Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

consrv.dll virus/error [Solved]

Started by TerasMinus , Jun 09 2012 12:52 PM

  • This topic is locked This topic is locked

#1
TerasMinus
Posted 09 June 2012 - 12:52 PM

TerasMinus

    Member

  • Member
  • PipPip
  • 51 posts
Last night, our other computer, for one reason or another, began blue screening when I tried to boot it up, giving the following message:
"STOP: c0000135 {Unable To Locate Component}
This application has failed to start because consrv was not found. Re-installing the application may fix the problem."
It had been working fine earlier, and then suddenly starting messing up after my step-brother was done on it. After using the system restore option, we managed to get it to finally load up, and I scanned using Malwarebytes, which found nothing. My step-dad had suggested I uninstall AVG, and put on something else, like ZoneAlarm or Comodo. The former wouldn't work due to the version of Windows that computer uses, and the latter installed, only to cause the computer to lock up, even more after I finally managed to get it to update and scan. About 37 minutes into the scan it had found something, and being that I couldn't leave the scanner running all day, as it hadn't even scanned a good portion of the computer, I stopped the scan to see what it found. The "infected" file in question was consrv.dll, which I let the thing remove, but after doing so, the computer locks up even more now, unless I boot up in safe mode. The version of Windows I'm using is XP Professional 64-bit, which causes many issues due to the fact that many programs and such won't work. If I missed any information that might be useful, please let me know. Thank you in advance.

Here's the OTL log.

OTL logfile created on: 6/9/2012 2:11:12 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 82.71% Memory free
3.87 Gb Paging File | 3.78 Gb Available in Paging File | 97.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.78 Gb Total Space | 59.12 Gb Free Space | 25.40% Space Free | Partition Type: NTFS

Computer Name: KEVIN-3ZHVJRXK3 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/09 02:07:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2012/06/07 14:49:29 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012/06/05 23:10:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/29 05:50:22 | 000,412,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/05/19 18:36:55 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/05 10:04:33 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/25 02:40:07 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/02/29 19:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/08/08 12:17:00 | 004,865,496 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/08/18 02:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/12 12:11:24 | 000,278,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2008/07/25 12:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/17 01:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\pchealth\helpctr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 21:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [1999/12/12 21:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\WINDOWS\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2005/03/25 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2005/03/25 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)
DRV - [2005/01/01 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/ [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://findgala.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2342185
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/05 23:10:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/25 14:57:55 | 000,000,000 | ---D | M]

[2011/07/11 15:21:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/05/26 13:35:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9jk8spx.default\extensions
[2012/04/01 05:10:28 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9jk8spx.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2012/05/25 14:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/27 08:22:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/13 21:01:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/06/05 23:10:19 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/13 21:01:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AsioThk32Reg] C:\WINDOWS\SysWOW64\ctasio.dll (Creative Technology Ltd)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login File not found
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files (x86)\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O16:64bit: - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1297917347811 (WUWebControl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1297917370042 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 216.237.221.42 216.237.219.195
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20123092-39C8-4C8F-9077-564E0F85D5AC}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E485E688-620B-46D7-A5A4-FC4C46A27362}: DhcpNameServer = 192.168.1.1 216.237.221.42 216.237.219.195
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E485E688-620B-46D7-A5A4-FC4C46A27362}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O20:64bit: - AppInit_DLLs: (C:\WINDOWS\system32\guard64.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\guard32.dll) - C:\WINDOWS\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/17 00:02:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/09 14:09:11 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2012/06/09 02:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2012/06/09 02:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2012/06/09 02:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2012/06/09 02:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/06/09 02:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
[2012/06/09 02:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\COMODO
[2012/06/09 02:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2012/06/09 02:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/06/09 02:07:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/06/07 16:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\runic games
[2012/06/07 14:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Desura
[2012/06/07 14:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Desura
[2012/06/07 14:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Torchlight
[2012/06/07 14:28:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games
[2012/06/07 14:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2012/06/07 13:22:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Desura
[2012/06/07 13:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Desura
[2012/06/06 15:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ARES
[2012/06/05 03:42:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Kerberos_Productions
[2012/06/04 16:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2012/06/04 15:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Trapped Dead
[2012/06/04 14:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GREED - Black Border
[2012/06/04 14:15:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Headup Games
[2012/06/01 13:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\RIFT
[2012/06/01 13:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RIFT
[2012/06/01 13:14:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RIFT Game
[2012/05/31 22:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Lost Saga
[2012/05/31 22:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PMB Files
[2012/05/31 22:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/05/31 22:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\OGPlanet
[2012/05/31 22:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OGPlanet
[2012/05/31 01:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Raptr
[2012/05/30 22:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Raptr
[2012/05/30 22:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raptr
[2012/05/29 14:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Fatshark
[2012/05/28 00:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\MBAACC
[2012/05/27 19:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ASign
[2012/05/25 14:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/25 14:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/25 13:49:59 | 000,000,000 | ---D | C] -- C:\Nexon
[2012/05/24 13:23:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Musou Orochi Z
[2012/05/24 01:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOLReplay
[2012/05/23 06:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LolClient2
[2012/05/22 20:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Heroes of Might and Magic V - Collectors Edition
[2012/05/22 20:08:28 | 000,000,000 | ---D | C] -- C:\Heroes of Might and Magic V - Collectors Edition
[2012/05/22 15:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Unreal Tournament 2004
[2012/05/22 15:15:37 | 000,000,000 | ---D | C] -- C:\UT2004
[2012/05/22 15:14:46 | 000,000,000 | ---D | C] -- C:\UnrealTournament
[2012/05/22 15:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GOG.com
[2012/05/22 15:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GOG.com
[2012/05/22 04:46:50 | 000,000,000 | ---D | C] -- C:\170eeb70feafc7e166c41e917fd50cb9
[2012/05/21 15:25:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012/05/21 00:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GetRight
[2012/05/20 23:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\T3Fun
[2012/05/20 23:17:01 | 000,000,000 | ---D | C] -- C:\T3Fun
[2012/05/20 00:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NVIDIA
[2012/05/20 00:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2012/05/20 00:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2012/05/18 12:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Funcom
[2012/05/17 02:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Media Player
[2012/05/17 00:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LS
[2012/05/14 20:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2012/05/14 20:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WildGames
[2012/05/14 20:21:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildGames
[2012/05/10 16:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Elsword
[2012/05/10 16:31:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kill3rCombo
[2012/05/10 16:18:26 | 013,231,416 | ---- | C] (Hi-Rez Studios) -- C:\Documents and Settings\Administrator\My Documents\InstallHiRezGamesEnglish.exe
[2012/05/10 15:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[1 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/09 14:10:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/09 14:07:23 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-10031102}.CDF
[2012/06/09 14:07:06 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/09 14:04:12 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/09 10:07:05 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/09 08:11:29 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/06/09 03:54:59 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-10031102}.BAK
[2012/06/09 03:48:20 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1931244868-2531888224-2959381614-500UA.job
[2012/06/09 02:37:29 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2012/06/09 02:36:48 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2012/06/09 02:07:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/06/09 00:55:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2012/06/08 21:48:04 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1931244868-2531888224-2959381614-500Core.job
[2012/06/07 13:22:34 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desura.lnk
[2012/06/06 16:20:27 | 000,000,175 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DragonNest.url
[2012/05/29 01:31:48 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/29 01:27:22 | 000,204,452 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\framedisplay-v23.zip
[2012/05/29 01:24:47 | 000,234,927 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mbcaster-080813.zip
[2012/05/26 22:36:28 | 005,352,718 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\nonverbal communication.odp
[2012/05/25 14:58:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/25 13:58:25 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Fighter Online.url
[2012/05/24 01:39:32 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LOL Recorder.lnk
[2012/05/23 18:07:20 | 000,439,429 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\personal profiling system.pdf
[2012/05/22 17:40:03 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2012/05/13 20:21:15 | 001,376,768 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\7z920-x64.msi
[2012/05/10 16:18:40 | 013,231,416 | ---- | M] (Hi-Rez Studios) -- C:\Documents and Settings\Administrator\My Documents\InstallHiRezGamesEnglish.exe
[1 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/09 02:37:29 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2012/06/09 02:36:48 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2012/06/09 00:15:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2012/06/07 13:22:34 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desura.lnk
[2012/06/06 16:20:27 | 000,000,175 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DragonNest.url
[2012/05/29 01:27:22 | 000,204,452 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\framedisplay-v23.zip
[2012/05/29 01:24:47 | 000,234,927 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mbcaster-080813.zip
[2012/05/26 15:36:35 | 005,352,718 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\nonverbal communication.odp
[2012/05/25 14:58:02 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/24 03:24:33 | 000,079,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/24 01:39:32 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LOL Recorder.lnk
[2012/05/23 18:07:20 | 000,439,429 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\personal profiling system.pdf
[2012/05/21 15:26:16 | 000,001,712 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk
[2012/05/21 15:26:16 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012/05/21 15:26:16 | 000,001,635 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk
[2012/05/13 20:21:15 | 001,376,768 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\7z920-x64.msi
[2012/03/25 02:40:08 | 000,269,712 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2012/03/25 02:40:07 | 000,076,888 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2012/03/24 20:10:40 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\CmdLineExt03.dll
[2012/03/19 16:04:43 | 000,002,304 | ---- | C] () -- C:\WINDOWS\SysWow64\HtsysmNT.sys
[2012/02/20 03:15:16 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/01/22 20:13:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/14 23:06:03 | 000,231,159 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1931244868-2531888224-2959381614-500-0.dat
[2012/01/14 23:05:59 | 000,080,650 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/12/27 15:08:51 | 000,108,032 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll
[2011/10/15 20:47:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat
[2011/09/12 22:39:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\Access.dat
[2011/07/18 16:25:16 | 000,000,268 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/07/11 15:21:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/22 20:04:32 | 000,000,204 | ---- | C] () -- C:\WINDOWS\SysWow64\secustat.dat
[2011/06/22 17:51:54 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2011/05/24 19:49:11 | 000,012,912 | -H-- | C] () -- C:\WINDOWS\SysWow64\mlfcache.dat
[2011/02/17 03:10:58 | 000,631,012 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/02/17 00:22:37 | 000,053,299 | ---- | C] () -- C:\WINDOWS\SysWow64\pthreadVC.dll
[2011/02/17 00:05:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/02/16 18:54:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2012/05/08 19:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.doomseeker
[2012/03/15 14:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.minecraft
[2011/11/12 20:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AtomZombieData
[2012/01/31 20:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BITS
[2012/06/04 14:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2012/05/25 13:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DFO Control Panel
[2012/02/13 02:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dwarfs
[2012/05/29 14:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Fatshark
[2012/04/04 18:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FOG Downloader
[2012/05/21 01:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRight
[2011/06/12 15:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2011/05/13 23:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2011/05/20 18:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LolClient
[2012/05/23 06:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LolClient2
[2012/05/17 00:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LS
[2011/06/06 19:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NeopleLauncherDFO
[2012/03/19 21:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2012/06/06 01:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Raptr
[2012/06/01 13:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RIFT
[2012/04/17 09:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RotMG.Production
[2012/06/07 16:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\runic games
[2011/08/24 20:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Soldat
[2012/01/14 03:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\spiral
[2011/09/12 22:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tunngle
[2012/02/20 13:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2012/06/05 12:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/02/17 03:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2011/07/15 22:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2012/06/09 03:47:36 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\35af13
[2012/05/27 19:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASign
[2012/06/09 02:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2012/04/20 01:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2011/03/19 18:18:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\BMXUCXLRMP
[2012/05/20 18:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/06/09 02:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011/02/17 06:13:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/09 02:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2011/08/20 17:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/06/07 14:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Desura
[2011/06/27 14:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/09/13 01:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/06/09 02:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/06 23:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2012/05/25 13:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2012/06/08 22:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/10/15 20:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/06/09 02:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/12 22:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle
[2011/12/27 15:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2012/05/14 20:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2012/06/08 21:48:04 | 000,001,008 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1931244868-2531888224-2959381614-500Core.job
[2012/06/09 03:48:20 | 000,001,030 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1931244868-2531888224-2959381614-500UA.job
[2012/06/09 03:55:17 | 000,032,554 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:233BFF24

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 09 June 2012 - 01:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm 64bit XP - not many of those around... Lets see what I can do

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#3
TerasMinus
Posted 09 June 2012 - 04:22 PM

TerasMinus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
I'm posting to let you know i have it scanning right now, and to give a bit of an update.
A little while after I had posted this topic, I had went and did another Malwarebytes scan, full this time, and found 4 threats, which i removed, and which also allowed it to fully load up, so I was able to get the tool onto the computer without needing to use a usb drive. That tool, in turn, was scanning pretty well, for about an hour when the whole system locked up again, after finding 5 or so items. Upon restarting it, it once again started locking down, so I am running it in safe mode. I'm hoping that it'll be fine to let it scan in safe mode.
  • 0

#4
Essexboy
Posted 09 June 2012 - 04:26 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If it should lock again could you make a note of where it locked and then proceed direct to the analysis section scan
  • 0

#5
TerasMinus
Posted 09 June 2012 - 05:16 PM

TerasMinus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Well, it locked up again, about 45 minutes in, in the My Documents folders.
I've attached the analysis info.

Attached Files


  • 0

#6
Essexboy
Posted 10 June 2012 - 04:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this can you let me know how the computer is behaving

  • Re-run AVPTool
  • Select the Manual Disinfection tab and press Script execution

    Posted Image
  • Where it states Insert text script in the following box copy the below script and press Run script
    Copy from Begin until End

    Posted Image

    begin
SetAVZPMStatus(True);
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 DeleteService('X6va007');
 StopService('X6va007');
 DeleteService('X6va005');
 StopService('X6va005');
 DeleteService('X6va001');
 StopService('X6va001');
 BC_DeleteSvc('X6va001');
 DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\001147.tmp');
 BC_DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\001147.tmp');
 BC_DeleteSvc('X6va005');
 DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\0058.tmp');
 BC_DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\0058.tmp');
 BC_DeleteSvc('X6va007');
 DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\00789.tmp');
 BC_DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\00789.tmp');
BC_ImportDeletedList;
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

  • Your system will reboot on completion, if it does not please do so yourself
  • On completion please run another analysis scan and attach the zip file

  • 0

#7
TerasMinus
Posted 10 June 2012 - 11:59 AM

TerasMinus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
As an update, which I probably should have put in my last post, I am having to run in safe mode again, as after those 2 initial lock ups, it started locking up again after a couple minutes after booting like normal. I hope that running in safe mode won't be an issue.
Anyway, I've attached the new analysis.

Attached Files


  • 0

#8
Essexboy
Posted 10 June 2012 - 01:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK as I can see no apparent malware .. Lets go on a different tack

What I am about to test is the possibility of a driver conflict.. Once you are in normal mode with the clean boot let me know if the locks still occur

Step 1:

Start the System Configuration Utility
Click Start, click Run, type msconfig, and then click OK.
The System Configuration Utility dialog box is displayed.

Step 2:

Configure selective startup options
In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
Click to clear the Process SYSTEM.INI File check box.
Click to clear the Process WIN.INI File check box.
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
Click the Services tab.
Click to select the Hide All Microsoft Services check box.
Click Disable All, and then click OK.
When you are prompted, click Restart to restart the computer.

Step 3: Log on to Windows

If you are prompted, log on to Windows.
When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

You have used the System Configuration Utility to make changes to the way Windows starts.
The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.
Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes you made using the System Configuration Utility.


Now we get to the tedious part,:

If windows behaves itself then do the following

Restart MSConfig and select half of the disabled services and reboot

Is the problem still present ?

If Yes then deselect half of the services that you resumed and reboot

If no then select half of the remaining services and reboot

The intention here is to isolate the one service/driver that is causing the problem
  • 0

#9
TerasMinus
Posted 10 June 2012 - 01:18 PM

TerasMinus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Well, it seems that didn't help. After booting it up into normal mode, it still locked up.
  • 0

#10
Essexboy
Posted 10 June 2012 - 01:26 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK time to check out the MBR

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

Advertisements

#11
TerasMinus
Posted 10 June 2012 - 01:36 PM

TerasMinus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-10 15:33:19
-----------------------------
15:33:19.093 OS Version: Windows x64 5.2.3790 Service Pack 2
15:33:19.093 Number of processors: 2 586 0x404
15:33:19.093 ComputerName: KEVIN-3ZHVJRXK3 UserName: Administrator
15:33:20.265 Initialize success
15:33:27.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000071
15:33:27.500 Disk 0 Vendor: Maxtor_7L250S0 BANC1G10 Size: 238418MB BusType: 3
15:33:27.515 Device \Driver\nvatax64 -> MajorFunction fffffadfcef692c0
15:33:27.546 Disk 0 MBR read successfully
15:33:27.562 Disk 0 MBR scan
15:33:27.562 Disk 0 Windows XP default MBR code
15:33:27.562 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
15:33:27.578 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238370 MB offset 80325
15:33:27.687 Disk 0 scanning C:\WINDOWS\system32\drivers
15:33:35.218 Service scanning
15:33:53.453 Modules scanning
15:33:53.468 Disk 0 trace - called modules:
15:33:53.500 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffadfcef692c0]<<sptd.sys nvatax64.sys hal.dll
15:33:53.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffadfcef59530]
15:33:56.015 3 CLASSPNP.SYS[fffffadfc80e08c9] -> nt!IofCallDriver -> \Device\00000071[0xfffffadfced47060]
15:33:56.140 \Driver\nvatax64[0xfffffadfcef5d8f0] -> IRP_MJ_CREATE -> 0xfffffadfcef692c0
15:33:56.265 Scan finished successfully
15:34:32.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
15:34:32.703 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
  • 0

#12
Essexboy
Posted 10 June 2012 - 01:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Need a deeper look at the MBR

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#13
TerasMinus
Posted 10 June 2012 - 02:38 PM

TerasMinus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
15:52:52.0609 1236 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
15:52:52.0984 1236 ============================================================
15:52:52.0984 1236 Current date / time: 2012/06/10 15:52:52.0984
15:52:52.0984 1236 SystemInfo:
15:52:52.0984 1236
15:52:52.0984 1236 OS Version: 5.2.3790 ServicePack: 2.0
15:52:52.0984 1236 Product type: Workstation
15:52:52.0984 1236 ComputerName: KEVIN-3ZHVJRXK3
15:52:52.0984 1236 UserName: Administrator
15:52:52.0984 1236 Windows directory: C:\WINDOWS
15:52:52.0984 1236 System windows directory: C:\WINDOWS
15:52:52.0984 1236 Running under WOW64
15:52:52.0984 1236 Processor architecture: Intel x64
15:52:52.0984 1236 Number of processors: 2
15:52:52.0984 1236 Page size: 0x1000
15:52:52.0984 1236 Boot type: Safe boot
15:52:52.0984 1236 ============================================================
15:52:55.0375 1236 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:52:55.0375 1236 Drive \Device\Harddisk1\DR3 - Size: 0x3C7800000 (15.12 Gb), SectorSize: 0x200, Cylinders: 0x7B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:52:55.0421 1236 ============================================================
15:52:55.0421 1236 \Device\Harddisk0\DR0:
15:52:55.0421 1236 MBR partitions:
15:52:55.0421 1236 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D1915B4
15:52:55.0421 1236 \Device\Harddisk1\DR3:
15:52:55.0421 1236 MBR partitions:
15:52:55.0421 1236 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1E3BFE0
15:52:55.0421 1236 ============================================================
15:52:55.0468 1236 C: <-> \Device\Harddisk0\DR0\Partition0
15:52:55.0468 1236 ============================================================
15:52:55.0468 1236 Initialize success
15:52:55.0468 1236 ============================================================
15:53:20.0625 1372 ============================================================
15:53:20.0625 1372 Scan started
15:53:20.0625 1372 Mode: Manual; SigCheck; TDLFS;
15:53:20.0625 1372 ============================================================
15:53:21.0421 1372 83043948 (e656fe10d6d27794afa08136685a69e8) C:\WINDOWS\system32\DRIVERS\83043948.sys
15:53:22.0296 1372 83043948 - ok
15:53:22.0328 1372 Abiosdsk - ok
15:53:22.0406 1372 ACPI (0cc42d1fb637112de6f6196ddaf83dec) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:53:23.0750 1372 ACPI - ok
15:53:23.0781 1372 ACPIEC (a4d4f508bc6613442b0c32cde443e382) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:53:23.0875 1372 ACPIEC - ok
15:53:24.0093 1372 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:53:24.0125 1372 AdobeFlashPlayerUpdateSvc - ok
15:53:24.0125 1372 adpu160m - ok
15:53:24.0140 1372 adpu320 - ok
15:53:24.0203 1372 aec (92500bc3a6e241bbc357f532dd500a75) C:\WINDOWS\system32\drivers\aec.sys
15:53:24.0328 1372 aec - ok
15:53:24.0390 1372 AeLookupSvc (ac7010dde9111a1c65d7391ada5c7257) C:\WINDOWS\System32\aelupsvc.dll
15:53:24.0484 1372 AeLookupSvc - ok
15:53:24.0546 1372 AFD (886c37d055020d0d02c35ac5b84e76ab) C:\WINDOWS\System32\drivers\afd.sys
15:53:24.0640 1372 AFD - ok
15:53:24.0640 1372 aic78u2 - ok
15:53:24.0656 1372 aic78xx - ok
15:53:24.0703 1372 Alerter (afa2cf7cb731ca177cccffffe5d88776) C:\WINDOWS\system32\alrsvc.dll
15:53:24.0781 1372 Alerter - ok
15:53:24.0828 1372 ALG (2d21ff6d4cd30e679f1a294d5ba3d97b) C:\WINDOWS\System32\alg.exe
15:53:24.0921 1372 ALG - ok
15:53:24.0921 1372 AliIde - ok
15:53:24.0937 1372 AmdIde - ok
15:53:25.0000 1372 AppMgmt (4f6b2de8bc199c542f174844bb64485a) C:\WINDOWS\System32\appmgmts.dll
15:53:25.0062 1372 AppMgmt - ok
15:53:25.0078 1372 arc - ok
15:53:25.0140 1372 Arp1394 (fda73c1ecd1ec4f366ff0ab85abf816d) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:53:25.0234 1372 Arp1394 - ok
15:53:25.0437 1372 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:53:25.0578 1372 aspnet_state - ok
15:53:25.0609 1372 AsyncMac (7380acdd2d8e6621392e56d9a0467fe4) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:53:25.0718 1372 AsyncMac - ok
15:53:25.0765 1372 atapi (7a1814d0d112f50f828e25557a1ed29f) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:53:25.0859 1372 atapi - ok
15:53:25.0875 1372 Atdisk - ok
15:53:25.0921 1372 Atmarpc (62d65fce5695b53a2ddf92e83111ea06) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:53:26.0015 1372 Atmarpc - ok
15:53:26.0062 1372 AudioSrv (0da015ab1ee54988572cfc4b7644556a) C:\WINDOWS\System32\audiosrv.dll
15:53:26.0156 1372 AudioSrv - ok
15:53:26.0218 1372 audstub (1437089f59dba75fee4ed959077a938e) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:53:26.0296 1372 audstub - ok
15:53:26.0421 1372 BCMH43XX (ea289355b7e07461760172b0674b9382) C:\WINDOWS\system32\DRIVERS\bcmwlhigh564.sys
15:53:26.0609 1372 BCMH43XX - ok
15:53:26.0640 1372 Beep (8ba2e5cdfde406dc4646afb894804844) C:\WINDOWS\system32\drivers\Beep.sys
15:53:26.0750 1372 Beep - ok
15:53:26.0812 1372 BITS (749c15323919984a6e08bad427d89936) C:\WINDOWS\system32\qmgr.dll
15:53:27.0125 1372 BITS - ok
15:53:27.0156 1372 Browser (3a8e1df1a159df863af4e5b84019a2bc) C:\WINDOWS\System32\browser.dll
15:53:27.0281 1372 Browser - ok
15:53:27.0312 1372 CCDECODE (2367a4dda10960624fe696bcedfc995a) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:53:27.0406 1372 CCDECODE - ok
15:53:27.0453 1372 CdaC15BA (982563cf02cd6d4e5d8e0f4b5cbb9b6a) C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
15:53:27.0578 1372 CdaC15BA - ok
15:53:27.0593 1372 CdaD10BA (9067d96899d98ca4535a76e8c8b2e3a5) C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
15:53:27.0687 1372 CdaD10BA - ok
15:53:27.0734 1372 Cdfs (4d99e36322fb51a8d1b2b6d6b69d9889) C:\WINDOWS\system32\drivers\Cdfs.sys
15:53:27.0828 1372 Cdfs - ok
15:53:27.0906 1372 Cdrom (11663fe50e499ffee77979542b285f38) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:53:27.0984 1372 Cdrom - ok
15:53:28.0062 1372 cercsr6 (42961b2fdb30babb47d45201f612c272) C:\WINDOWS\system32\drivers\cercsr6.sys
15:53:28.0062 1372 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
15:53:28.0062 1372 cercsr6 - detected UnsignedFile.Multi.Generic (1)
15:53:28.0078 1372 Changer - ok
15:53:28.0125 1372 CiSvc (46c54f209031afa0f100d0703fc346da) C:\WINDOWS\system32\cisvc.exe
15:53:28.0203 1372 CiSvc - ok
15:53:28.0218 1372 ClipSrv (74f11d0323666d9f615a2d3692590122) C:\WINDOWS\system32\clipsrv.exe
15:53:28.0328 1372 ClipSrv - ok
15:53:28.0437 1372 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:53:28.0531 1372 clr_optimization_v2.0.50727_32 - ok
15:53:28.0671 1372 clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) c:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:53:28.0703 1372 clr_optimization_v2.0.50727_64 - ok
15:53:28.0843 1372 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:53:28.0968 1372 clr_optimization_v4.0.30319_32 - ok
15:53:29.0093 1372 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:53:29.0125 1372 clr_optimization_v4.0.30319_64 - ok
15:53:29.0625 1372 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
15:53:29.0937 1372 cmdAgent - ok
15:53:30.0171 1372 cmderd (b5e1b39f51076e04fbbf22a3d75308a3) C:\WINDOWS\system32\DRIVERS\cmderd.sys
15:53:30.0171 1372 cmderd - ok
15:53:30.0265 1372 cmdGuard (53b62cde2ff4347a7ac906bec059d24b) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
15:53:30.0359 1372 cmdGuard - ok
15:53:30.0421 1372 cmdHlp (6328e95b584238f45b752d935d92d891) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
15:53:30.0437 1372 cmdHlp - ok
15:53:30.0437 1372 CmdIde - ok
15:53:30.0500 1372 COMMONFX.DLL (66ac4fdad5a2d4ff4e3db41810b39de2) C:\WINDOWS\system32\commonfx.dll
15:53:30.0734 1372 COMMONFX.DLL - ok
15:53:30.0750 1372 COMSysApp - ok
15:53:30.0828 1372 crcdisk (423f7a6e3af4c2a73c8c8ad945f72cba) C:\WINDOWS\system32\DRIVERS\crcdisk.sys
15:53:30.0953 1372 crcdisk - ok
15:53:30.0968 1372 Creative Service for CDROM Access - ok
15:53:31.0000 1372 CryptSvc (8b0b3744c60936acae31012799db3982) C:\WINDOWS\System32\cryptsvc.dll
15:53:31.0093 1372 CryptSvc - ok
15:53:31.0156 1372 CT20XUT.DLL (01bbd5cb85423b12e445209d243a49a9) C:\WINDOWS\system32\CT20XUT.DLL
15:53:31.0187 1372 CT20XUT.DLL - ok
15:53:31.0281 1372 ctac32k (b81c989c6d3b770f44316a3dc5f607b3) C:\WINDOWS\system32\drivers\ctac32k.sys
15:53:31.0328 1372 ctac32k - ok
15:53:31.0625 1372 ctaud2k (7321bd704cc3b34b78f8574e64258f39) C:\WINDOWS\system32\drivers\ctaud2k.sys
15:53:31.0687 1372 ctaud2k - ok
15:53:31.0875 1372 CTAUDFX.DLL (e873319f281115ebea75e519c5b4d0c4) C:\WINDOWS\system32\ctaudfx.dll
15:53:31.0921 1372 CTAUDFX.DLL - ok
15:53:31.0984 1372 CTEAPSFX.DLL (06300545bedf49b6a51fdfe1861f9caf) C:\WINDOWS\system32\CTEAPSFX.DLL
15:53:32.0046 1372 CTEAPSFX.DLL - ok
15:53:32.0125 1372 CTEDSPFX.DLL (2d902f8ec247f0ed0d458cdcaf786544) C:\WINDOWS\system32\CTEDSPFX.DLL
15:53:32.0156 1372 CTEDSPFX.DLL - ok
15:53:32.0203 1372 CTEDSPIO.DLL (0d3f99cda2bea14e4911a698441f1a29) C:\WINDOWS\system32\CTEDSPIO.DLL
15:53:32.0234 1372 CTEDSPIO.DLL - ok
15:53:32.0250 1372 CTEDSPSY.DLL (9d26aa450ac1caadde25f1621ba89842) C:\WINDOWS\system32\CTEDSPSY.DLL
15:53:32.0312 1372 CTEDSPSY.DLL - ok
15:53:32.0390 1372 CTERFXFX.DLL (e5f88dad5ec69665dfa3e5e87791f800) C:\WINDOWS\system32\CTERFXFX.DLL
15:53:32.0406 1372 CTERFXFX.DLL - ok
15:53:32.0515 1372 CTEXFIFX.DLL (fa6dca331835997d2f7c83b9aaabc4bb) C:\WINDOWS\system32\CTEXFIFX.DLL
15:53:32.0593 1372 CTEXFIFX.DLL - ok
15:53:32.0593 1372 CTHWIUT.DLL (9e6a0a3ca3825bb568d42f5f3cb09453) C:\WINDOWS\system32\CTHWIUT.DLL
15:53:32.0640 1372 CTHWIUT.DLL - ok
15:53:32.0687 1372 ctprxy2k (6a05134810301fa6fdd6e95583a91f35) C:\WINDOWS\system32\drivers\ctprxy2k.sys
15:53:32.0703 1372 ctprxy2k - ok
15:53:33.0015 1372 CTSBLFX.DLL (99047fcebab495410cd58ab17284720a) C:\WINDOWS\system32\ctsblfx.dll
15:53:33.0125 1372 CTSBLFX.DLL - ok
15:53:33.0265 1372 ctsfm2k (f792246cf9d8ee17f2b32e9069415cdd) C:\WINDOWS\system32\drivers\ctsfm2k.sys
15:53:33.0296 1372 ctsfm2k - ok
15:53:33.0390 1372 DcomLaunch (a6130365606f3d6332b014fc3da931aa) C:\WINDOWS\system32\rpcss.dll
15:53:33.0734 1372 DcomLaunch - ok
15:53:33.0843 1372 Desura Install Service (2b9a817dc1bdad9ce5495099b6a7136a) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
15:53:33.0875 1372 Desura Install Service - ok
15:53:33.0968 1372 Dhcp (de4c841dda8d5800515a5ca908580a36) C:\WINDOWS\System32\dhcpcsvc.dll
15:53:34.0093 1372 Dhcp - ok
15:53:34.0187 1372 Disk (417d7b9c6f36685a417e54690f8bd7b2) C:\WINDOWS\system32\DRIVERS\disk.sys
15:53:34.0328 1372 Disk - ok
15:53:34.0328 1372 dmadmin - ok
15:53:34.0390 1372 dmboot (19d704c92c2e2bd4dc99db18a3523918) C:\WINDOWS\system32\drivers\dmboot.sys
15:53:34.0500 1372 dmboot - ok
15:53:34.0531 1372 dmio (b293ce1c9243219f6b9e5dbcaa75b962) C:\WINDOWS\system32\drivers\dmio.sys
15:53:34.0640 1372 dmio - ok
15:53:34.0671 1372 dmload (c294e31d6cb7407a43c96ec1fec1f8a4) C:\WINDOWS\system32\drivers\dmload.sys
15:53:34.0765 1372 dmload - ok
15:53:34.0812 1372 dmserver (76f7e7922f428be040f800920bb8ff3b) C:\WINDOWS\System32\dmserver.dll
15:53:34.0906 1372 dmserver - ok
15:53:34.0968 1372 Dnscache (19c1612c4f5d828935d2270c7af13e6e) C:\WINDOWS\System32\dnsrslvr.dll
15:53:35.0250 1372 Dnscache - ok
15:53:35.0250 1372 dpti2o - ok
15:53:35.0328 1372 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
15:53:35.0343 1372 dtsoftbus01 - ok
15:53:35.0359 1372 EagleX64 - ok
15:53:35.0437 1372 emupia (1e2f860d9521fb73566c85cd17d58291) C:\WINDOWS\system32\drivers\emupia2k.sys
15:53:35.0515 1372 emupia - ok
15:53:35.0640 1372 ERSvc (b063a36e4e027a9dbe2b019ebbbeae86) C:\WINDOWS\System32\ersvc.dll
15:53:35.0734 1372 ERSvc - ok
15:53:35.0781 1372 Eventlog (1e07ee3f50dff2fe9b0a9d196e82698f) C:\WINDOWS\system32\services.exe
15:53:35.0843 1372 Eventlog - ok
15:53:35.0875 1372 EventSystem (cdef30a1dcffcaf6a4e8b7812ae79c95) C:\WINDOWS\system32\es.dll
15:53:35.0953 1372 EventSystem - ok
15:53:36.0000 1372 Fastfat (7c713b9f6f968f135d3d819492882cdd) C:\WINDOWS\system32\drivers\Fastfat.sys
15:53:36.0093 1372 Fastfat - ok
15:53:36.0125 1372 Fdc (7e35d423ff10ab5b8af1d3de86236690) C:\WINDOWS\system32\drivers\Fdc.sys
15:53:36.0218 1372 Fdc - ok
15:53:36.0250 1372 Fips (73ea9000f8fb2e060954eb7c3377a3c7) C:\WINDOWS\system32\drivers\Fips.sys
15:53:36.0359 1372 Fips - ok
15:53:36.0375 1372 Flpydisk (8ac77974378eac3548330951a5deeebf) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:53:36.0515 1372 Flpydisk - ok
15:53:36.0562 1372 FltMgr (087db260f98056ac40261acae4240882) C:\WINDOWS\system32\drivers\fltmgr.sys
15:53:36.0687 1372 FltMgr - ok
15:53:36.0812 1372 FontCache3.0.0.0 (8a4dcd28d2be12946f6d5d308b0942a6) c:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
15:53:36.0843 1372 FontCache3.0.0.0 - ok
15:53:36.0859 1372 Fs_Rec (70df80567a55a97894b4e8952ec5e7fc) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:53:36.0937 1372 Fs_Rec - ok
15:53:36.0984 1372 Ftdisk (e90aa7c073519dd8571670818cb85ccb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:53:37.0093 1372 Ftdisk - ok
15:53:37.0140 1372 Gpc (865d4d0b4e3730ef8040000cfb846d9f) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:53:37.0234 1372 Gpc - ok
15:53:37.0375 1372 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:53:37.0390 1372 gupdate - ok
15:53:37.0406 1372 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:53:37.0421 1372 gupdatem - ok
15:53:37.0453 1372 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:53:37.0515 1372 gusvc - ok
15:53:37.0718 1372 ha10kx2k (b3f220ad6eeddc2546780b84a8919b7a) C:\WINDOWS\system32\drivers\ha10kx2k.sys
15:53:37.0796 1372 ha10kx2k - ok
15:53:37.0859 1372 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\WINDOWS\system32\DRIVERS\hamachi.sys
15:53:37.0890 1372 hamachi - ok
15:53:38.0125 1372 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
15:53:38.0250 1372 Hamachi2Svc - ok
15:53:38.0421 1372 hap16v2k (5d6aec608b871cc2c724114f34cad3c8) C:\WINDOWS\system32\drivers\hap16v2k.sys
15:53:38.0515 1372 hap16v2k - ok
15:53:38.0578 1372 hap17v2k (b95ba8d7ea73a47fac3a59cf4a3b3043) C:\WINDOWS\system32\drivers\hap17v2k.sys
15:53:38.0609 1372 hap17v2k - ok
15:53:38.0734 1372 helpsvc (40e274b64843813a81c42687592339d7) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:53:38.0843 1372 helpsvc - ok
15:53:38.0843 1372 HidServ - ok
15:53:38.0906 1372 hidusb (f32bec5614a61bbb2bede070d279f88b) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:53:38.0984 1372 hidusb - ok
15:53:39.0062 1372 HTTP (b54738df11d0e06072bf9c332db1d254) C:\WINDOWS\system32\Drivers\HTTP.sys
15:53:39.0140 1372 HTTP - ok
15:53:39.0203 1372 HTTPFilter (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\System32\lsass.exe
15:53:39.0312 1372 HTTPFilter - ok
15:53:39.0328 1372 i2omgmt - ok
15:53:39.0343 1372 i8042prt (50fd608643d9b56c4c75c0784513f77e) C:\WINDOWS\system32\drivers\i8042prt.sys
15:53:39.0468 1372 i8042prt - ok
15:53:39.0546 1372 IASJet - ok
15:53:39.0750 1372 idsvc (501cf65702d7f64c38db360f7eb07adc) c:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:53:39.0796 1372 idsvc - ok
15:53:39.0796 1372 iirsp - ok
15:53:39.0875 1372 imapi (d2e541613b72ff9fcedf37b166930706) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:53:40.0015 1372 imapi - ok
15:53:40.0093 1372 ImapiService (9014c144cd95eee1f5884664a4bfb4d8) C:\WINDOWS\system32\imapi.exe
15:53:40.0187 1372 ImapiService - ok
15:53:40.0281 1372 Inspect (804386ccaf1556b4932a9370d7c916d3) C:\WINDOWS\system32\DRIVERS\inspect.sys
15:53:40.0312 1372 Inspect - ok
15:53:40.0312 1372 IntelIde - ok
15:53:40.0406 1372 intelppm (f8def5f83def3d1ee89bc851bfb6a886) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:53:40.0546 1372 intelppm - ok
15:53:40.0578 1372 Ip6Fw (6601a43ee389d0adb11aaede9a98036b) C:\WINDOWS\system32\drivers\ip6fw.sys
15:53:40.0671 1372 Ip6Fw - ok
15:53:40.0671 1372 IpFilterDriver (1b1b4654a5492a42d2e1bf5b2b22d32b) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:53:40.0765 1372 IpFilterDriver - ok
15:53:40.0765 1372 IpInIp - ok
15:53:40.0828 1372 IpNat (088ecb04137df1f52ec10c29d57a8cca) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:53:40.0937 1372 IpNat - ok
15:53:40.0953 1372 IPSec (db841ec6f027c780002ef47aabfddf86) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:53:41.0046 1372 IPSec - ok
15:53:41.0078 1372 IRENUM (8b7015ea0171242cca03c2fb48ccc771) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:53:41.0125 1372 IRENUM - ok
15:53:41.0171 1372 isapnp (d994162e4d8e931fc16a892a87852bbb) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:53:41.0281 1372 isapnp - ok
15:53:41.0562 1372 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files (x86)\Java\jre6\bin\jqs.exe
15:53:41.0593 1372 JavaQuickStarterService - ok
15:53:41.0671 1372 Kbdclass (e85095372008a9194c7ed6206cb782da) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:53:41.0765 1372 Kbdclass - ok
15:53:41.0828 1372 kbdhid (f96d8cec38efd64aaf41976d214fc54e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:53:41.0921 1372 kbdhid - ok
15:53:42.0000 1372 kmixer (1b280b3b4c10cc2e3ec3aec17eb6b658) C:\WINDOWS\system32\drivers\kmixer.sys
15:53:42.0093 1372 kmixer - ok
15:53:42.0171 1372 KSecDD (e9bc44a069593b8bfce33610a0196d6b) C:\WINDOWS\system32\drivers\KSecDD.sys
15:53:42.0500 1372 KSecDD - ok
15:53:42.0531 1372 ksthunk (5cb302b6caace41af70c34b56eb3db23) C:\WINDOWS\system32\drivers\ksthunk.sys
15:53:42.0687 1372 ksthunk - ok
15:53:42.0796 1372 lanmanserver (4d8e9a805add244b5c511147a5d9bb8c) C:\WINDOWS\System32\srvsvc.dll
15:53:42.0906 1372 lanmanserver - ok
15:53:43.0046 1372 lanmanworkstation (bf4105d3eb357652a4ea73f170715acd) C:\WINDOWS\System32\wkssvc.dll
15:53:43.0250 1372 lanmanworkstation - ok
15:53:43.0328 1372 LmHosts (80db42573f8ef6cbb6a7a0ff6966a352) C:\WINDOWS\System32\lmhsvc.dll
15:53:43.0453 1372 LmHosts - ok
15:53:43.0546 1372 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\WINDOWS\system32\DRIVERS\LVPr2M64.sys
15:53:43.0578 1372 LVPr2M64 - ok
15:53:43.0578 1372 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\WINDOWS\system32\DRIVERS\LVPr2M64.sys
15:53:43.0593 1372 LVPr2Mon - ok
15:53:43.0750 1372 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
15:53:43.0781 1372 LVPrcS64 - ok
15:53:43.0859 1372 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\WINDOWS\system32\drivers\mbam.sys
15:53:43.0890 1372 MBAMProtector - ok
15:53:44.0000 1372 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:53:44.0046 1372 MBAMService - ok
15:53:44.0078 1372 Messenger (34ef8cbea95ef5108a1349fc22d87513) C:\WINDOWS\System32\msgsvc.dll
15:53:44.0203 1372 Messenger - ok
15:53:44.0250 1372 mnmdd (ad6bc1efa0c1b53409947f06de87fc89) C:\WINDOWS\system32\drivers\mnmdd.sys
15:53:44.0328 1372 mnmdd - ok
15:53:44.0343 1372 mnmsrvc - ok
15:53:44.0390 1372 Modem (9a67a96a0cbc2bc658abf8c9b5ee065a) C:\WINDOWS\system32\drivers\Modem.sys
15:53:44.0500 1372 Modem - ok
15:53:44.0562 1372 Mouclass (12acf32edf03e46805347817acb9f64c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:53:44.0656 1372 Mouclass - ok
15:53:44.0671 1372 mouhid (a0c4e4a79c5d6f418315c33177f2b5bc) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:53:44.0750 1372 mouhid - ok
15:53:44.0765 1372 MountMgr (7e9cc7e4282a8e7a480560a6f817c177) C:\WINDOWS\system32\drivers\MountMgr.sys
15:53:44.0890 1372 MountMgr - ok
15:53:44.0953 1372 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:53:44.0968 1372 MozillaMaintenance - ok
15:53:44.0984 1372 mraid35x - ok
15:53:45.0062 1372 MRxDAV (3d33208e5a7414d8633d34d24f119173) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:53:45.0109 1372 MRxDAV - ok
15:53:45.0203 1372 MRxSmb (9385e695b33068b90cf419186ecaa3de) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:53:45.0343 1372 MRxSmb - ok
15:53:45.0390 1372 MSDTC (d42976785ba169c2361f97cc6a20681f) C:\WINDOWS\system32\msdtc.exe
15:53:45.0437 1372 MSDTC - ok
15:53:45.0531 1372 Msfs (983f4ab7a50d56cd33e2061ee733bd55) C:\WINDOWS\system32\drivers\Msfs.sys
15:53:45.0625 1372 Msfs - ok
15:53:45.0625 1372 MSIServer - ok
15:53:45.0671 1372 MSKSSRV (308ec6fbef38871cb2c4cace9c8f4808) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:53:45.0750 1372 MSKSSRV - ok
15:53:45.0750 1372 MSPCLOCK (8d3226738479719aab3b6d2617d7a55c) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:53:45.0859 1372 MSPCLOCK - ok
15:53:45.0859 1372 MSPQM (058d63e8d000ae678d4549bfa8eb0deb) C:\WINDOWS\system32\drivers\MSPQM.sys
15:53:45.0953 1372 MSPQM - ok
15:53:45.0984 1372 mssmbios (5992d1f9ed64017a76afee2b79f5cfb9) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:53:46.0109 1372 mssmbios - ok
15:53:46.0140 1372 MSTEE (6c679fab17592620de60dc7700a039ea) C:\WINDOWS\system32\drivers\MSTEE.sys
15:53:46.0218 1372 MSTEE - ok
15:53:46.0265 1372 Mup (5902c8e565fe346076786f43103ef02e) C:\WINDOWS\system32\drivers\Mup.sys
15:53:46.0359 1372 Mup - ok
15:53:46.0406 1372 NABTSFEC (933012d216d0022a500cc6c0dfa16428) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:53:46.0500 1372 NABTSFEC - ok
15:53:46.0546 1372 NDIS (6fe83d05aebef7930d7ce91568dc99df) C:\WINDOWS\system32\drivers\NDIS.sys
15:53:46.0656 1372 NDIS - ok
15:53:46.0671 1372 NdisIP (febeb8bf62b229ce9da98c32bf3d26a3) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:53:46.0750 1372 NdisIP - ok
15:53:46.0796 1372 NdisTapi (389cfab53aa9807ea4536cb0b03609c3) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:53:46.0859 1372 NdisTapi - ok
15:53:46.0906 1372 Ndisuio (49c1207c1ae8c6958f1c1747132814c2) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:53:46.0984 1372 Ndisuio - ok
15:53:47.0000 1372 NdisWan (6157a7aeae6d2b948ff2e872ffac765b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:53:47.0093 1372 NdisWan - ok
15:53:47.0125 1372 NDProxy (01b8acf7c9afa9005db6378077137bce) C:\WINDOWS\system32\drivers\NDProxy.sys
15:53:47.0187 1372 NDProxy - ok
15:53:47.0265 1372 NetBIOS (b1cee06471a069149b11fada23ff00fd) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:53:47.0375 1372 NetBIOS - ok
15:53:47.0421 1372 NetBT (fedaafb6cd700b9e0787c94d81c07db5) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:53:47.0578 1372 NetBT - ok
15:53:47.0640 1372 NetDDE (fb13279d8c89add5b0f7497c45bcf1c3) C:\WINDOWS\system32\netdde.exe
15:53:47.0734 1372 NetDDE - ok
15:53:47.0734 1372 NetDDEdsdm (fb13279d8c89add5b0f7497c45bcf1c3) C:\WINDOWS\system32\netdde.exe
15:53:47.0828 1372 NetDDEdsdm - ok
15:53:47.0875 1372 Netlogon (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
15:53:47.0953 1372 Netlogon - ok
15:53:48.0000 1372 Netman (f28fd9dba68a85d6ee4225a83f127d2b) C:\WINDOWS\System32\netman.dll
15:53:48.0171 1372 Netman - ok
15:53:48.0328 1372 NetTcpPortSharing (8bc776595238ab62072aa6beb17ddf59) c:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:53:48.0359 1372 NetTcpPortSharing - ok
15:53:48.0406 1372 NIC1394 (dafc30299e872cd7ed3795ea0fa08f67) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:53:48.0546 1372 NIC1394 - ok
15:53:48.0609 1372 Nla (ba13c3c32a69dc37653c9543e065950e) C:\WINDOWS\System32\mswsock.dll
15:53:48.0703 1372 Nla - ok
15:53:48.0734 1372 NPF (c31fa031335eff434b2d94278e74bcce) C:\WINDOWS\system32\DRIVERS\npf.sys
15:53:48.0765 1372 NPF - ok
15:53:48.0812 1372 Npfs (81819038621a2c524781ec503d400287) C:\WINDOWS\system32\drivers\Npfs.sys
15:53:48.0906 1372 Npfs - ok
15:53:48.0906 1372 npggsvc - ok
15:53:48.0921 1372 NPPTNT2 - ok
15:53:48.0953 1372 Ntfs (c8904b5f90ab2236692e83d491c4d426) C:\WINDOWS\system32\drivers\Ntfs.sys
15:53:49.0125 1372 Ntfs - ok
15:53:49.0187 1372 NtLmSsp (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
15:53:49.0265 1372 NtLmSsp - ok
15:53:49.0328 1372 NtmsSvc (a398462077f68a41b4dff9fb7e8fc7b8) C:\WINDOWS\system32\ntmssvc.dll
15:53:49.0437 1372 NtmsSvc - ok
15:53:49.0578 1372 Null (501039187c444fa7ab9d97b6a6c667b3) C:\WINDOWS\system32\drivers\Null.sys
15:53:49.0656 1372 Null - ok
15:53:50.0125 1372 nv (bf4b85690db5581836d90f50c99240d4) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:53:51.0015 1372 nv - ok
15:53:51.0203 1372 nvatax64 (bbcad05a0348a4f526aaa5c0448aec79) C:\WINDOWS\system32\drivers\nvatax64.sys
15:53:51.0281 1372 nvatax64 - ok
15:53:51.0343 1372 NVENETFD (c52746064df36edc4b8fda49321ef481) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:53:51.0421 1372 NVENETFD - ok
15:53:51.0500 1372 nvnetbus (f32f7a0cc1d3633098b470ab8ba9dcc0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:53:51.0562 1372 nvnetbus - ok
15:53:51.0609 1372 nvsvc (24a168600fc1dccb8d09715e3f215413) C:\WINDOWS\system32\nvsvc64.exe
15:53:51.0625 1372 nvsvc - ok
15:53:51.0828 1372 nvUpdatusService (42d159c345892d42df29849dda7274e2) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:53:51.0937 1372 nvUpdatusService - ok
15:53:52.0171 1372 ohci1394 (f8160ac8ae516a33221427c2353a7d12) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:53:52.0296 1372 ohci1394 - ok
15:53:52.0343 1372 ossrv (678cc7dcf607bbd69a9f9333d39c2f1d) C:\WINDOWS\system32\drivers\ctoss2k.sys
15:53:52.0375 1372 ossrv - ok
15:53:52.0421 1372 Parport (7ddaa09186da9f1d304e819b5a6bbc5a) C:\WINDOWS\system32\drivers\Parport.sys
15:53:52.0500 1372 Parport - ok
15:53:52.0500 1372 PartMgr (5f9a703240468a0c35a629d17ffca847) C:\WINDOWS\system32\drivers\PartMgr.sys
15:53:52.0578 1372 PartMgr - ok
15:53:52.0593 1372 PCI (5b2c8d6971d8df4937c2fa013cd4c00d) C:\WINDOWS\system32\DRIVERS\pci.sys
15:53:52.0703 1372 PCI - ok
15:53:52.0750 1372 PCIIde (f1978c7849a0047306db3b8bb94f0764) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:53:52.0828 1372 PCIIde - ok
15:53:52.0843 1372 Pcmcia (037f3a19f49a4c6a320c4154ebd6ee9d) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:53:52.0937 1372 Pcmcia - ok
15:53:52.0953 1372 PDCOMP - ok
15:53:52.0968 1372 PDFRAME - ok
15:53:52.0968 1372 PDRELI - ok
15:53:52.0984 1372 PDRFRAME - ok
15:53:53.0109 1372 PID_0928 (b47dee29b5e6e1939567a926c7a3e6a4) C:\WINDOWS\system32\DRIVERS\LV561V64.SYS
15:53:53.0156 1372 PID_0928 - ok
15:53:53.0234 1372 PlugPlay (1e07ee3f50dff2fe9b0a9d196e82698f) C:\WINDOWS\system32\services.exe
15:53:53.0281 1372 PlugPlay - ok
15:53:53.0281 1372 PnkBstrA - ok
15:53:53.0343 1372 PolicyAgent (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
15:53:53.0421 1372 PolicyAgent - ok
15:53:53.0562 1372 PptpMiniport (e176f640ee6bf550f61faa9ce9a683f4) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:53:53.0671 1372 PptpMiniport - ok
15:53:53.0671 1372 ProtectedStorage (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
15:53:53.0750 1372 ProtectedStorage - ok
15:53:53.0765 1372 PSched (01aae06e543c0956ac247546a8f2dafe) C:\WINDOWS\system32\DRIVERS\psched.sys
15:53:53.0843 1372 PSched - ok
15:53:53.0859 1372 Ptilink (35e39a969d227c2a56c1dc98361d8e35) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:53:53.0937 1372 Ptilink - ok
15:53:53.0984 1372 RasAcd (d646a315e6386dac1d96c8ce8a4bfee7) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:53:54.0078 1372 RasAcd - ok
15:53:54.0109 1372 RasAuto (3f573d0c001b982c3180860366783bc0) C:\WINDOWS\System32\rasauto.dll
15:53:54.0203 1372 RasAuto - ok
15:53:54.0234 1372 Rasl2tp (d81fdc53ee9c0f68d709e504342d1d74) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:53:54.0328 1372 Rasl2tp - ok
15:53:54.0406 1372 RasMan (47f7838f77a42f85c763899ab1b77d14) C:\WINDOWS\System32\rasmans.dll
15:53:54.0500 1372 RasMan - ok
15:53:54.0500 1372 RasPppoe (31fa5ab662c58cc5cf92396224f6b29a) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:53:54.0578 1372 RasPppoe - ok
15:53:54.0593 1372 Raspti (701493f9a6ede759af8d3fa7c08bab3b) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:53:54.0734 1372 Raspti - ok
15:53:54.0781 1372 Rdbss (f1c8347f0e437e145b2e30a6f29e45bd) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:53:54.0843 1372 Rdbss - ok
15:53:54.0875 1372 RDPCDD (c013379d04060318c3b2e4967d82739a) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:53:54.0953 1372 RDPCDD - ok
15:53:54.0968 1372 rdpdr (0482a9be0be2098a12a61464306bf24b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:53:55.0078 1372 rdpdr - ok
15:53:55.0125 1372 RDPWD (e87df32229d27afbd9ea4efc70bd0daa) C:\WINDOWS\system32\drivers\RDPWD.sys
15:53:55.0234 1372 RDPWD - ok
15:53:55.0296 1372 RDSessMgr (a72be0b07655141ab4eabecf0d66528a) C:\WINDOWS\system32\sessmgr.exe
15:53:55.0375 1372 RDSessMgr - ok
15:53:55.0437 1372 redbook (1d793394201000d2d56e848c18fe9a62) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:53:55.0609 1372 redbook - ok
15:53:55.0687 1372 RemoteAccess (60c8a5d4954cce7d280369dff5068019) C:\WINDOWS\System32\mprdim.dll
15:53:55.0796 1372 RemoteAccess - ok
15:53:55.0890 1372 RemoteRegistry (b2d55ce8c7c946c625b687f75040ad3f) C:\WINDOWS\system32\regsvc.dll
15:53:55.0968 1372 RemoteRegistry - ok
15:53:56.0015 1372 RpcLocator (809785cf7be1b857f3b52d9b1af10817) C:\WINDOWS\system32\locator.exe
15:53:56.0093 1372 RpcLocator - ok
15:53:56.0171 1372 RpcSs (a6130365606f3d6332b014fc3da931aa) C:\WINDOWS\system32\rpcss.dll
15:53:56.0203 1372 RpcSs - ok
15:53:56.0265 1372 SamSs (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
15:53:56.0343 1372 SamSs - ok
15:53:56.0390 1372 SCardSvr (a2069ffa2a6febb3818f180373c84a89) C:\WINDOWS\System32\SCardSvr.exe
15:53:56.0484 1372 SCardSvr - ok
15:53:56.0531 1372 Schedule (71cd398385835c08613c65e5bf91e7fa) C:\WINDOWS\system32\schedsvc.dll
15:53:56.0656 1372 Schedule - ok
15:53:56.0750 1372 Secdrv (3ea8a16169c26afbeb544e0e48421186) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:53:56.0796 1372 Secdrv - ok
15:53:56.0828 1372 seclogon (b4e054549321372d995e4db9a5304e77) C:\WINDOWS\System32\seclogon.dll
15:53:56.0906 1372 seclogon - ok
15:53:56.0921 1372 SENS (222c0a6c354d6a90700956c60574a09a) C:\WINDOWS\system32\sens.dll
15:53:57.0015 1372 SENS - ok
15:53:57.0078 1372 Serenum (111b29f3fcf9fb61c903a01e3706f7dc) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:53:57.0187 1372 Serenum - ok
15:53:57.0218 1372 Serial (c0dc97399576fccff5fe877ec2d8dacc) C:\WINDOWS\system32\DRIVERS\serial.sys
15:53:57.0312 1372 Serial - ok
15:53:57.0390 1372 Sfloppy (c6eacc8920a31b8d5842d1f7a28e2113) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:53:57.0468 1372 Sfloppy - ok
15:53:57.0562 1372 SharedAccess (d71a8153d3cf0ed527f6ba1f087faa22) C:\WINDOWS\system32\ipnathlp.dll
15:53:57.0656 1372 SharedAccess - ok
15:53:57.0718 1372 ShellHWDetection (15de8eae99a0f4e313e83aba5b849faa) C:\WINDOWS\System32\shsvcs.dll
15:53:57.0765 1372 ShellHWDetection - ok
15:53:57.0765 1372 Simbad - ok
15:53:58.0265 1372 Skype C2C Service (192d93ee7ae6a3c599c96cd8d736e914) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:53:58.0703 1372 Skype C2C Service - ok
15:53:58.0859 1372 SkypeUpdate (8c5477eb1c03ca76cd8eb66a610a9e90) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:53:58.0890 1372 SkypeUpdate - ok
15:53:59.0109 1372 SLIP (6763442af574d3d42cbfb8008b7a140f) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:53:59.0203 1372 SLIP - ok
15:53:59.0265 1372 splitter (17ec29105989101db536c49e1279a0eb) C:\WINDOWS\system32\drivers\splitter.sys
15:53:59.0375 1372 splitter - ok
15:53:59.0421 1372 Spooler (206fd327b4aad3aeaa8e0d7d03f2044a) C:\WINDOWS\system32\spoolsv.exe
15:53:59.0500 1372 Spooler - ok
15:53:59.0578 1372 sptd (a15860e920b02c9a7ce8f3a6c2ff1e3a) C:\WINDOWS\System32\Drivers\sptd.sys
15:53:59.0625 1372 sptd - ok
15:53:59.0718 1372 sr (dae1d5553d42a06034001d6ef4f5cb36) C:\WINDOWS\system32\DRIVERS\sr.sys
15:53:59.0765 1372 sr - ok
15:53:59.0828 1372 srservice (7b6da719973755bd091131e53ad6ec23) C:\WINDOWS\system32\srsvc.dll
15:53:59.0906 1372 srservice - ok
15:53:59.0921 1372 Srv (2a08328562d0ba596b699eeb90b511d1) C:\WINDOWS\system32\DRIVERS\srv.sys
15:54:00.0000 1372 Srv - ok
15:54:00.0046 1372 SSDPSRV (94ad81c8ee2385eddb08c7e34fedb7a8) C:\WINDOWS\System32\ssdpsrv.dll
15:54:00.0109 1372 SSDPSRV - ok
15:54:00.0203 1372 Steam Client Service - ok
15:54:00.0265 1372 stisvc (f6d4f452db507820f726525a1425f0cc) C:\WINDOWS\system32\wiaservc.dll
15:54:00.0375 1372 stisvc - ok
15:54:00.0406 1372 streamip (90c7874ff6babf98a801c7aebe3ad5a6) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:54:00.0484 1372 streamip - ok
15:54:00.0546 1372 swenum (b6536185feeb8f0c86ad3bf2fbab4f2f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:54:00.0640 1372 swenum - ok
15:54:00.0734 1372 swmidi (8e9e35b36a27ad154a5f92397cde343c) C:\WINDOWS\system32\drivers\swmidi.sys
15:54:00.0812 1372 swmidi - ok
15:54:00.0875 1372 swprv (2e54746998139cb708b83974f1ac09f3) C:\WINDOWS\System32\swprv.dll
15:54:00.0953 1372 swprv - ok
15:54:00.0953 1372 symc8xx - ok
15:54:00.0968 1372 symmpi - ok
15:54:00.0984 1372 sym_hi - ok
15:54:01.0000 1372 sym_u3 - ok
15:54:01.0046 1372 sysaudio (2e843f129daf4c789df7acd40e26208f) C:\WINDOWS\system32\drivers\sysaudio.sys
15:54:01.0125 1372 sysaudio - ok
15:54:01.0203 1372 SysmonLog (d3fffea8c94ba3c1ceac9694ac390472) C:\WINDOWS\system32\smlogsvc.exe
15:54:01.0328 1372 SysmonLog - ok
15:54:01.0390 1372 TapiSrv (fafefc85fc929b81571bff315c93e299) C:\WINDOWS\System32\tapisrv.dll
15:54:01.0484 1372 TapiSrv - ok
15:54:01.0593 1372 Tcpip (34d970b38e9e835009e1ad07c5422b58) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:54:01.0640 1372 Tcpip - ok
15:54:01.0703 1372 TDPIPE (da1e9cd22238fa4db565ef41c7312e1b) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:54:01.0796 1372 TDPIPE - ok
15:54:01.0828 1372 TDTCP (47d24ebb1c442dcc18d89b8b89bafb49) C:\WINDOWS\system32\drivers\TDTCP.sys
15:54:01.0921 1372 TDTCP - ok
15:54:01.0953 1372 TermDD (8ab9ad44907d4c57ad10e175c8720ecf) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:54:02.0031 1372 TermDD - ok
15:54:02.0062 1372 TermService (f4849a4962779132b02ca4bbf696f434) C:\WINDOWS\System32\termsrv.dll
15:54:02.0171 1372 TermService - ok
15:54:02.0234 1372 Themes (15de8eae99a0f4e313e83aba5b849faa) C:\WINDOWS\System32\shsvcs.dll
15:54:02.0250 1372 Themes - ok
15:54:02.0281 1372 TlntSvr (0fdf294d30ca53391485132854151b26) C:\WINDOWS\system32\tlntsvr.exe
15:54:02.0343 1372 TlntSvr - ok
15:54:02.0343 1372 TosIde - ok
15:54:02.0359 1372 TrkWks (483ffcd8e5080198d87eeed44246e6a9) C:\WINDOWS\system32\trkwks.dll
15:54:02.0468 1372 TrkWks - ok
15:54:02.0500 1372 Udfs (a6dd2dfcc44ec61d18aa645620cd8f63) C:\WINDOWS\system32\drivers\Udfs.sys
15:54:02.0578 1372 Udfs - ok
15:54:02.0593 1372 ultra - ok
15:54:02.0656 1372 Update (1446762923434d2a9c315325cf4770c8) C:\WINDOWS\system32\DRIVERS\update.sys
15:54:02.0718 1372 Update - ok
15:54:02.0765 1372 upnphost (78c605cb6e0ce966d3347ff7caf3f8ac) C:\WINDOWS\System32\upnphost.dll
15:54:02.0843 1372 upnphost - ok
15:54:02.0875 1372 UPS (3ec1501aa03cecd66ed093428fbc8b0e) C:\WINDOWS\System32\ups.exe
15:54:02.0968 1372 UPS - ok
15:54:03.0015 1372 usbehci (ae6521a1c79fc955ff26be9ca5521b51) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:54:03.0093 1372 usbehci - ok
15:54:03.0156 1372 usbhub (d63cb1b59d54f9c2bb8a4107584a664f) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:54:03.0250 1372 usbhub - ok
15:54:03.0312 1372 usbohci (fa9c0d7c2dc899d3e7c2a8721d17a3f8) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:54:03.0390 1372 usbohci - ok
15:54:03.0406 1372 usbstor (edce8a162e8023fd1751e08e23e41948) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:54:03.0546 1372 usbstor - ok
15:54:03.0578 1372 uzg0mza1 - ok
15:54:03.0593 1372 vdg0mza1 - ok
15:54:03.0656 1372 vds (b1e327aea4ecf42ddf7c579b0fb0de4c) C:\WINDOWS\System32\vds.exe
15:54:03.0781 1372 vds - ok
15:54:03.0828 1372 VgaSave (78ebfe6f11f10db8237b910e9158ca91) C:\WINDOWS\System32\drivers\vga.sys
15:54:03.0906 1372 VgaSave - ok
15:54:03.0921 1372 ViaIde - ok
15:54:04.0000 1372 VolSnap (fd6d28d1bbf31c719d9c5ec2d20fb5c2) C:\WINDOWS\system32\DRIVERS\volsnap.sys
15:54:04.0125 1372 VolSnap - ok
15:54:04.0203 1372 VSS (0a05de966b412d6289632ac05fc6ada2) C:\WINDOWS\System32\vssvc.exe
15:54:04.0328 1372 VSS - ok
15:54:04.0562 1372 W32Time (6fe371026674baf189f7a81746a67c87) C:\WINDOWS\system32\w32time.dll
15:54:04.0656 1372 W32Time - ok
15:54:04.0671 1372 Wanarp (d2a01d73fe4a455c1d741b48c56763b2) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:54:04.0765 1372 Wanarp - ok
15:54:04.0781 1372 WDICA - ok
15:54:04.0859 1372 wdmaud (daff7e89c84079022b9606f83e1bd29a) C:\WINDOWS\system32\drivers\wdmaud.sys
15:54:04.0953 1372 wdmaud - ok
15:54:04.0968 1372 WebClient (fe8590fa0367a29bc7ed7bfc4962ad1c) C:\WINDOWS\System32\webclnt.dll
15:54:05.0046 1372 WebClient - ok
15:54:05.0062 1372 WinHttpAutoProxySvc - ok
15:54:05.0156 1372 winmgmt (881271d649e778690a365d73b8958509) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:54:05.0250 1372 winmgmt - ok
15:54:05.0578 1372 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:54:06.0015 1372 wlidsvc - ok
15:54:06.0218 1372 WmdmPmSN (beee2c812019d6d8e7e22f37e6f1f560) C:\WINDOWS\system32\mspmsnsv.dll
15:54:06.0281 1372 WmdmPmSN - ok
15:54:06.0375 1372 Wmi (b51966db20d5c700228dfe222fdf9e67) C:\WINDOWS\System32\advapi32.dll
15:54:06.0625 1372 Wmi - ok
15:54:06.0734 1372 WmiApSrv (56980be8b5a6861b5d9175eaba8ac7dc) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:54:06.0843 1372 WmiApSrv - ok
15:54:07.0000 1372 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe
15:54:07.0046 1372 WMPNetworkSvc - ok
15:54:07.0125 1372 WpdUsb (26c038b5f723ee2a433cbfbb12cacffc) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:54:07.0156 1372 WpdUsb - ok
15:54:07.0406 1372 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:54:07.0609 1372 WPFFontCache_v0400 - ok
15:54:07.0625 1372 WSearch - ok
15:54:07.0656 1372 WSTCODEC (478a0c5cc7dc817269654804e495b81a) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:54:07.0796 1372 WSTCODEC - ok
15:54:07.0906 1372 WSWNA3100 (76fbefab6677af9c498116f1aaea8bdb) C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
15:54:07.0953 1372 WSWNA3100 ( UnsignedFile.Multi.Generic ) - warning
15:54:07.0953 1372 WSWNA3100 - detected UnsignedFile.Multi.Generic (1)
15:54:08.0000 1372 wuauserv (ef7576af44b484f7a3e6072d633bab34) C:\WINDOWS\system32\wuauserv.dll
15:54:08.0140 1372 wuauserv - ok
15:54:08.0187 1372 WudfPf (3f98a4e57933963cf2a941bb48f9d47a) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:54:08.0250 1372 WudfPf - ok
15:54:08.0281 1372 WudfRd (881c0c35cdd09077b0e95ec2269cb44c) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:54:08.0312 1372 WudfRd - ok
15:54:08.0359 1372 WudfSvc (9dcf6c499773b709de8f70cd5013cb38) C:\WINDOWS\System32\WUDFSvc.dll
15:54:08.0390 1372 WudfSvc - ok
15:54:08.0531 1372 WZCSVC (f4ec5c736bba9a27f9c36412c930b386) C:\WINDOWS\System32\wzcsvc.dll
15:54:08.0843 1372 WZCSVC - ok
15:54:08.0953 1372 X6va008 - ok
15:54:09.0000 1372 xmlprov (a1aba5a0b4f1ff9b83c50f92f8c080a2) C:\WINDOWS\System32\xmlprov.dll
15:54:09.0093 1372 xmlprov - ok
15:54:09.0203 1372 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:54:09.0671 1372 \Device\Harddisk0\DR0 - ok
15:54:09.0671 1372 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
15:54:12.0656 1372 \Device\Harddisk1\DR3 - ok
15:54:12.0656 1372 Boot (0x1200) (a99883ccb4a38f6d584c0948fda430e8) \Device\Harddisk0\DR0\Partition0
15:54:12.0656 1372 \Device\Harddisk0\DR0\Partition0 - ok
15:54:12.0671 1372 Boot (0x1200) (d0d1fd13ab0b170553da0f26615858cf) \Device\Harddisk1\DR3\Partition0
15:54:12.0671 1372 \Device\Harddisk1\DR3\Partition0 - ok
15:54:12.0687 1372 ============================================================
15:54:12.0687 1372 Scan finished
15:54:12.0687 1372 ============================================================
15:54:12.0812 1364 Detected object count: 2
15:54:12.0812 1364 Actual detected object count: 2
16:36:05.0671 1364 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
16:36:05.0671 1364 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:36:05.0671 1364 WSWNA3100 ( UnsignedFile.Multi.Generic ) - skipped by user
16:36:05.0671 1364 WSWNA3100 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#14
Essexboy
Posted 10 June 2012 - 03:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
MBR is good... There are indications that zero access was present at some stage, but I can see no current active files associated with it

Could you re-run OTL please with the following settings


  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window .

  • 0

#15
TerasMinus
Posted 10 June 2012 - 03:26 PM

TerasMinus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
OTL logfile created on: 6/10/2012 5:12:02 PM - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 82.68% Memory free
3.87 Gb Paging File | 3.76 Gb Available in Paging File | 97.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.78 Gb Total Space | 55.44 Gb Free Space | 23.82% Space Free | Partition Type: NTFS
Drive K: | 15.10 Gb Total Space | 7.23 Gb Free Space | 47.89% Space Free | Partition Type: FAT32

Computer Name: KEVIN-3ZHVJRXK3 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/09 02:07:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Disabled | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2012/06/07 14:49:29 | 000,131,912 | ---- | M] (Desura Pty Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012/06/05 23:10:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/19 18:36:55 | 000,529,232 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/05 10:04:33 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/25 02:40:07 | 000,076,888 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/02/29 19:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/08/08 12:17:00 | 004,865,496 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/08/18 02:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/12 12:11:24 | 000,278,528 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2008/07/25 12:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/17 01:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\pchealth\helpctr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 21:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [1999/12/12 21:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2012/06/10 13:48:33 | 000,013,312 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\vdg0mza1.sys -- (vdg0mza1)
DRV - [2012/06/10 13:48:22 | 000,011,264 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\uzg0mza1.sys -- (uzg0mza1)
DRV - [2005/03/25 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2005/03/25 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)
DRV - [2005/01/01 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1931244868-2531888224-2959381614-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/ [binary data]
IE - HKU\S-1-5-21-1931244868-2531888224-2959381614-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1931244868-2531888224-2959381614-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://findgala.com/...q={searchTerms}
IE - HKU\S-1-5-21-1931244868-2531888224-2959381614-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2342185
IE - HKU\S-1-5-21-1931244868-2531888224-2959381614-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1931244868-2531888224-2959381614-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/05 23:10:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/25 14:57:55 | 000,000,000 | ---D | M]

[2011/07/11 15:21:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/05/26 13:35:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9jk8spx.default\extensions
[2012/04/01 05:10:28 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9jk8spx.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2012/05/25 14:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/27 08:22:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/13 21:01:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/06/05 23:10:19 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/13 21:01:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1931244868-2531888224-2959381614-500\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKU\S-1-5-21-1931244868-2531888224-2959381614-500\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKU\S-1-5-21-1931244868-2531888224-2959381614-500\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O3:64bit: - HKU\S-1-5-21-1931244868-2531888224-2959381614-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1931244868-2531888224-2959381614-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1931244868-2531888224-2959381614-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O16:64bit: - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1297917347811 (WUWebControl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1297917370042 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20123092-39C8-4C8F-9077-564E0F85D5AC}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E485E688-620B-46D7-A5A4-FC4C46A27362}: DhcpNameServer = 192.168.1.1 216.237.221.42 216.237.219.195
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E485E688-620B-46D7-A5A4-FC4C46A27362}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O20:64bit: - AppInit_DLLs: (C:\WINDOWS\system32\guard64.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\guard32.dll) - C:\WINDOWS\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/17 00:02:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10

========== Files/Folders - Created Within 30 Days ==========

[2012/06/10 15:48:29 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2012/06/10 15:28:38 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/06/10 15:10:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/06/09 14:09:11 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2012/06/09 02:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2012/06/09 02:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2012/06/09 02:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2012/06/09 02:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/06/09 02:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
[2012/06/09 02:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\COMODO
[2012/06/09 02:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2012/06/09 02:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/06/09 02:07:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/06/07 16:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\runic games
[2012/06/07 14:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Desura
[2012/06/07 14:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Desura
[2012/06/07 14:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Torchlight
[2012/06/07 14:28:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games
[2012/06/07 14:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2012/06/07 13:22:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Desura
[2012/06/07 13:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Desura
[2012/06/06 15:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ARES
[2012/06/05 03:42:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Kerberos_Productions
[2012/06/04 16:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2012/06/04 15:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Trapped Dead
[2012/06/04 14:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GREED - Black Border
[2012/06/04 14:15:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Headup Games
[2012/06/01 13:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\RIFT
[2012/06/01 13:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RIFT
[2012/06/01 13:14:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RIFT Game
[2012/05/31 22:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Lost Saga
[2012/05/31 22:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PMB Files
[2012/05/31 22:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/05/31 22:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\OGPlanet
[2012/05/31 22:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OGPlanet
[2012/05/31 01:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Raptr
[2012/05/30 22:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Raptr
[2012/05/30 22:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raptr
[2012/05/29 14:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Fatshark
[2012/05/28 00:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\MBAACC
[2012/05/27 19:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ASign
[2012/05/25 14:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/25 14:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/25 13:49:59 | 000,000,000 | ---D | C] -- C:\Nexon
[2012/05/24 13:23:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Musou Orochi Z
[2012/05/24 01:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOLReplay
[2012/05/23 06:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LolClient2
[2012/05/22 20:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Heroes of Might and Magic V - Collectors Edition
[2012/05/22 20:08:28 | 000,000,000 | ---D | C] -- C:\Heroes of Might and Magic V - Collectors Edition
[2012/05/22 15:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Unreal Tournament 2004
[2012/05/22 15:15:37 | 000,000,000 | ---D | C] -- C:\UT2004
[2012/05/22 15:14:46 | 000,000,000 | ---D | C] -- C:\UnrealTournament
[2012/05/22 15:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GOG.com
[2012/05/22 15:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GOG.com
[2012/05/22 04:46:50 | 000,000,000 | ---D | C] -- C:\170eeb70feafc7e166c41e917fd50cb9
[2012/05/21 15:25:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012/05/21 00:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GetRight
[2012/05/20 23:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\T3Fun
[2012/05/20 23:17:01 | 000,000,000 | ---D | C] -- C:\T3Fun
[2012/05/20 00:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NVIDIA
[2012/05/20 00:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2012/05/20 00:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2012/05/18 12:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Funcom
[2012/05/17 02:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Media Player
[2012/05/17 00:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LS
[2012/05/14 20:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2012/05/14 20:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WildGames
[2012/05/14 20:21:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildGames
[1 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/10 17:10:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/10 15:48:40 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2012/06/10 15:34:32 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/06/10 15:28:54 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/06/10 15:14:03 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/10 13:48:33 | 000,013,312 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\vdg0mza1.sys
[2012/06/10 13:48:22 | 000,011,264 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\uzg0mza1.sys
[2012/06/10 13:37:36 | 000,001,087 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Boot.rtf
[2012/06/10 11:48:17 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-10031102}.CDF
[2012/06/09 21:07:10 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/09 18:04:52 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/09 17:20:00 | 137,387,744 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\setup_11.0.0.1245.x01_2012_06_10_00_23.exe
[2012/06/09 17:09:42 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-10031102}.BAK
[2012/06/09 08:11:29 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/06/09 03:48:20 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1931244868-2531888224-2959381614-500UA.job
[2012/06/09 02:36:48 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2012/06/09 02:07:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/06/09 00:55:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2012/06/08 21:48:04 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1931244868-2531888224-2959381614-500Core.job
[2012/06/07 13:22:34 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desura.lnk
[2012/06/06 16:20:27 | 000,000,175 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DragonNest.url
[2012/05/29 01:31:48 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/29 01:27:22 | 000,204,452 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\framedisplay-v23.zip
[2012/05/29 01:24:47 | 000,234,927 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mbcaster-080813.zip
[2012/05/26 22:36:28 | 005,352,718 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\nonverbal communication.odp
[2012/05/25 14:58:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/25 13:58:25 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Fighter Online.url
[2012/05/24 01:39:32 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LOL Recorder.lnk
[2012/05/23 18:07:20 | 000,439,429 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\personal profiling system.pdf
[2012/05/22 17:40:03 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2012/05/13 20:21:15 | 001,376,768 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\7z920-x64.msi
[1 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/10 15:34:32 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/06/10 13:48:33 | 000,013,312 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\vdg0mza1.sys
[2012/06/10 13:48:22 | 000,011,264 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\uzg0mza1.sys
[2012/06/10 13:37:35 | 000,001,087 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Boot.rtf
[2012/06/09 17:18:56 | 137,387,744 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\setup_11.0.0.1245.x01_2012_06_10_00_23.exe
[2012/06/09 02:36:48 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2012/06/09 00:15:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2012/06/07 13:22:34 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desura.lnk
[2012/06/06 16:20:27 | 000,000,175 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DragonNest.url
[2012/05/29 01:27:22 | 000,204,452 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\framedisplay-v23.zip
[2012/05/29 01:24:47 | 000,234,927 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mbcaster-080813.zip
[2012/05/26 15:36:35 | 005,352,718 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\nonverbal communication.odp
[2012/05/25 14:58:02 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/24 03:24:33 | 000,079,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/24 01:39:32 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LOL Recorder.lnk
[2012/05/23 18:07:20 | 000,439,429 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\personal profiling system.pdf
[2012/05/21 15:26:16 | 000,001,712 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk
[2012/05/21 15:26:16 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012/05/21 15:26:16 | 000,001,635 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk
[2012/05/13 20:21:15 | 001,376,768 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\7z920-x64.msi
[2012/03/25 02:40:08 | 000,269,712 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2012/03/25 02:40:07 | 000,076,888 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2012/03/24 20:10:40 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\CmdLineExt03.dll
[2012/03/19 16:04:43 | 000,002,304 | ---- | C] () -- C:\WINDOWS\SysWow64\HtsysmNT.sys
[2012/02/20 03:15:16 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/01/22 20:13:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/14 23:06:03 | 000,231,159 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1931244868-2531888224-2959381614-500-0.dat
[2012/01/14 23:05:59 | 000,080,650 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/12/27 15:08:51 | 000,108,032 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll
[2011/10/15 20:47:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat
[2011/09/12 22:39:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\Access.dat
[2011/07/18 16:25:16 | 000,000,268 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/07/11 15:21:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/22 20:04:32 | 000,000,204 | ---- | C] () -- C:\WINDOWS\SysWow64\secustat.dat
[2011/06/22 17:51:54 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2011/05/24 19:49:11 | 000,012,912 | -H-- | C] () -- C:\WINDOWS\SysWow64\mlfcache.dat
[2011/02/17 03:10:58 | 000,631,012 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/02/17 00:22:37 | 000,053,299 | ---- | C] () -- C:\WINDOWS\SysWow64\pthreadVC.dll
[2011/02/17 00:05:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/02/16 18:54:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2012/05/08 19:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.doomseeker
[2012/03/15 14:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.minecraft
[2011/11/12 20:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AtomZombieData
[2012/01/31 20:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BITS
[2012/06/04 14:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2012/05/25 13:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DFO Control Panel
[2012/02/13 02:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dwarfs
[2012/05/29 14:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Fatshark
[2012/04/04 18:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FOG Downloader
[2012/05/21 01:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRight
[2011/06/12 15:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2011/05/13 23:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2011/05/20 18:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LolClient
[2012/05/23 06:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LolClient2
[2012/05/17 00:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LS
[2011/06/06 19:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NeopleLauncherDFO
[2012/03/19 21:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2012/06/06 01:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Raptr
[2012/06/01 13:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RIFT
[2012/04/17 09:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RotMG.Production
[2012/06/07 16:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\runic games
[2011/08/24 20:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Soldat
[2012/01/14 03:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\spiral
[2011/09/12 22:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tunngle
[2012/02/20 13:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2012/06/05 12:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/02/17 03:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2011/07/15 22:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2012/06/09 03:47:36 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\35af13
[2012/05/27 19:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASign
[2012/06/09 02:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2012/04/20 01:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2011/03/19 18:18:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\BMXUCXLRMP
[2012/05/20 18:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/06/09 02:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011/02/17 06:13:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/09 02:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2011/08/20 17:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/06/07 14:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Desura
[2011/06/27 14:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/09/13 01:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/06/09 02:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/06 23:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2012/05/25 13:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2012/06/08 22:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/10/15 20:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/06/09 02:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/12 22:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle
[2011/12/27 15:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2012/05/14 20:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2012/06/08 21:48:04 | 000,001,008 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1931244868-2531888224-2959381614-500Core.job
[2012/06/09 03:48:20 | 000,001,030 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1931244868-2531888224-2959381614-500UA.job
[2012/06/09 18:04:52 | 000,032,432 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2005/03/25 08:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) MD5=4B93BB34AF478A0FD9765D9B73356DC9 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/02/18 12:05:28 | 001,053,184 | ---- | M] (Microsoft Corporation) MD5=A26C39540F8BE3729846E360E2C57344 -- C:\WINDOWS\SysWOW64\explorer.exe
[2007/02/17 01:20:36 | 001,364,480 | ---- | M] (Microsoft Corporation) MD5=AE7A08C05F72A9242734C03230A5CD7F -- C:\WINDOWS\explorer.exe
[2007/02/17 01:20:36 | 001,364,480 | ---- | M] (Microsoft Corporation) MD5=AE7A08C05F72A9242734C03230A5CD7F -- C:\WINDOWS\ServicePackFiles\amd64\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2007/02/17 01:59:04 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=46300880A5062A41C16DF5E3E836A6C9 -- C:\WINDOWS\ServicePackFiles\amd64\svchost.exe
[2007/02/17 01:59:04 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=46300880A5062A41C16DF5E3E836A6C9 -- C:\WINDOWS\system64\svchost.exe
[2005/03/25 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BDDFEB952617080316692951215793E9 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2007/02/18 12:05:52 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=C09CCFE81DEC9B162533D7184D705682 -- C:\WINDOWS\SysWOW64\svchost.exe

< MD5 for: USERINIT.EXE >
[2007/02/17 02:00:56 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=438393CC0B5122B5D988BD7BA05FE3C9 -- C:\WINDOWS\ServicePackFiles\amd64\userinit.exe
[2007/02/17 02:00:56 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=438393CC0B5122B5D988BD7BA05FE3C9 -- C:\WINDOWS\system64\userinit.exe
[2005/03/25 08:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=5EF907A339CAF229F3CE38909C93F53B -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2007/02/18 12:05:56 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\SysWOW64\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2005/03/25 08:00:00 | 000,922,624 | ---- | M] (Microsoft Corporation) MD5=2412D710F07F527E99D5FCBD8D6E5B89 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2007/02/17 02:02:56 | 000,944,128 | ---- | M] (Microsoft Corporation) MD5=901C7E44D11C00CA9D48BA1A866FDC4B -- C:\WINDOWS\ServicePackFiles\amd64\winlogon.exe
[2007/02/17 02:02:56 | 000,944,128 | ---- | M] (Microsoft Corporation) MD5=901C7E44D11C00CA9D48BA1A866FDC4B -- C:\WINDOWS\system64\winlogon.exe

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:233BFF24

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP