Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BSOD caused by watchdog.sys [Solved]

Started by gandolf , Nov 25 2011 09:49 AM

  • This topic is locked This topic is locked

#1
gandolf
Posted 25 November 2011 - 09:49 AM

gandolf

    Member

  • Member
  • PipPip
  • 59 posts
hi im not sure it this is the proper place to post this topic....but i have been getting BSOD quiet frequently..i would appreciate help on this matter thanks...i wont post anything till im advised to....
  • 0

Advertisements

#2
maliprog
Posted 30 November 2011 - 02:34 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello gandolf and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#3
gandolf
Posted 30 November 2011 - 03:09 AM

gandolf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
hi and thank u for helping me.......i clicked the link to download otl but all i get is a blank page
  • 0

#4
gandolf
Posted 30 November 2011 - 04:15 AM

gandolf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
OTL Extras logfile created on: 11/27/2011 8:00:56 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mike.MIKE-DNN2H787OG\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.02% Memory free
3.85 Gb Paging File | 3.38 Gb Available in Paging File | 87.77% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 54.83 Gb Free Space | 36.79% Space Free | Partition Type: NTFS

Computer Name: MIKE-DNN2H787OG | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4CF72FF-4A3F-44A7-BFF2-31A8E1CC70B6}" = Application Compatibility Toolkit
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E602FA72-18BB-444F-8EAE-5E8146FFE31E}" = The Incredibles - When Danger Calls
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Akamai" = Akamai NetSession Interface Service
"Belarc Advisor" = Belarc Advisor 8.2
"ie8" = Windows Internet Explorer 8
"LastChaos" = LastChaos
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Puran Defrag_is1" = Puran Defrag 7.3
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/21/2011 5:42:08 PM | Computer Name = MIKE-DNN2H787OG | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module comctl32.dll, version 5.82.2900.6028, fault address 0x000065c1.

Error - 9/23/2011 2:58:14 AM | Computer Name = MIKE-DNN2H787OG | Source = nview_info | ID = 11141121
Description =

Error - 9/23/2011 1:29:31 PM | Computer Name = MIKE-DNN2H787OG | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module comctl32.dll, version 5.82.2900.6028, fault address 0x000065c1.

Error - 9/23/2011 1:29:42 PM | Computer Name = MIKE-DNN2H787OG | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module comctl32.dll, version 5.82.2900.6028, fault address 0x000065c1.

Error - 9/23/2011 1:30:04 PM | Computer Name = MIKE-DNN2H787OG | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module comctl32.dll, version 5.82.2900.6028, fault address 0x000065c1.

Error - 9/23/2011 1:31:25 PM | Computer Name = MIKE-DNN2H787OG | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module comctl32.dll, version 5.82.2900.6028, fault address 0x000065c1.

[ System Events ]
Error - 11/11/2011 1:18:50 PM | Computer Name = MIKE-DNN2H787OG | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/11/2011 1:18:50 PM | Computer Name = MIKE-DNN2H787OG | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/11/2011 1:18:50 PM | Computer Name = MIKE-DNN2H787OG | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/11/2011 1:18:51 PM | Computer Name = MIKE-DNN2H787OG | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/11/2011 1:18:51 PM | Computer Name = MIKE-DNN2H787OG | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/11/2011 1:18:51 PM | Computer Name = MIKE-DNN2H787OG | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/11/2011 1:18:51 PM | Computer Name = MIKE-DNN2H787OG | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/12/2011 5:29:07 AM | Computer Name = MIKE-DNN2H787OG | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Akamai service.

Error - 11/15/2011 9:22:06 PM | Computer Name = MIKE-DNN2H787OG | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Akamai service.

Error - 11/17/2011 8:54:01 PM | Computer Name = MIKE-DNN2H787OG | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Akamai service.


< End of report > heres the extra log
  • 0

#5
gandolf
Posted 30 November 2011 - 04:17 AM

gandolf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
OTL logfile created on: 11/30/2011 9:32:15 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mike.MIKE-DNN2H787OG\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.32% Memory free
3.85 Gb Paging File | 3.12 Gb Available in Paging File | 81.13% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 54.75 Gb Free Space | 36.73% Space Free | Partition Type: NTFS

Computer Name: MIKE-DNN2H787OG | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/27 08:00:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\My Documents\Downloads\OTL.exe
PRC - [2011/11/18 13:46:36 | 004,759,896 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASC.exe
PRC - [2011/11/17 06:58:04 | 003,303,000 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/11/12 10:42:50 | 001,647,448 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/10/08 04:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/09/27 19:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/08/02 14:50:00 | 000,610,120 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 23:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/18 11:49:16 | 000,880,984 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\Scan.dll
MOD - [2011/11/18 00:52:44 | 003,313,752 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_d768ebc.dll
MOD - [2011/11/15 05:39:54 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011/11/15 05:39:53 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/15 05:38:16 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/15 05:38:15 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011/11/15 05:38:14 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011/11/10 22:43:26 | 000,138,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll
MOD - [2011/11/10 22:43:22 | 000,103,256 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ComputerMenu.dll
MOD - [2011/11/10 19:24:30 | 000,599,896 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\DiskMap.dll
MOD - [2011/10/19 22:19:30 | 008,906,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\WebUI.dll
MOD - [2011/10/19 22:19:24 | 000,564,712 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\sqlite3.dll
MOD - [2011/10/19 22:18:48 | 000,058,712 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\NtfsData.dll
MOD - [2011/10/17 16:56:27 | 000,043,520 | ---- | M] () -- C:\WINDOWS\system32\CmdLineExt03.dll
MOD - [2011/10/08 04:50:00 | 000,355,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2010/02/05 18:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 23:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/13 23:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (npggsvc)
SRV - [2011/11/18 00:52:44 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/10/08 04:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/09/27 19:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/04/13 23:00:00 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)


========== Driver Services (SafeList) ==========

DRV - [2011/11/30 05:51:25 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7E23E9AE-3913-4BD0-BD2A-870C308043D3}\MpKsle35e354e.sys -- (MpKsle35e354e)
DRV - [2011/10/18 19:53:14 | 006,439,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/03/03 11:00:00 | 000,043,392 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)
DRV - [2005/04/17 23:30:04 | 000,025,984 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTrLan.sys -- (CnxTrLan)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 21:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2001/08/18 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1316389804875 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ad...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEA1E789-237D-4BB8-86C6-183A3D11C83A}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/10 17:56:11 | 000,194,428 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2009/03/10 17:56:11 | 000,007,372 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
O32 - AutoRun File - [2008/01/15 04:18:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (RegistryDefragBootTime.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/28 08:00:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/11/28 08:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2011/11/28 07:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Application Data\Sun
[2011/11/27 18:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\microsoft
[2011/11/27 09:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\My Documents\WDM_R266
[2011/11/25 12:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2011/11/25 12:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced SystemCare 5
[2011/11/23 06:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2011/11/16 04:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Application Data\GetRightToGo
[2011/11/14 02:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Start Menu\Programs\Google Chrome
[2011/11/13 03:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Start Menu\Programs\NirSoft BlueScreenView
[2011/11/13 03:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2011/11/11 17:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Application Data\IObit
[2011/11/10 20:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Start Menu\Programs\AeriaGames
[2011/11/10 20:08:00 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2011/11/10 19:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Akamai
[2011/11/01 06:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Application Data\WinRAR
[2011/11/01 05:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Geckofx
[2011/11/01 05:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Application Data\Mozilla
[2011/11/01 05:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

========== Files - Modified Within 30 Days ==========

[2011/11/30 08:55:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1078081533-839522115-1004UA.job
[2011/11/29 20:06:03 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\ASC5_AutoClean.job
[2011/11/29 19:53:36 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/29 19:48:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/29 17:58:35 | 000,013,702 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/29 10:17:58 | 000,000,434 | -HS- | M] () -- C:\WINDOWS\8168570drv.spi
[2011/11/29 03:38:28 | 000,285,176 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/11/29 03:38:28 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/11/29 03:37:12 | 000,285,176 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/11/26 11:55:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1078081533-839522115-1004Core.job
[2011/11/25 17:00:01 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\ASC5_AutoUpdate.job
[2011/11/25 12:03:59 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Quick Care.lnk
[2011/11/25 12:03:59 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 5.lnk
[2011/11/25 12:03:59 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Advanced SystemCare 5.lnk
[2011/11/20 22:09:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/18 16:56:17 | 000,002,395 | ---- | M] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Desktop\Google Chrome.lnk
[2011/11/18 16:56:17 | 000,002,373 | ---- | M] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/16 04:56:23 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys
[2011/11/14 02:16:40 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/10 20:23:41 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Desktop\LastChaos.lnk
[2011/11/10 20:07:34 | 938,085,584 | ---- | M] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Desktop\lastchaos_us_installer_20110803.exe

========== Files Created - No Company Name ==========

[2011/11/29 09:27:18 | 000,000,434 | -HS- | C] () -- C:\WINDOWS\8168570drv.spi
[2011/11/27 09:28:25 | 000,016,836 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2011/11/25 16:11:28 | 000,003,250 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/11/25 12:26:09 | 000,020,312 | ---- | C] () -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2011/11/25 12:04:37 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\ASC5_AutoUpdate.job
[2011/11/25 12:04:36 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\ASC5_AutoClean.job
[2011/11/25 12:03:59 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Quick Care.lnk
[2011/11/25 12:03:59 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 5.lnk
[2011/11/25 12:03:59 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Advanced SystemCare 5.lnk
[2011/11/16 04:56:23 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2011/11/14 02:40:22 | 000,002,395 | ---- | C] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Desktop\Google Chrome.lnk
[2011/11/14 02:40:22 | 000,002,373 | ---- | C] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/10 20:23:41 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Desktop\LastChaos.lnk
[2011/11/10 19:45:47 | 938,085,584 | ---- | C] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Desktop\lastchaos_us_installer_20110803.exe
[2011/10/17 16:56:27 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/10/07 15:36:37 | 000,182,416 | ---- | C] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\census.cache
[2011/10/07 15:36:30 | 000,228,999 | ---- | C] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\ars.cache
[2011/10/07 15:22:58 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\housecall.guid.cache
[2011/10/05 17:05:02 | 000,003,910 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LuUninstall.LiveUpdate
[2011/09/28 15:54:29 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/09/28 15:54:29 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/09/28 15:54:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/09/28 15:53:42 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/09/18 18:01:17 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011/09/18 15:10:38 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/09/17 20:40:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/17 14:16:35 | 000,004,290 | ---- | C] () -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\FASTWiz.html
[2011/09/15 19:10:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/15 19:08:31 | 000,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/15 18:26:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/15 18:21:57 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/13 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/13 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/13 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/13 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/13 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/13 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/13 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2005/04/15 03:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 03:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 12:00:00 | 000,433,082 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 12:00:00 | 000,067,928 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/12 16:14:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\shelexec.exe

========== LOP Check ==========

[2011/11/25 12:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2011/10/10 15:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
[2011/10/14 15:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2011/10/10 15:29:49 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/10/05 20:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Application Data\Easeware
[2011/09/18 22:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Application Data\ElevatedDiagnostics
[2011/11/16 05:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Application Data\GetRightToGo
[2011/11/25 12:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Application Data\IObit
[2011/10/10 15:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.MIKE-DNN2H787OG\Application Data\TuneUp Software
[2011/11/29 20:06:03 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\ASC5_AutoClean.job
[2011/11/25 17:00:01 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\ASC5_AutoUpdate.job
[2011/11/29 19:53:36 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/02/19 14:11:38 | 1406,135,356 | ---- | M] () -- C:\vc_setup_0.52.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 23:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 23:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 23:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 23:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/13 23:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 23:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/13 23:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 23:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 11:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 11:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 11:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/18 12:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/11/15 05:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 11:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 11:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 11:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/18 12:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

< End of report > OTL log
  • 0

#6
gandolf
Posted 30 November 2011 - 06:53 PM

gandolf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
hi maliprog i have run GMER 2 times to scan following your instructions...and 2 times my pc froze completly i have had to reboot pc by turning off and on comp....what do i do,,,thanks
  • 0

#7
maliprog
Posted 01 December 2011 - 12:35 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi gandolf,

Leave GMER for now. Let's try these steps instead.

Step 1

  • Go to Start -> My Computer
  • Right click on C: disk and clik on Properties
  • Click on tab Tools and click on Check now... button
  • Check Automatically fix system errors and Scan for and attempt recovery of bad sectors
  • Click Start button
  • Confirm schedule disk check next time computer starts with Yes button
  • Restart your system and wait while system checks your disk for errors

This step usually fix some errors related to BSOD.

Step 2


Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#8
gandolf
Posted 01 December 2011 - 01:57 PM

gandolf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
hi maliprog combofix logComboFix 11-12-01.03 - mike 12/01/2011 19:38:28.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1529 [GMT 0:00]
Running from: c:\documents and settings\mike.MIKE-DNN2H787OG\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\mike.MIKE-DNN2H787OG\Templates\Temp.exe
c:\documents and settings\mike\WINDOWS
C:\RECYCLER(3)
c:\recycler(3)\S-1-5-21-1409082233-1935655697-725345543-1004(2)\INFO2
c:\windows\system32\usmt\migwiz_a.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-12-01 19:22 . 2011-12-01 19:22 28752 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA2F7EBF-3C56-49D2-A06E-3399023C38BE}\MpKslafea3564.sys
2011-12-01 19:22 . 2011-12-01 19:22 56200 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA2F7EBF-3C56-49D2-A06E-3399023C38BE}\offreg.dll
2011-12-01 18:07 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA2F7EBF-3C56-49D2-A06E-3399023C38BE}\mpengine.dll
2011-11-29 18:04 . 2011-11-29 18:04 -------- d-----w- c:\documents and settings\daniel.MIKE-DNN2H787OG\Application Data\IObit
2011-11-28 08:00 . 2011-11-28 08:00 -------- d-----w- c:\windows\Sun
2011-11-28 07:58 . 2011-11-28 07:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-28 07:58 . 2011-11-28 07:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-27 09:28 . 2011-10-13 20:03 16836 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2011-11-25 19:06 . 2011-11-25 19:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 12:30 . 2011-11-25 12:30 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2011-11-25 12:26 . 2011-10-19 22:16 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-25 12:04 . 2011-11-25 12:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IObit
2011-11-23 06:53 . 2011-11-23 06:53 -------- d-----w- c:\program files\Belarc
2011-11-16 04:56 . 2011-11-16 04:56 1152 ----a-w- c:\windows\system32\windrv.sys
2011-11-16 04:55 . 2011-11-16 05:13 -------- d-----w- c:\documents and settings\mike.MIKE-DNN2H787OG\Application Data\GetRightToGo
2011-11-13 03:21 . 2011-11-13 03:21 -------- d-----w- c:\program files\NirSoft
2011-11-11 17:19 . 2011-11-25 12:03 -------- d-----w- c:\documents and settings\mike.MIKE-DNN2H787OG\Application Data\IObit
2011-11-10 20:08 . 2011-11-10 20:08 -------- d-----w- C:\AeriaGames
2011-11-10 19:45 . 2011-11-18 01:34 -------- d-----w- c:\documents and settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Akamai
2011-11-07 16:19 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-18 19:53 . 2011-09-18 15:10 6439528 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-10-18 18:10 . 2011-10-05 20:07 64616 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-10-17 16:56 . 2011-10-17 16:56 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-10-14 18:58 . 2011-09-18 15:10 20064872 ----a-w- c:\windows\RTHDCPL.EXE
2011-10-14 13:56 . 2011-10-14 13:56 67104 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2011-10-10 14:22 . 2011-09-15 18:22 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 04:50 . 2011-09-28 15:54 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-08 04:50 . 2011-09-28 15:53 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-08 04:50 . 2011-09-28 15:53 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-08 04:50 . 2011-09-28 15:53 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-08 04:50 . 2011-09-28 15:53 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-08 04:50 . 2011-09-28 15:53 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-08 04:50 . 2009-03-27 09:03 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-08 04:50 . 2009-03-27 09:03 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-10-08 04:50 . 2009-03-27 09:03 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 04:50 . 2009-03-27 09:03 298304 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-08 04:50 . 2009-03-27 09:03 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-08 04:50 . 2009-03-27 09:03 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-08 04:50 . 2009-03-27 09:03 220992 ----a-w- c:\windows\system32\nvcolor.exe
2011-10-08 04:50 . 2009-03-27 09:03 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-08 04:50 . 2009-03-27 09:03 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-10-08 04:50 . 2009-03-27 09:03 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-08 04:50 . 2009-03-27 09:03 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-10-07 03:48 . 2011-09-24 17:00 6668624 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-28 07:06 . 2008-04-13 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2008-04-13 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2008-04-13 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-18 01:16 . 2011-09-18 01:16 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-18 01:16 . 2011-09-18 01:16 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-17 21:55 . 2011-09-17 21:55 45056 ----a-r- c:\documents and settings\mike.MIKE-DNN2H787OG\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2011-09-06 13:20 . 2008-04-13 23:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-03 10:17 . 2008-04-13 23:00 599040 ----a-w- c:\windows\system32\crypt32(3).dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-11-17 3303000]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"RTHDCPL"="RTHDCPL.EXE" [2011-10-14 20064872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\mike\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\documents and settings\mike.MIKE-DNN2H787OG\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe [N/A]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-8-2 610120]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\mike.MIKE-DNN2H787OG\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"1159:TCP"= 1159:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 MpKslafea3564;MpKslafea3564;c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA2F7EBF-3C56-49D2-A06E-3399023C38BE}\MpKslafea3564.sys [12/1/2011 7:22 PM 28752]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [11/25/2011 12:03 PM 490840]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/13/2008 11:00 PM 14336]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [9/27/2011 7:08 PM 745880]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [4/13/2008 11:00 PM 14336]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [5/2/2011 12:31 AM 2253120]
S0 cerc6;cerc6; [x]
S1 MpKsl7b15effb;MpKsl7b15effb;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E6F8EE8E-E081-47B7-82A2-89ABD9571F0C}\MpKsl7b15effb.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E6F8EE8E-E081-47B7-82A2-89ABD9571F0C}\MpKsl7b15effb.sys [?]
S1 MpKslb44f16c1;MpKslb44f16c1; [x]
S1 MpKslc07f5d3e;MpKslc07f5d3e; [x]
S1 MpKslc47197c9;MpKslc47197c9; [x]
S1 MpKsle934cc36;MpKsle934cc36; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/5/2011 8:07 PM 1691480]
S3 autorun;autorun; [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/10/2011 2:17 PM 22216]
S3 npggsvc;nProtect GameGuard Service; [x]
S3 pfsvgae;pfsvgae; [x]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/13/2008 11:00 PM 14336]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/10/2011 2:17 PM 366152]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [10/14/2011 11:07 PM 233472]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLAFEA3564
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-01 c:\windows\Tasks\ASC5_AutoClean.job
- c:\program files\IObit\Advanced SystemCare 5\AutoSweep.exe [2011-11-25 17:59]
.
2011-12-01 c:\windows\Tasks\ASC5_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 5\AutoUpdate.exe [2011-11-25 15:41]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1078081533-839522115-1004Core.job
- c:\documents and settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-15 10:50]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1078081533-839522115-1004UA.job
- c:\documents and settings\mike.MIKE-DNN2H787OG\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-15 10:50]
.
2011-12-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-01 19:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
Completion time: 2011-12-01 19:47:20
ComboFix-quarantined-files.txt 2011-12-01 19:47
.
Pre-Run: 67,655,393,280 bytes free
Post-Run: 67,791,568,896 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 55C3A2A2951D57CCCCC69B4AC675C7E6
  • 0

#9
gandolf
Posted 01 December 2011 - 02:00 PM

gandolf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
ny comp is running a bit slow most applications like ie and others take a while to open
  • 0

#10
maliprog
Posted 02 December 2011 - 02:47 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi gandolf,

Did you experience any BSOD after last two steps?



Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

Advertisements

#11
gandolf
Posted 02 December 2011 - 04:57 PM

gandolf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
hi maliprog i have had no BSOD since last 2 steps i cant attach the results of the scan

Edited by gandolf, 02 December 2011 - 04:57 PM.

  • 0

#12
maliprog
Posted 03 December 2011 - 08:00 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi gandolf,

That's good news! How is your system now? Any problems?

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
Step 2


Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 3


Please don't forget to include these items in your reply:


  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#13
gandolf
Posted 03 December 2011 - 10:13 AM

gandolf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
07:03:45.0781 3680 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
07:03:46.0000 3680 ============================================================
07:03:46.0000 3680 Current date / time: 2011/10/13 07:03:46.0000
07:03:46.0000 3680 SystemInfo:
07:03:46.0000 3680
07:03:46.0000 3680 OS Version: 5.1.2600 ServicePack: 3.0
07:03:46.0000 3680 Product type: Workstation
07:03:46.0000 3680 ComputerName: MIKE-DNN2H787OG
07:03:46.0000 3680 UserName: mike
07:03:46.0000 3680 Windows directory: C:\WINDOWS
07:03:46.0000 3680 System windows directory: C:\WINDOWS
07:03:46.0000 3680 Processor architecture: Intel x86
07:03:46.0000 3680 Number of processors: 2
07:03:46.0000 3680 Page size: 0x1000
07:03:46.0000 3680 Boot type: Normal boot
07:03:46.0000 3680 ============================================================
07:03:47.0125 3680 Initialize success
07:04:06.0953 0988 ============================================================
07:04:06.0953 0988 Scan started
07:04:06.0953 0988 Mode: Manual;
07:04:06.0953 0988 ============================================================
07:04:07.0390 0988 Abiosdsk - ok
07:04:07.0406 0988 abp480n5 - ok
07:04:07.0437 0988 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:04:07.0437 0988 ACPI - ok
07:04:07.0453 0988 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:04:07.0468 0988 ACPIEC - ok
07:04:07.0468 0988 adpu160m - ok
07:04:07.0500 0988 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:04:07.0515 0988 aec - ok
07:04:07.0578 0988 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
07:04:07.0578 0988 AFD - ok
07:04:07.0593 0988 Aha154x - ok
07:04:07.0609 0988 aic78u2 - ok
07:04:07.0609 0988 aic78xx - ok
07:04:07.0625 0988 AliIde - ok
07:04:07.0687 0988 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
07:04:07.0718 0988 Ambfilt - ok
07:04:07.0781 0988 amsint - ok
07:04:07.0796 0988 asc - ok
07:04:07.0796 0988 asc3350p - ok
07:04:07.0812 0988 asc3550 - ok
07:04:07.0859 0988 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:04:07.0859 0988 AsyncMac - ok
07:04:07.0890 0988 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:04:07.0890 0988 atapi - ok
07:04:07.0890 0988 Atdisk - ok
07:04:07.0906 0988 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:04:07.0921 0988 Atmarpc - ok
07:04:08.0000 0988 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:04:08.0000 0988 audstub - ok
07:04:08.0000 0988 autorun - ok
07:04:08.0031 0988 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:04:08.0031 0988 Beep - ok
07:04:08.0062 0988 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:04:08.0062 0988 cbidf2k - ok
07:04:08.0078 0988 cd20xrnt - ok
07:04:08.0093 0988 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:04:08.0093 0988 Cdaudio - ok
07:04:08.0125 0988 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:04:08.0125 0988 Cdfs - ok
07:04:08.0171 0988 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:04:08.0171 0988 Cdrom - ok
07:04:08.0187 0988 cerc6 - ok
07:04:08.0187 0988 Changer - ok
07:04:08.0218 0988 CmdIde - ok
07:04:08.0234 0988 CnxTrLan (7071c6fcc5c452d8f1bce78d53015154) C:\WINDOWS\system32\DRIVERS\CnxTrLan.sys
07:04:08.0234 0988 CnxTrLan - ok
07:04:08.0250 0988 Cpqarray - ok
07:04:08.0265 0988 dac2w2k - ok
07:04:08.0281 0988 dac960nt - ok
07:04:08.0296 0988 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:04:08.0296 0988 Disk - ok
07:04:08.0343 0988 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:04:08.0359 0988 dmboot - ok
07:04:08.0453 0988 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:04:08.0453 0988 dmio - ok
07:04:08.0484 0988 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:04:08.0484 0988 dmload - ok
07:04:08.0531 0988 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:04:08.0531 0988 DMusic - ok
07:04:08.0546 0988 dpti2o - ok
07:04:08.0578 0988 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:04:08.0578 0988 drmkaud - ok
07:04:08.0656 0988 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:04:08.0671 0988 Fastfat - ok
07:04:08.0687 0988 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
07:04:08.0687 0988 Fdc - ok
07:04:08.0703 0988 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:04:08.0703 0988 Fips - ok
07:04:08.0718 0988 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:04:08.0718 0988 Flpydisk - ok
07:04:08.0734 0988 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:04:08.0750 0988 FltMgr - ok
07:04:08.0828 0988 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
07:04:08.0828 0988 fssfltr - ok
07:04:08.0859 0988 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:04:08.0859 0988 Fs_Rec - ok
07:04:08.0875 0988 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:04:08.0875 0988 Ftdisk - ok
07:04:08.0906 0988 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:04:08.0906 0988 Gpc - ok
07:04:08.0984 0988 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:04:08.0984 0988 HDAudBus - ok
07:04:09.0031 0988 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:04:09.0031 0988 hidusb - ok
07:04:09.0046 0988 hpn - ok
07:04:09.0046 0988 hpt3xx - ok
07:04:09.0093 0988 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:04:09.0093 0988 HTTP - ok
07:04:09.0109 0988 i2omgmt - ok
07:04:09.0125 0988 i2omp - ok
07:04:09.0156 0988 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:04:09.0156 0988 i8042prt - ok
07:04:09.0234 0988 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:04:09.0234 0988 Imapi - ok
07:04:09.0250 0988 ini910u - ok
07:04:09.0437 0988 IntcAzAudAddService (85ab23f3e4ba6696fae8beb9d434edd6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
07:04:09.0562 0988 IntcAzAudAddService - ok
07:04:09.0625 0988 IntelIde - ok
07:04:09.0656 0988 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:04:09.0656 0988 intelppm - ok
07:04:09.0687 0988 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:04:09.0687 0988 ip6fw - ok
07:04:09.0718 0988 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:04:09.0718 0988 IpFilterDriver - ok
07:04:09.0734 0988 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:04:09.0734 0988 IpInIp - ok
07:04:09.0812 0988 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:04:09.0812 0988 IpNat - ok
07:04:09.0843 0988 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:04:09.0843 0988 IPSec - ok
07:04:09.0875 0988 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:04:09.0875 0988 IRENUM - ok
07:04:09.0906 0988 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:04:09.0906 0988 isapnp - ok
07:04:09.0984 0988 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:04:09.0984 0988 Kbdclass - ok
07:04:10.0015 0988 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:04:10.0015 0988 kmixer - ok
07:04:10.0031 0988 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:04:10.0031 0988 KSecDD - ok
07:04:10.0046 0988 lbrtfdc - ok
07:04:10.0078 0988 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
07:04:10.0078 0988 MBAMProtector - ok
07:04:10.0093 0988 MBAMSwissArmy - ok
07:04:10.0125 0988 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:04:10.0125 0988 mnmdd - ok
07:04:10.0203 0988 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:04:10.0203 0988 Modem - ok
07:04:10.0265 0988 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
07:04:10.0281 0988 Monfilt - ok
07:04:10.0296 0988 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:04:10.0296 0988 Mouclass - ok
07:04:10.0390 0988 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:04:10.0390 0988 mouhid - ok
07:04:10.0406 0988 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:04:10.0406 0988 MountMgr - ok
07:04:10.0421 0988 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
07:04:10.0421 0988 MpFilter - ok
07:04:10.0546 0988 MpKslb40d15e2 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE797CC8-BA2C-4AA4-8CE2-2036058C007B}\MpKslb40d15e2.sys
07:04:10.0546 0988 MpKslb40d15e2 - ok
07:04:10.0593 0988 MpKslc47197c9 - ok
07:04:10.0593 0988 MpKsle934cc36 - ok
07:04:10.0656 0988 mraid35x - ok
07:04:10.0687 0988 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:04:10.0687 0988 MRxDAV - ok
07:04:10.0734 0988 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:04:10.0734 0988 MRxSmb - ok
07:04:10.0765 0988 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:04:10.0765 0988 Msfs - ok
07:04:10.0796 0988 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:04:10.0796 0988 MSKSSRV - ok
07:04:10.0875 0988 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:04:10.0875 0988 MSPCLOCK - ok
07:04:10.0890 0988 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:04:10.0890 0988 MSPQM - ok
07:04:10.0921 0988 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:04:10.0921 0988 mssmbios - ok
07:04:10.0937 0988 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
07:04:10.0937 0988 MTsensor - ok
07:04:11.0031 0988 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
07:04:11.0031 0988 Mup - ok
07:04:11.0062 0988 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:04:11.0062 0988 NDIS - ok
07:04:11.0093 0988 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:04:11.0109 0988 NdisTapi - ok
07:04:11.0156 0988 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:04:11.0156 0988 Ndisuio - ok
07:04:11.0203 0988 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:04:11.0203 0988 NdisWan - ok
07:04:11.0234 0988 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
07:04:11.0234 0988 NDProxy - ok
07:04:11.0265 0988 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:04:11.0265 0988 NetBIOS - ok
07:04:11.0296 0988 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:04:11.0296 0988 NetBT - ok
07:04:11.0328 0988 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:04:11.0328 0988 Npfs - ok
07:04:11.0375 0988 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:04:11.0390 0988 Ntfs - ok
07:04:11.0468 0988 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:04:11.0468 0988 Null - ok
07:04:11.0812 0988 nv (6733e80a193fc36f41c24142b0c45c0e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:04:12.0078 0988 nv - ok
07:04:12.0187 0988 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:04:12.0187 0988 NwlnkFlt - ok
07:04:12.0203 0988 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:04:12.0218 0988 NwlnkFwd - ok
07:04:12.0218 0988 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
07:04:12.0218 0988 Parport - ok
07:04:12.0250 0988 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:04:12.0250 0988 PartMgr - ok
07:04:12.0265 0988 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:04:12.0265 0988 ParVdm - ok
07:04:12.0343 0988 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:04:12.0343 0988 PCI - ok
07:04:12.0343 0988 PCIDump - ok
07:04:12.0375 0988 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:04:12.0375 0988 PCIIde - ok
07:04:12.0406 0988 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:04:12.0406 0988 Pcmcia - ok
07:04:12.0406 0988 PDCOMP - ok
07:04:12.0421 0988 PDFRAME - ok
07:04:12.0437 0988 PDRELI - ok
07:04:12.0437 0988 PDRFRAME - ok
07:04:12.0453 0988 perc2 - ok
07:04:12.0468 0988 perc2hib - ok
07:04:12.0515 0988 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:04:12.0515 0988 PptpMiniport - ok
07:04:12.0531 0988 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
07:04:12.0546 0988 Processor - ok
07:04:12.0609 0988 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:04:12.0609 0988 PSched - ok
07:04:12.0640 0988 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:04:12.0640 0988 Ptilink - ok
07:04:12.0656 0988 ql1080 - ok
07:04:12.0671 0988 Ql10wnt - ok
07:04:12.0671 0988 ql12160 - ok
07:04:12.0687 0988 ql1240 - ok
07:04:12.0703 0988 ql1280 - ok
07:04:12.0718 0988 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:04:12.0734 0988 RasAcd - ok
07:04:12.0765 0988 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:04:12.0765 0988 Rasl2tp - ok
07:04:12.0828 0988 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:04:12.0828 0988 RasPppoe - ok
07:04:12.0828 0988 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:04:12.0828 0988 Raspti - ok
07:04:12.0859 0988 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:04:12.0859 0988 Rdbss - ok
07:04:12.0890 0988 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:04:12.0890 0988 RDPCDD - ok
07:04:12.0921 0988 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
07:04:12.0937 0988 RDPWD - ok
07:04:13.0015 0988 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:04:13.0015 0988 redbook - ok
07:04:13.0062 0988 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
07:04:13.0062 0988 ROOTMODEM - ok
07:04:13.0156 0988 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:04:13.0156 0988 Secdrv - ok
07:04:13.0187 0988 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:04:13.0187 0988 serenum - ok
07:04:13.0203 0988 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
07:04:13.0218 0988 Serial - ok
07:04:13.0234 0988 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:04:13.0250 0988 Sfloppy - ok
07:04:13.0250 0988 Simbad - ok
07:04:13.0281 0988 SiSGbeXP (a86e52c55de3488b3fc0ff2b8ad711bf) C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys
07:04:13.0281 0988 SiSGbeXP - ok
07:04:13.0359 0988 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
07:04:13.0359 0988 SISNIC - ok
07:04:13.0375 0988 Sparrow - ok
07:04:13.0406 0988 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:04:13.0406 0988 splitter - ok
07:04:13.0437 0988 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:04:13.0437 0988 sr - ok
07:04:13.0484 0988 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
07:04:13.0484 0988 Srv - ok
07:04:13.0562 0988 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:04:13.0562 0988 swenum - ok
07:04:13.0593 0988 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:04:13.0593 0988 swmidi - ok
07:04:13.0609 0988 symc810 - ok
07:04:13.0625 0988 symc8xx - ok
07:04:13.0625 0988 sym_hi - ok
07:04:13.0640 0988 sym_u3 - ok
07:04:13.0656 0988 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:04:13.0656 0988 sysaudio - ok
07:04:13.0703 0988 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:04:13.0718 0988 Tcpip - ok
07:04:13.0781 0988 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:04:13.0781 0988 TDPIPE - ok
07:04:13.0796 0988 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:04:13.0796 0988 TDTCP - ok
07:04:13.0828 0988 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:04:13.0828 0988 TermDD - ok
07:04:13.0859 0988 TosIde - ok
07:04:13.0937 0988 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
07:04:13.0937 0988 TuneUpUtilitiesDrv - ok
07:04:14.0046 0988 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:04:14.0046 0988 Udfs - ok
07:04:14.0062 0988 ultra - ok
07:04:14.0109 0988 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:04:14.0109 0988 Update - ok
07:04:14.0140 0988 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:04:14.0156 0988 usbehci - ok
07:04:14.0218 0988 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:04:14.0218 0988 usbhub - ok
07:04:14.0234 0988 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
07:04:14.0234 0988 usbohci - ok
07:04:14.0265 0988 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:04:14.0265 0988 VgaSave - ok
07:04:14.0265 0988 ViaIde - ok
07:04:14.0296 0988 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:04:14.0296 0988 VolSnap - ok
07:04:14.0328 0988 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:04:14.0328 0988 Wanarp - ok
07:04:14.0328 0988 WDICA - ok
07:04:14.0375 0988 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:04:14.0375 0988 wdmaud - ok
07:04:14.0453 0988 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
07:04:14.0531 0988 \Device\Harddisk0\DR0 - ok
07:04:14.0546 0988 Boot (0x1200) (602c8a8fafe2170aac4c97cefedc8a45) \Device\Harddisk0\DR0\Partition0
07:04:14.0546 0988 \Device\Harddisk0\DR0\Partition0 - ok
07:04:14.0546 0988 ============================================================
07:04:14.0546 0988 Scan finished
07:04:14.0546 0988 ============================================================
07:04:14.0562 0580 Detected object count: 0
07:04:14.0562 0580 Actual detected object count: 0
07:04:26.0218 0596 Deinitialize success
  • 0

#14
gandolf
Posted 03 December 2011 - 10:14 AM

gandolf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-03 16:01:07
-----------------------------
16:01:07.531 OS Version: Windows 5.1.2600 Service Pack 3
16:01:07.531 Number of processors: 2 586 0xF02
16:01:07.531 ComputerName: MIKE-DNN2H787OG UserName: mike
16:01:08.453 Initialize success
16:02:56.046 AVAST engine defs: 11120301
16:03:33.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19
16:03:33.906 Disk 0 Vendor: Hitachi_HDS721616PLA380 P22OABEA Size: 152627MB BusType: 3
16:03:35.906 Disk 0 MBR read successfully
16:03:35.906 Disk 0 MBR scan
16:03:35.937 Disk 0 Windows XP default MBR code
16:03:35.937 Disk 0 scanning sectors +312560640
16:03:36.000 Disk 0 scanning C:\WINDOWS\system32\drivers
16:03:52.906 Service scanning
16:03:53.218 Service MpKsl5d87808a c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98ACAFD3-D3E0-4053-88C4-535C84BCA6FC}\MpKsl5d87808a.sys **LOCKED** 32
16:03:53.828 Modules scanning
16:03:59.140 Disk 0 trace - called modules:
16:03:59.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:03:59.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a56e208]
16:03:59.171 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000064[0x8a57fb58]
16:03:59.171 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-19[0x8a4bfd98]
16:03:59.781 AVAST engine scan C:\WINDOWS
16:04:10.390 AVAST engine scan C:\WINDOWS\system32
16:06:49.593 AVAST engine scan C:\WINDOWS\system32\drivers
16:07:12.562 AVAST engine scan C:\Documents and Settings\mike.MIKE-DNN2H787OG
16:11:16.046 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
16:11:40.890 Scan finished successfully
16:12:02.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mike.MIKE-DNN2H787OG\Desktop\MBR.dat"
16:12:02.531 The log file has been saved successfully to "C:\Documents and Settings\mike.MIKE-DNN2H787OG\Desktop\aswMBR.txt"
  • 0

#15
gandolf
Posted 03 December 2011 - 10:16 AM

gandolf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
system seems to be running a bit better now
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP