Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

malware: controls microsoft security center. MB calls it a "trojan

Started by okoechan , May 14 2012 12:17 PM

  • Please log in to reply

#1
okoechan
Posted 14 May 2012 - 12:17 PM

okoechan

    Member

  • Member
  • PipPip
  • 17 posts
Malwarebytes sees 2 backdoor trojans, and a Goldun. it will clean them but upon restart MS security center pops up and tells me firewall. auto update, and virus scan are all off... well that is normal for me but what is not is the security center popping up and all the warning that were suppressed, now none of them are. It does this continually i clean on restart they reappear.

malwarebytes snippet:
c:\WINDOWS\winlogon.exe (Trojan.Backdoor) -> 1936 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Nvchost (Trojan.Goldun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Backdoor) -> Value: winlogon ->

I am currently using usb antivirus. i only ever used symantec before, but i strangely see references to every AV in history on the OLT log. i dont understand much but i found that weird. i wish i could clean up the registry a bit at least all the references to symantec. meanwhile the malware appears to be aping symantec or using traces of it...

this computer i dont use on the net, its pretty much for music, so i try to keep turned off most things that could be running in the background.

kind regards.
_________________________________________________________________
__________________________OLT LOG file___________________________

OTL logfile created on: 5/14/2012 11:32:01 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = J:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 87.82% Memory free
7.08 Gb Paging File | 6.89 Gb Available in Paging File | 97.26% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.87 Gb Total Space | 30.25 Gb Free Space | 20.88% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 72.22 Gb Free Space | 24.23% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 213.98 Gb Free Space | 45.94% Space Free | Partition Type: NTFS
Drive J: | 249.77 Mb Total Space | 227.99 Mb Free Space | 91.28% Space Free | Partition Type: FAT32

Computer Name: D | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/14 11:18:08 | 000,595,456 | ---- | M] (OldTimer Tools) -- J:\OTL.exe
PRC - [2010/04/27 11:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/04 08:35:54 | 001,632,776 | ---- | M] (M-Audio) -- C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe
PRC - [2008/10/29 12:13:08 | 000,372,384 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/10/23 01:00:00 | 000,385,024 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe


========== Modules (No Company Name) ==========

MOD - [2008/10/29 12:13:08 | 000,372,384 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
MOD - [2002/05/14 18:22:34 | 000,122,880 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/04 08:35:54 | 001,632,776 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe -- (OxygenAudioDevMon)
SRV - [2010/01/25 13:06:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/17 23:04:00 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009/03/20 19:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/10/29 12:13:08 | 000,372,384 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\atwtusb.exe -- (WTService)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\usbkt1x1.sys -- (USBKT1X1)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\uks11ldr.sys -- (UKS11LDR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\sthda.sys -- (STHDA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys -- (EraserUtilDrv11110)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys -- (EraserUtilDrv10920)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/09 15:23:21 | 000,107,256 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Administrator\Local Settings\Temp\esihdrv.sys -- (esihdrv)
DRV - [2010/09/30 13:59:16 | 000,141,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/09/30 13:59:16 | 000,061,824 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010/03/04 08:35:52 | 000,112,136 | ---- | M] (M-Audio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MAudioOxygen.sys -- (OXYGEN)
DRV - [2009/05/06 00:37:52 | 000,026,216 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2007/10/30 18:43:24 | 000,131,672 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007/10/30 18:43:24 | 000,032,080 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2007/10/30 18:43:22 | 000,039,472 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007/05/16 14:34:54 | 000,059,264 | ---- | M] (Echo Digital Audio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\echo1394.sys -- (echo1394)
DRV - [2007/05/11 19:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/03/16 14:59:40 | 000,054,272 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/05/09 21:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2003/07/02 17:41:42 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\axwhisky.sys -- (axwhisky)
DRV - [2003/07/02 16:49:52 | 000,124,160 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\axwskbus.sys -- (axwskbus)
DRV - [2002/04/17 20:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found



O1 HOSTS File: ([2009/04/13 09:19:00 | 000,002,114 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 16 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1204220996812 (WUWebControl Class)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/15 00:14:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0e2a9b88-14c7-11df-a077-001cc0219165}\Shell\AutoRun\command - "" = J:\Seagate\Installer\InstallSeagateManager.exe
O33 - MountPoints2\{0e2a9b88-14c7-11df-a077-001cc0219165}\Shell\Install\command - "" = J:\Seagate\Installer\InstallSeagateManager.exe
O33 - MountPoints2\{239c4dc0-ce26-11de-a026-001cc0219165}\Shell - "" = AutoRun
O33 - MountPoints2\{239c4dc0-ce26-11de-a026-001cc0219165}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{239c4dc0-ce26-11de-a026-001cc0219165}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{802352ac-d916-11de-a035-001cc0219165}\Shell - "" = AutoRun
O33 - MountPoints2\{802352ac-d916-11de-a035-001cc0219165}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{802352ac-d916-11de-a035-001cc0219165}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{802352ad-d916-11de-a035-001cc0219165}\Shell\AutoRun\command - "" = BUD\KNOW\DRG.exe
O33 - MountPoints2\{802352ad-d916-11de-a035-001cc0219165}\Shell\open\command - "" = BUD\KNOW\DRG.exe
O33 - MountPoints2\{925efcf4-cb07-11df-a183-8910f76346dd}\Shell - "" = AutoRun
O33 - MountPoints2\{925efcf4-cb07-11df-a183-8910f76346dd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{925efcf4-cb07-11df-a183-8910f76346dd}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.EXE
O33 - MountPoints2\{925efcf4-cb07-11df-a183-8910f76346dd}\Shell\explore\command - "" = SYSTEM.EXE
O33 - MountPoints2\{925efcf4-cb07-11df-a183-8910f76346dd}\Shell\OpEn\ComMaNd - "" = SYSTEM.EXE
O33 - MountPoints2\{bf6ce2c1-4ac1-11dc-86e4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bf6ce2c1-4ac1-11dc-86e4-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bf6ce2c1-4ac1-11dc-86e4-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/09 16:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\USBAntiVirus
[2012/05/09 16:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USBAntiVirus
[2012/05/09 15:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
[2012/05/09 15:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/09 15:20:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/09 15:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/28 10:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Mellowmuse
[2012/04/27 16:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Plugin Alliance
[2012/04/27 16:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Brainworx Music
[2012/04/27 16:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\brainworx
[2012/04/27 16:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sakura
[2012/04/27 16:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\iZotope
[2012/04/27 10:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Softube
[2012/04/27 10:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\iZotope
[2012/04/27 10:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2012/04/25 22:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Waves
[2012/04/25 21:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Waves
[2012/04/25 21:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\Waves
[2012/04/25 17:00:56 | 001,431,552 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\ReWire.dll
[2012/04/23 10:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Image-Line
[2012/04/21 16:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\FXpansion
[2012/04/21 16:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rob Papen Punch
[2012/04/21 15:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FXpansion
[2012/04/20 10:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Focusrite
[2012/04/20 10:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Focusrite
[2012/04/20 10:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Prodyon
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[23 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/14 11:30:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/13 14:32:47 | 000,160,256 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/13 14:30:13 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/10 11:14:06 | 000,000,066 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\svighost.dll
[2012/05/07 09:45:21 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/04 17:10:10 | 000,000,320 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2012/05/04 17:10:10 | 000,000,320 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll
[2012/05/04 17:10:10 | 000,000,320 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2012/05/04 17:10:10 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\msregsvv.dll
[2012/05/04 17:10:10 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\autobk.inc
[2012/04/26 18:24:31 | 000,002,663 | ---- | M] () -- C:\Documents and Settings\Owner\memreport.html
[2012/04/22 00:36:04 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/04/20 11:08:19 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Cubase 5.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[23 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/10 11:14:06 | 000,000,066 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\svighost.dll
[2012/04/20 11:08:19 | 000,001,833 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Cubase 5.lnk
[2012/02/25 17:56:04 | 000,833,042 | ---- | C] () -- C:\WINDOWS\Reverence VST plug-in Uninstaller.exe
[2011/06/26 21:32:59 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\msregsvv.dll
[2011/06/26 21:32:59 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\autobk.inc
[2011/06/02 09:16:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2011/05/06 08:31:25 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2011/05/06 08:30:55 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2011/03/28 08:58:11 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\FxShared.dll
[2011/03/28 08:58:11 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
[2011/01/24 12:27:01 | 010,440,704 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2011/01/03 16:03:48 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/03 16:03:46 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/03 16:03:46 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/03 16:03:36 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/09/19 12:08:03 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

========== LOP Check ==========

[2008/04/11 15:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArtsAcoustic
[2012/02/27 12:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audio Damage
[2010/04/10 15:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audio Ease
[2012/02/25 14:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Celemony Software GmbH
[2011/11/28 10:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012/02/25 13:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[2011/05/13 19:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iZotope
[2011/08/25 08:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Line 6
[2011/06/13 11:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2012/02/25 13:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Overloud
[2008/03/14 18:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/10/27 10:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg
[2011/05/06 08:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2010/02/09 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tablet
[2011/06/13 16:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/25 14:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temporary
[2010/04/09 08:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toontrack
[2011/01/04 12:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VST3 Presets
[2011/10/05 13:50:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{13A9B825-42CB-4973-913D-2194B5A4CF94}
[2011/06/13 18:15:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{20EFD19B-675C-417B-A498-B0161D72FF88}
[2011/06/13 18:11:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2B0AD088-31DC-4A62-9BFF-8A02B70C0942}
[2010/10/13 16:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/12 17:33:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{47412DB1-63A5-4B59-ACAD-D67ABC1519DF}
[2011/05/07 08:27:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6D22FD89-ECF1-428D-AE30-710EA189D8C7}
[2011/05/07 08:30:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{85458792-1589-41EF-99EA-240E761AE593}
[2011/06/13 09:50:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}
[2011/02/20 14:38:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BF329843-149E-4A5A-82A1-0250286442D0}
[2011/02/20 14:44:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D4A35D06-4ABB-4672-8A3A-DA19E6EB8CD6}
[2010/03/17 17:35:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2011/02/20 14:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF}
[2011/06/13 18:15:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F751CA04-FB71-4EC0-ACC9-5B733D122C5E}
[2011/06/13 18:20:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F828BFD7-781D-4BD3-AD6C-71D19DC23493}
[2009/08/16 10:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alien Skin
[2010/09/04 17:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Antares
[2012/03/24 10:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artificial Audio
[2010/04/10 15:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Audio Ease
[2012/04/20 11:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Celemony Software GmbH
[2009/04/12 16:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.ExMan
[2011/02/24 16:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FabFilter
[2012/03/16 11:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FairStars Audio Converter
[2008/10/03 07:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FairStars CD Ripper
[2011/08/16 14:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IK Multimedia
[2012/04/27 10:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iZotope
[2008/04/11 15:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\KORG
[2010/04/01 16:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lexicon PCM Native
[2011/08/25 09:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Line 6
[2011/02/27 00:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\One
[2012/03/09 13:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Onyx F Series Console
[2008/06/12 17:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2012/02/25 16:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Overloud
[2010/01/03 12:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Plogue
[2010/01/02 13:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Plogue Art et Technologie, Inc
[2012/04/27 16:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Plugin Alliance
[2009/12/21 11:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QooDreamBox
[2008/03/04 13:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\REAPER
[2012/04/27 17:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sakura
[2008/03/14 17:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simplon
[2012/04/27 10:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Softube
[2011/01/04 14:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Steinberg
[2008/03/14 17:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Timeless
[2008/03/14 17:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Twin
[2008/03/14 17:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Volcano
[2011/03/31 16:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VST3 Presets
[2011/05/05 21:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Waldorf
[2008/03/26 17:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Waves Audio
[2008/03/14 21:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Waves Preferences

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF

< End of report >
  • 0

Advertisements

#2
Gammo
Posted 17 May 2012 - 05:09 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
okoechan
Posted 17 May 2012 - 09:50 AM

okoechan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Gammo, perfect.
will post update

Edited by okoechan, 17 May 2012 - 09:59 AM.

  • 0

#4
Gammo
Posted 17 May 2012 - 10:10 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[23 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done




Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
okoechan
Posted 17 May 2012 - 10:41 AM

okoechan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
working on it...
  • 0

#6
okoechan
Posted 17 May 2012 - 10:51 AM

okoechan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I got the BSOD while COmboFix was running... that was just after it told me i have System restore turned off... during the next part of its scan.
should i turn it on? ...
it said it would NOT be able to make some "serious" fixes if that were necessary, bcuz systemrestore is not activated. i do not hav an internet connection for that computer.

Edited by okoechan, 17 May 2012 - 10:53 AM.

  • 0

#7
Gammo
Posted 17 May 2012 - 11:02 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Please rerun ComboFix.



Also, what problems are you still experiencing? :thumbsup:
  • 0

#8
okoechan
Posted 17 May 2012 - 11:19 AM

okoechan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
jaja, ok ComboFix is running better it seems... when its done i'll put the compu to work.

to describe the prevoius symptoms briefly for the records... initially it started freezing on occasion then as it got really bad on boot and the font was getting all pixelated and weird, then the finally it would not boot. i used malwarebytes in safe mode, and that got it to boot ok again. but the malware kept reappearing to MB on reboot. and the inital "freezing" problem was still there... will check it out now and give an update.
  • 0

#9
okoechan
Posted 17 May 2012 - 11:43 AM

okoechan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Now its behaving wierd different: every ten seconds or so the screen kinda blinks a bit, like a hiccup or something, pop up menus have pixelated nonsense in them, and everything is slower. all of these symptoms are new.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



ComboFix 12-05-17.05 - Owner 05/17/2012 11:08:48.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3322.2796 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\svighost.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Owner\Application Data\msregsvv.dll
c:\documents and settings\Owner\Application Data\svighost.dll
c:\documents and settings\Owner\Cookies\isindex.dat
c:\documents and settings\Owner\WINDOWS
c:\windows\iun6002.exe
c:\windows\system32\msvcsv60.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-04-17 to 2012-05-17 )))))))))))))))))))))))))))))))
.
.
2012-05-09 20:09 . 2012-05-10 15:14 -------- d-----w- c:\program files\USBAntiVirus
2012-05-09 19:51 . 2012-05-09 19:51 -------- d-----w- c:\program files\1ClickDownload
2012-05-09 19:20 . 2012-05-10 11:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-09 19:20 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-09 17:56 . 2012-05-09 17:56 -------- d-----w- c:\documents and settings\Administrator
2012-04-27 20:38 . 2012-04-27 20:38 -------- d-----w- c:\documents and settings\Owner\Application Data\Plugin Alliance
2012-04-27 20:37 . 2012-04-27 20:37 -------- d-----w- c:\program files\Brainworx Music
2012-04-27 20:35 . 2012-04-27 21:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Sakura
2012-04-27 14:53 . 2012-04-27 14:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Softube
2012-04-27 14:01 . 2012-04-27 14:01 -------- d-----w- c:\program files\Image-Line
2012-04-27 13:59 . 2012-04-27 13:59 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-04-26 02:36 . 2007-02-14 23:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-04-26 01:45 . 2007-09-28 15:10 1060864 ----a-w- c:\windows\system32\MFC71.dll
2012-04-26 01:44 . 2012-04-26 02:38 -------- d-----w- c:\program files\Waves
2012-04-25 21:00 . 2011-07-01 15:30 1431552 ----a-w- c:\windows\system32\ReWire.dll
2012-04-20 14:49 . 2012-04-20 14:49 -------- d-----w- c:\program files\Focusrite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 21:56 . 2012-02-25 21:56 833042 ----a-w- c:\windows\Reverence VST plug-in Uninstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^7249907A.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\7249907A.lnk
backup=c:\windows\pss\7249907A.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 08:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FX Teleport Server]
2006-03-22 17:59 507958 ----a-w- c:\program files\FX Teleport\Server.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-03-21 17:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacrokeyManager]
2008-10-22 14:48 1969824 ----a-w- c:\windows\system32\WTMKM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-10-16 17:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-10-16 17:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WebClient"=3 (0x3)
"RDSessMgr"=3 (0x3)
"Netman"=2 (0x2)
"Netlogon"=3 (0x3)
"NBService"=3 (0x3)
"mnmsrvc"=3 (0x3)
"xmlprov"=3 (0x3)
"TapiSrv"=3 (0x3)
"STacSV"=3 (0x3)
"NIHardwareService"=2 (0x2)
"MSDTC"=3 (0x3)
"Dnscache"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP3c\\RpcAgentSrv.exe"=
"c:\\Program Files\\FX Teleport\\Server.exe"=
"c:\\Program Files\\Steinberg\\Cubase SX 3\\Cubasesx3.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP3c\\WNt500x86\\RpcSandraSrv.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [7/2/2003 5:41 PM 5248]
R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [7/2/2003 4:49 PM 124160]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [3/4/2008 4:00 PM 39472]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [3/14/2008 3:43 PM 11264]
R2 OxygenAudioDevMon;Oxygen Audio Device Monitor;c:\program files\M-Audio\Oxygen\AudioDevMon.exe [3/4/2010 8:35 AM 1632776]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [3/14/2008 1:31 PM 33792]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [9/30/2010 1:59 PM 61824]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [9/30/2010 1:59 PM 141568]
R3 OXYGEN;Service for M-Audio Oxygen;c:\windows\system32\drivers\MAudioOxygen.sys [11/17/2010 11:07 AM 112136]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe --> c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [?]
S3 echo1394;Onyx 400F service;c:\windows\system32\drivers\echo1394.sys [5/16/2007 2:34 PM 59264]
S3 EraserUtilDrv10920;EraserUtilDrv10920;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys [?]
S3 EraserUtilDrv11110;EraserUtilDrv11110;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys [?]
S3 esihdrv;esihdrv;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\RpcAgentSrv.exe [1/24/2011 12:26 PM 98488]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys --> c:\windows\system32\drivers\uks11ldr.sys [?]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys --> c:\windows\system32\drivers\usbkt1x1.sys [?]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
.
.
------- File Associations -------
.
.txt=txt_auto_file
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
Notify-NavLogon - (no file)
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-TTFMan - c:\program files\typograf\ttfman.exe
MSConfigStartUp-vptray - c:\progra~1\SYMANT~1\VPTray.exe
AddRemove-Native Instruments Hardware Controller Support - c:\documents and settings\All Users\Application Data\{05835455-7C7C-4AA0-A7A0-63D407FC9E17}\Hardware Controller Support Setup.exe
AddRemove-Native Instruments Maschine Driver - c:\documents and settings\All Users\Application Data\{EADDDB9C-2F20-4408-9D14-618D2AF3ADB4}\Maschine Driver Setup.exe
AddRemove-PSP_Nitro - c:\windows\iun6002.exe
AddRemove-LinPlug RMV Drum Library - d:\zaudio2011\libraries11a\RM5\UnInstall RMV Data.exe
AddRemove-LinPlug RMV Loop Library - d:\zaudio2011\libraries11a\RM5\RM V Drum Addiction\RM V Loops\UnInstall RMV Data.exe
AddRemove-Octopus - c:\program files\Steinberg\VstPlugins\Uninstal Octopus 32bit.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-17 11:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2012-05-17 11:18:13
ComboFix-quarantined-files.txt 2012-05-17 15:17
.
Pre-Run: 32,293,666,816 bytes free
Post-Run: 32,257,208,320 bytes free
.
- - End Of File - - F6AE93DAD3A587690F556D850ACD90BE
  • 0

#10
okoechan
Posted 17 May 2012 - 12:19 PM

okoechan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
:update: i just looked in on the computer in the other room and the screens all blinblinlblinkblink, real fast "stuttering" one might say. and kinda frozen so i've turned it off for now.

edit: tried to start it just to see if it would boot. it wont complete the boot process. freezes on the xp screen with the blue status bar.

Edited by okoechan, 18 May 2012 - 08:19 AM.

  • 0

Advertisements

#11
Gammo
Posted 20 May 2012 - 03:44 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Please try to boot your PC into safe mode.

You can boot your computer into safe mode by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight Safe Mode then hit enter.

Does that work? (Does it boot in safe mode)
  • 0

#12
okoechan
Posted 20 May 2012 - 10:42 AM

okoechan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi , yes it does start

Edited by okoechan, 20 May 2012 - 11:32 AM.

  • 0

#13
okoechan
Posted 20 May 2012 - 11:33 AM

okoechan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
it took some work one time it started in regular mode anyway... somehow. but alas now its sitting ther in safe mode

:help:

Edited by okoechan, 21 May 2012 - 08:10 AM.

  • 0

#14
Gammo
Posted 21 May 2012 - 02:34 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Please run the following tools in Safe Mode. :thumbsup:


Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.





Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image





Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
  • 0

#15
okoechan
Posted 22 May 2012 - 08:35 PM

okoechan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
edit: seems i put the tdss root kit twice and left off the ark, oops... i here it is fixed then.
_______________________________________________________________________________________

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-22 17:41:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST316081 rev.4.AA
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fxtdapow.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A17EF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1770 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A17B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A1736 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A182A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1396] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\Cdrom \Device\CdRom0 8A465250
Device \Driver\Cdrom \Device\CdRom0 8A3DA7F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A3D7E50
Device \Driver\atapi \Device\Ide\IdePort0 8A3D7E50
Device \Driver\atapi \Device\Ide\IdePort1 8A3D7E50

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\Cdrom \Device\CdRom1 8A465250
Device \Driver\Cdrom \Device\CdRom1 8A3DA7F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\Cdrom \Device\CdRom2 8A465250
Device \Driver\Cdrom \Device\CdRom2 8A3DA7F8
Device \Driver\Cdrom \Device\CdRom3 8A465250
Device \Driver\Cdrom \Device\CdRom3 8A3DA7F8
Device \Driver\axwhisky \Device\Scsi\axwhisky1Port3Path0Target1Lun0 8A464F88
Device \Driver\axwhisky \Device\Scsi\axwhisky1 8A464F88
Device \Driver\axwhisky \Device\Scsi\axwhisky1Port3Path0Target0Lun0 8A464F88
Device \Driver\axwhisky \Device\Scsi\axwhisky1Port3Path0Target2Lun0 8A464F88

---- Files - GMER 1.0.15 ----

File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\01@Variation_01.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\02@Variation_02.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\03@Variation_03.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\04@Variation_04.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\05@Variation_05.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\06@Variation_06.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\07@Variation_07.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\08@Variation_08.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\09@Variation_09.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\10@Variation_10.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\11@Variation_11.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\12@Variation_12.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\13@Variation_13.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\14@Variation_14.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\15@Variation_15.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\16@Variation_16.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\17@Variation_17.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\18@Variation_18.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\19@Variation_19.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\20@Variation_20.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\21@Variation_21.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\22@Variation_22.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\23@Variation_23.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\07@GROOVE_07\24@Variation_24.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\01@Variation_01.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\02@Variation_02.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\03@Variation_03.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\04@Variation_04.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\05@Variation_05.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\06@Variation_06.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\07@Variation_07.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\08@Variation_08.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\09@Variation_09.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\10@Variation_10.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\11@Variation_11.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\12@Variation_12.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\13@Variation_13.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\14@Variation_14.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\15@Variation_15.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\16@Variation_16.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\17@Variation_17.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\18@Variation_18.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\19@Variation_19.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\20@Variation_20.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\21@Variation_21.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\22@Variation_22.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\23@Variation_23.mid 299 bytes
File C:\Program Files\Toontrack\EZDrummer\Midi\07@EZX_LATIN_PERCUSSION\02@MARVIN_FUNK_SWING\08@GROOVE_08\24@Variation_24.mid 299 bytes

---- EOF - GMER 1.0.15 ----

_______________________________________________________________________________________
_______________________________________________________________________________________

09:21:07.0296 1472 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
09:21:07.0312 1472 ============================================================
09:21:07.0312 1472 Current date / time: 2012/05/22 09:21:07.0312
09:21:07.0312 1472 SystemInfo:
09:21:07.0312 1472
09:21:07.0312 1472 OS Version: 5.1.2600 ServicePack: 3.0
09:21:07.0312 1472 Product type: Workstation
09:21:07.0312 1472 ComputerName: D
09:21:07.0312 1472 UserName: Administrator
09:21:07.0312 1472 Windows directory: C:\WINDOWS
09:21:07.0312 1472 System windows directory: C:\WINDOWS
09:21:07.0312 1472 Processor architecture: Intel x86
09:21:07.0312 1472 Number of processors: 2
09:21:07.0312 1472 Page size: 0x1000
09:21:07.0312 1472 Boot type: Safe boot
09:21:07.0312 1472 ============================================================
09:21:08.0734 1472 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:21:08.0750 1472 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:21:08.0750 1472 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:21:08.0750 1472 Drive \Device\Harddisk3\DR7 - Size: 0xFB00000 (0.25 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:21:08.0750 1472 ============================================================
09:21:08.0750 1472 \Device\Harddisk0\DR0:
09:21:08.0750 1472 MBR partitions:
09:21:08.0750 1472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x121BB2E0
09:21:08.0750 1472 \Device\Harddisk1\DR1:
09:21:08.0750 1472 MBR partitions:
09:21:08.0750 1472 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
09:21:08.0750 1472 \Device\Harddisk2\DR2:
09:21:08.0750 1472 MBR partitions:
09:21:08.0750 1472 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
09:21:08.0750 1472 \Device\Harddisk3\DR7:
09:21:08.0750 1472 MBR partitions:
09:21:08.0750 1472 \Device\Harddisk3\DR7\Partition0: MBR, Type 0x6, StartLBA 0x1E0, BlocksNum 0x7D620
09:21:08.0750 1472 ============================================================
09:21:08.0781 1472 C: <-> \Device\Harddisk0\DR0\Partition0
09:21:08.0812 1472 D: <-> \Device\Harddisk1\DR1\Partition0
09:21:08.0843 1472 E: <-> \Device\Harddisk2\DR2\Partition0
09:21:08.0875 1472 ============================================================
09:21:08.0875 1472 Initialize success
09:21:08.0875 1472 ============================================================
09:21:33.0656 1480 ============================================================
09:21:33.0656 1480 Scan started
09:21:33.0656 1480 Mode: Manual; SigCheck; TDLFS;
09:21:33.0656 1480 ============================================================
09:21:34.0140 1480 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
09:21:35.0859 1480 61883 - ok
09:21:35.0859 1480 Abiosdsk - ok
09:21:35.0875 1480 abp480n5 - ok
09:21:35.0921 1480 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:21:36.0031 1480 ACPI - ok
09:21:36.0046 1480 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:21:36.0125 1480 ACPIEC - ok
09:21:36.0203 1480 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
09:21:36.0218 1480 adfs - ok
09:21:36.0328 1480 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
09:21:36.0359 1480 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
09:21:36.0359 1480 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
09:21:36.0375 1480 adpu160m - ok
09:21:36.0437 1480 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:21:36.0515 1480 aec - ok
09:21:36.0578 1480 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
09:21:36.0703 1480 AFD - ok
09:21:36.0718 1480 Aha154x - ok
09:21:36.0734 1480 aic78u2 - ok
09:21:36.0734 1480 aic78xx - ok
09:21:36.0781 1480 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:21:36.0859 1480 Alerter - ok
09:21:36.0906 1480 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:21:36.0984 1480 ALG - ok
09:21:36.0984 1480 AliIde - ok
09:21:37.0000 1480 amsint - ok
09:21:37.0093 1480 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:21:37.0109 1480 Apple Mobile Device - ok
09:21:37.0125 1480 AppMgmt - ok
09:21:37.0171 1480 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:21:37.0250 1480 Arp1394 - ok
09:21:37.0343 1480 Asapi (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapi.sys
09:21:37.0375 1480 Asapi ( UnsignedFile.Multi.Generic ) - warning
09:21:37.0375 1480 Asapi - detected UnsignedFile.Multi.Generic (1)
09:21:37.0375 1480 asc - ok
09:21:37.0390 1480 asc3350p - ok
09:21:37.0406 1480 asc3550 - ok
09:21:37.0578 1480 aspnet_state (4eabf511b1af176a971c3271e48fa3a8) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:21:37.0609 1480 aspnet_state - ok
09:21:37.0640 1480 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:21:37.0718 1480 AsyncMac - ok
09:21:37.0765 1480 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:21:37.0828 1480 atapi - ok
09:21:37.0843 1480 Atdisk - ok
09:21:37.0859 1480 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:21:37.0968 1480 Atmarpc - ok
09:21:38.0015 1480 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:21:38.0093 1480 AudioSrv - ok
09:21:38.0125 1480 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:21:38.0203 1480 audstub - ok
09:21:38.0265 1480 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
09:21:38.0343 1480 Avc - ok
09:21:38.0390 1480 axwhisky (35a301482478e97be6e1c2748ce930e1) C:\WINDOWS\system32\DRIVERS\axwhisky.sys
09:21:38.0390 1480 axwhisky ( UnsignedFile.Multi.Generic ) - warning
09:21:38.0390 1480 axwhisky - detected UnsignedFile.Multi.Generic (1)
09:21:38.0406 1480 axwskbus (f3b1ce696ccf6448c85e7cdc702098d8) C:\WINDOWS\system32\DRIVERS\axwskbus.sys
09:21:38.0406 1480 axwskbus ( UnsignedFile.Multi.Generic ) - warning
09:21:38.0406 1480 axwskbus - detected UnsignedFile.Multi.Generic (1)
09:21:38.0468 1480 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:21:38.0562 1480 Beep - ok
09:21:38.0625 1480 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:21:38.0781 1480 BITS - ok
09:21:38.0890 1480 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe
09:21:38.0906 1480 Bonjour Service - ok
09:21:38.0953 1480 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
09:21:39.0015 1480 Bridge - ok
09:21:39.0031 1480 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
09:21:39.0093 1480 BridgeMP - ok
09:21:39.0140 1480 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:21:39.0218 1480 Browser - ok
09:21:39.0375 1480 catchme - ok
09:21:39.0421 1480 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:21:39.0500 1480 cbidf2k - ok
09:21:39.0515 1480 cd20xrnt - ok
09:21:39.0546 1480 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:21:39.0625 1480 Cdaudio - ok
09:21:39.0687 1480 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:21:39.0750 1480 Cdfs - ok
09:21:39.0781 1480 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:21:39.0859 1480 Cdrom - ok
09:21:39.0875 1480 Changer - ok
09:21:39.0906 1480 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:21:39.0968 1480 CiSvc - ok
09:21:40.0031 1480 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys
09:21:40.0046 1480 CLEDX ( UnsignedFile.Multi.Generic ) - warning
09:21:40.0046 1480 CLEDX - detected UnsignedFile.Multi.Generic (1)
09:21:40.0078 1480 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:21:40.0156 1480 ClipSrv - ok
09:21:40.0312 1480 clr_optimization_v2.0.50727_32 (234b1bc2796483e1f5c3f26649fb3388) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:21:40.0359 1480 clr_optimization_v2.0.50727_32 - ok
09:21:40.0359 1480 CmdIde - ok
09:21:40.0390 1480 COMSysApp - ok
09:21:40.0421 1480 Cpqarray - ok
09:21:40.0468 1480 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:21:40.0546 1480 CryptSvc - ok
09:21:40.0562 1480 dac2w2k - ok
09:21:40.0578 1480 dac960nt - ok
09:21:40.0640 1480 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
09:21:40.0781 1480 DcomLaunch - ok
09:21:40.0812 1480 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:21:40.0906 1480 Dhcp - ok
09:21:40.0937 1480 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:21:41.0000 1480 Disk - ok
09:21:41.0015 1480 dmadmin - ok
09:21:41.0078 1480 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:21:41.0218 1480 dmboot - ok
09:21:41.0250 1480 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:21:41.0312 1480 dmio - ok
09:21:41.0343 1480 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:21:41.0406 1480 dmload - ok
09:21:41.0437 1480 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:21:41.0500 1480 dmserver - ok
09:21:41.0531 1480 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:21:41.0609 1480 DMusic - ok
09:21:41.0640 1480 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
09:21:41.0703 1480 Dnscache - ok
09:21:41.0796 1480 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:21:41.0875 1480 Dot3svc - ok
09:21:41.0875 1480 dpti2o - ok
09:21:41.0921 1480 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:21:42.0000 1480 drmkaud - ok
09:21:42.0046 1480 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
09:21:42.0218 1480 e1express - ok
09:21:42.0265 1480 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:21:42.0343 1480 EapHost - ok
09:21:42.0421 1480 echo1394 (6c106181d6228eb0a4104969897a4b7c) C:\WINDOWS\system32\Drivers\echo1394.sys
09:21:42.0453 1480 echo1394 ( UnsignedFile.Multi.Generic ) - warning
09:21:42.0453 1480 echo1394 - detected UnsignedFile.Multi.Generic (1)
09:21:42.0562 1480 EraserUtilDrv10920 - ok
09:21:42.0578 1480 EraserUtilDrv11110 - ok
09:21:42.0625 1480 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:21:42.0703 1480 ERSvc - ok
09:21:42.0875 1480 esihdrv - ok
09:21:42.0921 1480 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
09:21:42.0984 1480 Eventlog - ok
09:21:43.0015 1480 EventSystem (19a799805b24990867b00c120d300c3a) C:\WINDOWS\system32\es.dll
09:21:43.0109 1480 EventSystem - ok
09:21:43.0140 1480 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:21:43.0234 1480 Fastfat - ok
09:21:43.0296 1480 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
09:21:43.0375 1480 FastUserSwitchingCompatibility - ok
09:21:43.0421 1480 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:21:43.0468 1480 Fdc - ok
09:21:43.0515 1480 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:21:43.0562 1480 Fips - ok
09:21:43.0656 1480 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:21:43.0687 1480 FLEXnet Licensing Service - ok
09:21:43.0750 1480 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:21:43.0843 1480 Flpydisk - ok
09:21:43.0890 1480 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:21:43.0953 1480 FltMgr - ok
09:21:44.0062 1480 FontCache3.0.0.0 (993883524aa9cf1c90e1545411a9ac9c) c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:21:44.0109 1480 FontCache3.0.0.0 - ok
09:21:44.0156 1480 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:21:44.0234 1480 Fs_Rec - ok
09:21:44.0265 1480 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:21:44.0343 1480 Ftdisk - ok
09:21:44.0406 1480 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:21:44.0421 1480 GEARAspiWDM - ok
09:21:44.0468 1480 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:21:44.0531 1480 Gpc - ok
09:21:44.0609 1480 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:21:44.0687 1480 HDAudBus - ok
09:21:45.0031 1480 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys
09:21:45.0062 1480 HECI - ok
09:21:45.0140 1480 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:21:45.0203 1480 helpsvc - ok
09:21:45.0250 1480 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
09:21:45.0312 1480 HidServ - ok
09:21:45.0328 1480 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:21:45.0406 1480 hidusb - ok
09:21:45.0484 1480 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:21:45.0546 1480 hkmsvc - ok
09:21:45.0578 1480 hotcore3 (66147e437b647b9da4a821f8d964044d) C:\WINDOWS\system32\drivers\hotcore3.sys
09:21:45.0593 1480 hotcore3 - ok
09:21:45.0593 1480 hpn - ok
09:21:45.0656 1480 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
09:21:45.0750 1480 HTTP - ok
09:21:45.0812 1480 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:21:45.0890 1480 HTTPFilter - ok
09:21:45.0890 1480 i2omgmt - ok
09:21:45.0890 1480 i2omp - ok
09:21:45.0906 1480 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
09:21:45.0984 1480 i8042prt - ok
09:21:46.0093 1480 IAANTMON (ae38a12f79a4980ddb88f36514f8a1da) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
09:21:46.0109 1480 IAANTMON - ok
09:21:46.0140 1480 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\DRIVERS\iaStor.sys
09:21:46.0156 1480 iaStor - ok
09:21:46.0312 1480 idsvc (e7cc3aeaed9893a88876744cd439f76c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:21:46.0359 1480 idsvc ( UnsignedFile.Multi.Generic ) - warning
09:21:46.0359 1480 idsvc - detected UnsignedFile.Multi.Generic (1)
09:21:46.0421 1480 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:21:46.0500 1480 Imapi - ok
09:21:46.0546 1480 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:21:46.0625 1480 ImapiService - ok
09:21:46.0625 1480 ini910u - ok
09:21:46.0625 1480 IntelIde - ok
09:21:46.0656 1480 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:21:46.0703 1480 intelppm - ok
09:21:46.0750 1480 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:21:46.0812 1480 Ip6Fw - ok
09:21:46.0843 1480 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:21:46.0906 1480 IpFilterDriver - ok
09:21:46.0921 1480 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:21:46.0984 1480 IpInIp - ok
09:21:47.0031 1480 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:21:47.0109 1480 IpNat - ok
09:21:47.0265 1480 iPod Service (32cdedd15e2d1a557cd54552ae78ff86) C:\Program Files\iPod\bin\iPodService.exe
09:21:47.0296 1480 iPod Service - ok
09:21:47.0328 1480 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:21:47.0406 1480 IPSec - ok
09:21:47.0437 1480 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:21:47.0500 1480 IRENUM - ok
09:21:47.0562 1480 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:21:47.0640 1480 isapnp - ok
09:21:47.0656 1480 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:21:47.0718 1480 Kbdclass - ok
09:21:47.0750 1480 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:21:47.0812 1480 kbdhid - ok
09:21:47.0812 1480 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:21:47.0906 1480 kmixer - ok
09:21:47.0937 1480 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
09:21:48.0000 1480 KSecDD - ok
09:21:48.0078 1480 lanmanserver (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
09:21:48.0140 1480 lanmanserver - ok
09:21:48.0187 1480 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll
09:21:48.0281 1480 lanmanworkstation - ok
09:21:48.0281 1480 lbrtfdc - ok
09:21:48.0546 1480 LiveUpdate (010fd2b41e75a98e3a4d23f44405f5c9) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
09:21:48.0703 1480 LiveUpdate - ok
09:21:48.0843 1480 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:21:48.0921 1480 LmHosts - ok
09:21:48.0953 1480 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:21:49.0015 1480 Messenger - ok
09:21:49.0062 1480 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:21:49.0140 1480 mnmdd - ok
09:21:49.0171 1480 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:21:49.0250 1480 mnmsrvc - ok
09:21:49.0265 1480 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:21:49.0312 1480 Modem - ok
09:21:49.0343 1480 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:21:49.0421 1480 Mouclass - ok
09:21:49.0468 1480 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:21:49.0546 1480 mouhid - ok
09:21:49.0578 1480 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:21:49.0656 1480 MountMgr - ok
09:21:49.0656 1480 mraid35x - ok
09:21:49.0671 1480 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:21:49.0734 1480 MRxDAV - ok
09:21:49.0796 1480 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:21:49.0890 1480 MRxSmb - ok
09:21:49.0921 1480 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:21:49.0984 1480 MSDTC - ok
09:21:50.0000 1480 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:21:50.0062 1480 Msfs - ok
09:21:50.0390 1480 MSIServer - ok
09:21:50.0453 1480 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:21:50.0500 1480 MSKSSRV - ok
09:21:50.0546 1480 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:21:50.0593 1480 MSPCLOCK - ok
09:21:50.0625 1480 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:21:50.0703 1480 MSPQM - ok
09:21:50.0734 1480 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:21:50.0781 1480 mssmbios - ok
09:21:50.0812 1480 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
09:21:50.0875 1480 Mup - ok
09:21:50.0937 1480 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:21:51.0031 1480 napagent - ok
09:21:51.0171 1480 NBService (b498a14133bd09ad0817590ace4470ad) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
09:21:51.0203 1480 NBService - ok
09:21:51.0265 1480 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:21:51.0343 1480 NDIS - ok
09:21:51.0375 1480 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:21:51.0453 1480 NdisTapi - ok
09:21:51.0468 1480 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:21:51.0546 1480 Ndisuio - ok
09:21:51.0578 1480 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:21:51.0640 1480 NdisWan - ok
09:21:51.0671 1480 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
09:21:51.0750 1480 NDProxy - ok
09:21:51.0765 1480 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:21:51.0828 1480 NetBIOS - ok
09:21:51.0906 1480 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:21:51.0968 1480 NetBT - ok
09:21:51.0984 1480 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:21:52.0062 1480 NetDDE - ok
09:21:52.0062 1480 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:21:52.0125 1480 NetDDEdsdm - ok
09:21:52.0156 1480 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:21:52.0218 1480 Netlogon - ok
09:21:52.0234 1480 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:21:52.0328 1480 Netman - ok
09:21:52.0421 1480 NetTcpPortSharing (f9102685f97f9ba85f4a70afcf722cfe) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:21:52.0437 1480 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - warning
09:21:52.0437 1480 NetTcpPortSharing - detected UnsignedFile.Multi.Generic (1)
09:21:52.0468 1480 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:21:52.0546 1480 NIC1394 - ok
09:21:52.0703 1480 NIHardwareService - ok
09:21:52.0734 1480 Nla (b4138e99236f0f57d4cf49bae98a0746) C:\WINDOWS\System32\mswsock.dll
09:21:52.0812 1480 Nla - ok
09:21:52.0906 1480 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
09:21:52.0937 1480 NMIndexingService - ok
09:21:52.0968 1480 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:21:53.0046 1480 Npfs - ok
09:21:53.0109 1480 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:21:53.0203 1480 Ntfs - ok
09:21:53.0250 1480 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:21:53.0296 1480 NtLmSsp - ok
09:21:53.0359 1480 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:21:53.0437 1480 NtmsSvc - ok
09:21:53.0484 1480 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:21:53.0562 1480 Null - ok
09:21:53.0625 1480 nusb3hub (ff6d3248e791e7a897bd8ea2fbacbcff) C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
09:21:53.0656 1480 nusb3hub - ok
09:21:53.0671 1480 nusb3xhc (b5eb7e275f2967026c6031897624bc51) C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
09:21:53.0734 1480 nusb3xhc - ok
09:21:54.0093 1480 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:21:54.0531 1480 nv - ok
09:21:54.0609 1480 NVSvc (cc4f8220ead1f6a38d51679708f435b9) C:\WINDOWS\system32\nvsvc32.exe
09:21:54.0625 1480 NVSvc - ok
09:21:54.0671 1480 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:21:54.0750 1480 NwlnkFlt - ok
09:21:54.0750 1480 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:21:54.0812 1480 NwlnkFwd - ok
09:21:54.0859 1480 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:21:54.0937 1480 ohci1394 - ok
09:21:55.0000 1480 OXYGEN (93ca67f2d985b7dd214d3044dfda5df9) C:\WINDOWS\system32\DRIVERS\MAudioOxygen.sys
09:21:55.0015 1480 OXYGEN - ok
09:21:55.0187 1480 OxygenAudioDevMon (78c1a5447e6179c45c33efbec8c9256c) C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe
09:21:55.0265 1480 OxygenAudioDevMon - ok
09:21:55.0359 1480 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
09:21:55.0421 1480 Parport - ok
09:21:55.0453 1480 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:21:55.0531 1480 PartMgr - ok
09:21:55.0562 1480 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:21:55.0625 1480 ParVdm - ok
09:21:55.0656 1480 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:21:55.0734 1480 PCI - ok
09:21:55.0734 1480 PCIDump - ok
09:21:55.0765 1480 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:21:55.0843 1480 PCIIde - ok
09:21:55.0875 1480 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:21:55.0937 1480 Pcmcia - ok
09:21:55.0937 1480 PDCOMP - ok
09:21:55.0953 1480 PDFRAME - ok
09:21:55.0953 1480 PDRELI - ok
09:21:55.0953 1480 PDRFRAME - ok
09:21:55.0953 1480 perc2 - ok
09:21:55.0968 1480 perc2hib - ok
09:21:56.0031 1480 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
09:21:56.0078 1480 PlugPlay - ok
09:21:56.0125 1480 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:21:56.0187 1480 PolicyAgent - ok
09:21:56.0234 1480 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:21:56.0312 1480 PptpMiniport - ok
09:21:56.0312 1480 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:21:56.0359 1480 ProtectedStorage - ok
09:21:56.0390 1480 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:21:56.0468 1480 PSched - ok
09:21:56.0500 1480 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:21:56.0562 1480 Ptilink - ok
09:21:56.0640 1480 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:21:56.0640 1480 PxHelp20 - ok
09:21:56.0640 1480 ql1080 - ok
09:21:56.0640 1480 Ql10wnt - ok
09:21:56.0640 1480 ql12160 - ok
09:21:56.0640 1480 ql1240 - ok
09:21:56.0640 1480 ql1280 - ok
09:21:56.0656 1480 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:21:56.0718 1480 RasAcd - ok
09:21:56.0734 1480 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:21:56.0812 1480 RasAuto - ok
09:21:56.0843 1480 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:21:56.0921 1480 Rasl2tp - ok
09:21:56.0968 1480 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:21:57.0046 1480 RasMan - ok
09:21:57.0046 1480 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:21:57.0109 1480 RasPppoe - ok
09:21:57.0156 1480 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:21:57.0203 1480 Raspti - ok
09:21:57.0265 1480 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:21:57.0328 1480 Rdbss - ok
09:21:57.0359 1480 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:21:57.0406 1480 RDPCDD - ok
09:21:57.0468 1480 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
09:21:57.0546 1480 RDPWD - ok
09:21:57.0578 1480 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:21:57.0640 1480 RDSessMgr - ok
09:21:57.0656 1480 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:21:57.0734 1480 redbook - ok
09:21:57.0796 1480 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:21:57.0859 1480 RemoteAccess - ok
09:21:57.0875 1480 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:21:57.0937 1480 RpcLocator - ok
09:21:58.0000 1480 RpcSs (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\System32\rpcss.dll
09:21:58.0093 1480 RpcSs - ok
09:21:58.0125 1480 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:21:58.0218 1480 RSVP - ok
09:21:58.0250 1480 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:21:58.0312 1480 SamSs - ok
09:21:58.0515 1480 SANDRA (361094945053c2c04312ef2e5f14eeaf) C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\WNt500x86\Sandra.sys
09:21:58.0515 1480 SANDRA - ok
09:21:58.0562 1480 SandraAgentSrv (201c4ca2beb6152b0238dea13f9ee85d) C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\RpcAgentSrv.exe
09:21:58.0562 1480 SandraAgentSrv - ok
09:21:58.0609 1480 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
09:21:58.0687 1480 sbp2port - ok
09:21:58.0703 1480 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:21:58.0781 1480 SCardSvr - ok
09:21:58.0812 1480 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:21:58.0906 1480 Schedule - ok
09:21:58.0937 1480 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:21:59.0015 1480 Secdrv - ok
09:21:59.0046 1480 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:21:59.0109 1480 seclogon - ok
09:21:59.0125 1480 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:21:59.0203 1480 SENS - ok
09:21:59.0828 1480 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:21:59.0906 1480 serenum - ok
09:21:59.0937 1480 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:21:59.0984 1480 Serial - ok
09:22:00.0015 1480 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:22:00.0093 1480 Sfloppy - ok
09:22:00.0140 1480 sfng32 (76bd55922b3179fa7b5bd528839e6fb4) C:\WINDOWS\system32\drivers\sfng32.sys
09:22:00.0156 1480 sfng32 ( UnsignedFile.Multi.Generic ) - warning
09:22:00.0156 1480 sfng32 - detected UnsignedFile.Multi.Generic (1)
09:22:00.0203 1480 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:22:00.0281 1480 SharedAccess - ok
09:22:00.0328 1480 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
09:22:00.0390 1480 ShellHWDetection - ok
09:22:00.0390 1480 Simbad - ok
09:22:00.0390 1480 Sparrow - ok
09:22:00.0421 1480 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:22:00.0500 1480 splitter - ok
09:22:00.0546 1480 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
09:22:00.0625 1480 Spooler - ok
09:22:00.0656 1480 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:22:00.0734 1480 sr - ok
09:22:00.0781 1480 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:22:00.0843 1480 srservice - ok
09:22:00.0906 1480 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
09:22:00.0984 1480 Srv - ok
09:22:01.0031 1480 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:22:01.0093 1480 SSDPSRV - ok
09:22:01.0093 1480 STHDA - ok
09:22:01.0140 1480 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:22:01.0234 1480 stisvc - ok
09:22:01.0250 1480 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:22:01.0328 1480 swenum - ok
09:22:01.0359 1480 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:22:01.0437 1480 swmidi - ok
09:22:01.0437 1480 SwPrv - ok
09:22:01.0453 1480 symc810 - ok
09:22:01.0468 1480 symc8xx - ok
09:22:01.0468 1480 sym_hi - ok
09:22:01.0468 1480 sym_u3 - ok
09:22:01.0515 1480 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:22:01.0578 1480 sysaudio - ok
09:22:01.0609 1480 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:22:01.0687 1480 SysmonLog - ok
09:22:01.0703 1480 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:22:01.0796 1480 TapiSrv - ok
09:22:01.0828 1480 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:22:01.0890 1480 Tcpip - ok
09:22:01.0953 1480 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:22:02.0015 1480 TDPIPE - ok
09:22:02.0031 1480 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:22:02.0109 1480 TDTCP - ok
09:22:02.0156 1480 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:22:02.0203 1480 TermDD - ok
09:22:02.0265 1480 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:22:02.0343 1480 TermService - ok
09:22:02.0390 1480 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
09:22:02.0437 1480 Themes - ok
09:22:02.0437 1480 TosIde - ok
09:22:02.0812 1480 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:22:02.0921 1480 TrkWks - ok
09:22:03.0109 1480 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:22:03.0187 1480 Udfs - ok
09:22:03.0234 1480 UimBus (7ffb7ca1ec6f78441f7c9097e4e35aa1) C:\WINDOWS\system32\DRIVERS\UimBus.sys
09:22:03.0234 1480 UimBus - ok
09:22:03.0234 1480 Uim_IM (de5dac63a7a2f6b79c7f8a1b5501506c) C:\WINDOWS\system32\Drivers\Uim_IM.sys
09:22:03.0250 1480 Uim_IM - ok
09:22:03.0250 1480 UKS11LDR - ok
09:22:03.0250 1480 ultra - ok
09:22:03.0312 1480 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:22:03.0406 1480 Update - ok
09:22:03.0437 1480 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:22:03.0515 1480 upnphost - ok
09:22:03.0531 1480 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:22:03.0609 1480 UPS - ok
09:22:03.0671 1480 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:22:03.0718 1480 USBAAPL - ok
09:22:03.0781 1480 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:22:03.0843 1480 usbaudio - ok
09:22:04.0203 1480 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:22:04.0281 1480 usbccgp - ok
09:22:04.0531 1480 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:22:04.0593 1480 usbehci - ok
09:22:04.0625 1480 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:22:04.0671 1480 usbhub - ok
09:22:04.0703 1480 USBKT1X1 - ok
09:22:04.0734 1480 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:22:04.0796 1480 usbscan - ok
09:22:04.0812 1480 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:22:04.0890 1480 USBSTOR - ok
09:22:04.0921 1480 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:22:04.0984 1480 usbuhci - ok
09:22:05.0000 1480 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:22:05.0062 1480 VgaSave - ok
09:22:05.0062 1480 ViaIde - ok
09:22:05.0078 1480 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:22:05.0140 1480 VolSnap - ok
09:22:05.0171 1480 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:22:05.0265 1480 VSS - ok
09:22:05.0281 1480 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:22:05.0359 1480 W32Time - ok
09:22:05.0390 1480 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:22:05.0437 1480 Wanarp - ok
09:22:05.0453 1480 WDICA - ok
09:22:05.0484 1480 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:22:05.0578 1480 wdmaud - ok
09:22:05.0609 1480 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:22:05.0671 1480 WebClient - ok
09:22:05.0796 1480 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:22:05.0859 1480 winmgmt - ok
09:22:05.0890 1480 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:22:05.0968 1480 WmdmPmSN - ok
09:22:06.0015 1480 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:22:06.0078 1480 WmiApSrv - ok
09:22:06.0265 1480 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:22:06.0312 1480 WMPNetworkSvc - ok
09:22:06.0343 1480 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:22:06.0343 1480 WpdUsb - ok
09:22:06.0437 1480 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:22:06.0484 1480 WS2IFSL - ok
09:22:06.0546 1480 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:22:06.0625 1480 wscsvc - ok
09:22:06.0625 1480 WTService - ok
09:22:06.0656 1480 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:22:06.0781 1480 wuauserv - ok
09:22:06.0812 1480 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:22:06.0843 1480 WudfPf - ok
09:22:06.0859 1480 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:22:06.0875 1480 WudfRd - ok
09:22:06.0906 1480 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:22:06.0906 1480 WudfSvc - ok
09:22:06.0968 1480 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:22:07.0046 1480 WZCSVC - ok
09:22:07.0078 1480 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:22:07.0140 1480 xmlprov - ok
09:22:07.0171 1480 MBR (0x1B8) (3824796a674c974da76c6d30e2081c72) \Device\Harddisk0\DR0
09:22:07.0250 1480 \Device\Harddisk0\DR0 - ok
09:22:07.0250 1480 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
09:22:07.0312 1480 \Device\Harddisk1\DR1 - ok
09:22:07.0312 1480 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
09:22:07.0406 1480 \Device\Harddisk2\DR2 - ok
09:22:07.0421 1480 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk3\DR7
09:22:07.0531 1480 \Device\Harddisk3\DR7 - ok
09:22:07.0531 1480 Boot (0x1200) (7240d9782b2d98a137eeec54a7cf446a) \Device\Harddisk0\DR0\Partition0
09:22:07.0531 1480 \Device\Harddisk0\DR0\Partition0 - ok
09:22:07.0546 1480 Boot (0x1200) (9cff58b921d25413a24ac1a2a76093ff) \Device\Harddisk1\DR1\Partition0
09:22:07.0546 1480 \Device\Harddisk1\DR1\Partition0 - ok
09:22:07.0546 1480 Boot (0x1200) (925f0c986f42cc1c187d4408416750ff) \Device\Harddisk2\DR2\Partition0
09:22:07.0546 1480 \Device\Harddisk2\DR2\Partition0 - ok
09:22:07.0546 1480 Boot (0x1200) (79bd32300d8732381e2972e34ad576e0) \Device\Harddisk3\DR7\Partition0
09:22:07.0546 1480 \Device\Harddisk3\DR7\Partition0 - ok
09:22:07.0546 1480 ============================================================
09:22:07.0546 1480 Scan finished
09:22:07.0546 1480 ============================================================
09:22:07.0656 1476 Detected object count: 9
09:22:07.0656 1476 Actual detected object count: 9
09:23:22.0671 1476 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:23:22.0671 1476 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:23:22.0671 1476 Asapi ( UnsignedFile.Multi.Generic ) - skipped by user
09:23:22.0671 1476 Asapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:23:22.0671 1476 axwhisky ( UnsignedFile.Multi.Generic ) - skipped by user
09:23:22.0671 1476 axwhisky ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:23:22.0671 1476 axwskbus ( UnsignedFile.Multi.Generic ) - skipped by user
09:23:22.0671 1476 axwskbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:23:22.0671 1476 CLEDX ( UnsignedFile.Multi.Generic ) - skipped by user
09:23:22.0671 1476 CLEDX ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:23:22.0687 1476 echo1394 ( UnsignedFile.Multi.Generic ) - skipped by user
09:23:22.0687 1476 echo1394 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:23:22.0687 1476 idsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:23:22.0687 1476 idsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:23:22.0687 1476 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - skipped by user
09:23:22.0687 1476 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:23:22.0687 1476 sfng32 ( UnsignedFile.Multi.Generic ) - skipped by user
09:23:22.0687 1476 sfng32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

_______________________________________________________________________________________
_______________________________________________________________________________________


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-22 09:26:38
-----------------------------
09:26:38.734 OS Version: Windows 5.1.2600 Service Pack 3
09:26:38.734 Number of processors: 2 586 0xF0B
09:26:38.734 ComputerName: D UserName:
09:26:39.328 Initialize success
09:27:07.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:27:07.250 Disk 0 Vendor: ST316081 4.AA Size: 152627MB BusType: 3
09:27:07.265 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
09:27:07.265 Disk 1 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
09:27:07.281 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-2
09:27:07.281 Disk 2 Vendor: ST350032 SD15 Size: 476940MB BusType: 3
09:27:07.296 Disk 0 MBR read successfully
09:27:07.312 Disk 0 MBR scan
09:27:07.312 Disk 0 unknown MBR code
09:27:07.328 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 148342 MB offset 63
09:27:07.359 Disk 0 Partition 2 00 BC BCFS 4285 MB offset 303805215
09:27:07.390 Disk 0 scanning sectors +312581807
09:27:07.546 Disk 0 scanning C:\WINDOWS\system32\drivers
09:27:14.328 Service scanning
09:27:29.281 Modules scanning
09:27:33.437 Disk 0 trace - called modules:
09:27:33.453 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:27:33.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4bf030]
09:27:33.453 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8afdf030]
09:27:33.453 Scan finished successfully
09:28:02.421 Disk 0 MBR has been saved successfully to "J:\next reply\MBR.dat"
09:28:02.437 The log file has been saved successfully to "J:\next reply\aswMBR.txt"

_______________________________________________________________________________________
_______________________________________________________________________________________

Edited by okoechan, 23 May 2012 - 07:38 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP