Posting for help again

Posted 7/7/2011 2:30 PM
#91850
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Hello. I'm not sure if I did something wrong in that I am no longer receiving help for anything that I have posted lately. If I did something that does not follow protocol, please let me know so I can fix it. :smile: Thanks. Is Touch no longer on this forum as he was helping me and then it seemed as if communication has stopped completely-again, maybe I missed a forum rule or something??. <br/>Anyway, I will re-post what I need help with again here! <br/> <br/>I have a refurbished computer(Windows XP, SP3) and wanted to check/scan it to see if there is any kind of tracking type of thing on it before I use it to check my email or go to places that are password protected. I am not sure how to do this so any help would be welcome. At this point, I have another issue as well as when my kids were playing on one of their kid friendly sites the computer began freaking out and the screen was flashing, etc. I shut it down immediately and turned it back on. It is working but we are getting some pop ups now. Again, not sure how to scan to be sure this system is clean all the way around-especially after what just happened with the flashing, etc. Thanks in advance for your help!
Posted 7/7/2011 3:33 PM
#91851
User avatar

Dickens Advanced member

Date Joined Nov 2016
Total Posts: 261
Have you any antivirus software already installed on your computer? <br/> <br/>What are the pop ups showing? It could be one of the many fake rogue antispyware programmes that are doing the rounds. <br/> <br/>If you already have antivirus software a first step would be to scan your computer in Safe Mode. You may have to scan several times before any malware shows up. <br/> <br/>If you have no antivirus software installed, try downloading Malwarebytes anti-Malware Free. It does not provide real-time protection but is a useful tool to begin with. <br/> <br/>I hope that is something to get you started.
Posted 7/10/2011 7:01 PM
#91883
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
THere is something on my computer called clamvirus. I updated it and ran the scan. It found some sort of trojan and removed it. It also found a bunch of 'locked files" that could not be scanned so I have no idea what they are. I downloaded AVI and scanned the system and it too found a bunch of locked files but no virus or anything. The pop ups continue and I at this point and just hoping that when this system was refurbished that some sort of tracking thing was not placed into this computer. Not sure what to do now. I think I will download malwarebytes and scan the system and also use CCleaner. Any thoughts would be helpful!! Thanks!!
Posted 7/11/2011 12:44 PM
#91886
User avatar

rpggamergirl Advanced member

Date Joined Nov 2016
Total Posts: 938
After MalwareBytes also run ComboFix and TDSSKiller. If your desktop shortcuts or the Program files menu are missing, I suggest not to run CCleaner. <br/> <br/>Please download ComboFix by sUBs. <br/>http://download.bleepingcomputer.com/sUBs/ComboFix.exe <br/> <br/>STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix. <br/>Double click combofix.exe & follow the prompts. <br/>When finished, it will produce a log. Please save that log and attach it in your next reply. <br/>Note: <br/>Do not mouse-click combofix's window while it is running. That may cause it to stall. <br/> <br/>ComboFix tutorial: <br/>http://www.bleepingcomputer.com/combofix/how-to-use-combofix <br/> <br/>Also run TDSSKiller: <br/>http://support.kaspersky.com/viruses/solutions?qid=208280684 <br/> <br/>Please post the logfiles.
* You may pm me if you're still waiting for my follow-up post.
Posted 7/11/2011 2:36 PM
#91889
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Hi! Thank you so much for your help. I did not end up running CCleaner. Here is the log from Combofix. I will run TDSSKiller shortly and post any logfiles from that. Thanks again for your help. Oh, do you know of Clamvirus? Is it something that I need or is it safe to uninstall? Thanks! <br/> <br/>ComboFix 11-07-11.02 - User 07/11/2011 10:26:25.1.2 - x86 <br/>Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.407 [GMT -4:00] <br/>Running from: c:\documents and settings\User\Desktop\ComboFix.exe <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>c:\program files\Play Pickle\plAYpicklelib32.dll <br/>c:\program files\Play Pickle\ppTL.dll <br/>. <br/>. <br/>((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2011-07-07 14:43 . 2011-07-07 14:43 -------- d-sh--w- c:\documents and settings\User\IECompatCache <br/>2011-07-04 16:06 . 2011-07-04 16:06 -------- d-----w- c:\program files\Common Files\Real <br/>2011-07-04 16:02 . 2002-11-12 16:22 569397 ----a-w- c:\program files\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll <br/>2011-07-04 16:02 . 2011-07-04 16:06 -------- d-----w- c:\program files\Rhapsody <br/>2011-07-01 23:17 . 2011-07-04 04:32 -------- d-----w- c:\documents and settings\User\Application Data\vlc <br/>2011-06-26 22:45 . 2011-06-26 22:45 -------- d-----w- c:\documents and settings\User\Application Data\Wave Systems Corp <br/>2011-06-26 17:26 . 2011-06-26 17:26 -------- d-----w- c:\documents and settings\User\Application Data\Unity <br/>2011-06-26 12:32 . 2011-06-26 12:32 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Unity <br/>2011-06-24 23:32 . 2011-06-24 23:32 -------- d-----w- c:\program files\Common Files\Adobe <br/>2011-06-24 23:29 . 2011-06-24 23:29 -------- d-----w- c:\program files\Common Files\Adobe AIR <br/>2011-06-24 23:29 . 2011-06-24 23:38 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Adobe <br/>2011-06-24 17:08 . 2011-06-24 23:38 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Temp <br/>2011-06-24 16:20 . 2011-06-24 16:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google <br/>2011-06-24 14:03 . 2011-06-24 14:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google <br/>2011-06-24 14:03 . 2011-06-24 23:18 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Google <br/>2011-06-24 14:03 . 2011-06-26 22:52 -------- d-----w- c:\program files\Google <br/>2011-06-24 14:02 . 2011-06-24 14:10 -------- d-----w- c:\windows\system32\Adobe <br/>2011-06-23 20:19 . 2011-06-25 00:07 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\AskToolbar <br/>2011-06-23 20:19 . 2011-06-23 20:20 -------- d-----w- c:\program files\Ask.com <br/>2011-06-23 20:19 . 2011-06-23 20:19 -------- d-----w- C:\Firefox <br/>2011-06-23 20:18 . 2011-06-23 20:18 -------- d-----w- c:\program files\The Weather Channel FW <br/>2011-06-23 20:18 . 2011-06-23 20:18 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\The Weather Channel <br/>2011-06-23 20:17 . 2011-07-11 14:28 -------- d-----w- c:\program files\Play Pickle <br/>2011-06-19 17:22 . 2011-06-19 17:22 -------- d-----w- c:\program files\Microsoft Encarta <br/>2011-06-19 17:20 . 2011-06-19 17:21 -------- d-----w- c:\program files\Microsoft Picture It! 2002 <br/>2011-06-19 17:16 . 2011-06-19 17:19 -------- d-----w- c:\program files\Microsoft Streets & Trips <br/>2011-06-19 17:14 . 2011-06-19 17:16 -------- d-----w- c:\program files\Microsoft Money <br/>2011-06-19 17:12 . 2011-06-19 17:12 -------- d-----w- c:\program files\Microsoft ActiveSync <br/>2011-06-19 17:12 . 2011-06-19 17:12 -------- d-----w- c:\windows\ShellNew <br/>2011-06-19 17:11 . 2011-06-19 17:13 -------- d-----w- c:\program files\Microsoft Works <br/>2011-06-19 17:10 . 2011-06-19 17:10 -------- d-----w- c:\program files\Microsoft Works Suite 2002 <br/>2011-06-17 23:04 . 2011-06-17 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG <br/>2011-06-17 23:03 . 2011-06-17 23:03 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\HP <br/>2011-06-17 23:02 . 2011-06-17 23:05 -------- d-----w- c:\documents and settings\User\Application Data\HP <br/>2011-06-17 23:02 . 2009-04-16 18:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll <br/>2011-06-17 23:02 . 2009-04-16 18:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll <br/>2011-06-17 22:58 . 2011-06-17 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion <br/>2011-06-17 22:58 . 2011-06-17 22:58 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo! <br/>2011-06-17 22:58 . 2011-06-17 22:58 -------- d-----w- c:\program files\Yahoo! <br/>2011-06-17 22:58 . 2011-06-17 22:58 -------- d-----w- c:\windows\Cache <br/>2011-06-17 22:58 . 2011-06-17 22:58 -------- d-----w- c:\program files\Coupons <br/>2011-06-17 22:58 . 2011-06-17 22:58 -------- d-----w- c:\program files\HP Photo Creations <br/>2011-06-17 22:58 . 2011-06-17 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations <br/>2011-06-17 22:58 . 2011-07-03 02:33 -------- d-----w- c:\documents and settings\User\Application Data\HpUpdate <br/>2011-06-17 22:57 . 2011-06-17 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant <br/>2011-06-17 22:55 . 2011-06-17 23:03 -------- d-----w- c:\program files\HP <br/>2011-06-17 20:56 . 2011-06-17 20:56 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Identities <br/>2011-06-12 18:25 . 2011-06-12 18:25 -------- d-----w- c:\documents and settings\User\Application Data\OpenOffice.org <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2011-04-25 11:36 . 2009-11-05 12:53 385024 ----a-w- c:\windows\system32\html.iec <br/>. <br/>. <br/>------- Sigcheck ------- <br/>Note: Unsigned files aren't necessarily malware. <br/>. <br/>[-] 2009-11-05 . 600D58665D16BFBB776EFEFB0E80532D . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/>. <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] <br/>"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] <br/>. <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] <br/>2011-05-17 17:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] <br/>"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] <br/>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] <br/>[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] <br/>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] <br/>. <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] <br/>"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] <br/>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] <br/>[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] <br/>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040] <br/>"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-06-04 822384] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-03 7630848] <br/>"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] <br/>"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-06 24576] <br/>"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830] <br/>"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738] <br/>"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714] <br/>"Play Pickle"="c:\program files\Play Pickle\playpickle32.exe" [2011-06-23 109056] <br/>"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144] <br/>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] <br/>. <br/>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] <br/>"ShowDeskFix"="shell32" [X] <br/>"IE8"="advpack.dll" [2009-11-05 128512] <br/>. <br/>c:\documents and settings\User\Start Menu\Programs\Startup\ <br/>OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] <br/>. <br/>c:\documents and settings\All Users\Start Menu\Programs\Startup\ <br/>HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] <br/>Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] <br/>Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin] <br/>2010-04-14 00:14 86016 ----a-w- c:\program files\ClamWin\bin\ClamTray.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] <br/>2008-04-14 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] <br/>2001-07-09 14:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] <br/>2006-10-03 18:07 7630848 ----a-w- c:\windows\system32\nvcpl.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] <br/>2006-10-03 18:07 86016 ----a-w- c:\windows\system32\nvmctray.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] <br/>2006-10-03 18:07 1617920 ----a-w- c:\windows\system32\nwiz.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] <br/>2006-07-27 18:19 282624 ----a-w- c:\windows\stsystra.exe <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] <br/>2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe <br/>. <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\Program Files\\Skype\\Phone\\Skype.exe"= <br/>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= <br/>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= <br/>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= <br/>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= <br/>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= <br/>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= <br/>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= <br/>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= <br/>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= <br/>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= <br/>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= <br/>"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= <br/>"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] <br/>HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 <br/>HPService REG_MULTI_SZ HPSLPSVC <br/>hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/>. <br/>2011-07-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job <br/>- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 17:29] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uStart Page = hxxp://aol.com/ <br/>IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html <br/>TCP: DhcpNameServer = 192.168.11.1 <br/>. <br/>. <br/>************************************************************************** <br/>. <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2011-07-11 10:30 <br/>Windows 5.1.2600 Service Pack 3 NTFS <br/>. <br/>scanning hidden processes ... <br/>. <br/>scanning hidden autostart entries ... <br/>. <br/>scanning hidden files ... <br/>. <br/>scan completed successfully <br/>hidden files: 0 <br/>. <br/>************************************************************************** <br/>. <br/>--------------------- DLLs Loaded Under Running Processes --------------------- <br/>. <br/>- - - - - - - > 'explorer.exe'(2340) <br/>c:\windows\system32\WININET.dll <br/>c:\windows\system32\webcheck.dll <br/>c:\windows\system32\IEFRAME.dll <br/>c:\windows\system32\mshtml.dll <br/>c:\windows\system32\msls31.dll <br/>c:\windows\system32\wpdshserviceobj.dll <br/>c:\windows\system32\portabledevicetypes.dll <br/>c:\windows\system32\portabledeviceapi.dll <br/>. <br/>------------------------ Other Running Processes ------------------------ <br/>. <br/>c:\program files\Wave Systems Corp\Common\DataServer.exe <br/>c:\program files\Java\jre6\bin\jqs.exe <br/>c:\windows\system32\nvsvc32.exe <br/>c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe <br/>c:\program files\OpenOffice.org 3\program\soffice.exe <br/>c:\program files\OpenOffice.org 3\program\soffice.bin <br/>c:\windows\system32\wscntfy.exe <br/>c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe <br/>c:\program files\HP\Digital Imaging\bin\hpqbam08.exe <br/>c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe <br/>. <br/>************************************************************************** <br/>. <br/>Completion time: 2011-07-11 10:32:17 - machine was rebooted <br/>ComboFix-quarantined-files.txt 2011-07-11 14:32 <br/>. <br/>Pre-Run: 630,148,403,200 bytes free <br/>Post-Run: 630,859,644,928 bytes free <br/>. <br/>WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe <br/>[boot loader] <br/>timeout=2 <br/>default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS <br/>[operating systems] <br/>c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons <br/>UnsupportedDebug="do not select this" /debug <br/>multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect <br/>. <br/>- - End Of File - - 2F2DDD783EAF875BDD9790C8EF9FECE1
Posted 7/11/2011 2:59 PM
#91890
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Here is the log from TDSSKiller.... <br/> <br/>2011/07/11 10:58:14.0345 3268 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21 <br/>2011/07/11 10:58:14.0720 3268 ================================================================================ <br/>2011/07/11 10:58:14.0720 3268 SystemInfo: <br/>2011/07/11 10:58:14.0720 3268 <br/>2011/07/11 10:58:14.0720 3268 OS Version: 5.1.2600 ServicePack: 3.0 <br/>2011/07/11 10:58:14.0720 3268 Product type: Workstation <br/>2011/07/11 10:58:14.0720 3268 ComputerName: BUSINESS <br/>2011/07/11 10:58:14.0720 3268 UserName: User <br/>2011/07/11 10:58:14.0720 3268 Windows directory: C:\WINDOWS <br/>2011/07/11 10:58:14.0720 3268 System windows directory: C:\WINDOWS <br/>2011/07/11 10:58:14.0720 3268 Processor architecture: Intel x86 <br/>2011/07/11 10:58:14.0720 3268 Number of processors: 2 <br/>2011/07/11 10:58:14.0720 3268 Page size: 0x1000 <br/>2011/07/11 10:58:14.0720 3268 Boot type: Normal boot <br/>2011/07/11 10:58:14.0720 3268 ================================================================================ <br/>2011/07/11 10:58:15.0595 3268 Initialize success <br/>2011/07/11 10:58:17.0939 0188 ================================================================================ <br/>2011/07/11 10:58:17.0939 0188 Scan started <br/>2011/07/11 10:58:17.0939 0188 Mode: Manual; <br/>2011/07/11 10:58:17.0939 0188 ================================================================================ <br/>2011/07/11 10:58:19.0158 0188 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys <br/>2011/07/11 10:58:19.0220 0188 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys <br/>2011/07/11 10:58:19.0283 0188 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys <br/>2011/07/11 10:58:19.0361 0188 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys <br/>2011/07/11 10:58:19.0455 0188 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys <br/>2011/07/11 10:58:19.0580 0188 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys <br/>2011/07/11 10:58:19.0595 0188 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys <br/>2011/07/11 10:58:19.0658 0188 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys <br/>2011/07/11 10:58:19.0673 0188 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys <br/>2011/07/11 10:58:19.0752 0188 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys <br/>2011/07/11 10:58:19.0783 0188 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys <br/>2011/07/11 10:58:19.0830 0188 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys <br/>2011/07/11 10:58:19.0892 0188 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys <br/>2011/07/11 10:58:19.0955 0188 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys <br/>2011/07/11 10:58:19.0986 0188 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys <br/>2011/07/11 10:58:20.0017 0188 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys <br/>2011/07/11 10:58:20.0158 0188 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys <br/>2011/07/11 10:58:20.0189 0188 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys <br/>2011/07/11 10:58:20.0267 0188 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys <br/>2011/07/11 10:58:20.0298 0188 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys <br/>2011/07/11 10:58:20.0330 0188 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys <br/>2011/07/11 10:58:20.0408 0188 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys <br/>2011/07/11 10:58:20.0470 0188 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys <br/>2011/07/11 10:58:20.0642 0188 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys <br/>2011/07/11 10:58:20.0689 0188 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys <br/>2011/07/11 10:58:20.0736 0188 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys <br/>2011/07/11 10:58:20.0767 0188 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys <br/>2011/07/11 10:58:20.0798 0188 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys <br/>2011/07/11 10:58:20.0845 0188 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys <br/>2011/07/11 10:58:20.0877 0188 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys <br/>2011/07/11 10:58:20.0908 0188 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys <br/>2011/07/11 10:58:20.0986 0188 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys <br/>2011/07/11 10:58:21.0033 0188 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys <br/>2011/07/11 10:58:21.0048 0188 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys <br/>2011/07/11 10:58:21.0064 0188 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys <br/>2011/07/11 10:58:21.0095 0188 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys <br/>2011/07/11 10:58:21.0220 0188 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys <br/>2011/07/11 10:58:21.0252 0188 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys <br/>2011/07/11 10:58:21.0345 0188 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys <br/>2011/07/11 10:58:21.0361 0188 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys <br/>2011/07/11 10:58:21.0377 0188 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys <br/>2011/07/11 10:58:21.0455 0188 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys <br/>2011/07/11 10:58:21.0486 0188 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys <br/>2011/07/11 10:58:21.0517 0188 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys <br/>2011/07/11 10:58:21.0611 0188 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys <br/>2011/07/11 10:58:21.0627 0188 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys <br/>2011/07/11 10:58:21.0642 0188 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys <br/>2011/07/11 10:58:21.0705 0188 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys <br/>2011/07/11 10:58:21.0736 0188 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys <br/>2011/07/11 10:58:21.0845 0188 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys <br/>2011/07/11 10:58:21.0939 0188 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys <br/>2011/07/11 10:58:21.0986 0188 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys <br/>2011/07/11 10:58:22.0064 0188 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys <br/>2011/07/11 10:58:22.0080 0188 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys <br/>2011/07/11 10:58:22.0111 0188 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys <br/>2011/07/11 10:58:22.0189 0188 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys <br/>2011/07/11 10:58:22.0220 0188 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys <br/>2011/07/11 10:58:22.0283 0188 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys <br/>2011/07/11 10:58:22.0330 0188 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys <br/>2011/07/11 10:58:22.0330 0188 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys <br/>2011/07/11 10:58:22.0423 0188 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys <br/>2011/07/11 10:58:22.0470 0188 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys <br/>2011/07/11 10:58:22.0548 0188 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys <br/>2011/07/11 10:58:22.0580 0188 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys <br/>2011/07/11 10:58:22.0673 0188 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys <br/>2011/07/11 10:58:22.0767 0188 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys <br/>2011/07/11 10:58:22.0783 0188 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys <br/>2011/07/11 10:58:22.0877 0188 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys <br/>2011/07/11 10:58:22.0908 0188 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys <br/>2011/07/11 10:58:22.0955 0188 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys <br/>2011/07/11 10:58:22.0986 0188 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys <br/>2011/07/11 10:58:23.0017 0188 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys <br/>2011/07/11 10:58:23.0095 0188 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys <br/>2011/07/11 10:58:23.0205 0188 nv (5b86ee468f48f53154ecf4590e60cb20) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys <br/>2011/07/11 10:58:23.0330 0188 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys <br/>2011/07/11 10:58:23.0408 0188 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys <br/>2011/07/11 10:58:23.0439 0188 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys <br/>2011/07/11 10:58:23.0548 0188 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys <br/>2011/07/11 10:58:23.0595 0188 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys <br/>2011/07/11 10:58:23.0673 0188 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys <br/>2011/07/11 10:58:23.0705 0188 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys <br/>2011/07/11 10:58:23.0736 0188 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys <br/>2011/07/11 10:58:23.0908 0188 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys <br/>2011/07/11 10:58:23.0923 0188 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys <br/>2011/07/11 10:58:23.0955 0188 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys <br/>2011/07/11 10:58:23.0970 0188 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys <br/>2011/07/11 10:58:24.0095 0188 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys <br/>2011/07/11 10:58:24.0127 0188 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys <br/>2011/07/11 10:58:24.0205 0188 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys <br/>2011/07/11 10:58:24.0236 0188 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys <br/>2011/07/11 10:58:24.0298 0188 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys <br/>2011/07/11 10:58:24.0345 0188 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys <br/>2011/07/11 10:58:24.0423 0188 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys <br/>2011/07/11 10:58:24.0455 0188 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys <br/>2011/07/11 10:58:24.0517 0188 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys <br/>2011/07/11 10:58:24.0580 0188 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys <br/>2011/07/11 10:58:24.0595 0188 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys <br/>2011/07/11 10:58:24.0611 0188 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys <br/>2011/07/11 10:58:24.0627 0188 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys <br/>2011/07/11 10:58:24.0736 0188 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys <br/>2011/07/11 10:58:24.0783 0188 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys <br/>2011/07/11 10:58:24.0877 0188 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys <br/>2011/07/11 10:58:24.0939 0188 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys <br/>2011/07/11 10:58:25.0033 0188 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys <br/>2011/07/11 10:58:25.0064 0188 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys <br/>2011/07/11 10:58:25.0142 0188 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys <br/>2011/07/11 10:58:25.0220 0188 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys <br/>2011/07/11 10:58:25.0267 0188 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys <br/>2011/07/11 10:58:25.0314 0188 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys <br/>2011/07/11 10:58:25.0345 0188 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys <br/>2011/07/11 10:58:25.0408 0188 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys <br/>2011/07/11 10:58:25.0502 0188 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys <br/>2011/07/11 10:58:25.0533 0188 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys <br/>2011/07/11 10:58:25.0611 0188 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys <br/>2011/07/11 10:58:25.0658 0188 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys <br/>2011/07/11 10:58:25.0705 0188 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys <br/>2011/07/11 10:58:25.0752 0188 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys <br/>2011/07/11 10:58:25.0830 0188 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys <br/>2011/07/11 10:58:25.0861 0188 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS <br/>2011/07/11 10:58:25.0923 0188 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys <br/>2011/07/11 10:58:25.0955 0188 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys <br/>2011/07/11 10:58:26.0002 0188 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys <br/>2011/07/11 10:58:26.0080 0188 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys <br/>2011/07/11 10:58:26.0173 0188 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys <br/>2011/07/11 10:58:26.0220 0188 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys <br/>2011/07/11 10:58:26.0236 0188 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys <br/>2011/07/11 10:58:26.0267 0188 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 <br/>2011/07/11 10:58:26.0345 0188 Boot (0x1200) (00d76d5c8a7850e8500495f8acada7c6) \Device\Harddisk0\DR0\Partition0 <br/>2011/07/11 10:58:26.0361 0188 ================================================================================ <br/>2011/07/11 10:58:26.0361 0188 Scan finished <br/>2011/07/11 10:58:26.0361 0188 ================================================================================ <br/>2011/07/11 10:58:26.0361 3880 Detected object count: 0 <br/>2011/07/11 10:58:26.0361 3880 Actual detected object count: 0
Posted 7/11/2011 2:59 PM
#91891
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
FYI-Malewarebytes found no infected files.
Posted 7/15/2011 1:04 PM
#91922
User avatar

rpggamergirl Advanced member

Date Joined Nov 2016
Total Posts: 938
Thanks for the logs. <br/>I assume you mean Clamwin since that's what's showing in the log? <br/>ClamWin is an open source free antivirus. As shown in the CF log it doesn't seem to be running. ComboFix doesn't detect any security software there at all. You can uninstall ClamWin if you like since it doesn't seem to be running in the startup unless someone disabled it on purpose. There are also other free antivirus out there. I'm using MSE now but I used to have free Avast antivirus. <br/> <br/>Is the PC still having those popups? <br/>I would uninstall these unnecessary programs below. <br/>Ask.com <br/>Play Pickle
* You may pm me if you're still waiting for my follow-up post.
Posted 7/16/2011 3:46 PM
#91926
User avatar

KMB1999 Advanced member

Date Joined Nov 2016
Total Posts: 95
Okay, thanks. I will uninstall ClamWin as I never disabled it. It was on here when I received the refurbished computer and I never did anything with it. Just wanted to be sure it is safe to remove. I'll try the Avast. Sorry, but what is MSE? My computer is not having popups!! :o) BTW...do you see anything in the logs that shows any type of tracking thing...I want to be able to do my work on sites that are password protected without being vulnerable. Thanks for your help!!!!
Posted 7/17/2011 3:02 AM
#91927
User avatar

rpggamergirl Advanced member

Date Joined Nov 2016
Total Posts: 938
I don't see any password stealer or infostealer nor a keylogger in the logs but you never really know since it's possible for one or two scanners to miss some nasties. <br/>You could also try using an online Kaspersky scan or using Kaspersky's removal tool, or another online scanner like Eset scan. <br/> <br/>MSE is the "Microsoft Security Essentials" free antivirus, sorry for posting the abbreviated name MSE. <br/>http://www.microsoft.com/en-au/security_essentials/default.aspx
* You may pm me if you're still waiting for my follow-up post.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Tuesday, December 6, 2016, 3:52 AM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 2 new threads and 3 reply posts.

Who's online

This forum has 37,965 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.