Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected with XP Internet Security 2011

Started by Dougrbi , Apr 23 2011 07:14 PM

  • This topic is locked This topic is locked

#16
Dougrbi
Posted 03 May 2011 - 06:47 AM

Dougrbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
WinZip changed my menu options, I only had an option for winzip so I had to uninstall the program and 'wow' just like you said an option to extract the files. Anyway, TDSSkiller found nothing. Log is below.

2011/05/03 05:40:23.0093 0696 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/05/03 05:40:23.0421 0696 ================================================================================
2011/05/03 05:40:23.0421 0696 SystemInfo:
2011/05/03 05:40:23.0421 0696
2011/05/03 05:40:23.0421 0696 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/03 05:40:23.0421 0696 Product type: Workstation
2011/05/03 05:40:23.0421 0696 ComputerName: D161GQ21
2011/05/03 05:40:23.0421 0696 UserName: Party Jumps
2011/05/03 05:40:23.0421 0696 Windows directory: C:\WINDOWS
2011/05/03 05:40:23.0421 0696 System windows directory: C:\WINDOWS
2011/05/03 05:40:23.0421 0696 Processor architecture: Intel x86
2011/05/03 05:40:23.0421 0696 Number of processors: 1
2011/05/03 05:40:23.0421 0696 Page size: 0x1000
2011/05/03 05:40:23.0421 0696 Boot type: Normal boot
2011/05/03 05:40:23.0421 0696 ================================================================================
2011/05/03 05:40:26.0796 0696 Initialize success
2011/05/03 05:40:36.0640 1152 ================================================================================
2011/05/03 05:40:36.0640 1152 Scan started
2011/05/03 05:40:36.0640 1152 Mode: Manual;
2011/05/03 05:40:36.0640 1152 ================================================================================
2011/05/03 05:40:39.0453 1152 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/05/03 05:40:40.0875 1152 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/03 05:40:42.0109 1152 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/03 05:40:43.0640 1152 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/05/03 05:40:44.0296 1152 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/03 05:40:44.0968 1152 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/03 05:40:45.0578 1152 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/05/03 05:40:46.0531 1152 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2011/05/03 05:40:47.0953 1152 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/05/03 05:40:48.0781 1152 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/05/03 05:40:49.0000 1152 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/05/03 05:40:49.0375 1152 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/05/03 05:40:49.0765 1152 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/05/03 05:40:50.0015 1152 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/05/03 05:40:50.0390 1152 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/05/03 05:40:50.0640 1152 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/05/03 05:40:51.0437 1152 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/05/03 05:40:51.0718 1152 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/05/03 05:40:51.0859 1152 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/05/03 05:40:52.0109 1152 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/03 05:40:52.0218 1152 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/03 05:40:52.0390 1152 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/03 05:40:52.0593 1152 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/03 05:40:52.0828 1152 bcm4sbxp (f5c0d3c93235a455cdd13c954adf1a80) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/05/03 05:40:53.0046 1152 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2011/05/03 05:40:53.0375 1152 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/03 05:40:53.0578 1152 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/05/03 05:40:53.0843 1152 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/03 05:40:54.0015 1152 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/05/03 05:40:54.0125 1152 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/03 05:40:54.0187 1152 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/03 05:40:54.0359 1152 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/03 05:40:54.0812 1152 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/05/03 05:40:55.0093 1152 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/05/03 05:40:55.0343 1152 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/05/03 05:40:55.0562 1152 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/05/03 05:40:55.0734 1152 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/03 05:40:56.0031 1152 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/03 05:40:56.0468 1152 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/03 05:40:56.0703 1152 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/03 05:40:56.0921 1152 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/03 05:40:57.0203 1152 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/05/03 05:40:57.0406 1152 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/05/03 05:40:57.0640 1152 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/05/03 05:40:57.0875 1152 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/05/03 05:40:58.0031 1152 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/03 05:40:58.0250 1152 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/05/03 05:40:58.0375 1152 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/03 05:40:58.0593 1152 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/03 05:40:58.0703 1152 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/03 05:40:58.0953 1152 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/03 05:40:59.0125 1152 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/03 05:40:59.0359 1152 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/03 05:40:59.0640 1152 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/03 05:40:59.0906 1152 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/03 05:41:00.0125 1152 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/03 05:41:00.0531 1152 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/05/03 05:41:00.0750 1152 HPZid412 (85b96fd72861462aad1005b471c580a3) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/03 05:41:00.0921 1152 HPZipr12 (b539666c681bc35b3e7d3816cffc6915) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/03 05:41:01.0093 1152 HPZius12 (707ecca6184b000669ed28538a5c893a) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/03 05:41:01.0296 1152 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/03 05:41:01.0515 1152 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/03 05:41:01.0718 1152 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/05/03 05:41:01.0828 1152 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/03 05:41:01.0968 1152 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/05/03 05:41:02.0125 1152 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/05/03 05:41:02.0234 1152 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/05/03 05:41:02.0421 1152 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/05/03 05:41:02.0593 1152 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/05/03 05:41:02.0765 1152 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/05/03 05:41:02.0890 1152 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/05/03 05:41:03.0062 1152 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/05/03 05:41:03.0281 1152 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/05/03 05:41:03.0437 1152 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/05/03 05:41:03.0625 1152 ialm (bf5b9dbbee664f046e85c6b853af47de) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/03 05:41:03.0765 1152 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/03 05:41:03.0937 1152 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/05/03 05:41:04.0156 1152 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/05/03 05:41:04.0265 1152 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/03 05:41:04.0437 1152 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/03 05:41:04.0671 1152 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/03 05:41:04.0843 1152 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/03 05:41:04.0984 1152 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/03 05:41:05.0140 1152 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/03 05:41:05.0281 1152 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/03 05:41:05.0437 1152 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/03 05:41:05.0625 1152 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/03 05:41:05.0843 1152 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/03 05:41:06.0000 1152 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/03 05:41:06.0390 1152 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/03 05:41:06.0546 1152 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/03 05:41:06.0703 1152 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/03 05:41:06.0890 1152 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/03 05:41:07.0109 1152 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/03 05:41:07.0265 1152 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/03 05:41:07.0421 1152 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/05/03 05:41:08.0078 1152 MpKslbf8adb25 (5f53edfead46fa7adb78eee9ecce8fdf) C:\WINDOWS\system32\MpEngineStore\MpKslbf8adb25.sys
2011/05/03 05:41:08.0531 1152 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/05/03 05:41:08.0875 1152 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/03 05:41:09.0187 1152 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/03 05:41:09.0515 1152 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/03 05:41:09.0734 1152 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/03 05:41:10.0000 1152 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/03 05:41:10.0250 1152 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/03 05:41:10.0546 1152 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/03 05:41:10.0859 1152 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/03 05:41:11.0093 1152 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/05/03 05:41:11.0312 1152 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/03 05:41:11.0515 1152 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/03 05:41:11.0671 1152 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/03 05:41:11.0875 1152 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/03 05:41:12.0062 1152 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/03 05:41:12.0250 1152 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/03 05:41:12.0453 1152 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/03 05:41:12.0828 1152 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/03 05:41:13.0031 1152 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/03 05:41:13.0312 1152 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/03 05:41:13.0671 1152 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/03 05:41:14.0062 1152 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/03 05:41:14.0375 1152 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/03 05:41:14.0656 1152 OADevice (131b33debe75acee4604fdad3e650ef7) C:\WINDOWS\system32\drivers\OADriver.sys
2011/05/03 05:41:14.0937 1152 oahlpXX (c040c3baf7e9d700d54bf93a125ae0db) C:\WINDOWS\system32\drivers\oahlp32.sys
2011/05/03 05:41:15.0156 1152 OAmon (135a8b08e46cb03fec9d9087da9031b5) C:\WINDOWS\system32\drivers\OAmon.sys
2011/05/03 05:41:15.0421 1152 OAnet (c5690ac83b11e86917ef1e436926cf7e) C:\WINDOWS\system32\drivers\OAnet.sys
2011/05/03 05:41:15.0734 1152 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/05/03 05:41:16.0109 1152 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/05/03 05:41:16.0312 1152 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/03 05:41:16.0484 1152 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/03 05:41:16.0734 1152 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/03 05:41:16.0906 1152 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/03 05:41:17.0187 1152 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/03 05:41:17.0453 1152 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/03 05:41:17.0937 1152 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/05/03 05:41:18.0187 1152 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/05/03 05:41:18.0750 1152 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/03 05:41:18.0890 1152 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/03 05:41:19.0062 1152 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/03 05:41:19.0281 1152 PxHelp20 (faa729e2e2fd3afb8df7a45de8769cc3) C:\WINDOWS\system32\drivers\PxHelp20.sys
2011/05/03 05:41:19.0500 1152 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/05/03 05:41:19.0765 1152 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/05/03 05:41:20.0015 1152 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/05/03 05:41:20.0203 1152 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/05/03 05:41:20.0421 1152 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/05/03 05:41:20.0609 1152 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/03 05:41:20.0828 1152 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/03 05:41:21.0015 1152 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/03 05:41:21.0171 1152 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/03 05:41:21.0281 1152 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/03 05:41:21.0468 1152 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/03 05:41:21.0640 1152 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/03 05:41:21.0937 1152 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/03 05:41:22.0187 1152 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/03 05:41:22.0515 1152 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/03 05:41:22.0718 1152 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/03 05:41:22.0875 1152 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/03 05:41:23.0093 1152 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/03 05:41:23.0359 1152 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/05/03 05:41:23.0671 1152 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/03 05:41:23.0953 1152 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/05/03 05:41:24.0125 1152 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/05/03 05:41:24.0343 1152 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/03 05:41:24.0531 1152 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/03 05:41:24.0734 1152 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/03 05:41:25.0187 1152 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/03 05:41:25.0484 1152 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/03 05:41:25.0718 1152 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/05/03 05:41:25.0968 1152 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/05/03 05:41:26.0140 1152 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/05/03 05:41:26.0312 1152 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/05/03 05:41:26.0484 1152 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/03 05:41:26.0750 1152 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/03 05:41:27.0046 1152 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/03 05:41:27.0250 1152 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/03 05:41:27.0437 1152 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/03 05:41:27.0750 1152 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/05/03 05:41:28.0031 1152 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/03 05:41:28.0312 1152 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/05/03 05:41:28.0578 1152 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/03 05:41:28.0937 1152 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/03 05:41:29.0156 1152 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/03 05:41:29.0437 1152 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/03 05:41:29.0765 1152 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/03 05:41:30.0015 1152 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/03 05:41:30.0218 1152 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/03 05:41:30.0406 1152 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/03 05:41:30.0578 1152 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/03 05:41:30.0734 1152 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/03 05:41:30.0937 1152 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/05/03 05:41:31.0109 1152 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/05/03 05:41:31.0328 1152 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/03 05:41:31.0609 1152 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/03 05:41:31.0968 1152 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/03 05:41:32.0328 1152 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/03 05:41:32.0656 1152 {6080A529-897E-4629-A488-ABA0C29B635E} (afeffe0f8805fcd47b05cf1fbde08092) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/05/03 05:41:32.0875 1152 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (85a36991a5ceaf9e65c4b743210e759b) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/05/03 05:41:33.0046 1152 ================================================================================
2011/05/03 05:41:33.0046 1152 Scan finished
2011/05/03 05:41:33.0046 1152 ================================================================================
  • 0

Advertisements

#17
Render
Posted 03 May 2011 - 07:33 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

WinZip changed my menu options, I only had an option for winzip

Aje. I forgot about that WinZip feature.:)

Logs looks good. On completion of these steps please tell me how's your computer running.

Step 1

Posted Image Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Click on Check for Updates button.
  • Click on OK.
  • Select the Scanner tab.
  • Select Perform quick scan, then click on Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 2

Download AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
  • On the first tab select all elements down to Computer and then select start scan
  • Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
  • Select the Manual Disinfection tab
  • Press the Gather System Information button
  • Once done Open the last report saved folder then attach the zip file to your next post zip
  • The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image

How to add an attachment to a new topic or reply

When completed the above, please post back the following in the order asked for:
  • MBAM log
  • AVP Tool report and attached file avptool_sysinfo.zip

  • 0

#18
Dougrbi
Posted 03 May 2011 - 09:20 AM

Dougrbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I just wanted to update you that I'm at work now and will work that as soon as I get home.
Thanks
  • 0

#19
Render
Posted 03 May 2011 - 09:21 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
No problem.:)
  • 0

#20
Dougrbi
Posted 04 May 2011 - 06:33 AM

Dougrbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Sorry for the delay, Ok, here is the Mbam file:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6502

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/3/2011 8:15:27 PM
mbam-log-2011-05-03 (20-15-27).txt

Scan type: Quick scan
Objects scanned: 173541
Time elapsed: 18 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Kaspersky Virus tool:

Autoscan: completed 5 hours ago (events: 5, objects: 183999, time: 02:46:46)
5/3/2011 8:54:49 PM Task started
5/3/2011 9:22:20 PM Detected: Trojan-Spy.HTML.Bankfraud.cr Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Regions bank][Subject:Regions Bank - Confirm Your Details To Avoid Service Cancellation][Time:2005/03/27 00:43:56]/HTMLBody
5/3/2011 9:30:07 PM Deleted: Trojan-Spy.HTML.Bankfraud.cr Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Regions bank][Subject:Regions Bank - Confirm Your Details To Avoid Service Cancellation][Time:2005/03/27 00:43:56]/HTMLBody
5/3/2011 9:32:10 PM Detected: Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:CitiBusiness Online Security Management Team][Subject:CitiBank Security Staff update announcement][Time:2006/04/13 16:16:16]/HTMLBody
5/3/2011 11:41:38 PM Task completed

Attached Files


  • 0

#21
Render
Posted 04 May 2011 - 07:02 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Are you aware of this program: Covenant Eyes
  • 0

#22
Dougrbi
Posted 04 May 2011 - 07:17 AM

Dougrbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Yes, it is an internet monitoring tool, that is used to safeguard and monitor what is used on the computer. Making sure no inappropriate items are visited. I thought I removed it awhile ago when we started having problems.
  • 0

#23
Dougrbi
Posted 04 May 2011 - 07:18 AM

Dougrbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Also I still get the windows installer splash window at startup.
  • 0

#24
Render
Posted 04 May 2011 - 07:30 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
So you are not using Covenant Eyes any more?

Could you please take a screenshot of that windows installer splash window and attach it in your next reply?

To create a screenshot follow these steps:
  • The first step is to create the windows that you want to capture and leave them up on the screen.
  • Just to the right of your keyboard, you should see three groups of keys. The lower set of keys usually is a group of arrow keys. Above that is usually a set of some six keys that are labeled "Insert," "Home," "Page Up," etc. Above that should be three keys that have rather odd labels - like Pause/Break and ScrLk. One of those keys should be labeled PrtScrn/SysRq. Pressing Alt-PrintScreen (Alt-PrtScrn) places an image of the frontmost window on the clipboard. Pressing PrintScreen by itself places an image of the entire desktop on the clipboard.
  • If you press PrtScrn/SysRq, nothing will appear to have happened. However, your computer just took a snapshot of its screen and stored that picture on its clipboard, much as it stores information that you cut and paste.
  • Open MS-Paint. (From Start/Run, issue the command "mspaint".) Create a new empty image, and use Edit/Paste to bring in the screenshot you just took. (If the screenshot is smaller than the default Paint canvas, you will end up with white areas. Start over: create a new empty image, change its dimensions to 1x1, and Paste again. The canvas will grow for the Paste, but it doesn't shrink.)
  • Use MS-Paint to Save As, using PNG as the file format (it is superior to all the rest).

  • 0

#25
Dougrbi
Posted 04 May 2011 - 06:52 PM

Dougrbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Yes I do not use Covenant eyes anymore. I may want to install it again if the computer speeds up some, but things have been so slow and we need to make this old POS last another year, Teen age son at home so security is important. The screen shot is attached. Also I am using MS Security for my virus protection and Armor for the firewall. I have a couple of things blocked and I don't know if I should or not.

The screen shot took me a re-boot then a log off and log back on 3 times, it goes quick. But it comes up when I log on, and I don't have to re-boot to get that to happen. Also I had to use a .jpg file as the image was to large to upload 1.71mb and I don't know how to compress it without MS picture manager, I didn't find anything in the ms paint. I still have it open so I can save again if it isn't good enough.

Thanks

Attached Thumbnails

  • Desktop shot.jpg

  • 0

Advertisements

#26
Render
Posted 05 May 2011 - 04:14 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please do the following:

  • Re-run AVPTool
  • Select the Manual Disinfection tab
  • Where it states Step 3 paste in the following disinfection script and press execute

    begin
SetAVZPMStatus(True);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 DeleteFile('C:\DOCUME~1\PARTYJ~1\LOCALS~1\Temp\{C805E99C-E6AC-4817-BABF-624CE1D694E3}\Downloadexe.exe');
 BC_DeleteFile('C:\DOCUME~1\PARTYJ~1\LOCALS~1\Temp\{C805E99C-E6AC-4817-BABF-624CE1D694E3}\Downloadexe.exe');
 DeleteFile('C:\WINDOWS\System32\nmNsp.dll');
 BC_DeleteFile('C:\WINDOWS\System32\nmNsp.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
  • Your system will reboot on completion, if it does not please do so yourself
  • On completion please run another analysis scan and attach the zip file

Posted Image
  • 0

#27
Dougrbi
Posted 05 May 2011 - 07:30 AM

Dougrbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
We still have the splash screen on re-boot

Attached Files


  • 0

#28
Render
Posted 05 May 2011 - 08:31 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Please do the following:
Please download SINO by Artellos.
  • Save SINO to a place you can remember and run SINO.exe. (If you downloaded the ZIP version you will need to extract it first)
  • Then please check the following checkboxes:

    System Info
    Services
    Boot Check
    Tasklist
    Startup Items
    Event Log

  • Once checked, hit the Run Scan! button and wait for the program to finish the scan.
  • A notepad window will pop up. Please copy all of the content into your next reply.
Note: If you try to interact with the program once it's started scanning it might appear to hang. The scan however will continue.
  • 0

#29
Dougrbi
Posted 05 May 2011 - 07:16 PM

Dougrbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
System Investigator by Olrik
Log Created On: 1815_05-05-2011
SINO Version: 3.1.0.0

Total RAM: 510 MB | Free RAM: 73 MB | Pagefile Size: 1247 MB
A: | None | 3 1/2 Inch Floppy Drive
C: | 10202 MB out of 28592 MB Free | Local Fixed Disk
D: | None | CD-ROM Disc

<<<< System Information >>>>

Computer Name: D161GQ21
Username: Party Jumps
Language Setting: ENU
Windows Directory: C:\WINDOWS
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal

<<<< Tasklist >>>>

[System Idle Process] - Process ID: 0
[System] - Process ID: 4
[C:\WINDOWS\System32\smss.exe] - Process ID: 352
[csrss.exe] - Process ID: 400
[C:\WINDOWS\system32\winlogon.exe] - Process ID: 424
[C:\WINDOWS\system32\services.exe] - Process ID: 468
[C:\WINDOWS\system32\lsass.exe] - Process ID: 480
[C:\WINDOWS\system32\svchost.exe] - Process ID: 644
[svchost.exe] - Process ID: 692
[c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe] - Process ID: 756
[C:\WINDOWS\System32\svchost.exe] - Process ID: 816
[svchost.exe] - Process ID: 948
[svchost.exe] - Process ID: 1024
[C:\Program Files\Online Armor\OAcat.exe] - Process ID: 1104
[C:\Program Files\Online Armor\oasrv.exe] - Process ID: 1128
[C:\WINDOWS\Explorer.EXE] - Process ID: 1264
[C:\WINDOWS\system32\spoolsv.exe] - Process ID: 1444
[svchost.exe] - Process ID: 380
[C:\WINDOWS\system32\cisvc.exe] - Process ID: 928
[C:\Program Files\Flip Video\FlipShare\FlipShareService.exe] - Process ID: 1160
[C:\Program Files\Java\jre6\bin\jqs.exe] - Process ID: 1912
[C:\WINDOWS\System32\svchost.exe] - Process ID: 168
[C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe] - Process ID: 332
[UNSECAPP.EXE] - Process ID: 2144
[wmiprvse.exe] - Process ID: 2184
[C:\WINDOWS\system32\wscntfy.exe] - Process ID: 2336
[C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe] - Process ID: 2672
[C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] - Process ID: 2744
[C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe] - Process ID: 2776
[C:\WINDOWS\System32\hkcmd.exe] - Process ID: 2864
[C:\WINDOWS\BCMSMMSG.exe] - Process ID: 2916
[C:\Program Files\Common Files\Java\Java Update\jusched.exe] - Process ID: 2964
[C:\Program Files\Microsoft Security Client\msseces.exe] - Process ID: 3132
[C:\Program Files\Online Armor\OAui.exe] - Process ID: 3232
[C:\WINDOWS\system32\ctfmon.exe] - Process ID: 3328
[C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe] - Process ID: 3408
[C:\Program Files\Online Armor\OAhlp.exe] - Process ID: 3528
[C:\WINDOWS\System32\msiexec.exe] - Process ID: 3976
[C:\DOCUME~1\PARTYJ~1\LOCALS~1\Temp\SINO\SINO.exe] - Process ID: 3388
[C:\Program Files\Mozilla Firefox\firefox.exe] - Process ID: 3744
[C:\Program Files\Mozilla Firefox\plugin-container.exe] - Process ID: 1584
[C:\WINDOWS\system32\cidaemon.exe] - Process ID: 836

<<<< Startup Items >>>>

[DESKTOP.INI] - <Startup> - C:\Documents and Settings\Party Jumps\Start Menu\Programs\Startup\DESKTOP.INI
[setup_9.0.0.722_04.05.2011_03-40.lnk] - <Startup> - C:\Documents and Settings\Party Jumps\Desktop\Virus Removal Tool\setup_9.0.0.722_04.05.2011_03-40\startup.exe
[DESKTOP.INI] - <Common Startup> - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
[hpoddt01.exe.lnk] - <Common Startup> - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[WD Drive Manager] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe"
[Adobe Reader Speed Launcher] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[Adobe ARM] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[Microsoft Works Update Detection] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[IgfxTray] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - C:\WINDOWS\System32\igfxtray.exe
[HotKeysCmds] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - C:\WINDOWS\System32\hkcmd.exe
[BCMSMMSG] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - BCMSMMSG.exe
[SunJavaUpdateSched] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
[QuickTime Task] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
[MSC] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
[@OnlineArmor GUI] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Online Armor\OAui.exe"
[ctfmon.exe] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> - C:\WINDOWS\system32\ctfmon.exe

<<<< MS Services >>>>

Windows Audio (AudioSrv) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Background Intelligent Transfer Service (BITS) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Computer Browser (Browser) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Indexing Service (CiSvc) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\cisvc.exe
Cryptographic Services (CryptSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher (DcomLaunch) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client (Dhcp) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
DNS Client (Dnscache) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k NetworkService
Error Reporting Service (ERSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log (Eventlog) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\services.exe
COM+ Event System (EventSystem) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Help and Support (helpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Server (lanmanserver) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Workstation (lanmanworkstation) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper (LmHosts) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k LocalService
Windows Installer (MSIServer) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\msiexec.exe /V
Network Connections (Netman) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Network Location Awareness (NLA) (Nla) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Plug and Play (PlugPlay) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\services.exe
IPSEC Services (PolicyAgent) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\lsass.exe
Protected Storage (ProtectedStorage) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Remote Procedure Call (RPC) (RpcSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost -k rpcss
Security Accounts Manager (SamSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Task Scheduler (Schedule) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Secondary Logon (seclogon) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
System Event Notification (SENS) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Shell Hardware Detection (ShellHWDetection) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Print Spooler (Spooler) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\spoolsv.exe
System Restore Service (srservice) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
SSDP Discovery Service (SSDPSRV) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k LocalService
Windows Image Acquisition (WIA) (stisvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k imgsvc
Terminal Services (TermService) - Running [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost -k DComLaunch
Themes (Themes) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client (TrkWks) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Time (w32time) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
WebClient (WebClient) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k LocalService
Windows Management Instrumentation (winmgmt) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Security Center (wscsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Wireless Zero Configuration (WZCSVC) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Alerter (Alerter) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k LocalService
Application Layer Gateway Service (ALG) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\alg.exe
Application Management (AppMgmt) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
ASP.NET State Service (aspnet_state) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
ClipBook (ClipSrv) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\clipsrv.exe
.NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
COM+ System Application (COMSysApp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Logical Disk Manager Administrative Service (dmadmin) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\dmadmin.exe /com
Logical Disk Manager (dmserver) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Wired AutoConfig (Dot3svc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k dot3svc
Extensible Authentication Protocol Service (EapHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k eapsvcs
Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
Human Interface Device Access (HidServ) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Health Key and Certificate Management Service (hkmsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
HTTP SSL (HTTPFilter) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
Windows CardSpace (idsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
IMAPI CD-Burning COM Service (ImapiService) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\imapi.exe
Messenger (Messenger) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
NetMeeting Remote Desktop Sharing (mnmsrvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\mnmsrvc.exe
Distributed Transaction Coordinator (MSDTC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\msdtc.exe
Network Access Protection Agent (napagent) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Network DDE (NetDDE) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\netdde.exe
Network DDE DSDM (NetDDEdsdm) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\netdde.exe
Net Logon (Netlogon) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\lsass.exe
Net.Tcp Port Sharing Service (NetTcpPortSharing) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
NT LM Security Support Provider (NtLmSsp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\lsass.exe
Removable Storage (NtmsSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Office Source Engine (ose) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Pml Driver HPZ12 (Pml Driver HPZ12) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\HPZipm12.exe
Remote Access Auto Connection Manager (RasAuto) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Remote Access Connection Manager (RasMan) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Remote Desktop Help Session Manager (RDSessMgr) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\sessmgr.exe
Routing and Remote Access (RemoteAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Remote Procedure Call (RPC) Locator (RpcLocator) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\locator.exe
QoS RSVP (RSVP) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\rsvp.exe
Smart Card (SCardSvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\SCardSvr.exe
Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
MS Software Shadow Copy Provider (SwPrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\dllhost.exe /Processid:{F79A1568-D6C5-4C69-A086-936CF52DBBE3}
Performance Logs and Alerts (SysmonLog) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\smlogsvc.exe
Telephony (TapiSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Universal Plug and Play Device Host (upnphost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k LocalService
Uninterruptible Power Supply (UPS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\ups.exe
Volume Shadow Copy (VSS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\vssvc.exe
Portable Media Serial Number Service (WmdmPmSN) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
WMI Performance Adapter (WmiApSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Network Provisioning Service (xmlprov) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs

<<<< Non-MS Services >>>>

FlipShare Service (FlipShare Service) - Running [Auto | Stoppable | Pausable] - "C:\Program Files\Flip Video\FlipShare\FlipShareService.exe"
Java Quick Starter (JavaQuickStarterService) - Running [Auto | Stoppable | Pausable] - "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Microsoft Antimalware Service (MsMpSvc) - Running [Auto | Stoppable | Not_Pausable] - "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
Online Armor Helper Service (OAcat) - Running [Auto | Not_Stoppable | Not_Pausable] - "C:\Program Files\Online Armor\OAcat.exe"
Online Armor (SvcOnlineArmor) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Program Files\Online Armor\oasrv.exe
WD Drive Manager Service (WDBtnMgrSvc.exe) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe"

<<<< Boot.ini >>>>

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

<<<< Last 5 Application Errors or Warnings >>>>

Computer Name: D161GQ21 | ID: 5000 | Source: MPSampleSubmission | Type: Error | Date: 5-5-11 6:15:38 | Log: Application
Message: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.


Computer Name: D161GQ21 | ID: 1517 | Source: Userenv | Type: Warning | Date: 4-5-11 5:37:53 | Log: Application
Message: Windows saved user D161GQ21\Party Jumps registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.





This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.


Computer Name: D161GQ21 | ID: 5000 | Source: MPSampleSubmission | Type: Error | Date: 3-5-11 19:52:3 | Log: Application
Message: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.


Computer Name: D161GQ21 | ID: 8 | Source: crypt32 | Type: Error | Date: 2-5-11 14:59:4 | Log: Application
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.




Computer Name: D161GQ21 | ID: 8 | Source: crypt32 | Type: Error | Date: 2-5-11 14:59:3 | Log: Application
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The connection with the server was terminated abnormally




<<<< Last 5 System Errors or Warnings >>>>

Computer Name: D161GQ21 | ID: 2001 | Source: Microsoft Antimalware | Type: Error | Date: 5-5-11 6:15:21 | Log: System
Message: %%860 has encountered an error trying to update signatures.



New Signature Version:



Previous Signature Version: 1.103.780.0



Update Source: %%859



Update Stage: %%852



Source Path: Default URL



Signature Type: %%800



Update Type: %%803



User: NT AUTHORITY\SYSTEM



Current Engine Version:



Previous Engine Version: 1.1.6802.0



Error code: 0x80070424



Error description: The specified service does not exist as an installed service.


Computer Name: D161GQ21 | ID: 1073 | Source: USER32 | Type: Warning | Date: 5-5-11 6:1:3 | Log: System
Message: The attempt to reboot D161GQ21 failed


Computer Name: D161GQ21 | ID: 2001 | Source: Microsoft Antimalware | Type: Error | Date: 3-5-11 19:52:0 | Log: System
Message: %%860 has encountered an error trying to update signatures.



New Signature Version:



Previous Signature Version: 1.103.780.0



Update Source: %%859



Update Stage: %%852



Source Path: Default URL



Signature Type: %%800



Update Type: %%803



User: NT AUTHORITY\SYSTEM



Current Engine Version:



Previous Engine Version: 1.1.6802.0



Error code: 0x80070424



Error description: The specified service does not exist as an installed service.


Computer Name: D161GQ21 | ID: 4 | Source: bcm4sbxp | Type: Warning | Date: 3-5-11 6:21:50 | Log: System
Message: Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.


Computer Name: D161GQ21 | ID: 4 | Source: bcm4sbxp | Type: Warning | Date: 3-5-11 5:34:44 | Log: System
Message: Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.


<<<< Special Events >>>>

There were no special events found



------ End of File ------
  • 0

#30
Render
Posted 06 May 2011 - 03:30 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Now follow these steps:

Step 1

  • Click Start, click Run, type msconfig, and then click OK.
  • The System Configuration Utility dialog box is displayed.

Step 2

  • In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
  • Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
  • When you are prompted, click Restart to restart the computer and check for Windows installer splash window at Windows startup.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP