Solved Virus can not be removed from hp desktop

Hewlett-packard Pavilion a350n desktop
March 23, 2013 at 15:19:10
Specs: XP, 120GB
I downloaded an avi file and went to burn it onto a DVD and boom I got a virus. Norton detected it but can not remove it. It says it is in my video.exe what ever that means. I also have tried Trend micro. They too say it failed to fix the problem but sees it. I am currently running Dr.Web boot disk. It has been scanning for over three hours so I guess I have a serious problem. Any ideas what to do next?

See More: Virus can not be removed from hp desktop

Report •


✔ Best Answer
April 5, 2013 at 21:30:12
Post #53
FAULTING_IP:
SYMEFA+d9666

That is an Norton problem, uninstall it.
https://support.norton.com/sp/en/au...

I use Microsoft Security Essentials ( MSE )
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.techsupportalert.com/bes...
http://windows.microsoft.com/en-US/...
System requirements
http://www.microsoft.com/en-us/secu...
Can Microsoft Security Essentials ( MSE ) protect me from online banking and shopping.
http://answers.microsoft.com/en-us/...
If you choose to use Security Essentials, please follow the steps in this thread first, especially the part about removing all existing realtime antimalware:
http://kb.eset.com/esetkb/index?pag...



#1
March 23, 2013 at 19:49:05
"I downloaded an avi file and went to burn it onto a DVD and boom I got a virus"

It doesn't work that way. I think you're leaving something out. Were the torrents involved?

"It says it is in my video.exe what ever that means"

video.exe IS the virus. Google "how to remove video.exe virus"


Report •

#2
March 23, 2013 at 19:59:47
I don't understand your comment about I left something out. There wasn't anything more to it, I downloaded the avi file using utorrent and went to burn it to dvd and got the virus. What is there to leave out? Anyways,I was currently googling the video.exe virus and how to remove it. I can only find really old post from 2008 and 2010. They just say to find the video.exe file and remove it. Kinda common sense, I understand that but how do you find it and remove it is my question. That is why I am on here for advice on what to do.

Report •

#3
March 24, 2013 at 00:02:47
Read the last line of response #1 and follow those instructions.

Skip
Audares Juvo


Report •

Related Solutions

#4
March 24, 2013 at 07:22:00
"I don't understand your comment about I left something out"

You left out the fact that you downloaded the video from the torrents. You have to use your head when downloading anything the torrents. For example, if a movie was just released today & you see it listed on the torrents as a DVDRip, it's a scam. If it's only been on the torrents for a few hours & shows 10,000 seeders, it's a scam. If it shows 10,000 seeders & no comments, it's a scam. If you read the comments, you'll find out if the download is real or fake or contains any viruses. In other words, the infection was most likely due to your carelessness or lack of torrent experience.

"They just say to find the video.exe file and remove it"

It's NEVER that easy. Start by downloading AdwCleaner. Run it, click Search, then click Delete. Reboot after it's done.

http://download.cnet.com/AdwCleaner...

Then download & install CCleaner-Slim. Install it & run both the Cleaner & Registry scanner. Remove everything they find. Also click on Tools > Startup. Run thru the list & disable anything you don't want loading at startup. The only thing that really needs to load is the security software although there may be entries for audio, video, & network that should load as well. You do NOT need crap like uTorrent, instant messengers, Adobe, Google, iTunes, QuickTime, RealPlayer, Skype, scanners, cameras, printers, etc preloading at startup. Also look for suspicious entries. Have a look at this screenshot, the user disabled everything except the anti-virus program:

http://widefide.com/wp-content/uplo...

Get CCleaner-Slim here: http://www.piriform.com/ccleaner/bu...

After doing that, reboot, then download & install Malwarebyte's Antimalware. Update it, then run a scan from Safe Mode: http://www.filehippo.com/download_m...


Report •

#5
March 24, 2013 at 13:08:04
There might have been an added file extension. If you don't already do so make sure you are set to show all file extensions.

Always pop back and let us know the outcome - thanks


Report •

#6
March 24, 2013 at 19:24:12
I have downloaded and ran everything you told me to do, step by step. In the reports it is telling me that it has removed a trojan virus. I will run another scan in the morning, I had to stop to put my son to sleep but will continue in the morning. I hope this works and I will report the results tomorrow.

Report •

#7
March 25, 2013 at 16:48:38
Riider, I did everything in the exact steps you said to them. The reports said they removed trojan virus. I restarted my computer in regular mode this morning and the same thing happened again. My computer shuts itself off. I ran a scan with my Norton again and it says I still have the virus. L:/video.exe is what they are calling the file and it still says can't be removed. Any other suggestions?

Report •

#8
March 25, 2013 at 16:53:46
We now need to bring in the heavy artillery.

Lets start here.

1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
A introduction as to what this program does.
http://www.bleepingcomputer.com/for...
For those of you who no longer have the %Temp%\Smtmp folder, you will not be able to use Unhide to restore your Start Menu items. With this in mind, I have created some scripts to restore the default Start Menu for specific versions of Windows that I have access to. You can view the available versions below. I will be adding more as time goes on.
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run, it does take some time, be patient. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt. Let me know if it dosn't produce a log please.

2: Reboot

3: Run Hitman Pro, then Copy & Paste the contents of the log please.
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://www.surfright.nl/en/HitmanPro
http://www.surfright.nl/en/hitmanpro/
Unlimited free scanning and free 30-day version to remove detected malware.
Download now (32-bit)
http://dl.surfright.nl/HitmanPro35.exe
Download now (64-bit)
http://dl.surfright.nl/HitmanPro35_...


Report •

#9
March 25, 2013 at 20:10:41
Ok, so I ran Unhide and it did create a logfile. I rebooted. Then downloaded and ran Hitman Pro. I am sorry I didn't copy and paste the log. It said I had some tracking cookies and this- BackWeb-137.exe Trojan, c:programfiles/updatesfromHP/137903/Program

It said it removed this. I reran the scan again.Log came back clean. I then ran TrendMicro Rootkit tool and Housecall. Both came back clean. I then ran the Norton Power Eraser, which originally told me I had the L:/video.exe bad file, and said it failed to be removed. It again told me that it failed to be removed. So did I have two different viruses and one is removed and the other isn't?


Report •

#10
March 25, 2013 at 20:38:26
Can you please download and run Rougekiller from this link:
http://www.bleepingcomputer.com/dow...
Open it and run it, It will do a very quick system setup check scan, when its finished click the Scan button, When the scan is finished click Delete.
Rougekiller will produce a log. Please copy and paste the log here.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#11
March 26, 2013 at 06:57:33
Here is the report from RougeKiller

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : Administrator [Admin rights]
Mode : Remove -- Date : 03/26/2013 08:54:57
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[RUN][BLACKLISTDLL] HKCU\[...]\Run : NVIEW (rundll32.exe nview.dll,nViewLoadHook) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160021A +++++
--- User ---
[MBR] 7990f6d885f75c8608d0500a1680e6fd
[BSP] 4fad7fac273bd84cfc1128669fa120fc : Legit.B MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 5692 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 11657520 | Size: 146925 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_03262013_02d0854.txt >>
RKreport[1]_S_03262013_02d0852.txt ; RKreport[2]_D_03262013_02d0854.txt


Report •

#12
March 26, 2013 at 21:12:29
Did you download Malwarebytes free yet from Post #4? If you did update and run a quick scan. Copy and paste the log in your reply please.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#13
March 28, 2013 at 03:47:16
Here is the log from Malwarebytes
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.26.05

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: HOME [administrator]

Protection: Disabled

3/27/2013 8:04:34 PM
mbam-log-2013-03-27 (20-04-34).txt

Scan type: Full scan (C:\|D:\|L:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 440985
Time elapsed: 1 hour(s), 9 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#14
March 28, 2013 at 03:56:35
Here is the short scan log from Malwarebytes
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.28.05

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: HOME [administrator]

Protection: Disabled

3/28/2013 5:48:21 AM
mbam-log-2013-03-28 (05-48-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253732
Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
--------------------------------------------------------------------------------------------------
Ran another scan out of safe mode in regular mode and this is what I got

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.29.14

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: HOME [administrator]

Protection: Enabled

3/29/2013 4:30:39 PM
mbam-log-2013-03-29 (16-30-39).txt

Scan type: Full scan (L:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 265096
Time elapsed: 12 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SeekingAlpha (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 31788f103e38d81d8b6f0cf8e3b1683f -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#15
March 28, 2013 at 04:00:28
Last scan Eset Online Scanner, here's the link:
http://www.eset.com/us/online-scann...
Download and run. The scanner popup will start, select Archives and then Advanced Settings, check mark Potentially Unwanted Programs. Then click Start bottom right.
It will load the scanner and start scanning, which can take a long time. Please copy and paste the log.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#16
March 28, 2013 at 15:30:11
C:\Documents and Settings\Owner\My Documents\kmd.exe a variant of Win32/Adware.Kazaa.A application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\My Music\kazaa_setup.exe a variant of Win32/Adware.Kazaa.A application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\New Folder\Nero_8.2.8.0_eng_trial.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Shared\Nero 7 Ultra Edition (ENHANCED) + Serials!!(REAL) v7.8.5.0 for Windows Vista!! ... crack keygen vista nero 7 mp3 dvd tv multichannel windows serial code (RVGJR) 1 - Copy - Copy.rar Win32/Toolbar.AskSBar application deleted - quarantined
C:\Downloads\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application cleaned by deleting - quarantined
C:\Downloads\couponprinter[0].exe probably a variant of Win32/Adware.Softomate.AD application cleaned by deleting - quarantined
L:\backup folder\Memeo\Owner's Backup\C_\Documents and Settings\Owner\Desktop\kazaa_setup.exe a variant of Win32/Adware.Kazaa.A application cleaned by deleting - quarantined
L:\backup folder\Memeo\Owner's Backup\C_\Documents and Settings\Owner\My Documents\kmd.exe a variant of Win32/Adware.Kazaa.A application cleaned by deleting - quarantined
L:\backup folder\Memeo\Owner's Backup\C_\Documents and Settings\Owner\My Documents\My Music\kazaa_setup.exe a variant of Win32/Adware.Kazaa.A application cleaned by deleting - quarantined
L:\backup folder\Memeo\Owner's Backup\C_\Documents and Settings\Owner\My Documents\New Folder\Nero_8.2.8.0_eng_trial.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined

Do I need to click delete quarentined files? And unistall application on close?


Report •

#17
March 28, 2013 at 17:54:51
Yes you can delete the quarantined files, and you can keep the Eset as a second online scan when needed.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#18
March 28, 2013 at 21:27:49
You have a lot of Adware so lets run AdwCleaner.
Download AdwCleaner from this link:
http://www.bleepingcomputer.com/dow...

AdwCleaner Usage Instructions:
Using AdwCleaner is very simple. Simply download the program and run it. You will then be presented with a screen that contains a Search and Delete button. The Search button will cause AdwCleaner to search your computer for unwanted programs and then display a log showing the various files, folders, and registry entries used by these programs.
To delete these unwanted programs simply click on the Delete button, which will cause AdwCleaner to reboot your computer and remove the files and registry entries associated with the various adware that you are removing. On reboot, AdwCleaner will display a log showing the files, folders, and registry entries that were removed.
Please include the log in your next reply.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#19
March 28, 2013 at 21:33:54
Also rerun Malwarebytes to scan for that L:/video.exe in Post #9, just to make sure it has gone :)
(When it gives options on drives to scan uncheck c:/ and check L:/ )

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#20
March 29, 2013 at 13:16:59
I ran the AdwCleaner and it did not post a log?
I re-ran Malwarebytes again on Drive L like you said and it came back clean, but it had come back clean before and Norton Power eraser said I still had the virus the other day. I ran unhide again and it did post a log.

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 03/29/2013 02:59:45 PM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the A:\ drive
Finished processing the A:\ drive. 0 files processed.

Processing the C:\ drive
Finished processing the C:\ drive. 179837 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 9406 files processed.

Processing the G:\ drive
Finished processing the G:\ drive. 0 files processed.

Processing the H:\ drive
Finished processing the H:\ drive. 0 files processed.

Processing the I:\ drive
Finished processing the I:\ drive. 0 files processed.

Processing the K:\ drive
Finished processing the K:\ drive. 0 files processed.

Processing the L:\ drive
Finished processing the L:\ drive. 20898 files processed.

The C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 03/29/2013 03:11:02 PM
Execution time: 0 hours(s), 11 minute(s), and 16 seconds(s)


Report •

#21
March 29, 2013 at 19:40:07
The AdwCleaner log can be found at; Start button > My Computer > select C:/ drive. The log should be found there. Copy and paste the log please.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#22
March 29, 2013 at 21:33:10
AdwCleaner v2.115 - Logfile created 03/24/2013 at 17:27:57
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - HOME
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\93QR3L3L\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Swag_Bucks
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Swag_Bucks
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Swag_Bucks
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5DE05A83-9A37-4DDD-B149-77A54852BB2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2260173
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66BE40BC-9914-4C2A-BF4A-325AFAEFC97A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0432817-74C9-4E1C-9AD9-2F6F7044B5EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Swag_Bucks Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5DE05A83-9A37-4DDD-B149-77A54852BB2A}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DA5BD2D3CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC9EFC5C3366B4DB850DAB49330C52
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E98451C7CA808F47AFE467BDABD02FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFD11FD45FC7B9E46A8F4B69F3A66E35
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5979AD63CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF9BD2952384A9C49B4A5D3D95329890
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FABA2A33488410A4AA40489BD2224282
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swag_Bucks Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Swag_Bucks
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=109935&tt=060612_7_&babsrc=NT_ss&mntrId=6c44b700000000000000000c6ecb90b3 --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [7843 octets] - [24/03/2013 17:27:12]
AdwCleaner[S1].txt - [7850 octets] - [24/03/2013 17:27:57]

########## EOF - C:\AdwCleaner[S1].txt - [7910 octets] ##########


Report •

#23
March 29, 2013 at 23:02:50
 Download Junkware Removal Tool from these links:

http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.co.nz/20...
Download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
NOTE:Once the scan is complete JRT will shut down your browser with NO warning.
The scan can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the JRT.txt log into your next message.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#24
March 30, 2013 at 22:21:15
I downloaded Junkware Removal Tool to my desktop and it is a square with an orange circle with a man inside of it, right? When I double click on it to open or right click to open an error screen comes up and says 7-zip internal error code 105 so it won't let me run the scan.

Report •

#25
March 30, 2013 at 23:05:37
it is a square with an orange circle with a man inside of it, right? - yes
Did you extract the zip before you tried to run it?

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#26
March 30, 2013 at 23:13:11
I fixed the issue, I turned off my Norton and the Malware. I ran the scan. It did quck scan and a deep scan. Did some funky things with my computer, turned off my computer and rebooted. When it rebooted itself, no log file came up. Did scan a second time just to make sure of log and once again no log was created on my desktop.

Report •

#27
March 31, 2013 at 00:27:13
The JRT log should be found on your desktop as JRT.txt, try where the downloaded .exe was ran from also.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#28
March 31, 2013 at 12:28:25
I have looked and looked and can not find a JRT.txt on my desktop even went into my C drive and saw that there was a folder made named JRT. When I opened it there was a whole bunch of different files but nothing that said log.

Report •

#29
April 1, 2013 at 01:06:03
No worries, we will move on.

I want you to turn off your realtime protection etc and download Combofix from this link:
http://www.bleepingcomputer.com/dow...
Here is a guide to running Combofix, please read it before running it :)
http://www.bleepingcomputer.com/com...

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#30
April 1, 2013 at 12:18:41
Here is the Combo fix log

ComboFix 13-04-01.01 - Owner 04/01/2013 13:32:55.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1304 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\WINDOWS
c:\program files\Altnet
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\bzip2.xmd.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\cran.cvd.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\emalware.ivd.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\gzip.xmd.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\java.cvd.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\tar.xmd.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\update.txt.cab
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\tn3
c:\windows\cdmxtras
c:\windows\Downloaded Program Files\CpnMgr.dll
c:\windows\Fonts\a.zip
c:\windows\help\wmplayer.bak
c:\windows\Readme.txt
c:\windows\system32\bkmoopob.exe
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\ijl11.dll
c:\windows\system32\p2
c:\windows\system32\ps2.bat
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\z0
c:\windows\system32\z0\vetzcomz22.exe
D:\Autorun.inf
L:\Autorun.inf
L:\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-01 to 2013-04-01 )))))))))))))))))))))))))))))))
.
.
2013-03-31 05:40 . 2013-03-31 05:40 -------- d-----w- c:\windows\ERUNT
2013-03-31 04:10 . 2013-03-31 05:40 -------- d-----w- C:\JRT
2013-03-22 21:11 . 2013-03-22 21:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search
2013-03-22 15:47 . 2013-03-22 15:47 -------- d-----w- c:\windows\system32\winrm
2013-03-22 15:47 . 2013-03-22 15:47 -------- dc----w- c:\windows\$968930Uinstall_KB968930$
2013-03-22 15:47 . 2013-03-22 15:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2013-03-22 15:45 . 2013-03-22 16:12 -------- d-----w- c:\program files\Windows Desktop Search
2013-03-22 15:45 . 2013-03-22 15:45 -------- d-----w- c:\windows\system32\GroupPolicy
2013-03-22 15:42 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2013-03-22 15:42 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2013-03-22 15:42 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2013-03-22 15:03 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{8D78080F-F14E-459E-8027-D106C2F870C9}\mpengine.dll
2013-03-21 23:06 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-21 23:06 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-17 18:21 . 2010-05-26 16:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-03-17 18:20 . 2010-05-26 16:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2013-03-17 18:20 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-03-17 18:20 . 2010-05-26 16:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2013-03-17 18:20 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-03-17 18:19 . 2013-03-24 22:34 -------- d-----w- c:\windows\Logs
2013-03-17 15:39 . 2013-03-22 21:11 -------- d-----w- c:\program files\Common Files\LightScribe
2013-03-15 20:56 . 2013-03-22 19:05 -------- d-----w- c:\program files\Common Files\Nero
2013-03-15 20:40 . 2013-03-20 14:06 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-12 20:39 . 2012-06-25 21:48 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 20:39 . 2011-06-04 16:40 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 00:32 . 2004-08-04 06:04 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2003-08-08 15:35 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 00:45 . 2008-01-18 18:43 6954968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-02-05 20:05 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2003-08-08 16:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2003-08-08 16:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2003-08-08 15:33 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-17 06:28 . 2009-10-02 16:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-07 01:19 . 2003-08-08 15:33 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2002-08-29 08:04 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2003-08-08 15:35 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2003-05-30 14:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2013-01-02 06:49 . 2002-12-12 14:14 148992 ----a-w- c:\windows\system32\mpg2splt.ax
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Nero\data\xtras\mssysmgr.exe" [2005-02-26 212992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
"Desktop Disc Tool"="c:\program files\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\program files\Windows NT\rtesejifsi.html
FriendlyName=
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Reminders.lnk
backup=c:\windows\pss\Reminders.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=c:\windows\pss\spamsubtract.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 18:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
2003-06-23 04:25 24576 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\BackupNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 23:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-07-23 14:37 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-07-28 19:19 323584 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
2005-02-26 00:28 212992 -c--a-w- c:\progra~1\Nero\data\Xtras\mssysmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2003-11-10 21:06 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2003-03-07 10:01 77887 ----a-w- c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 06:11 132496 -c--a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Nero\\Nero Blu-ray Player\\Blu-rayPlayer.exe"=
"c:\\Program Files\\Nero\\Nero 12\\Nero BackItUp\\BackItUp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22936:TCP"= 22936:TCP:BitComet 22936 TCP
"22936:UDP"= 22936:UDP:BitComet 22936 UDP
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604010.00E\symds.sys [2/6/2013 8:15 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604010.00E\symefa.sys [2/6/2013 8:15 AM 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20130322.001\BHDrvx86.sys [3/21/2013 8:52 PM 997464]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604010.00E\ccsetx86.sys [2/6/2013 8:15 AM 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604010.00E\ironx86.sys [2/6/2013 8:15 AM 149624]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 12:37 PM 13672]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [3/24/2013 5:47 PM 398184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/24/2013 5:47 PM 682344]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.1.14\ccsvchst.exe [2/6/2013 8:15 AM 138272]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 1:19 PM 50704]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [3/22/2013 9:56 PM 439632]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 8:11 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20130329.001\IDSXpx86.sys [3/29/2013 9:39 PM 373728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/24/2013 5:47 PM 21104]
S2 GdFsHook;McAfee Privacy Service File Guardian;\??\c:\windows\system32\Drivers\GDFSHK.SYS --> c:\windows\system32\Drivers\GDFSHK.SYS [?]
S2 GdTdi;McAfee Privacy Service Transport Filter;\??\c:\windows\system32\Drivers\GDTDI.SYS --> c:\windows\system32\Drivers\GDTDI.SYS [?]
S3 DCamUSBUVT;ICM532A;c:\windows\system32\drivers\usbuvt.sys [8/27/2005 11:02 PM 95232]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/4/2008 11:29 AM 30192]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [10/17/2010 1:27 PM 33792]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [6/26/2009 11:19 AM 1124848]
S3 USBAV708;Instant VideoMPX;c:\windows\system32\drivers\USBAV708.SYS [9/14/2005 5:33 PM 101120]
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 20:39]
.
2013-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-04-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
2013-03-29 c:\windows\Tasks\Roxio PhotoShow Updater.job
- c:\program files\Roxio\PhotoShow\auto_updater_shim.exe [2010-10-29 01:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{da8ba20c-2414-4cdd-8e97-020e4f375ed5} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-UpdateManager - c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
AddRemove-Coupon Printer for Windows4.0 - c:\program files\Coupons\uninstall.exe
AddRemove-Coupon Printer for Windows5.0.0.2 - c:\program files\Coupons\uninstall.exe
AddRemove-Norton SystemWorks - c:\program files\Norton SystemWorks\uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-01 13:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\.sol\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.sor\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\program files\Softex\OmniPass\opxpgina.dll
.
- - - - - - - > 'explorer.exe'(732)
c:\windows\system32\WININET.dll
c:\windows\system32\nView.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Softex\OmniPass\Omniserv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
c:\windows\LTMSG.exe
c:\windows\System32\hphmon05.exe
c:\windows\system32\rundll32.exe
c:\hp\KBD\KBD.EXE
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2013-04-01 14:05:57 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-01 19:05
.
Pre-Run: 95,084,449,792 bytes free
Post-Run: 95,245,488,128 bytes free
.
- - End Of File - - 5F203EAB90A7B3991DCB7B5F7205DE7F


Report •

#31
April 1, 2013 at 13:27:46
Great to see Combofix found these Autorun files in your usb drives and that setup.exe.
D:\Autorun.inf
L:\Autorun.inf
L:\setup.exe

We need to remove Combofix from your pc now.
Click Start, click Run, Copy and paste the following
combofix /uninstall
Then click "Ok"
Combofix will then start to load like before only this time it will remove it, again please don't touch anything while its running.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#32
April 1, 2013 at 15:10:44
Combofix is uninstalled, whats next?

Report •

#33
April 1, 2013 at 15:30:50
Hows your pc running now?

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#34
April 1, 2013 at 16:59:58
It is shutting itself down saying -The system has recovered from a serious error-

Report •

#35
April 1, 2013 at 17:11:39
http://techdows.com/2009/03/how-to-...

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#36
April 1, 2013 at 21:05:36
Followed steps, where would the file Pagefile.sys be found? Looked in C drive and didn't see it listed. Is it in another folder? It wants me to delete it but I can't find it.

Report •

#37
April 1, 2013 at 21:53:43
Go to Start, My Computer, Open your C:/ drive, on this page go to the Tools menu at the top of this window. Go to Folder Options, View tab, Go down the list until you find Hidden Files and Folders, Check mark Show Hidden Files and Folders.
Now have another look for it in the C:/ drive for the Pagefile.sys file and delete it restart your pc and under Virtual Memory set paging file size to Custom or System Managed Size.
The problem should be gone, don't forget to hide the files and folders again using the instruction above. In the reverse order.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#38
April 1, 2013 at 22:00:42
After that we will clean your Disk of traces and junk etc, then clean your Registry.

Download Wise Disk Cleaner
http://www.wisecleaner.com/wisedisk...
Run the two tabs from the left Common Cleaner and Advanced Cleaner.

Then download Wise Registry Cleaner
http://www.wisecleaner.com/wiseregi...
Run the two tabs from the left Registry Cleaner and System Tuneup.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#39
April 2, 2013 at 10:07:54
Maybe I'm having a bad day but both links in #38 look identical to me.

Or is there some clever reason for downloading it a second time?

Always pop back and let us know the outcome - thanks


Report •

#40
April 2, 2013 at 13:50:02
No the links are different :) have a look at the top of each page for the subtle changes...One says "Disk" the other "Registry"

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#41
April 2, 2013 at 13:57:01
Oh dear, I've failed the test again (but I do know who our Prime Minister is LOL).
Excuse the intrusion folks....

Always pop back and let us know the outcome - thanks


Report •

#42
April 2, 2013 at 14:03:14
All good Derek, Your help is always welcome and its good to know your watching over us all :)

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#43
April 2, 2013 at 19:28:56
So I deleted the pagefile and it is still shutting itself off and rebooting with same error. I went and did the steps again a second time just to make sure and same problem. Could it be something else?

I have already run The Wise disk cleaner but the pc shut down before I could do the Registry.


Report •

#44
April 2, 2013 at 20:49:22
Try this: https://kb.wisc.edu/helpdesk/page.p...
Running chckdsk /f from desktop half way down the page. And I will see if I can find anything else to help.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#45
April 3, 2013 at 14:48:29
I ran the chckdsk, it said the volume is clean.

Report •

#46
April 3, 2013 at 15:48:42
Try starting Windows in Safe Mode and then running Wise Registry Cleaner from there.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#47
April 3, 2013 at 20:36:49
Ran the Registry cleaner, had 923 issues found and 40 were unsafe. I cleaned them and 18 failed to be removed. They were in the Software paths, file types, application settings and the unistaller Ran scan a second time after cleaned and 15 failed to be removed.
I ran system tuneup and defrag, then ran scan third time, still 15 could not be removed.
Pc is still shutting itself off, seems like when I leave it to scan and not moving the mouse.

Report •

#48
April 4, 2013 at 21:46:10
Going over thread to see what caused the shutting off. Looks like Combofix so we will try a system restore to the 31/03/13 or before.
We will have to remove these two D:\Autorun.inf L:\Autorun.inf another way.
Let me know if you need help with the restore.
Remove all external drives and usb sticks etc.
Once you have gone back, download Naevius USB Antivirus from here:
http://www.naevius.com/usb_antiviru...
Once its installed, leave it open and connect the usb devices back up. It will scan them automatically.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#49
April 5, 2013 at 18:26:29
So I try to do a system restore and it will not let me go back before the month of April, plus no date in April is bold for me to check. I look at the system settings and there was a check in the box the says Tun off system restore on all drives! So I am guessing this means I do not have a restore point.

Report •

#50
April 5, 2013 at 18:44:00
Just whilst we are waiting for a comment from MrGoodguy.

You receive a "System Has Recovered from a Serious Error" message after every restart
http://support.microsoft.com/?kbid=...


Report •

#51
April 5, 2013 at 18:57:20
After trying my Paging File variation of what MrGoodguy gave you & you are still getting the error message, see if you can find a .dmp or dump file.

Copy & paste the dump (.dmp ) file onto your desktop & then upload it to a site of your choosing or use Image Uploader. Post the link please.
Minidump file is located in C:\Windows\Minidump
Kernel memory dump is located in C:\Windows\MEMORY.DMP

Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru

How to use.
http://i.imgur.com/C1qBB.gif
http://i.imgur.com/wqOKq.gif
http://i.imgur.com/PujnZ.gif


Report •

#52
April 5, 2013 at 19:31:00
Here is the image file that you requested Mr.Goodguy
[url=http://depositfiles.com/files/mfk3a5xvn]Mini040513-01.dmp[/url] [url=http://depositfiles.com/files/ay8g6gzmo]Mini040513-01.dmp[/url]

there were about ten of these files in the Memory folder.
I have tried a couple different times to delete the pagefile and it deletes it but still having the shutoff problem and then message comes up. I can sit and work on my computer and if I do that it doesnt shut off. But if I leave it to long or try a scan it shuts itself off.


Report •

#53
April 5, 2013 at 20:00:22
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: 98a3c110, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: f7bd0666, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)

Debugging Details:
------------------


Could not read faulting driver name
TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

READ_ADDRESS: GetUlongFromAddress: unable to read from 80567ce8
98a3c110

FAULTING_IP:
SYMEFA+d9666
f7bd0666 8b5010 mov edx,dword ptr [eax+10h]

MM_INTERNAL_CODE: 0

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: ccsvchst.exe

LAST_CONTROL_TRANSFER: from f7bcdff6 to f7bd0666

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
b234177c f7bcdff6 e9656d09 e69f8260 88880001 SYMEFA+0xd9666
b23417a4 f7bce021 e69f8260 e9656c89 b23417dc SYMEFA+0xd6ff6
b23417b4 f7bcdff6 e9656cc9 e69f8260 88880001 SYMEFA+0xd7021
b23417dc f7bce021 e69f8260 e9656c49 b2341814 SYMEFA+0xd6ff6
b23417ec f7bcdff6 e9656c89 e69f8260 88880001 SYMEFA+0xd7021
b2341814 f7bce021 e69f8260 e9656ac9 b234184c SYMEFA+0xd6ff6
b2341824 f7bcdff6 e9656c49 e69f8260 88880001 SYMEFA+0xd7021
b234184c f7bce021 e69f8260 e9656909 b2341880 SYMEFA+0xd6ff6
b234185c f7bcdff6 e9656ac9 e69f8260 88880001 SYMEFA+0xd7021
b2341880 f7bce021 e69f8260 e2fff780 b23418a4 SYMEFA+0xd6ff6
b2341890 f7bcf438 e9656909 e69f8260 88880001 SYMEFA+0xd7021
b23418a4 f7bd060f e69f8260 00000000 e966bf49 SYMEFA+0xd8438
b2341908 f7bcc0bd e966bf49 e69f8260 e69ca302 SYMEFA+0xd960f
b234191c f7bcbc39 e69ca302 e69f8260 e69f8260 SYMEFA+0xd50bd
b2341934 f7bcb42e 01110000 e69ca302 e69f81bc SYMEFA+0xd4c39
b23419d0 f7bca337 e69be000 00010000 e1ee9f50 SYMEFA+0xd442e
b23419f8 f7bca5cc e69be000 00010000 e69f8008 SYMEFA+0xd3337
b2341a20 f7bca505 01401758 00000000 00000000 SYMEFA+0xd35cc
b2341a50 f7bc98ed 00000000 c000003f 8056c684 SYMEFA+0xd3505
b2341a98 f7bc9cf7 40000000 00000008 e1979bc8 SYMEFA+0xd28ed
b2341aec f7bbf86a e1ee9f50 40000000 00000001 SYMEFA+0xd2cf7
b2341b2c f7bc3561 e1ee9e78 8879bf08 e1ee9e78 SYMEFA+0xc886a
b2341b74 f7bc0d92 e1ee9e78 87330400 87330390 SYMEFA+0xcc561
b2341c24 f7baaa7f 87330390 8a1f7028 8a335ba0 SYMEFA+0xc9d92
b2341c40 804e13eb 8a335a88 87330390 80702410 SYMEFA+0xb3a7f
b2341c50 805738eb 87330400 8a1f7028 87330390 nt!IopfCallDriver+0x31
b2341c64 8058226c 8a335a88 87330390 8a1f7028 nt!IopSynchronousServiceTail+0x70
b2341d00 80588ae7 000000e8 00003e40 00000000 nt!IopXxxControlFile+0x5ef
b2341d34 804dd99f 000000e8 00003e40 00000000 nt!NtDeviceIoControlFile+0x2a
b2341d34 7c90e514 000000e8 00003e40 00000000 nt!KiFastCallEntry+0xfc
08b7e6d0 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND: kb

FOLLOWUP_IP:
SYMEFA+d9666
f7bd0666 8b5010 mov edx,dword ptr [eax+10h]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: SYMEFA+d9666

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: SYMEFA

IMAGE_NAME: SYMEFA.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 4fb6f774

FAILURE_BUCKET_ID: 0x50_SYMEFA+d9666

BUCKET_ID: 0x50_SYMEFA+d9666

Followup: MachineOwner
---------


Report •

#54
April 5, 2013 at 20:03:32
PAGE_FAULT_IN_NONPAGED_AREA
https://www.google.com/search?q=PAG...

Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREA
http://msdn.microsoft.com/en-us/lib...


Report •

#55
April 5, 2013 at 21:30:12
✔ Best Answer
Post #53
FAULTING_IP:
SYMEFA+d9666

That is an Norton problem, uninstall it.
https://support.norton.com/sp/en/au...

I use Microsoft Security Essentials ( MSE )
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.techsupportalert.com/bes...
http://windows.microsoft.com/en-US/...
System requirements
http://www.microsoft.com/en-us/secu...
Can Microsoft Security Essentials ( MSE ) protect me from online banking and shopping.
http://answers.microsoft.com/en-us/...
If you choose to use Security Essentials, please follow the steps in this thread first, especially the part about removing all existing realtime antimalware:
http://kb.eset.com/esetkb/index?pag...


Report •

#56
April 5, 2013 at 21:55:27
So is the other problem a Norton problem as well? From Post#20, when I ran the other virus scanners they come back saying they are clean but Norton Power eraser kept saying the L:/video.exe was bad?

Report •

#57
April 5, 2013 at 22:12:26
"So is the other problem a Norton problem as well?"
No idea, get rid of Norton & lets find out.

Report •

#58
April 6, 2013 at 20:32:18
I uninstalled Norton. I believe it has fixed the shutting off problem. I had let my PC sit idle for over two hours and it didn't shut off.

I wanted to see if the other problem still existed about the L:/video.exe file, it does but only to the Norton Power eraser. I ran a Malwarebytes scan and it came back clean on both of my disks. So how do I know if the virus is gone? And why is Norton power eraser the only one saying that this file is bad?

On another note another error pops up when pc starts up, it says file is to long. C:/program files\Hewlett-packard\digital imaging\{18e0918e-1060-48f3-925c-56c82e88551b}


Report •

#59
April 6, 2013 at 21:30:50
"Norton power eraser"
Same story, it is causing problems, uninstall using Revo.

If Revo dosn't pick it up, let me know.

Revo Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.revouninstaller.com/
Open Revo, double click on a program logo, click > Yes & then you get your options, with Advanced down the bottom.
If you have partially uninstalled your program, you get a message from Revo, that it can't find the uninstaller, hit Cancel & let Revo continue on, to search for the remnants.
If you get a reboot message, ignore it & do it after Revo has finished.
I use Advanced Mode. Screenshots of how to use.
http://i.imgur.com/dXJGX1q.gif
http://i.imgur.com/VonCA.gif
http://i.imgur.com/fGmmb.gif
http://i.imgur.com/pdhbV.gif
http://i.imgur.com/fIgy0.gif
http://i.imgur.com/tDH9Z.gif
http://i.imgur.com/DbfgN.gif
http://i.imgur.com/tDafK.gif
http://i.imgur.com/Bz5j9.gif
http://i.imgur.com/X5S5I.gif


Report •

#60
April 6, 2013 at 21:33:51
"On another note another error pops up when pc starts up"
Let's deal with the Norton problem first, one thing at a time, small steps.

Report •

#61
April 7, 2013 at 19:56:26
okay I unistalled all Norton, Symantec products. How do I make sure I am virus free?

Report •

#62
April 7, 2013 at 20:07:49
"okay I unistalled all Norton, Symantec products. How do I make sure I am virus free?"

Lets start here to see how secure you are.

Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Save it to your Desktop.
* Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; please post the contents of that document.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.


Report •

#63
April 7, 2013 at 20:43:49
Results of screen317's Security Check version 0.99.62
Windows XP Service Pack 3 x86
Internet Explorer 8
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
ESET Online Scanner v3
Trend Micro RUBotted 2.0 Beta
Microsoft Security Essentials
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Windows Defender
CCleaner
Wise Disk Cleaner 7.79
Wise Registry Cleaner 7.67
Java Web Start
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java 2 Runtime Environment, SE v1.4.1_02
[color=red][b]Java version out of Date![/b][/color]
Adobe Flash Player 11.6.602.180
Adobe Reader 10.1.6 [color=red][b]Adobe Reader out of Date![/b][/color]
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Trend Micro RUBotted RUBotSrv.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C:: 0%
[b][u]````````````````````End of Log``````````````````````[/b][/u]

Report •

#64
April 7, 2013 at 20:55:07
To improve your security, these need updating.

Java 2 Runtime Environment, SE v1.4.1_02
[color=red][b]Java version out of Date!

Adobe Reader 10.1.6 [color=red][b]Adobe Reader out of Date!


Report •

#65
April 7, 2013 at 21:01:11
After the above, run these (yes I know you have already run the Wise programs) in this order please.

1: TFC
http://www.geekstogo.com/forum/file...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

2: Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.

3: Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.


Report •

#66
April 7, 2013 at 21:28:37
I just googled Trend Micro RUBotted, it hasn't been updated for years. Use Revo to uninstall.

http://downloadcenter.trendmicro.co...


Report •

#67
April 8, 2013 at 18:58:33
I uninstalled the old Java and Adobe reader and also RUBotted. Here is the new scan to see if I am more secure. It looks like it is still saying my Java is out of date. I had Java 2 and now I have Java 6 what number should I have?

Windows XP Service Pack 3 x86
Internet Explorer 8
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Windows Defender
CCleaner
Wise Disk Cleaner 7.79
Wise Registry Cleaner 7.67
Java Web Start
Java(TM) 6 Update 2
[color=red][b]Java version out of Date![/b][/color]
Adobe Flash Player 11.6.602.180
Adobe Reader XI
Google Chrome 22.0.1229.95
Google Chrome 26.0.1410.43
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C:: 2%
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Report •

#68
April 8, 2013 at 19:09:08
I don't use java myself.

java download

http://is.gd/MNWc4q

http://java.com/en/download/index.jsp

Or, you can update it from Control Panel.


Report •

#69
April 8, 2013 at 20:25:27
Java has been updated. I ran the temp file cleaner and the Wise disk and Registry cleaner in the order you told me to and rebooted each time. Whats next?

Report •

#70
April 8, 2013 at 20:32:48
Copy & Paste the contents of the log/logs after running each program please.

Run TDSSKiller
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://support.kaspersky.com/faq/?q...
http://support.kaspersky.com/viruse...


Report •

#71
April 8, 2013 at 21:12:56
I give you all the lifetime achievement award for your perseverance.

Report •

#72
April 9, 2013 at 19:44:41
The log was too long, it would not let me paste it all in one follow up so I had to break it up. Here is the first part...
21:18:41.0086 3764 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:18:41.0430 3764 ============================================================
21:18:41.0430 3764 Current date / time: 2013/04/09 21:18:41.0430
21:18:41.0430 3764 SystemInfo:
21:18:41.0430 3764
21:18:41.0430 3764 OS Version: 5.1.2600 ServicePack: 3.0
21:18:41.0430 3764 Product type: Workstation
21:18:41.0430 3764 ComputerName: HOME
21:18:41.0430 3764 UserName: Owner
21:18:41.0430 3764 Windows directory: C:\WINDOWS
21:18:41.0430 3764 System windows directory: C:\WINDOWS
21:18:41.0430 3764 Processor architecture: Intel x86
21:18:41.0430 3764 Number of processors: 2
21:18:41.0430 3764 Page size: 0x1000
21:18:41.0430 3764 Boot type: Normal boot
21:18:41.0430 3764 ============================================================
21:18:45.0867 3764 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
21:18:51.0695 3764 Drive \Device\Harddisk5\DR7 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:18:51.0695 3764 ============================================================
21:18:51.0695 3764 \Device\Harddisk0\DR0:
21:18:51.0711 3764 MBR partitions:
21:18:51.0711 3764 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xB1E0F1
21:18:51.0711 3764 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xB1E130, BlocksNum 0x11EF6AD0
21:18:51.0711 3764 \Device\Harddisk5\DR7:
21:18:51.0711 3764 MBR partitions:
21:18:51.0711 3764 \Device\Harddisk5\DR7\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
21:18:51.0711 3764 ============================================================
21:18:51.0836 3764 C: <-> \Device\Harddisk0\DR0\Partition2
21:18:51.0836 3764 D: <-> \Device\Harddisk0\DR0\Partition1
21:18:51.0851 3764 L: <-> \Device\Harddisk5\DR7\Partition1
21:18:51.0851 3764 ============================================================
21:18:51.0851 3764 Initialize success
21:18:51.0851 3764 ============================================================
21:19:07.0945 3968 ============================================================
21:19:07.0945 3968 Scan started
21:19:07.0945 3968 Mode: Manual;
21:19:07.0945 3968 ============================================================
21:19:09.0180 3968 ================ Scan system memory ========================
21:19:09.0195 3968 System memory - ok
21:19:09.0195 3968 ================ Scan services =============================
21:19:10.0195 3968 Abiosdsk - ok
21:19:10.0211 3968 abp480n5 - ok
21:19:10.0320 3968 ACDaemon - ok
21:19:10.0351 3968 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:19:10.0367 3968 ACPI - ok
21:19:10.0414 3968 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:19:10.0414 3968 ACPIEC - ok
21:19:10.0508 3968 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:19:10.0523 3968 AdobeFlashPlayerUpdateSvc - ok
21:19:10.0539 3968 adpu160m - ok
21:19:10.0570 3968 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:19:10.0570 3968 aec - ok
21:19:10.0617 3968 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:19:10.0617 3968 AFD - ok
21:19:10.0648 3968 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
21:19:10.0648 3968 AFS2K - ok
21:19:10.0695 3968 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
21:19:10.0695 3968 agp440 - ok
21:19:10.0711 3968 Aha154x - ok
21:19:10.0726 3968 aic78u2 - ok
21:19:10.0742 3968 aic78xx - ok
21:19:10.0805 3968 [ FBBCB95F677CBAA924140B6EA2D9A97B ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS
21:19:10.0820 3968 ALCXSENS - ok
21:19:10.0945 3968 [ 8D6C30E515717248E0E52B85FD7AC466 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:19:11.0039 3968 ALCXWDM - ok
21:19:11.0086 3968 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:19:11.0086 3968 Alerter - ok
21:19:11.0117 3968 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:19:11.0117 3968 ALG - ok
21:19:11.0133 3968 AliIde - ok
21:19:11.0195 3968 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
21:19:11.0195 3968 AmdK7 - ok
21:19:11.0211 3968 amsint - ok
21:19:11.0289 3968 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:19:11.0289 3968 Apple Mobile Device - ok
21:19:11.0305 3968 AppMgmt - ok
21:19:11.0351 3968 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:19:11.0367 3968 Arp1394 - ok
21:19:11.0383 3968 asc - ok
21:19:11.0398 3968 asc3350p - ok
21:19:11.0430 3968 asc3550 - ok
21:19:11.0586 3968 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:19:11.0664 3968 aspnet_state - ok
21:19:11.0695 3968 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:19:11.0695 3968 AsyncMac - ok
21:19:11.0758 3968 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:19:11.0758 3968 atapi - ok
21:19:11.0773 3968 Atdisk - ok
21:19:11.0820 3968 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:19:11.0820 3968 Atmarpc - ok
21:19:11.0867 3968 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:19:11.0867 3968 AudioSrv - ok
21:19:11.0914 3968 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:19:11.0914 3968 audstub - ok
21:19:11.0992 3968 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:19:11.0992 3968 Beep - ok
21:19:12.0070 3968 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:19:12.0164 3968 BITS - ok
21:19:12.0258 3968 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:19:12.0305 3968 Bonjour Service - ok
21:19:12.0351 3968 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
21:19:12.0351 3968 Browser - ok
21:19:12.0398 3968 catchme - ok
21:19:12.0430 3968 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:19:12.0445 3968 cbidf2k - ok
21:19:12.0508 3968 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:19:12.0508 3968 CCDECODE - ok
21:19:12.0523 3968 cd20xrnt - ok
21:19:12.0570 3968 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:19:12.0570 3968 Cdaudio - ok
21:19:12.0601 3968 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:19:12.0617 3968 Cdfs - ok
21:19:12.0680 3968 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:19:12.0680 3968 Cdrom - ok
21:19:12.0695 3968 Changer - ok
21:19:12.0758 3968 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:19:12.0758 3968 CiSvc - ok
21:19:12.0789 3968 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:19:12.0789 3968 ClipSrv - ok
21:19:12.0820 3968 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:19:12.0898 3968 clr_optimization_v2.0.50727_32 - ok
21:19:12.0976 3968 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:19:12.0992 3968 clr_optimization_v4.0.30319_32 - ok
21:19:13.0008 3968 CmdIde - ok
21:19:13.0023 3968 COMSysApp - ok
21:19:13.0055 3968 Cpqarray - ok
21:19:13.0117 3968 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:19:13.0117 3968 CryptSvc - ok
21:19:13.0133 3968 dac2w2k - ok
21:19:13.0164 3968 dac960nt - ok
21:19:13.0195 3968 [ F24360AE209C8E75DA51EC3BECBE05DF ] DCamUSBUVT C:\WINDOWS\system32\Drivers\usbuvt.sys
21:19:13.0211 3968 DCamUSBUVT - ok
21:19:13.0258 3968 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:19:13.0320 3968 DcomLaunch - ok
21:19:13.0367 3968 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:19:13.0383 3968 Dhcp - ok
21:19:13.0430 3968 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:19:13.0430 3968 Disk - ok
21:19:13.0445 3968 dmadmin - ok
21:19:13.0492 3968 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:19:13.0523 3968 dmboot - ok
21:19:13.0555 3968 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:19:13.0555 3968 dmio - ok
21:19:13.0586 3968 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:19:13.0586 3968 dmload - ok
21:19:13.0617 3968 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:19:13.0617 3968 dmserver - ok
21:19:13.0648 3968 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:19:13.0648 3968 DMusic - ok
21:19:13.0695 3968 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:19:13.0695 3968 Dnscache - ok
21:19:13.0742 3968 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:19:13.0742 3968 Dot3svc - ok
21:19:13.0758 3968 dpti2o - ok
21:19:13.0805 3968 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:19:13.0805 3968 drmkaud - ok
21:19:13.0851 3968 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:19:13.0851 3968 EapHost - ok
21:19:13.0898 3968 [ 7EC42EC12A4BAC14BCCA99FB06F2D125 ] elagopro C:\WINDOWS\system32\DRIVERS\elagopro.sys
21:19:13.0898 3968 elagopro - ok
21:19:13.0945 3968 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] elaunidr C:\WINDOWS\system32\DRIVERS\elaunidr.sys
21:19:13.0945 3968 elaunidr - ok
21:19:14.0055 3968 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
21:19:14.0055 3968 EpsonBidirectionalService - ok
21:19:14.0101 3968 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:19:14.0101 3968 ERSvc - ok
21:19:14.0164 3968 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:19:14.0164 3968 Eventlog - ok
21:19:14.0226 3968 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
21:19:14.0242 3968 EventSystem - ok
21:19:14.0273 3968 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:19:14.0289 3968 Fastfat - ok
21:19:14.0351 3968 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:19:14.0367 3968 FastUserSwitchingCompatibility - ok
21:19:14.0414 3968 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
21:19:14.0430 3968 Fax - ok
21:19:14.0461 3968 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:19:14.0508 3968 Fdc - ok
21:19:14.0555 3968 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:19:14.0570 3968 Fips - ok
21:19:14.0586 3968 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:19:14.0617 3968 Flpydisk - ok
21:19:14.0680 3968 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:19:14.0695 3968 FltMgr - ok
21:19:14.0789 3968 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:19:14.0789 3968 FontCache3.0.0.0 - ok
21:19:14.0820 3968 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:19:14.0820 3968 Fs_Rec - ok
21:19:14.0867 3968 [ B283F1BC1FF852BD232449A4B3E3CE63 ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
21:19:14.0867 3968 FTDIBUS - ok
21:19:14.0898 3968 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:19:14.0898 3968 Ftdisk - ok
21:19:14.0945 3968 [ 678A73F56DDF84A08C31123C386E9967 ] FTSER2K C:\WINDOWS\system32\drivers\ftser2k.sys
21:19:14.0945 3968 FTSER2K - ok
21:19:14.0961 3968 GdFsHook - ok
21:19:14.0976 3968 GdTdi - ok
21:19:15.0008 3968 [ DF6E37B27A9A1A498C6D9F29995B7A03 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:19:15.0008 3968 GEARAspiWDM - ok
21:19:15.0101 3968 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
21:19:15.0117 3968 GoogleDesktopManager-051210-111108 - ok
21:19:15.0164 3968 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:19:15.0211 3968 Gpc - ok
21:19:15.0367 3968 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:19:15.0383 3968 gupdate - ok
21:19:15.0414 3968 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:19:15.0414 3968 gupdatem - ok
21:19:15.0508 3968 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:19:15.0508 3968 gusvc - ok
21:19:15.0570 3968 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:19:15.0570 3968 helpsvc - ok
21:19:15.0586 3968 HidServ - ok
21:19:15.0633 3968 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:19:15.0633 3968 HidUsb - ok
21:19:15.0680 3968 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:19:15.0680 3968 hkmsvc - ok
21:19:15.0695 3968 hpn - ok
21:19:15.0742 3968 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:19:15.0742 3968 HPZid412 - ok
21:19:15.0773 3968 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:19:15.0773 3968 HPZipr12 - ok
21:19:15.0820 3968 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:19:15.0820 3968 HPZius12 - ok
21:19:15.0867 3968 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:19:15.0883 3968 HTTP - ok
21:19:15.0930 3968 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:19:15.0930 3968 HTTPFilter - ok
21:19:15.0945 3968 i2omgmt - ok
21:19:15.0961 3968 i2omp - ok
21:19:16.0039 3968 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:19:16.0039 3968 i8042prt - ok
21:19:16.0086 3968 [ 1406D6EF4436AEE970EFE13193123965 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:19:16.0086 3968 ialm - ok
21:19:16.0164 3968 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:19:16.0164 3968 IDriverT - ok
21:19:16.0258 3968 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:19:16.0289 3968 idsvc - ok
21:19:16.0320 3968 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:19:16.0320 3968 Imapi - ok
21:19:16.0383 3968 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:19:16.0383 3968 ImapiService - ok
21:19:16.0414 3968 ini910u - ok
21:19:16.0461 3968 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\System32\DRIVERS\intelide.sys
21:19:16.0476 3968 IntelIde - ok
21:19:16.0523 3968 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:19:16.0523 3968 intelppm - ok
21:19:16.0601 3968 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
21:19:16.0601 3968 IntuitUpdateService - ok
21:19:16.0648 3968 [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
21:19:16.0664 3968 IntuitUpdateServiceV4 - ok
21:19:16.0695 3968 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:19:16.0695 3968 ip6fw - ok
21:19:16.0742 3968 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:19:16.0758 3968 IpFilterDriver - ok
21:19:16.0789 3968 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:19:16.0805 3968 IpInIp - ok
21:19:16.0836 3968 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:19:16.0851 3968 IpNat - ok
21:19:16.0914 3968 [ 3A6D4D8ABACF64292D060C9E06D2050D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:19:16.0961 3968 iPod Service - ok
21:19:16.0992 3968 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:19:16.0992 3968 IPSec - ok
21:19:17.0023 3968 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:19:17.0023 3968 IRENUM - ok
21:19:17.0070 3968 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:19:17.0070 3968 isapnp - ok
21:19:17.0242 3968 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
21:19:17.0242 3968 JavaQuickStarterService - ok
21:19:17.0273 3968 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:19:17.0273 3968 Kbdclass - ok
21:19:17.0320 3968 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:19:17.0336 3968 kmixer - ok
21:19:17.0383 3968 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:19:17.0383 3968 KSecDD - ok
21:19:17.0430 3968 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:19:17.0445 3968 lanmanserver - ok
21:19:17.0492 3968 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:19:17.0523 3968 lanmanworkstation - ok
21:19:17.0539 3968 lbrtfdc - ok
21:19:17.0930 3968 [ 32F1B95C60042F3D95FC8AB43559B3B1 ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
21:19:18.0445 3968 LeapFrog Connect Device Service - ok
21:19:18.0492 3968 [ 5CFFDA921FE0C9E9EBDE3150D3C81594 ] Leapfrog-USBLAN C:\WINDOWS\system32\DRIVERS\btblan.sys
21:19:18.0492 3968 Leapfrog-USBLAN - ok
21:19:18.0539 3968 [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:19:18.0664 3968 LightScribeService - ok
21:19:18.0695 3968 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:19:18.0711 3968 LmHosts - ok
21:19:18.0773 3968 [ 3070246FBA35AA2E0C2251D55F5848F8 ] ltmodem5 C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
21:19:18.0805 3968 ltmodem5 - ok
21:19:18.0867 3968 [ 269C14D512B74CC28D2812FF7D1EB066 ] MarvinBus C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
21:19:19.0023 3968 MarvinBus - ok
21:19:19.0070 3968 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:19:19.0070 3968 Messenger - ok
21:19:19.0117 3968 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:19:19.0117 3968 mnmdd - ok
21:19:19.0164 3968 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
21:19:19.0164 3968 mnmsrvc - ok



Report •

#73
April 9, 2013 at 19:46:12
Here is the second part...

21:19:19.0226 3968 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:19:19.0226 3968 Modem - ok
21:19:19.0242 3968 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:19:19.0242 3968 Mouclass - ok
21:19:19.0273 3968 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:19:19.0289 3968 MountMgr - ok
21:19:19.0320 3968 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:19:19.0336 3968 MpFilter - ok
21:19:19.0461 3968 [ A69630D039C38018689190234F866D77 ] MpKsledb669b9 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{328B67CC-D34F-4750-981D-17D471709F63}\MpKsledb669b9.sys
21:19:19.0461 3968 MpKsledb669b9 - ok
21:19:19.0492 3968 mraid35x - ok
21:19:19.0539 3968 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:19:19.0539 3968 MRxDAV - ok
21:19:19.0601 3968 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:19:19.0617 3968 MRxSmb - ok
21:19:19.0664 3968 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
21:19:19.0664 3968 MSDTC - ok
21:19:19.0711 3968 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:19:19.0711 3968 Msfs - ok
21:19:19.0726 3968 MSIServer - ok
21:19:19.0758 3968 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:19:19.0758 3968 MSKSSRV - ok
21:19:19.0789 3968 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
21:19:19.0805 3968 MsMpSvc - ok
21:19:19.0836 3968 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:19:19.0836 3968 MSPCLOCK - ok
21:19:19.0867 3968 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:19:19.0867 3968 MSPQM - ok
21:19:19.0914 3968 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:19:19.0914 3968 mssmbios - ok
21:19:19.0945 3968 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:19:19.0945 3968 MSTEE - ok
21:19:19.0976 3968 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:19:19.0976 3968 Mup - ok
21:19:20.0055 3968 [ C6EEE2261681396E36F3D8A003582C9E ] MxlW2k C:\WINDOWS\system32\drivers\MxlW2k.sys
21:19:20.0133 3968 MxlW2k - ok
21:19:20.0164 3968 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:19:20.0180 3968 NABTSFEC - ok
21:19:20.0211 3968 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:19:20.0226 3968 napagent - ok
21:19:20.0320 3968 [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
21:19:20.0351 3968 NAUpdate - ok
21:19:20.0383 3968 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:19:20.0383 3968 NDIS - ok
21:19:20.0414 3968 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:19:20.0414 3968 NdisIP - ok
21:19:20.0461 3968 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:19:20.0461 3968 NdisTapi - ok
21:19:20.0508 3968 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:19:20.0508 3968 Ndisuio - ok
21:19:20.0539 3968 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:19:20.0539 3968 NdisWan - ok
21:19:20.0601 3968 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:19:20.0601 3968 NDProxy - ok
21:19:20.0680 3968 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:19:20.0680 3968 NetBIOS - ok
21:19:20.0789 3968 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:19:20.0851 3968 NetBT - ok
21:19:20.0898 3968 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:19:20.0930 3968 NetDDE - ok
21:19:20.0961 3968 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:19:20.0961 3968 NetDDEdsdm - ok
21:19:21.0008 3968 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:19:21.0008 3968 Netlogon - ok
21:19:21.0008 3968 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:19:21.0023 3968 Netman - ok
21:19:21.0070 3968 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:19:21.0086 3968 NetTcpPortSharing - ok
21:19:21.0117 3968 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:19:21.0117 3968 NIC1394 - ok
21:19:21.0180 3968 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:19:21.0180 3968 Nla - ok
21:19:21.0226 3968 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\npf.sys
21:19:21.0226 3968 NPF - ok
21:19:21.0242 3968 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:19:21.0258 3968 Npfs - ok
21:19:21.0305 3968 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:19:21.0336 3968 Ntfs - ok
21:19:21.0367 3968 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
21:19:21.0367 3968 NtLmSsp - ok
21:19:21.0430 3968 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:19:21.0461 3968 NtmsSvc - ok
21:19:21.0492 3968 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:19:21.0508 3968 Null - ok
21:19:21.0601 3968 [ 1685A86CE8DC5A70D307DCA625FB50E7 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:19:21.0664 3968 nv - ok
21:19:21.0695 3968 [ 697A09635E30D3722E1124EC33FACE15 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
21:19:21.0695 3968 NVSvc - ok
21:19:21.0742 3968 [ 29291C3A7256337327051CC37E4FC09A ] nv_agp C:\WINDOWS\system32\DRIVERS\nv_agp.sys
21:19:21.0742 3968 nv_agp - ok
21:19:21.0789 3968 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:19:21.0789 3968 NwlnkFlt - ok
21:19:21.0805 3968 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:19:21.0820 3968 NwlnkFwd - ok
21:19:21.0851 3968 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:19:21.0851 3968 ohci1394 - ok
21:19:21.0945 3968 [ 7FA2A1A45435DC851790C0FD5F54612B ] omniserv C:\Program Files\Softex\OmniPass\Omniserv.exe
21:19:21.0945 3968 omniserv - ok
21:19:21.0992 3968 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:19:22.0008 3968 Parport - ok
21:19:22.0055 3968 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:19:22.0055 3968 PartMgr - ok
21:19:22.0148 3968 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:19:22.0148 3968 ParVdm - ok
21:19:22.0164 3968 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:19:22.0180 3968 PCI - ok
21:19:22.0195 3968 PCIDump - ok
21:19:22.0211 3968 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:19:22.0211 3968 PCIIde - ok
21:19:22.0242 3968 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:19:22.0258 3968 Pcmcia - ok
21:19:22.0258 3968 PDCOMP - ok
21:19:22.0289 3968 PDFRAME - ok
21:19:22.0305 3968 PDRELI - ok
21:19:22.0320 3968 PDRFRAME - ok
21:19:22.0336 3968 perc2 - ok
21:19:22.0351 3968 perc2hib - ok
21:19:22.0430 3968 [ ED2E7F396B4098608C95BC3806BDF6FC ] pfc C:\WINDOWS\system32\drivers\pfc.sys
21:19:22.0461 3968 pfc - ok
21:19:22.0523 3968 [ 69D758132FFDFC7AC8B0B2C3ABCCE877 ] PinnacleMarvinUsb C:\WINDOWS\system32\DRIVERS\MarvinUsb.sys
21:19:22.0555 3968 PinnacleMarvinUsb - ok
21:19:22.0570 3968 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:19:22.0570 3968 PlugPlay - ok
21:19:22.0617 3968 [ 5C1CADD1CB67C0B9D8A84EC6E4D6B5CC ] Pml Driver HPZ12 C:\WINDOWS\System32\HPZipm12.exe
21:19:22.0617 3968 Pml Driver HPZ12 - ok
21:19:22.0648 3968 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:19:22.0648 3968 PolicyAgent - ok
21:19:22.0711 3968 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:19:22.0711 3968 PptpMiniport - ok
21:19:22.0726 3968 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:19:22.0726 3968 Processor - ok
21:19:22.0758 3968 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:19:22.0758 3968 ProtectedStorage - ok
21:19:22.0805 3968 [ BFFDB363485501A38F0BCA83AEC810DB ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys
21:19:22.0820 3968 Ps2 - ok
21:19:22.0836 3968 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:19:22.0836 3968 PSched - ok
21:19:22.0883 3968 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:19:22.0883 3968 Ptilink - ok
21:19:22.0914 3968 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
21:19:22.0914 3968 PxHelp20 - ok
21:19:22.0930 3968 ql1080 - ok
21:19:22.0945 3968 Ql10wnt - ok
21:19:22.0961 3968 ql12160 - ok
21:19:22.0976 3968 ql1240 - ok
21:19:23.0008 3968 ql1280 - ok
21:19:23.0039 3968 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:19:23.0039 3968 RasAcd - ok
21:19:23.0070 3968 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:19:23.0086 3968 RasAuto - ok
21:19:23.0164 3968 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:19:23.0164 3968 Rasl2tp - ok
21:19:23.0226 3968 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:19:23.0273 3968 RasMan - ok
21:19:23.0289 3968 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:19:23.0289 3968 RasPppoe - ok
21:19:23.0305 3968 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:19:23.0305 3968 Raspti - ok
21:19:23.0351 3968 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:19:23.0351 3968 Rdbss - ok
21:19:23.0383 3968 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:19:23.0383 3968 RDPCDD - ok
21:19:23.0445 3968 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:19:23.0461 3968 RDPWD - ok
21:19:23.0492 3968 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:19:23.0492 3968 RDSessMgr - ok
21:19:23.0539 3968 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:19:23.0539 3968 redbook - ok
21:19:23.0570 3968 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:19:23.0586 3968 RemoteAccess - ok
21:19:23.0617 3968 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
21:19:23.0648 3968 Revoflt - ok
21:19:23.0789 3968 [ 05FC44D32A144925EAE45570029FD6E1 ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
21:19:23.0836 3968 RoxMediaDB10 - ok
21:19:23.0883 3968 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
21:19:23.0898 3968 rpcapd - ok
21:19:23.0930 3968 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
21:19:23.0945 3968 RpcLocator - ok
21:19:23.0992 3968 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:19:23.0992 3968 RpcSs - ok
21:19:24.0039 3968 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
21:19:24.0055 3968 RSVP - ok
21:19:24.0086 3968 [ 3529828EC571FB2F64F6B142F9109993 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
21:19:24.0101 3968 RTL8023xp - ok
21:19:24.0133 3968 [ 2EF9C0DC26B30B2318B1FC3FAA1F0AE7 ] rtl8139 C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
21:19:24.0133 3968 rtl8139 - ok
21:19:24.0164 3968 [ AABB1D240862349181F5350DD62FAAE7 ] RxFilter C:\WINDOWS\system32\DRIVERS\RxFilter.sys
21:19:24.0164 3968 RxFilter - ok
21:19:24.0211 3968 [ 0DBCC071A268E0340A2BA6BDD98BACE4 ] S3Psddr C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
21:19:24.0211 3968 S3Psddr - ok
21:19:24.0242 3968 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:19:24.0258 3968 SamSs - ok
21:19:24.0289 3968 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:19:24.0305 3968 SCardSvr - ok
21:19:24.0351 3968 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:19:24.0367 3968 Schedule - ok
21:19:24.0414 3968 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:19:24.0414 3968 Secdrv - ok
21:19:24.0461 3968 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:19:24.0461 3968 seclogon - ok
21:19:24.0508 3968 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:19:24.0523 3968 SENS - ok
21:19:24.0570 3968 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:19:24.0570 3968 Serenum - ok
21:19:24.0586 3968 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:19:24.0601 3968 Serial - ok
21:19:24.0648 3968 [ 1F16931C722C69E4A7866244796C66A0 ] sermouse C:\WINDOWS\system32\DRIVERS\sermouse.sys
21:19:24.0648 3968 sermouse - ok
21:19:24.0758 3968 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:19:24.0758 3968 Sfloppy - ok
21:19:24.0836 3968 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:19:24.0851 3968 SharedAccess - ok
21:19:24.0898 3968 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:19:24.0898 3968 ShellHWDetection - ok
21:19:24.0914 3968 Simbad - ok
21:19:24.0992 3968 [ BDFEF5C5D41BA377852389E8F07104EA ] SiS315 C:\WINDOWS\system32\DRIVERS\sisgrp.sys
21:19:25.0008 3968 SiS315 - ok
21:19:25.0039 3968 [ 923D23638C616EECB0D811461161D0B8 ] SISAGP C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
21:19:25.0039 3968 SISAGP - ok
21:19:25.0070 3968 [ 7E9E5823AFBB5AF2851ABB1659FF627D ] SiSkp C:\WINDOWS\system32\DRIVERS\srvkp.sys
21:19:25.0070 3968 SiSkp - ok
21:19:25.0117 3968 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:19:25.0117 3968 SLIP - ok
21:19:25.0148 3968 Sparrow - ok
21:19:25.0180 3968 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:19:25.0180 3968 splitter - ok
21:19:25.0226 3968 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:19:25.0226 3968 Spooler - ok
21:19:25.0273 3968 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:19:25.0273 3968 sr - ok
21:19:25.0320 3968 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:19:25.0336 3968 srservice - ok
21:19:25.0383 3968 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:19:25.0398 3968 Srv - ok
21:19:25.0445 3968 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:19:25.0461 3968 SSDPSRV - ok
21:19:25.0492 3968 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
21:19:25.0492 3968 StillCam - ok
21:19:25.0555 3968 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:19:25.0570 3968 stisvc - ok
21:19:25.0617 3968 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:19:25.0680 3968 stllssvr - ok
21:19:25.0711 3968 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:19:25.0711 3968 streamip - ok
21:19:25.0758 3968 [ A3DF1466AAFDC62B21765072C5EDAA9A ] SunkFilt C:\WINDOWS\System32\Drivers\sunkfilt.sys
21:19:25.0805 3968 SunkFilt - ok
21:19:25.0805 3968 Sunkfiltp - ok
21:19:25.0867 3968 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:19:25.0867 3968 swenum - ok
21:19:25.0898 3968 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:19:25.0898 3968 swmidi - ok
21:19:25.0914 3968 SwPrv - ok
21:19:25.0945 3968 symc810 - ok
21:19:25.0961 3968 symc8xx - ok
21:19:25.0976 3968 sym_hi - ok
21:19:25.0992 3968 sym_u3 - ok
21:19:26.0023 3968 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:19:26.0023 3968 sysaudio - ok
21:19:26.0070 3968 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:19:26.0133 3968 SysmonLog - ok
21:19:26.0289 3968 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:19:26.0351 3968 TapiSrv - ok
21:19:26.0430 3968 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:19:26.0445 3968 Tcpip - ok
21:19:26.0476 3968 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:19:26.0476 3968 TDPIPE - ok
21:19:26.0508 3968 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:19:26.0508 3968 TDTCP - ok
21:19:26.0539 3968 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:19:26.0539 3968 TermDD - ok
21:19:26.0601 3968 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:19:26.0633 3968 TermService - ok
21:19:26.0664 3968 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:19:26.0680 3968 Themes - ok
21:19:26.0695 3968 TosIde - ok
21:19:26.0742 3968 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:19:26.0758 3968 TrkWks - ok
21:19:26.0805 3968 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:19:26.0805 3968 Udfs - ok
21:19:26.0836 3968 ultra - ok
21:19:26.0898 3968 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:19:26.0930 3968 Update - ok
21:19:26.0992 3968 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:19:26.0992 3968 upnphost - ok
21:19:27.0039 3968 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:19:27.0039 3968 UPS - ok
21:19:27.0086 3968 [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:19:27.0164 3968 USBAAPL - ok
21:19:27.0195 3968 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:19:27.0195 3968 usbaudio - ok
21:19:27.0242 3968 [ 3E215D9BF5F21683F11E807D86A8613F ] USBAV708 C:\WINDOWS\system32\DRIVERS\USBAV708.SYS
21:19:27.0320 3968 USBAV708 - ok
21:19:27.0367 3968 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:19:27.0367 3968 usbccgp - ok
21:19:27.0383 3968 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:19:27.0383 3968 usbehci - ok
21:19:27.0430 3968 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:19:27.0445 3968 usbhub - ok
21:19:27.0476 3968 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:19:27.0476 3968 usbohci - ok
21:19:27.0508 3968 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:19:27.0508 3968 usbprint - ok
21:19:27.0539 3968 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:19:27.0539 3968 usbscan - ok
21:19:27.0555 3968 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:19:27.0555 3968 USBSTOR - ok
21:19:27.0586 3968 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:19:27.0586 3968 usbuhci - ok
21:19:27.0633 3968 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:19:27.0648 3968 VgaSave - ok
21:19:27.0695 3968 [ 0E3E3FAE3A0A58B8D936A8E841A17D16 ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
21:19:27.0695 3968 viaagp1 - ok
21:19:27.0726 3968 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\System32\DRIVERS\viaide.sys
21:19:27.0726 3968 ViaIde - ok
21:19:27.0773 3968 [ 8CACF7C7D2D2EEDADC55039DAC327123 ] VirtualFD C:\Program Files\Amazing Designs\Hardware\LTMAX\vfd.sys
21:19:27.0805 3968 VirtualFD - ok
21:19:27.0851 3968 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:19:27.0851 3968 VolSnap - ok
21:19:27.0898 3968 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:19:27.0914 3968 VSS - ok
21:19:27.0961 3968 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
21:19:27.0976 3968 W32Time - ok
21:19:28.0039 3968 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:19:28.0039 3968 Wanarp - ok
21:19:28.0055 3968 wanatw - ok
21:19:28.0086 3968 WDICA - ok
21:19:28.0117 3968 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:19:28.0117 3968 wdmaud - ok
21:19:28.0180 3968 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:19:28.0180 3968 WebClient - ok
21:19:28.0258 3968 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
21:19:28.0258 3968 WinDefend - ok
21:19:28.0336 3968 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:19:28.0351 3968 winmgmt - ok
21:19:28.0430 3968 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
21:19:28.0476 3968 WinRM - ok
21:19:28.0570 3968 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
21:19:28.0570 3968 WLSetupSvc - ok
21:19:28.0617 3968 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:19:28.0617 3968 WmdmPmSN - ok
21:19:28.0680 3968 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:19:28.0695 3968 WmiApSrv - ok
21:19:28.0789 3968 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:19:28.0820 3968 WMPNetworkSvc - ok
21:19:28.0851 3968 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:19:28.0851 3968 WpdUsb - ok
21:19:28.0992 3968 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:19:29.0023 3968 WPFFontCache_v0400 - ok
21:19:29.0070 3968 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:19:29.0070 3968 WS2IFSL - ok
21:19:29.0117 3968 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:19:29.0117 3968 wscsvc - ok
21:19:29.0148 3968 WSearch - ok
21:19:29.0195 3968 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:19:29.0195 3968 WSTCODEC - ok
21:19:29.0258 3968 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:19:29.0258 3968 wuauserv - ok
21:19:29.0305 3968 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:19:29.0305 3968 WudfPf - ok
21:19:29.0351 3968 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:19:29.0383 3968 WudfSvc - ok
21:19:29.0445 3968 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:19:29.0476 3968 WZCSVC - ok
21:19:29.0523 3968 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:19:29.0523 3968 xmlprov - ok
21:19:29.0570 3968 [ FD1F4E9CF06C71C8D73A24ACF18D8296 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
21:19:29.0570 3968 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
21:19:29.0648 3968 [ D4D7331D33D1FA73E588E5CE0D90A4C1 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
21:19:29.0648 3968 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
21:19:29.0648 3968 ================ Scan global ===============================
21:19:29.0695 3968 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:19:29.0742 3968 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:19:29.0789 3968 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:19:29.0820 3968 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:19:29.0820 3968 [Global] - ok
21:19:29.0820 3968 ================ Scan MBR ==================================
21:19:29.0851 3968 [ B716B775FCBDABF0E2DDFF76F15C6790 ] \Device\Harddisk0\DR0
21:19:30.0008 3968 \Device\Harddisk0\DR0 - ok
21:19:30.0023 3968 [ 8FF255184F078C9C04E6A2CE66117C5C ] \Device\Harddisk5\DR7
21:19:30.0039 3968 \Device\Harddisk5\DR7 - ok
21:19:30.0039 3968 ================ Scan VBR ==================================
21:19:30.0055 3968 [ 19721F3A25D3920B85AD3B0DB0794B87 ] \Device\Harddisk0\DR0\Partition1
21:19:30.0055 3968 \Device\Harddisk0\DR0\Partition1 - ok
21:19:30.0070 3968 [ 7FFB850C45478CB49D857141BB47C647 ] \Device\Harddisk0\DR0\Partition2
21:19:30.0070 3968 \Device\Harddisk0\DR0\Partition2 - ok
21:19:30.0086 3968 [ 38DA1413753BD87A57A03C69FC5C0D63 ] \Device\Harddisk5\DR7\Partition1
21:19:30.0086 3968 \Device\Harddisk5\DR7\Partition1 - ok
21:19:30.0086 3968 ============================================================
21:19:30.0086 3968 Scan finished
21:19:30.0086 3968 ============================================================
21:19:30.0117 3312 Detected object count: 0
21:19:30.0117 3312 Actual detected object count: 0

Did it only scan my C drive? I have an external L drive that I believe is where I downloaded the virus too.


Report •

#74
April 9, 2013 at 19:47:24
Yes HopperRox, I agree with you. These guys are amazing for helping me!

Report •

#75
April 9, 2013 at 20:54:09
"so I had to break it up"
Spot on, that's the way to do it.

"Did it only scan my C drive? I have an external L drive that I believe is where I downloaded the virus too"
This is an extract from your TDSSKiller log. That L is the same one, correct?
============================================================
21:18:51.0836 3764 C: <-> \Device\Harddisk0\DR0\Partition2
21:18:51.0836 3764 D: <-> \Device\Harddisk0\DR0\Partition1
21:18:51.0851 3764 L: <-> \Device\Harddisk5\DR7\Partition1
21:18:51.0851 3764 ============================================================


Report •

#76
April 9, 2013 at 21:00:22
Thanks HopperRox, once an OP is prepared to carry on, I commit to a full follow up.
It does take some effort, just remembering what has been done is hard. Not doing all aspects of the clean up, will let the infection come back.

Report •

#77
April 9, 2013 at 21:28:52
Yes, that is the same L, drive. Sorry I missed it. So what is the next adventure?

Report •

#78
Report •

#79
April 10, 2013 at 05:33:45
Unhooker report

<?xml version="1.0" encoding="UTF-16" ?>
- <Report DateTimeStamp="2013-04-10 12:27:07" ScanDuration="299328" AppVersion="1.3.393.0" SystemVersion="5.1.2600" Architecture="32">
- <Process PID="4" Name="System" Path="C:\WINDOWS\system32\ntoskrnl.exe">
- <Module Base="0xF77EF000" Size="28672" Name="sunkfilt.sys" Path="C:\WINDOWS\System32\Drivers\sunkfilt.sys">
<Patch RVA="0x4B86" Size="1" Name="0x4B86" Section=".text" FileCode="43003A0000000000" MemoryCode="4F003A0000000000" />
<Patch RVA="0x4D80" Size="1" Name="0x4D80" Section=".text" FileCode="430000005C005200" MemoryCode="4A0000005C005200" />
<Patch RVA="0x4E24" Size="1" Name="0x4E24" Section=".text" FileCode="43005C0044006500" MemoryCode="4A005C0044006500" />
<Patch RVA="0x5514" Size="1" Name="0x5514" Section=".text" FileCode="43005C0044006500" MemoryCode="4A005C0044006500" />
</Module>
</Process>
- <Process PID="2228" Name="chrome.exe" Path="C:\Program Files\Google\Chrome\Application\chrome.exe">
- <Module Base="0x71A50000" Size="258048" Name="mswsock.dll" Path="C:\WINDOWS\system32\mswsock.dll">
<Patch Type="EAT hook" RVA="0x5A1C" Size="4" Name="mswsock.dll!WSPStartup" Section=".text" TargetVA="0x48002630" TargetModuleName="GOEC62~1.DLL" TargetModulePath="C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL" TargetName="DllUnregisterServer + 0x9F1" />
</Module>
</Process>
</Report>


Report •

#80
April 10, 2013 at 05:39:53
Run ESET again please.
1: Click the Start button.
2: Accept any security warnings from your browser.
3: Under scan settings, check "Scan Archives" and "Remove found threats"
4: Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology
5: ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
6: When the scan completes, click List Threats.
7: Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
8: Click the Back button.
9: Click the Finish button.

Report •

#81
April 10, 2013 at 11:42:48
ESET scan said NO Threats found. So no log to copy. Took 5 hours to scan.

Report •

#82
April 10, 2013 at 11:53:29
"ESET scan said NO Threats found. So no log to copy. Took 5 hours to scan"
That is a very good result, it means that remnants of programs that helped infect you, are gone.

Download TR ( Trojan Remover, 30 day trial )
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.simplysup.com/tremover/d...
Install, update then follow the scanning instructions.


Report •

#83
April 10, 2013 at 21:28:59
Scan complete
No active malicious files were found and no changes were made- that was the message I received.

Report •

#84
April 10, 2013 at 22:45:41
Very good.

I know you have run Combofix before, print these instructions please, there are some variations.

Download & run a fresh copy of ComboFix & post the contents of the log please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.techsupportforum.com/sec...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
"There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
Run Defogger
http://majorgeeks.com/Defogger_d708...
This program can enable and disable CD emulation, often required in removing difficult malware. Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.
If you think it's frozen look at computer clock.
If it's running Combofix is still working.
Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#85
April 11, 2013 at 11:51:56
ComboFix 13-04-11.01 - Owner 04/11/2013 13:14:40.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1500 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2013-03-11 to 2013-04-11 )))))))))))))))))))))))))))))))
.
.
2013-04-11 04:24 . 2013-04-11 04:24 -------- d-----w- c:\program files\Trojan Remover
2013-04-11 04:21 . 2013-03-15 05:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC8D63FD-36F9-465E-BD26-EA43C83EFD30}\mpengine.dll
2013-04-11 04:18 . 2012-06-15 20:35 185616 ----a-w- c:\windows\system32\ztvunrar39.dll
2013-04-11 04:18 . 2012-06-15 20:33 605968 ----a-w- c:\windows\system32\ztv7z.dll
2013-04-11 04:18 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2013-04-11 04:18 . 2012-06-15 20:39 169744 ----a-w- c:\windows\system32\ztvunrar36.dll
2013-04-11 04:18 . 2012-06-15 20:33 77072 ----a-w- c:\windows\system32\ztvcabinet.dll
2013-04-11 04:18 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2013-04-11 04:18 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2013-04-11 04:17 . 2013-04-11 04:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Simply Super Software
2013-04-11 04:17 . 2013-04-11 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2013-04-09 15:02 . 2013-03-15 05:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-09 02:42 . 2013-04-09 02:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-04-09 02:38 . 2013-04-09 02:38 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun
2013-04-09 02:27 . 2013-04-09 02:27 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-09 02:27 . 2013-04-09 02:27 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-09 02:27 . 2013-04-09 02:27 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-09 02:27 . 2013-04-09 02:27 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-08 14:49 . 2013-04-08 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2013-04-08 03:34 . 2013-04-08 03:34 -------- d-----w- c:\program files\Microsoft Security Client
2013-04-08 02:27 . 2013-04-08 02:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\VS Revo Group
2013-04-08 02:26 . 2013-04-08 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\VS Revo Group
2013-04-08 02:26 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-04-08 02:26 . 2013-04-08 02:26 -------- d-----w- c:\program files\VS Revo Group
2013-04-06 15:40 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{660A6026-3659-4E8A-8C76-3A9BD6685A08}\mpengine.dll
2013-04-06 02:25 . 2013-04-06 02:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Image Uploader
2013-04-06 02:24 . 2013-04-06 02:24 -------- d-----w- c:\program files\Image Uploader
2013-04-06 02:24 . 2013-04-06 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Image Uploader
2013-04-04 04:45 . 2013-04-04 04:45 -------- d-----w- c:\program files\Amazing Designs
2013-04-04 03:29 . 2013-04-04 04:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Wise Registry Cleaner
2013-04-02 16:30 . 2013-04-09 02:39 -------- d-----w- c:\documents and settings\Owner\Application Data\Wise Disk Cleaner
2013-04-02 16:29 . 2013-04-04 03:28 -------- d-----w- c:\program files\Wise
2013-03-31 05:40 . 2013-03-31 05:40 -------- d-----w- c:\windows\ERUNT
2013-03-31 04:10 . 2013-03-31 05:40 -------- d-----w- C:\JRT
2013-03-28 17:46 . 2013-03-28 17:46 -------- d-----w- c:\program files\ESET
2013-03-26 01:21 . 2013-03-26 01:21 -------- d-----w- c:\program files\HitmanPro
2013-03-26 01:19 . 2013-03-26 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-03-24 22:33 . 2013-03-24 22:34 -------- d-----w- c:\program files\CCleaner
2013-03-24 04:36 . 2013-04-01 18:50 -------- d-----w- c:\documents and settings\Administrator
2013-03-23 02:56 . 2013-03-23 02:56 -------- d-----w- c:\program files\WinPcap
2013-03-22 21:36 . 2013-04-07 02:17 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\NPE
2013-03-22 21:11 . 2013-03-22 21:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search
2013-03-22 15:47 . 2013-03-22 15:47 -------- d-----w- c:\windows\system32\winrm
2013-03-22 15:47 . 2013-03-22 15:47 -------- dc----w- c:\windows\$968930Uinstall_KB968930$
2013-03-22 15:47 . 2013-03-22 15:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2013-03-22 15:45 . 2013-03-22 16:12 -------- d-----w- c:\program files\Windows Desktop Search
2013-03-22 15:45 . 2013-03-22 15:45 -------- d-----w- c:\windows\system32\GroupPolicy
2013-03-22 15:42 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2013-03-22 15:42 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2013-03-22 15:42 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2013-03-21 23:06 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-21 23:06 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-17 18:21 . 2010-05-26 16:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-03-17 18:20 . 2010-05-26 16:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2013-03-17 18:20 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-03-17 18:20 . 2010-05-26 16:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2013-03-17 18:20 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-03-17 18:19 . 2013-03-24 22:34 -------- d-----w- c:\windows\Logs
2013-03-17 15:39 . 2013-04-06 18:38 -------- d-----w- c:\program files\Common Files\LightScribe
2013-03-15 20:56 . 2013-04-06 19:13 -------- d-----w- c:\program files\Common Files\Nero
2013-03-15 20:40 . 2013-03-20 14:06 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 10:33 . 2009-10-02 16:58 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-15 07:21 . 2008-01-18 18:43 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-03-12 20:39 . 2012-06-25 21:48 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 20:39 . 2011-06-04 16:40 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2003-08-08 15:35 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2003-08-08 15:33 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2002-08-29 08:04 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2003-08-08 16:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2003-08-08 16:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2003-08-08 15:35 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2003-08-08 15:33 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2004-08-04 06:04 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2003-08-08 15:35 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2003-08-08 15:33 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-20 20:59 . 2013-01-20 20:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Nero\data\xtras\mssysmgr.exe" [2005-02-26 212992]
"NVIEW"="nview.dll" [2003-07-28 852038]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
"Desktop Disc Tool"="c:\program files\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-01 30192]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-09-21 73728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2013-02-07 1608464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\program files\Windows NT\rtesejifsi.html
FriendlyName=
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Reminders.lnk
backup=c:\windows\pss\Reminders.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=c:\windows\pss\spamsubtract.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 18:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
2003-06-23 04:25 24576 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\BackupNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 23:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-07-23 14:37 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-07-28 19:19 323584 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
2005-02-26 00:28 212992 -c--a-w- c:\progra~1\Nero\data\Xtras\mssysmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2003-11-10 21:06 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2003-03-07 10:01 77887 ----a-w- c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Nero\\Nero Blu-ray Player\\Blu-rayPlayer.exe"=
"c:\\Program Files\\Nero\\Nero 12\\Nero BackItUp\\BackItUp.exe"=
"c:\\Program Files\\Nero\\KM\\KwikMedia.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22936:TCP"= 22936:TCP:BitComet 22936 TCP
"22936:UDP"= 22936:UDP:BitComet 22936 UDP
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 12:37 PM 13672]
R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [7/13/2012 4:27 PM 769432]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 1:19 PM 50704]
S1 MpKslb16216b8;MpKslb16216b8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC8D63FD-36F9-465E-BD26-EA43C83EFD30}\MpKslb16216b8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC8D63FD-36F9-465E-BD26-EA43C83EFD30}\MpKslb16216b8.sys [?]
S2 GdFsHook;McAfee Privacy Service File Guardian;\??\c:\windows\system32\Drivers\GDFSHK.SYS --> c:\windows\system32\Drivers\GDFSHK.SYS [?]
S2 GdTdi;McAfee Privacy Service Transport Filter;\??\c:\windows\system32\Drivers\GDTDI.SYS --> c:\windows\system32\Drivers\GDTDI.SYS [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 DCamUSBUVT;ICM532A;c:\windows\system32\drivers\usbuvt.sys [8/27/2005 11:02 PM 95232]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/4/2008 11:29 AM 30192]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [10/17/2010 1:27 PM 33792]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [4/7/2013 9:26 PM 27064]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [6/26/2009 11:19 AM 1124848]
S3 USBAV708;Instant VideoMPX;c:\windows\system32\drivers\USBAV708.SYS [9/14/2005 5:33 PM 101120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 17:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 01:31 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 20:39]
.
2013-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-08 19:21]
.
2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-08 19:21]
.
2013-04-11 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
2013-03-29 c:\windows\Tasks\Roxio PhotoShow Updater.job
- c:\program files\Roxio\PhotoShow\auto_updater_shim.exe [2010-10-29 01:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-11 13:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\.sol\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.sor\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\program files\Softex\OmniPass\opxpgina.dll
.
- - - - - - - > 'explorer.exe'(2612)
c:\windows\system32\WININET.dll
c:\windows\system32\nView.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Softex\OmniPass\Omniserv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
c:\windows\LTMSG.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\rundll32.exe
c:\program files\Hewlett-Packard\Digital Imaging\{18E0918E-1060-48f3-925C-56C82E88551B}\setup.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2013-04-11 13:34:01 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-11 18:33
ComboFix2.txt 2013-04-01 19:05
.
Pre-Run: 98,673,893,376 bytes free
Post-Run: 98,587,684,864 bytes free
.
- - End Of File - - 124F7F095B553DADAFAD349DBABA33CD

Report •

#86
April 11, 2013 at 12:02:12
Under other running programs in the combofix log if you look toward the bottom, the second one from the bottom. c:\program files\Hewlett-Packard\Digital Imaging\{18E0918E-1060-48f3-925C-56C82E88551B} That is the error code I get every time my computer boots up. It says error this file name is too long. I know you said one thing at a time just thought I would point it out since it was listed in the log.

Report •

#87
April 11, 2013 at 14:10:07
" I know you said one thing at a time just thought I would point it out since it was listed in the log"

We are now at that point, it was my next move. Lets see if this fixes it.

Run chkdsk & post the contents of the log. Check both boxes.
http://best-windows.vlaurie.com/chk...

Obtaining CHKDSK Results ( log file )
http://www.cpucare.net/OS/XP/Viewin...
How to get to Event Viewer.
In Windows XP there are four ways to get to event viewer.
Start > Control Panel > Administrative Tools > Event Viewer.
Right click > My Computer > Manage > Event Viewer.
Start > Run > Eventvwr.
Start > All Programs > Accessories > Command Prompt, paste > Eventvwr & hit Enter.
Obtaining CHKDSK Results
Once Event Viewer is open, select Application.
The 4th column of information in the right-hand pane is titled Source, click on the word Source at the top of the column to sort by that column.
Scroll through the Source column to find the most recent entry titled Winlogon.
Double-click Winlogon to open the CHKDSK results.


Report •

#88
April 11, 2013 at 14:56:48
mmm 87 responses thus far; is this a record?

I gave up trying to follow the saga in detail - but a wee thought that may help...

When running a scan for any kind of pest, usually wise(r) to disable System Restore; and leave it that way until scan is complete. Then have a look-see for anything that is quarantined; and delete it.

Then reboot; if all OK... re-enable System Restore, and reboot. If problem returns... disable System Restore; rescan. etc as just above, and check for/delete anything quarantined... Then try going back to a Restore Point well before the problem(s) arrived... And if problem returns yet again... then repeat scan etc. as above. Then try another even earlier Restore Point.. and if necessary do this working back to earlier Restore Points - hopefully until one is found that doesn't reproduce the pest effects.

If you can bear it... consider deleting all previous restore points, after a first successful clean scan routine etc. as above.

If you can run your scan(s) in Safe-mode (with or without networking) even better... You would only need networking if using an on-line freebie (or otherwise) scan utility...

And one other approach; boot with a Linux disk; run all freebie on-line scans you can find; and as usual delete anything quarantined. Possibly also run some of the various utils suggested via the Linux boot too. I think you will be able install some of them even via Linux (but others may advise you can't and I bow to their experience there...)

System Restore often will put things back that you hoped you had removed, corrected etc...; and if there is anything in a quarantined environment likely they may/will be restored too...

Your story is an excellent reason and lesson in why NOT to use Torrent, Warez and similar sites - and/or most "naught naught" sites... No end of junk, nasties etc. are harboured there and can and will do all manner of damage...

Which having said... Recently download an update from M$-land and an XP-Pro system died... No desktop display - nothing - just a blank standard desktop back ground... All fine in Safe-mode but no way to get it OK in Normal mode... Even a repair install failed to resolve it... Systernals ERD said it was all OK...; but it wasn't... A parallel install found that whilst data was intact in the old installation (Personal stuff etc.) Outlook had been obliterated totally. Only solution was to save data etc. off the system or to a separate partition on the HD; then reformat c: partition and re-install OS/apps afresh. Then it all worked fine... But again I feel best to avoid like the plague Torrents etc...


Report •

#89
April 11, 2013 at 15:19:45
Re #88

If you disable system restore in XP this remove all restore points (gone forever) so you can't then re-enable it as you suggest and get them back again later.

That's my understanding, but my XP is currently awaiting delivery of a PSU so I can't check it out. Having to make do with Win 8 LOL.

Always pop back and let us know the outcome - thanks


Report •

#90
April 11, 2013 at 18:41:35
You are correct Derek, once you disable the Restore the points are gone.

Regards


Report •

#91
April 11, 2013 at 22:14:40
Did not fix the problem error came back up when pc rebooted. Here is the log.
Checking file system on C:
The type of the file system is NTFS.
Volume label is HP_PAVILION.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 408 unused index entries from index $SII of file 0x9.
Cleaning up 408 unused index entries from index $SDH of file 0x9.
Cleaning up 408 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

150451559 KB total disk space.
53784792 KB in 157530 files.
58256 KB in 16109 indexes.
0 KB in bad sectors.
326123 KB in use by the system.
65536 KB occupied by the log file.
96282388 KB available on disk.

4096 bytes in each allocation unit.
37612889 total allocation units on disk.
24070597 allocation units available on disk.

Internal Info:
40 f3 02 00 52 a6 02 00 e0 dc 03 00 00 00 00 00 @...R...........
f9 09 00 00 07 00 00 00 02 03 00 00 00 00 00 00 ................
48 16 ca 0e 00 00 00 00 0a 3f 65 6f 00 00 00 00 H........?eo....
20 59 28 3b 00 00 00 00 70 57 24 f0 05 00 00 00 Y(;....pW$.....
ec 65 22 6b 07 00 00 00 1e 23 71 1c 0e 00 00 00 .e"k.....#q.....
10 34 e7 a6 00 00 00 00 80 3f 07 00 5a 67 02 00 .4.......?..Zg..
00 00 00 00 00 60 c3 d2 0c 00 00 00 ed 3e 00 00 .....`.......>..

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/even... file system on C:
The type of the file system is NTFS.
Volume label is HP_PAVILION.


Report •

#92
April 11, 2013 at 22:41:34
"Did not fix the problem error came back up when pc rebooted. Here is the log"
Ok,

1: go to c:\program files\Hewlett-Packard\Digital Imaging\ & delete the entry > {18E0918E-1060-48f3-925C-56C82E88551B}

2: Reboot

3: If the message is gone, make sure your printer/scanner is working Ok.

4: If the message is still there or the printer/scanner is not Ok, uninstall the printer/scanner using Revo.

5: Run, TFC, Wise Disk Cleaner & then Wise Registry Cleaner.

6: Reinstall the printer/scanner.


Report •

#93
April 12, 2013 at 05:09:24
Chaps - thanks for the correction re' System Restore. I was under the impression that disabling it merely meant that it didn't function (obviously) until "re-enabled"; but that any points already set were preserved... In effect by disabling SR one merely put it into a sort of hibernation mode...; ready and eager to operate again when "woken up" (re-enabled. mmm

The correction did prompt me to look further into SR...; found one or two useful snippets of which I wasn't aware... For anyone interested I have posted one such link (that also advised disabling SR prior to dealing with virus and other pests).

Again many thanks for the correction...

trvlr


Report •

#94
April 12, 2013 at 20:03:22
I deleted the file. Checked both of my printers and scanners and my external dvd drive. No message when rebooted. So problem fixed. Am I virus free as well?

Report •

#95
April 12, 2013 at 20:36:12
"Am I virus free as well?"
As far as I can tell, Yes.

Now to deal with your System Restore which you reported was disabled. We shall start afresh.
"So I try to do a system restore and it will not let me go back before the month of April, plus no date in April is bold for me to check. I look at the system settings and there was a check in the box the says Tun off system restore on all drives! So I am guessing this means I do not have a restore point"

System Restore may have infected files in it, turning System Restore OFF & then ON will remove them.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310...

Start > My Computer > right click & select Properties.
Select System Restore & untick > Turn off System Restore on all drives ( If partitioned or more than one drive installed )
Select the drive with the operating system on, click Settings & set it on Min.
Any other drive or partition, click Settings & tick > Turn off System Restore on this drive.
http://img858.imageshack.us/g/syste...

Tools to keep, just update before using. Others not mentioned, need to be downloaded again, because they release new versions constantly.
ESET
Microsoft Security Essentials
TDSSKiller
Malwarebytes' Anti-Malware ( MBAM ) New version just released.
TFC
CCleaner. New version just released.
Wise Disk Cleaner
Wise Registry Cleaner
Revo Uninstaller


Report •

#96
April 12, 2013 at 21:07:43
Wow, I cant believe it I am done! lol. It is going to feel weird not coming on here everyday, I feel like I've bonded with you guys! Thank you so much for helping me with my adventure. You have positive Karma coming your way...

Report •

#97
April 12, 2013 at 21:10:08
"You have positive Karma coming your way..."

Thank you.


Report •

#98
April 13, 2013 at 08:48:47
A splendid effort, but it didn't "quite" make 100 posts LOL.

Always pop back and let us know the outcome - thanks


Report •

#99
April 13, 2013 at 09:26:02
"A splendid effort, but it didn't "quite" make 100 posts LOL"
Oh bug........................... Thank you.

Not a record either.

Just got home from friends, off to bed now.


Report •

#100
April 15, 2013 at 20:21:47
It's made 100 now though. Well done team!

Report •

#101
December 19, 2013 at 08:10:27
Had I saw this thread sooner, I could've saved you a lot of time - when a virus won't go away even after using antivirus and antimalware software, the next best thing to do, rather than download 100s of different other programs and wait for them to run, is to reinstall Windows.

Go into Safe Mode, backup your data, then blow the current copy of Windows away. 99.9999% of the time that will blow away any virus/malware that bypasses the software that scans and removes it and google can't provide manual uninstall instructions for it.


Report •

#102
December 19, 2013 at 08:42:29
Good suggestion "ninja" and certainly a valid path to consider after some efforts seem not to be successful; having "bin there and had to dun" that in the past (not too long ago either) - as last resort.

But perhaps presented with a little more modesty, less "I know it all" would be good too…?

Some/most of those who contributed to the bulk of this thread are very long timers here, very patient, very knowledgeable, and very modest and unassuming… And I, along with many others, have learnt much from them...

Nonetheless I'm sure many here found the assorted information a "very" useful and instructive tutorial re' assorted items/utils covered…; and in the future others who may come across this thread will likewise?

It certainly got into areas and considerations/interpretations that were new to me…

message edited by trvlr


Report •

#103
December 19, 2013 at 09:20:57
Re #101

"Had I saw this thread sooner"
Sounds a bit like, "I'm a clever dick" - Einstein relative perhaps?
The poster is most unlikely to come back and read this as he/she was last seen in April. The problem has been fixed, so to whom is your response directed?

As for "reformat/re-install" or "factory restore" then sure, this could be applied to most posted queries on here except when the fault is down to hardware. Nobody who could be considered a helper on here would be unaware of such options, which are also known to many original posters.

"download 100s of different other programs"
A mind blowing piece of exaggeration. Count them up if you don't agree, and not all the links posted were actually used.

You should also bear in mind that helping fix computers from afar often needs a bit of to and fro in terms of responses and explanations anyway. On some posts this can mean explaining steps in great detail.

As for reformat and factory restore, well that depends on how a poster uses the computer. If it is pretty well kept "straight out of the box" with the odd addition then fine. In my case, for instance, it takes months to get a computer the way I want it to be. The re-install itself doesn't take long but the thought of having to set it all up again my way, or even remember exactly how I tailored everything, would lead me to prefer a fix, even if convoluted.

EDIT:
Oops, I think #102 & 103 overlapped due to relative typing and composition speeds.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#104
December 19, 2013 at 09:50:56
Hi Derek:

Yes I think we both "kinda" hit here at the same time; and had the same/similar reaction too… in response the post 101 of today - Dec. 19th.The style does appear in other more recent posts too…?

Recently came back here to CN as likely you may have spotted - after a length period away… It's good to see some of the "olde timers/long standers" still here...

trvlr...


Report •

#105
December 19, 2013 at 10:05:55
trvlr
Yep, good to see you around again. I nearly left once but the addiction caught up with me.

techninja
Don't read us wrong - new helpers on here are very welcome and can be like a breath of spring. Different opinions can co-exist quite nicely. Just take care of the tone of your responses and all will be well.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#106
December 19, 2013 at 15:16:07
Well said Derek & trvlr, welcome back trvlr.

John in Western Australia.
http://www.timeanddate.com/worldclo...


Report •


Ask Question