50.0125 3664 AsyncMac - ok
08:59:50.0171 3664 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:59:50.0171 3664 atapi - ok
08:59:50.0171 3664 Atdisk - ok
08:59:50.0218 3664 [ BBA22521D24625C7A7B8D57FB20A812E ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
08:59:50.0218 3664 Ati HotKey Poller - ok
08:59:50.0312 3664 [ 07AC9A98EA70B5A6655A5797174BD282 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:59:50.0406 3664 ati2mtag - ok
08:59:50.0421 3664 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:59:50.0421 3664 Atmarpc - ok
08:59:50.0453 3664 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:59:50.0453 3664 AudioSrv - ok
08:59:50.0468 3664 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:59:50.0468 3664 audstub - ok
08:59:50.0468 3664 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:59:50.0468 3664 Beep - ok
08:59:50.0500 3664 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
08:59:50.0640 3664 BITS - ok
08:59:50.0703 3664 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
08:59:50.0734 3664 Browser - ok
08:59:50.0734 3664 catchme - ok
08:59:50.0765 3664 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:59:50.0765 3664 cbidf2k - ok
08:59:50.0765 3664 cd20xrnt - ok
08:59:50.0781 3664 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:59:50.0781 3664 Cdaudio - ok
08:59:50.0796 3664 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:59:50.0796 3664 Cdfs - ok
08:59:50.0812 3664 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:59:50.0812 3664 Cdrom - ok
08:59:50.0812 3664 Changer - ok
08:59:50.0843 3664 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:59:50.0843 3664 CiSvc - ok
08:59:50.0875 3664 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:59:50.0875 3664 ClipSrv - ok
08:59:50.0890 3664 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:59:50.0953 3664 clr_optimization_v2.0.50727_32 - ok
08:59:51.0015 3664 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:59:51.0015 3664 clr_optimization_v4.0.30319_32 - ok
08:59:51.0015 3664 CmdIde - ok
08:59:51.0015 3664 COMSysApp - ok
08:59:51.0031 3664 Cpqarray - ok
08:59:51.0046 3664 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:59:51.0046 3664 CryptSvc - ok
08:59:51.0078 3664 [ 71007BD2E1E26927FE3E4EB00C0BEEDF ] ctljystk C:\WINDOWS\system32\DRIVERS\ctljystk.sys
08:59:51.0078 3664 ctljystk - ok
08:59:51.0078 3664 dac2w2k - ok
08:59:51.0078 3664 dac960nt - ok
08:59:51.0140 3664 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:59:51.0140 3664 DcomLaunch - ok
08:59:51.0156 3664 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:59:51.0156 3664 Dhcp - ok
08:59:51.0187 3664 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:59:51.0203 3664 Disk - ok
08:59:51.0203 3664 dmadmin - ok
08:59:51.0265 3664 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:59:51.0312 3664 dmboot - ok
08:59:51.0328 3664 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:59:51.0328 3664 dmio - ok
08:59:51.0375 3664 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:59:51.0375 3664 dmload - ok
08:59:51.0390 3664 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:59:51.0390 3664 dmserver - ok
08:59:51.0437 3664 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:59:51.0437 3664 DMusic - ok
08:59:51.0468 3664 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:59:51.0468 3664 Dnscache - ok
08:59:51.0500 3664 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:59:51.0515 3664 Dot3svc - ok
08:59:51.0515 3664 dpti2o - ok
08:59:51.0531 3664 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:59:51.0531 3664 drmkaud - ok
08:59:51.0578 3664 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:59:51.0578 3664 EapHost - ok
08:59:51.0625 3664 [ 88B5B982D702CD81874731CECF6BA4DB ] EIO_XP C:\WINDOWS\system32\drivers\EIO_XP.sys
08:59:51.0625 3664 EIO_XP - ok
08:59:51.0687 3664 [ 01F83E1B5DCE05F5CB7D99113CA9E890 ] emu10k C:\WINDOWS\system32\drivers\emu10k1m.sys
08:59:51.0703 3664 emu10k - ok
08:59:51.0718 3664 [ 7FFA171CCE6A8BFC774862A578BA39A2 ] emu10k1 C:\WINDOWS\system32\drivers\ctlfacem.sys
08:59:51.0718 3664 emu10k1 - ok
08:59:51.0765 3664 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:59:51.0765 3664 ERSvc - ok
08:59:51.0796 3664 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
08:59:51.0812 3664 Eventlog - ok
08:59:51.0875 3664 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
08:59:51.0906 3664 EventSystem - ok
08:59:51.0921 3664 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:59:51.0921 3664 Fastfat - ok
08:59:51.0953 3664 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:59:51.0953 3664 FastUserSwitchingCompatibility - ok
08:59:51.0984 3664 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
08:59:51.0984 3664 Fdc - ok
08:59:52.0000 3664 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:59:52.0000 3664 Fips - ok
08:59:52.0000 3664 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:59:52.0000 3664 Flpydisk - ok
08:59:52.0015 3664 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
08:59:52.0031 3664 FltMgr - ok
08:59:52.0109 3664 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:59:52.0109 3664 FontCache3.0.0.0 - ok
08:59:52.0109 3664 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:59:52.0109 3664 Fs_Rec - ok
08:59:52.0125 3664 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:59:52.0125 3664 Ftdisk - ok
08:59:52.0187 3664 [ 3A3929B7A0EEEF83DF3A6C81E43A1FA9 ] fwdrv C:\WINDOWS\system32\drivers\fwdrv.sys
08:59:52.0187 3664 fwdrv - ok
08:59:52.0218 3664 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
08:59:52.0218 3664 gameenum - ok
08:59:52.0250 3664 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:59:52.0265 3664 Gpc - ok
08:59:52.0296 3664 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
08:59:52.0296 3664 hamachi - ok
08:59:52.0312 3664 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:59:52.0312 3664 HDAudBus - ok
08:59:52.0359 3664 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:59:52.0359 3664 helpsvc - ok
08:59:52.0375 3664 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
08:59:52.0390 3664 HidServ - ok
08:59:52.0406 3664 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:59:52.0406 3664 hidusb - ok
08:59:52.0437 3664 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:59:52.0437 3664 hkmsvc - ok
08:59:52.0437 3664 hpn - ok
08:59:52.0468 3664 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
08:59:52.0468 3664 HPZid412 - ok
08:59:52.0515 3664 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
08:59:52.0515 3664 HPZipr12 - ok
08:59:52.0531 3664 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
08:59:52.0531 3664 HPZius12 - ok
08:59:52.0593 3664 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:59:52.0593 3664 HTTP - ok
08:59:52.0625 3664 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:59:52.0625 3664 HTTPFilter - ok
08:59:52.0625 3664 i2omgmt - ok
08:59:52.0625 3664 i2omp - ok
08:59:52.0687 3664 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:59:52.0687 3664 i8042prt - ok
08:59:52.0796 3664 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:59:52.0796 3664 IDriverT - ok
08:59:52.0859 3664 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:59:52.0906 3664 idsvc - ok
08:59:52.0906 3664 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:59:52.0906 3664 Imapi - ok
08:59:52.0953 3664 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:59:52.0953 3664 ImapiService - ok
08:59:52.0953 3664 ini910u - ok
08:59:53.0156 3664 [ A30685283F90AE02F1CD50972C6065E3 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:59:53.0390 3664 IntcAzAudAddService - ok
08:59:53.0406 3664 IntelIde - ok
08:59:53.0437 3664 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:59:53.0437 3664 intelppm - ok
08:59:53.0468 3664 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
08:59:53.0468 3664 ip6fw - ok
08:59:53.0515 3664 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:59:53.0515 3664 IpFilterDriver - ok
08:59:53.0515 3664 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:59:53.0515 3664 IpInIp - ok
08:59:53.0546 3664 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:59:53.0546 3664 IpNat - ok
08:59:53.0562 3664 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:59:53.0562 3664 IPSec - ok
08:59:53.0562 3664 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:59:53.0562 3664 IRENUM - ok
08:59:53.0609 3664 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:59:53.0609 3664 isapnp - ok
08:59:53.0609 3664 [ E62B53385BB6EAAC67ABDB83D9DABE2A ] iteatapi C:\WINDOWS\system32\DRIVERS\iteatapi.sys
08:59:53.0625 3664 iteatapi - ok
08:59:53.0718 3664 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
08:59:53.0718 3664 JavaQuickStarterService - ok
08:59:53.0750 3664 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:59:53.0750 3664 Kbdclass - ok
08:59:53.0765 3664 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:59:53.0765 3664 kbdhid - ok
08:59:53.0765 3664 [ D44C0F4FC254344BAD74581632339963 ] khips C:\WINDOWS\system32\drivers\khips.sys
08:59:53.0765 3664 khips - ok
08:59:53.0796 3664 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:59:53.0796 3664 kmixer - ok
08:59:53.0812 3664 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:59:53.0812 3664 KSecDD - ok
08:59:53.0828 3664 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
08:59:53.0843 3664 lanmanserver - ok
08:59:53.0875 3664 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:59:53.0890 3664 lanmanworkstation - ok
08:59:53.0890 3664 lbrtfdc - ok
08:59:53.0921 3664 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:59:53.0921 3664 LmHosts - ok
08:59:53.0953 3664 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
08:59:53.0953 3664 MBAMProtector - ok
08:59:54.0000 3664 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:59:54.0015 3664 MBAMScheduler - ok
08:59:54.0046 3664 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:59:54.0046 3664 MBAMService - ok
08:59:54.0078 3664 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:59:54.0078 3664 Messenger - ok
08:59:54.0109 3664 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:59:54.0109 3664 mnmdd - ok
08:59:54.0140 3664 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
08:59:54.0140 3664 mnmsrvc - ok
08:59:54.0171 3664 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:59:54.0171 3664 Modem - ok
08:59:54.0187 3664 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:59:54.0187 3664 Mouclass - ok
08:59:54.0187 3664 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:59:54.0187 3664 mouhid - ok
08:59:54.0218 3664 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:59:54.0218 3664 MountMgr - ok
08:59:54.0312 3664 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:59:54.0312 3664 MozillaMaintenance - ok
08:59:54.0312 3664 mraid35x - ok
08:59:54.0328 3664 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:59:54.0328 3664 MRxDAV - ok
08:59:54.0375 3664 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:59:54.0390 3664 MRxSmb - ok
08:59:54.0453 3664 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
08:59:54.0453 3664 MSCSPTISRV - ok
08:59:54.0484 3664 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
08:59:54.0484 3664 MSDTC - ok
08:59:54.0500 3664 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:59:54.0500 3664 Msfs - ok
08:59:54.0500 3664 MSIServer - ok
08:59:54.0531 3664 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:59:54.0531 3664 MSKSSRV - ok
08:59:54.0546 3664 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:59:54.0546 3664 MSPCLOCK - ok
08:59:54.0546 3664 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:59:54.0546 3664 MSPQM - ok
08:59:54.0562 3664 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:59:54.0562 3664 mssmbios - ok
08:59:54.0593 3664 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:59:54.0593 3664 Mup - ok
08:59:54.0671 3664 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:59:54.0687 3664 napagent - ok
08:59:54.0687 3664 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:59:54.0703 3664 NDIS - ok
08:59:54.0718 3664 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:59:54.0718 3664 NdisTapi - ok
08:59:54.0750 3664 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:59:54.0750 3664 Ndisuio - ok
08:59:54.0750 3664 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:59:54.0750 3664 NdisWan - ok
08:59:54.0796 3664 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:59:54.0796 3664 NDProxy - ok
08:59:54.0796 3664 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:59:54.0796 3664 NetBIOS - ok
08:59:54.0843 3664 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:59:54.0843 3664 NetBT - ok
08:59:54.0875 3664 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
08:59:54.0890 3664 NetDDE - ok
08:59:54.0890 3664 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:59:54.0890 3664 NetDDEdsdm - ok
08:59:54.0921 3664 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:59:54.0921 3664 Netlogon - ok
08:59:54.0953 3664 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
08:59:54.0953 3664 Netman - ok
08:59:55.0000 3664 [ F1B8B6ACEB55C84508174715AF37BD9B ] NETMDSHA C:\WINDOWS\system32\Drivers\MDSHA031.sys
08:59:55.0000 3664 NETMDSHA - ok
08:59:55.0031 3664 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:59:55.0046 3664 NetTcpPortSharing - ok
08:59:55.0062 3664 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:59:55.0062 3664 NIC1394 - ok
08:59:55.0093 3664 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
08:59:55.0109 3664 Nla - ok
08:59:55.0109 3664 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:59:55.0109 3664 Npfs - ok
08:59:55.0156 3664 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:59:55.0187 3664 Ntfs - ok
08:59:55.0187 3664 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
08:59:55.0187 3664 NtLmSsp - ok
08:59:55.0234 3664 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:59:55.0265 3664 NtmsSvc - ok
08:59:55.0281 3664 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:59:55.0281 3664 Null - ok
08:59:55.0968 3664 [ 0DC79B60CEDC3A8854C27B3C6E4B3414 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:59:56.0515 3664 nv - ok
08:59:56.0562 3664 [ 46DEED4C6C5FA765F9A2C723BE60348D ] nvatabus C:\WINDOWS\system32\DRIVERS\nvatabus.sys
08:59:56.0578 3664 nvatabus - ok
08:59:56.0609 3664 [ 47B3852808DD579A463FCE7085B77413 ] nvax C:\WINDOWS\system32\drivers\nvax.sys
08:59:56.0609 3664 nvax - ok
08:59:56.0687 3664 [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
08:59:56.0687 3664 NVENETFD - ok
08:59:56.0718 3664 [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
08:59:56.0718 3664 nvnetbus - ok
08:59:56.0750 3664 [ ADBCBA116496229A163193BBE0BB28CE ] nvnforce C:\WINDOWS\system32\drivers\nvapu.sys
08:59:56.0765 3664 nvnforce - ok
08:59:56.0796 3664 [ 0573C75A2895D973EA6EF2495620BA49 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
08:59:56.0796 3664 NVSvc - ok
08:59:56.0953 3664 [ 9C84945FEEE40EA42D3BCA5C22250D47 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
08:59:56.0968 3664 nvUpdatusService - ok
08:59:57.0000 3664 [ 3194E2F6C9000C39DCF9D0580754F714 ] nv_agp C:\WINDOWS\system32\DRIVERS\nv_agp.sys
08:59:57.0000 3664 nv_agp - ok
08:59:57.0031 3664 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:59:57.0031 3664 NwlnkFlt - ok
08:59:57.0046 3664 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:59:57.0046 3664 NwlnkFwd - ok
08:59:57.0156 3664 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:59:57.0171 3664 odserv - ok
08:59:57.0203 3664 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:59:57.0203 3664 ohci1394 - ok
08:59:57.0234 3664 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:59:57.0250 3664 ose - ok
08:59:57.0281 3664 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
08:59:57.0296 3664 PACSPTISVR - ok
08:59:57.0312 3664 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
08:59:57.0312 3664 Parport - ok
08:59:57.0328 3664 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:59:57.0328 3664 PartMgr - ok
08:59:57.0343 3664 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:59:57.0343 3664 ParVdm - ok
08:59:57.0359 3664 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:59:57.0359 3664 PCI - ok
08:59:57.0375 3664 PCIDump - ok
08:59:57.0375 3664 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:59:57.0375 3664 PCIIde - ok
08:59:57.0390 3664 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:59:57.0406 3664 Pcmcia - ok
08:59:57.0406 3664 PDCOMP - ok
08:59:57.0406 3664 PDFRAME - ok
08:59:57.0406 3664 PDRELI - ok
08:59:57.0406 3664 PDRFRAME - ok
08:59:57.0406 3664 perc2 - ok
08:59:57.0406 3664 perc2hib - ok
08:59:57.0437 3664 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
08:59:57.0437 3664 PlugPlay - ok
08:59:57.0468 3664 [ 901C43516504CBE582E4C4193E00876A ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
08:59:57.0468 3664 Pml Driver HPZ12 - ok
08:59:57.0468 3664 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:59:57.0484 3664 PolicyAgent - ok
08:59:57.0515 3664 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:59:57.0515 3664 PptpMiniport - ok
08:59:57.0515 3664 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
08:59:57.0515 3664 Processor - ok
08:59:57.0515 3664 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:59:57.0515 3664 ProtectedStorage - ok
08:59:57.0531 3664 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:59:57.0531 3664 PSched - ok
08:59:57.0562 3664 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:59:57.0562 3664 Ptilink - ok
08:59:57.0593 3664 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:59:57.0593 3664 PxHelp20 - ok
08:59:57.0593 3664 ql1080 - ok
08:59:57.0593 3664 Ql10wnt - ok
08:59:57.0593 3664 ql12160 - ok
08:59:57.0593 3664 ql1240 - ok
08:59:57.0593 3664 ql1280 - ok
08:59:57.0609 3664 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:59:57.0609 3664 RasAcd - ok
08:59:57.0640 3664 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:59:57.0687 3664 RasAuto - ok
08:59:57.0703 3664 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:59:57.0703 3664 Rasl2tp - ok
08:59:57.0734 3664 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:59:57.0734 3664 RasMan - ok
08:59:57.0750 3664 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:59:57.0750 3664 RasPppoe - ok
08:59:57.0750 3664 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:59:57.0750 3664 Raspti - ok
08:59:57.0765 3664 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:59:57.0765 3664 Rdbss - ok
08:59:57.0781 3664 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:59:57.0781 3664 RDPCDD - ok
08:59:57.0796 3664 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:59:57.0796 3664 RDPWD - ok
08:59:57.0843 3664 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:59:57.0843 3664 RDSessMgr - ok
08:59:57.0875 3664 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:59:57.0875 3664 redbook - ok
08:59:57.0906 3664 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:59:57.0906 3664 RemoteAccess - ok
08:59:57.0921 3664 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
08:59:57.0921 3664 RpcLocator - ok
08:59:57.0953 3664 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
08:59:57.0953 3664 RpcSs - ok
08:59:58.0000 3664 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
08:59:58.0000 3664 RSVP - ok
08:59:58.0015 3664 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
08:59:58.0031 3664 rtl8139 - ok
08:59:58.0031 3664 RTL8187B - ok
08:59:58.0093 3664 [ BA11D5F61A74E156BF6F33DDDD1AD1CE ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
08:59:58.0093 3664 RTL8192su - ok
08:59:58.0109 3664 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
08:59:58.0109 3664 SamSs - ok
08:59:58.0140 3664 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:59:58.0140 3664 SASDIFSV - ok
08:59:58.0140 3664 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:59:58.0140 3664 SASKUTIL - ok
08:59:58.0156 3664 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:59:58.0171 3664 SCardSvr - ok
08:59:58.0203 3664 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:59:58.0203 3664 Schedule - ok
08:59:58.0234 3664 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:59:58.0234 3664 Secdrv - ok
08:59:58.0265 3664 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
08:59:58.0265 3664 seclogon - ok
08:59:58.0296 3664 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
08:59:58.0296 3664 SENS - ok
08:59:58.0328 3664 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
08:59:58.0343 3664 serenum - ok
08:59:58.0359 3664 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
08:59:58.0359 3664 Serial - ok
08:59:58.0375 3664 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:59:58.0375 3664 Sfloppy - ok
08:59:58.0406 3664 [ 0B1A5E9CACB5CDD54A2815107BD7C772 ] sfman C:\WINDOWS\system32\drivers\sfmanm.sys
08:59:58.0406 3664 sfman - ok
08:59:58.0468 3664 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
08:59:58.0484 3664 SharedAccess - ok
08:59:58.0500 3664 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:59:58.0500 3664 ShellHWDetection - ok
08:59:58.0546 3664 [ 0B9B5C6DF6226497EF4819B6E1B2EFD5 ] SI3132 C:\WINDOWS\system32\DRIVERS\SI3132.sys
08:59:58.0546 3664 SI3132 - ok
08:59:58.0578 3664 [ 227E56633D6423E1F7D869618AC8404F ] Si3132r5 C:\WINDOWS\system32\DRIVERS\Si3132r5.sys
08:59:58.0593 3664 Si3132r5 - ok
08:59:58.0609 3664 [ DBDEE2A96F2F616726817373516CB0BD ] SiFilter C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
08:59:58.0609 3664 SiFilter - ok
08:59:58.0609 3664 Simbad - ok
08:59:58.0609 3664 [ 3E6B438E5CB674A1382B2955AA98F637 ] SiRemFil C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
08:59:58.0609 3664 SiRemFil - ok
08:59:58.0671 3664 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
08:59:58.0671 3664 SkypeUpdate - ok
08:59:58.0703 3664 [ A5C6FEC0A50D81715A2DF0E119D635CE ] SMC1211 C:\WINDOWS\system32\DRIVERS\SMC1211.SYS
08:59:58.0703 3664 SMC1211 - ok
08:59:58.0734 3664 [ 977AAA4398D7D6FA65D973F5B3F54E40 ] SonicStage Back-End Service C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
08:59:58.0734 3664 SonicStage Back-End Service - ok
08:59:58.0734 3664 Sparrow - ok
08:59:58.0812 3664 [ 7234E4B852F8FA0C48FF0E4FD7394490 ] SPF4 C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
08:59:58.0828 3664 SPF4 - ok
08:59:58.0859 3664 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:59:58.0859 3664 splitter - ok
08:59:58.0890 3664 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:59:58.0890 3664 Spooler - ok
08:59:58.0937 3664 [ 71E276F6D189413266EA22171806597B ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
08:59:58.0937 3664 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71E276F6D189413266EA22171806597B
08:59:58.0937 3664 sptd ( LockedFile.Multi.Generic ) - warning
08:59:58.0937 3664 sptd - detected LockedFile.Multi.Generic (1)
08:59:58.0968 3664 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
08:59:58.0984 3664 SPTISRV - ok
08:59:59.0000 3664 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:59:59.0000 3664 sr - ok
08:59:59.0031 3664 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
08:59:59.0031 3664 srservice - ok
08:59:59.0093 3664 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:59:59.0093 3664 Srv - ok
08:59:59.0109 3664 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:59:59.0109 3664 SSDPSRV - ok
08:59:59.0140 3664 [ 756E371B3B86A3D3039926D32EAC0E8D ] SSScsiSV C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
08:59:59.0140 3664 SSScsiSV - ok
08:59:59.0156 3664 Steam Client Service - ok
08:59:59.0187 3664 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:59:59.0218 3664 stisvc - ok
08:59:59.0234 3664 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:59:59.0234 3664 swenum - ok
08:59:59.0234 3664 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:59:59.0250 3664 swmidi - ok
08:59:59.0250 3664 SwPrv - ok
08:59:59.0250 3664 symc810 - ok
08:59:59.0250 3664 symc8xx - ok
08:59:59.0250 3664 sym_hi - ok
08:59:59.0250 3664 sym_u3 - ok
08:59:59.0281 3664 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:59:59.0296 3664 sysaudio - ok
08:59:59.0312 3664 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:59:59.0312 3664 SysmonLog - ok
08:59:59.0343 3664 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:59:59.0343 3664 TapiSrv - ok
08:59:59.0390 3664 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:59:59.0406 3664 Tcpip - ok
08:59:59.0421 3664 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:59:59.0421 3664 TDPIPE - ok
08:59:59.0437 3664 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:59:59.0437 3664 TDTCP - ok
08:59:59.0453 3664 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:59:59.0453 3664 TermDD - ok
08:59:59.0484 3664 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
08:59:59.0500 3664 TermService - ok
08:59:59.0515 3664 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
08:59:59.0515 3664 Themes - ok
08:59:59.0515 3664 TosIde - ok
08:59:59.0562 3664 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:59:59.0562 3664 TrkWks - ok
08:59:59.0593 3664 [ 2AA8F32C3DA1E7BC11669E3E72BFF1A5 ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
08:59:59.0593 3664 TrueSight - ok
08:59:59.0609 3664 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:59:59.0609 3664 Udfs - ok
08:59:59.0609 3664 ultra - ok
08:59:59.0703 3664 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
08:59:59.0718 3664 Update - ok
08:59:59.0750 3664 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:59:59.0750 3664 upnphost - ok
08:59:59.0765 3664 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
08:59:59.0765 3664 UPS - ok
08:59:59.0796 3664 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
08:59:59.0796 3664 usbaudio - ok
08:59:59.0828 3664 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:59:59.0828 3664 usbccgp - ok
08:59:59.0859 3664 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:59:59.0859 3664 usbehci - ok
08:59:59.0859 3664 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:59:59.0859 3664 usbhub - ok
08:59:59.0875 3664 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:59:59.0875 3664 usbohci - ok
08:59:59.0906 3664 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:59:59.0906 3664 usbprint - ok
08:59:59.0937 3664 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:59:59.0968 3664 usbscan - ok
09:00:00.0000 3664 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:00:00.0000 3664 USBSTOR - ok
09:00:00.0031 3664 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:00:00.0031 3664 usbuhci - ok
09:00:00.0046 3664 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:00:00.0046 3664 VgaSave - ok
09:00:00.0046 3664 ViaIde - ok
09:00:00.0062 3664 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:00:00.0062 3664 VolSnap - ok
09:00:00.0093 3664 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
09:00:00.0125 3664 VSS - ok
09:00:00.0156 3664 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
09:00:00.0156 3664 W32Time - ok
09:00:00.0171 3664 [ D4FBEE66EF861279D09C33CB1F7BB24E ] waclient C:\WINDOWS\system32\drivers\waclient.sys
09:00:00.0187 3664 waclient - ok
09:00:00.0187 3664 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:00:00.0187 3664 Wanarp - ok
09:00:00.0187 3664 WDICA - ok
09:00:00.0218 3664 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:00:00.0218 3664 wdmaud - ok
09:00:00.0250 3664 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:00:00.0250 3664 WebClient - ok
09:00:00.0328 3664 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:00:00.0328 3664 winmgmt - ok
09:00:00.0375 3664 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
09:00:00.0375 3664 WmdmPmSN - ok
09:00:00.0406 3664 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
09:00:00.0406 3664 WmiApSrv - ok
09:00:00.0515 3664 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
09:00:00.0546 3664 WMPNetworkSvc - ok
09:00:00.0750 3664 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:00:00.0765 3664 WPFFontCache_v0400 - ok
09:00:00.0796 3664 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:00:00.0796 3664 WS2IFSL - ok
09:00:00.0828 3664 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:00:00.0828 3664 wscsvc - ok
09:00:00.0828 3664 WSearch - ok
09:00:00.0875 3664 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:00:00.0906 3664 wuauserv - ok
09:00:00.0968 3664 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:00:00.0968 3664 WudfPf - ok
09:00:01.0000 3664 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:00:01.0015 3664 WudfRd - ok
09:00:01.0015 3664 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
09:00:01.0031 3664 WudfSvc - ok
09:00:01.0078 3664 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:00:01.0078 3664 WZCSVC - ok
09:00:01.0109 3664 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:00:01.0265 3664 xmlprov - ok
09:00:01.0328 3664 [ 4322C32CED8C4772E039616DCBF01D3F ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
09:00:01.0343 3664 yukonwxp - ok
09:00:01.0359 3664 ================ Scan global ===============================
09:00:01.0406 3664 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:00:01.0421 3664 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:00:01.0437 3664 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:00:01.0437 3664 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:00:01.0437 3664 [Global] - ok
09:00:01.0437 3664 ================ Scan MBR ==================================
09:00:01.0453 3664 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:00:01.0578 3664 \Device\Harddisk0\DR0 - ok
09:00:01.0578 3664 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
09:00:01.0734 3664 \Device\Harddisk1\DR1 - ok
09:00:01.0734 3664 ================ Scan VBR ==================================
09:00:01.0734 3664 [ E6F61F3E552E17EEC63705698487AE13 ] \Device\Harddisk0\DR0\Partition1
09:00:01.0734 3664 \Device\Harddisk0\DR0\Partition1 - ok
09:00:01.0734 3664 [ EC2ADD1E40154A9C1B48583CF830971A ] \Device\Harddisk1\DR1\Partition1
09:00:01.0734 3664 \Device\Harddisk1\DR1\Partition1 - ok
09:00:01.0734 3664 ============================================================
09:00:01.0734 3664 Scan finished
09:00:01.0734 3664 ============================================================
09:00:01.0734 1952 Detected object count: 1
09:00:01.0734 1952 Actual detected object count: 1
09:00:34.0796 1952 sptd ( LockedFile.Multi.Generic ) - skipped by user
09:00:34.0796 1952 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
-
The rootkitunhooker-link didn't work.
Sorry, I haven't used that program in such a long while.
Did you want me to do something about the problems found by Roguekiller?
Yes, please.
-
Should I look for it myself or are you posting a new link or should I skip that step for now?
-
Should I look for it myself or are you posting a new link or should I skip that step for now?
Please run RogueKiller again and fix the problems.
-
Ah, I was referring to RootkitUnhooker. I fixed the roguekiller problems (registry tab) with the delete button.
-
Good. How's your computer running now?
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Here's the log. And should I update my java as you instructed earlier? I'm uncertain since I didn't do the rootkitunhooker-step.
D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-360df493 multiple threats deleted - quarantined
D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\20\7bb99554-44cbcb84 probably a variant of Win32/Agent.DYXWUMY trojan deleted - quarantined
D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-79c8342d multiple threats deleted - quarantined
D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-3fcd2aea multiple threats deleted - quarantined
D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\43\556445eb-45e011af probably a variant of Win32/Agent.DYXWUMY trojan deleted - quarantined
D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\44\5473416c-7791513b multiple threats deleted - quarantined
D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-5ac71513 probably a variant of Win32/Agent.DYXWUMY trojan deleted - quarantined
D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\52\31bba1f4-3dcce526 probably a variant of Win32/Agent.DYXWUMY trojan deleted - quarantined
D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-6e04bd79 multiple threats deleted - quarantined
D:\Documents and Settings\steffe\Application Data\Sun\Java\Deployment\cache\6.0\58\fa8f07a-6b075a8a probably a variant of Win32/Agent.DYXWUMY trojan deleted - quarantined
-
Yes, update your Java and tell me how your computer is working.
-
I updated my java. I'm not seeing any improvements I'm afraid. I might also mention there are three automatic windows updates which I can't install.
Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2729450)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2729449)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2737019)
-
Ok. Please try this to fix the update problem.
•Please download Dial-A-Fix from one of the following mirrors:
Primary mirror (http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip)
Secondary mirror (http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip)
•Extract the zip file to your desktop.
•Double click Dial-a-Fix.exe to start the program. Dial-A-Fix might give you a lot errors, just ignore them and Click
(http://i424.photobucket.com/albums/pp322/digistar/OK.jpg) to continue.
•Press the green double checkmark box (Looks like this:
(http://i424.photobucket.com/albums/pp322/digistar/checkmark.png)
UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:
(http://i424.photobucket.com/albums/pp322/digistar/ncheck.png)
(http://i424.photobucket.com/albums/pp322/digistar/Window.png)
•Click on Go
•Wait for Dial-A-Fix to finish (All the checks marks will be all gone)
•Close Dial-A-Fix
-
I got the following error message from Dial-a-fix:
Dial-a-fix
Access violation at adress 77C0154D in module 'version.dll'. Read of address 00000004.
Right after that it got stuck on the step called 'registrating comcat.dll'.
I still can't install the updates.
-
I got the following error message from Dial-a-fix:
Dial-a-fix
Access violation at adress 77C0154D in module 'version.dll'. Read of address 00000004.
Right after that it got stuck on the step called 'registrating comcat.dll'.
I still can't install the updates.
Please try running it in Safe Mode.
-
I ran Dial-a-fix in safe mode but still got the same problem.
-
Please try this and tell me exactly what happens.
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
-
I found the same updates and failed to install them in the same way. Then though, a curious thing happened. I came to the place I attached as an image.
But when I copied the text in order to post here, I got this text instead:
Review Your Installation Results
The software upgrade is complete
You can now use the website to find and install the latest updates for your computer.
Continue
More high-priority updates are available
Your computer might be at risk until you install them. Check for the remaining updates and install them now.
Restart now to finish installing updates
Your computer will not be up to date until you restart it. Please save any open files, photos or documents and restart now.
Installation Summary
Successful: 0
Failed: 3
Remaining: 0
--------------------------------------------------------------------------------
Successful Updates
--------------------------------------------------------------------------------
Failed Updates
For help installing an update successfully, see the solution under each problem description.
Problem: End User License Agreement (EULA) Not Accepted
Solution: Check for updates again and wait while you install updates. You will be asked to accept the EULA before any updates with a EULA can be installed.
Problem: Not Enough Disk Space
Solution: To make more space available, run the Disk Cleanup tool or uninstall any programs that you don’t use. For directions, see Help and Support on your computer.
Problem: Automatic Updates is currently installing updates
Solution: Please wait until Automatic Updates is complete and then check your update history. At that time, if the update has failed to install, you can try installing it from the website.
Note: To view Automatic Updates progress, click the updating icon in your System Tray.
Problem: Please check your update history for a description.
Microsoft Windows XP
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2737019)
Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2729450)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2729449)
Problem: A problem on your computer is preventing updates from being downloaded or installed
Solution: To fix the problem, try installing the updates again. If that doesn't work, use the Troubleshooter to try solve the problem.
--------------------------------------------------------------------------------
I didn't try any of the solutions becouse they didn't seem applicable. I then went to the update history, here's what it had to say about the failed installations:
Installation Failure
Error Code: 0x643
Try to install the update again, or request help from one of the following resources.
For self-help options:
Frequently Asked Questions
Find Solutions
Windows Update Newsgroup
For assisted support options:
Microsoft Online Assisted Support (no-cost for issues related to getting updates)
[year+ old attachment deleted by admin]
-
Let's look at the computer system. Please make sure to post both logs.
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.
(http://i424.photobucket.com/albums/pp322/digistar/DDS.jpg)
1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
•Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE (http://www.bleepingcomputer.com/forums/topic114351.html).Then post your DDS logs. (DDS.txt and Attach.txt )
-
Here are the logs.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Björn at 22:20:52 on 2012-12-15
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Björn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\spel\Heroes of Might and Magic III Complete\Heroes3.exe
C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LevelOne\LevelOne Wireless LAN Utility\RtWLan.exe
C:\Program Files\Spotify\spotify.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Björn\Application Data\Dropbox\bin\Dropbox.exe
C:\Documents and Settings\Björn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Björn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Björn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
BHO: Länkhjälp till Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [TWCU] "c:\program files\tp-link\twcu\TWCU.exe" -nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\bjrn~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\björn\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\bjrn~1\startm~1\programs\startup\skrmur~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\levelo~1.lnk - c:\program files\levelone\levelone wireless lan utility\RtWLan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215200522218
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352044450718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} - hxxp://74.0.208.149/program/SonySncRz25View.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{11B52850-57D2-4E1D-A24C-8F6B64EC5912} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8FDE6062-1BE0-4E17-AE70-192BBCE62AD5} : DHCPNameServer = 192.168.0.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = Error!
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\björn\application data\mozilla\firefox\profiles\dgnx5vp1.default\
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-12-14 11:30:33 -------- d-sh--w- c:\documents and settings\björn\IECompatCache
2012-12-11 20:52:32 -------- d-----w- c:\windows\system32\CatRoot2
2012-12-08 13:07:45 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-07 20:50:35 -------- d-----w- c:\program files\ESET
2012-12-02 19:53:03 -------- d-sha-r- C:\cmdcons
2012-12-02 19:47:31 98816 ----a-w- c:\windows\sed.exe
2012-12-02 19:47:31 256000 ----a-w- c:\windows\PEV.exe
2012-12-02 19:47:31 208896 ----a-w- c:\windows\MBR.exe
2012-12-02 14:09:14 -------- d--h--r- c:\documents and settings\björn\Recent
2012-12-02 14:04:21 -------- d-----w- c:\program files\CCleaner
2012-12-01 23:55:43 -------- d-----w- c:\documents and settings\björn\application data\SUPERAntiSpyware.com
2012-12-01 23:55:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-01 23:55:19 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-12-01 20:29:05 159608 ----a-w- c:\windows\system32\mfevtps.exe.6e9e.deleteme
2012-12-01 20:19:00 14664 ----a-w- c:\windows\stinger.sys
2012-12-01 20:18:12 159608 ----a-w- c:\windows\system32\mfevtps.exe.c130.deleteme
2012-12-01 20:17:57 -------- d-----w- c:\program files\stinger
2012-12-01 10:10:44 -------- d-----w- c:\program files\AVAST Software
2012-12-01 10:10:44 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-11-30 20:18:56 -------- d-----w- c:\documents and settings\björn\application data\Malwarebytes
2012-11-30 20:18:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-11-30 20:18:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 20:18:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-30 18:24:02 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
2012-11-30 18:08:35 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-11-30 18:08:35 -------- d-----w- c:\windows\system32\wbem\Repository
2012-11-29 21:56:38 58368 -c----w- c:\windows\system32\dllcache\synceng.dll
2012-11-29 21:34:23 -------- d-----w- C:\found.000
.
==================== Find3M ====================
.
2012-12-12 19:52:31 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-08 13:07:31 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-08 13:07:30 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-08 13:07:30 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-04 16:04:27 292700 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-11-04 16:04:27 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-11-04 16:04:17 292700 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
.
============= FINISH: 22:22:21,21 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1 - Svenska
Amazing Slow Downer (remove only)
Apple Application Support
Apple Software Update
Armageddon
ATI Display Driver
BankID säkerhetsprogram
BitTorrent
CCleaner
CDisplay 1.8
Critical Update for Windows Media Player 11 (KB959772)
DC++ 0.770
Dropbox
Encrypted FTP
ESET Online Scanner v3
Europa Universalis III
Garena
Google Chrome
GPL Ghostscript 9.00
GSview 4.9
Guild Wars
Guitar Pro 5.2
Heroes of Might and Magic V - Collectors Edition
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Software Update
In Nomine 3.2
Java 7 Update 9
Java(TM) 6 Update 37
Java(TM) 6 Update 6
Java(TM) 6 Update 7
LevelOne Wireless LAN Driver and Utility
Malwarebytes Anti-Malware version 1.65.1.1000
Master of Mana 1.40
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (Swedish) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Swedish) 2007
Microsoft Office PowerPoint MUI (Swedish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Swedish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (Swedish) 2007
Microsoft Office Word MUI (Swedish) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (Swedish) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mordor 2: Darkness Awakening
Mozilla Firefox 16.0.2 (x86 sv-SE)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Control Panel 285.58
NVIDIA Drivers
NVIDIA Graphics Driver 285.58
NVIDIA Install Application
NVIDIA nView 135.95
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Update 1.5.20
NVIDIA Update Components
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Overland
PDFCreator
Power Tab Editor 1.7
QuickTime
Realtek High Definition Audio Driver
Sacrifice
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Shockwave
Sibelius 6
Sibelius Scorch (Firefox, Opera, Netscape only)
Sid Meier's Civilization 4 - Beyond the Sword
Skype™ 5.10
SonicStage 4.3
SoundMAX
Spotify
Steam
Steinberg Cubase SX v2.2.0.35
Sunbelt Personal Firewall
SUPERAntiSpyware
TeamSpeak 3 Client
Terra Nova mod
TP-LINK Wireless Client Utility Installation Program
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Ventrilo Client
Winamp
Winamp Detector Plug-in
Windows Desktop Search 3.01
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
VLC media player 0.9.9
Xvid Video Codec
.
==== End Of File ===========================
-
I need to see the other log from DDS; attach.txt
-
It's there, Begins with this text:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
-
Something is not quite correct. I'm not seeing the information that I need. Please click on My Computer, Right-click on the C drive and select Properties and tell me how much free space you have and also the capacity of the harddrive.
-
Free space: 9.93 GB
Capacity: 74.5 GB
-
Free space: 9.93 GB
Capacity: 74.5 GB
That's probably why you can't get your updates. Windows requires at least 15% (12Gb) of free space in order to work properly. You need to free up some space. You can do this by removing/uninstalling unwanted or no longer used programs. You can save important pictures, videos, music and other documents to a second harddrive, an external drive or DVD's.
-
Sorry, it didn't work.
I also get some error reports related to the installation failure the next time i start up and log in. The kind of report which windows wants to send in to Microsoft.
-
Problem: A problem on your computer is preventing updates from being downloaded or installed
Solution: To fix the problem, try installing the updates again. If that doesn't work, use the Troubleshooter to try solve the problem.
Did you try running the Troubleshooter?
-
No nothing, couldn't find anything by searching with the error code (Error Code: 0x643). Perhaps I should just reinstall windows?
-
No nothing, couldn't find anything by searching with the error code (Error Code: 0x643). Perhaps I should just reinstall windows?
Perhaps that would be the best solution if you don't have too much data to backup and you have the OS disk(s).
-
I'll give it a shot.
-
I'll give it a shot.
Ok. Let me know how it works out.
-
I have, after a lot of hustling and some procrastination, managed to get my computer back online. I'm not encountering any of my previous problems.
-
I have, after a lot of hustling and some procrastination, managed to get my computer back online. I'm not encountering any of my previous problems.
Did you wipe the drive and do a re-install?
-
No, I just did a reinstall.