Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible rootkit infection. [Solved]


  • This topic is locked This topic is locked

#1
FSB75

FSB75

    Member

  • Member
  • PipPip
  • 17 posts
Greetings and Salutations:

Approximately 4 days ago, I noticed that my PC was running "sluggish". Opening the Windows task manager to see what was using most of my resources, I noticed svchost.exe was well over the normal at 900,000K (It has been higher since that time). I then opened Process Explorer to dig a little deeper. I noticed a lot of "traffic" under the TCP/IP tab. As such, I checked my Windows Firewall, to which I had lost access. I found the correct "sharedaccess.reg file, ran it, rebooted, gained access to the Windows Firewall again. I then suspected this was a software problem with a memory leak somewhere in the particular svchost.exe. Turning off services one at a time per reboot (that was fun) did not isolate the problem. At that point, I went into the device manage to disable my network adapter. That worked. My svchost.exe levels maintained acceptable levels. Enter the typical Malewarebytes/Kapersky scans. Neither found any problems. Upon my last scan, with aswMBR, I got 4 infection indicators. Now I'm about 30 seconds from a full format (it's been a year anyway), but it would save me a ton of time, and I'm a bit stubborn, if the good people here would be so kind as to help me fix the problem.

I have no idea how this was acquired. I never use anything outside of the typical Windows "defenses" and perhaps a scan of MWBs every other month.. The last major virus I've had was a MBR around 12 years ago.

As per the introduction instructions:

OTL logfile created on: 8/10/2012 5:15:21 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\F S B\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 80.60% Memory free
4.59 Gb Paging File | 4.24 Gb Available in Paging File | 92.37% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 125.17 Gb Free Space | 53.75% Space Free | Partition Type: NTFS
Drive D: | 681.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HAL3000 | User Name: F S B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/10 16:43:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\F S B\Desktop\OTL.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\F S B\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/02/29 19:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/04/12 16:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Naga\RazerNagaSysTray.exe
PRC - [2009/07/15 01:32:20 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2009/07/15 01:32:20 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/07 11:52:12 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Tarantula\razerhid.exe
PRC - [2007/03/05 19:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Tarantula\razertra.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (No Company Name) ==========

MOD - [2009/07/15 01:32:20 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
MOD - [2009/07/15 01:32:20 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
MOD - [2009/07/15 01:32:14 | 000,436,768 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
MOD - [2009/07/15 01:31:38 | 000,068,128 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
MOD - [2007/03/05 19:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Tarantula\razertra.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/19 08:59:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 19:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/15 01:32:20 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009/07/15 01:32:20 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/22 16:48:07 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Program Files\RealTemp_360\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2011/09/21 11:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2011/08/30 18:28:46 | 006,435,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011/03/31 16:01:50 | 000,103,424 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RzSynapse.sys -- (RzSynapse)
DRV - [2009/11/18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/07/01 12:52:02 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/07/01 12:52:00 | 000,067,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/04/11 17:23:48 | 000,045,440 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UsbFltr.sys -- (TarFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\F S B\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 08:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/10 10:41:26 | 000,000,000 | ---D | M]

[2011/11/11 19:39:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\F S B\Application Data\Mozilla\Extensions
[2012/08/06 06:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\F S B\Application Data\Mozilla\Firefox\Profiles\xghf74wg.default\extensions
[2012/06/16 12:03:17 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Documents and Settings\F S B\Application Data\Mozilla\Firefox\Profiles\xghf74wg.default\extensions\[email protected]
[2012/03/17 11:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/22 14:11:51 | 000,246,025 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\F S B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XGHF74WG.DEFAULT\EXTENSIONS\[email protected]
[2006/02/28 08:00:00 | 000,004,819 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\F S B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XGHF74WG.DEFAULT\EXTENSIONS\[email protected]
[2012/03/09 18:40:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/07/19 08:59:17 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/18 18:01:46 | 001,826,704 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012/06/20 16:52:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/20 16:52:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Tarantula] C:\Program Files\Razer\Tarantula\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\F S B\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1344551802453 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1344556933140 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5453F6C3-F749-446F-8084-EB868A78129D}: DhcpNameServer = 192.168.2.1 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/11 18:15:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/10/13 17:23:46 | 000,045,056 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/09/26 20:21:07 | 000,000,158 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/10 16:43:43 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\F S B\Desktop\OTL.exe
[2012/08/10 16:38:14 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\F S B\Desktop\tdsskiller.exe
[2012/08/10 16:08:36 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\F S B\Desktop\aswMBR.exe
[2012/08/10 15:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2012/08/09 18:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/08/09 17:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\Desktop\ProcessExplorer
[2012/08/06 17:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\My Documents\Firewall [bleep]
[2012/08/06 16:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\Application Data\Wise Registry Cleaner
[2012/08/06 16:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise Registry Cleaner
[2012/08/06 16:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Wise
[2012/08/06 16:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\Application Data\ElevatedDiagnostics
[2012/08/06 16:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/08/06 16:37:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/08/04 18:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft Beta
[2012/08/03 09:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/08/03 09:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/15 17:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\My Documents\GarminBackup
[2012/07/15 16:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/07/15 16:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\Application Data\Garmin
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/10 17:08:43 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/08/10 17:05:55 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/10 17:05:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/10 17:03:31 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\MBR.dat
[2012/08/10 17:00:44 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/10 16:58:03 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\gmer.zip
[2012/08/10 16:43:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\F S B\Desktop\OTL.exe
[2012/08/10 16:38:18 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\F S B\Desktop\tdsskiller.exe
[2012/08/10 16:35:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/10 16:21:20 | 000,001,452 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\MBR.zip
[2012/08/10 16:09:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\F S B\Desktop\aswMBR.exe
[2012/08/10 16:05:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/10 15:43:05 | 005,154,304 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\WindowsDefender.msi
[2012/08/09 17:22:01 | 001,144,963 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\ProcessExplorer.zip
[2012/08/06 17:34:49 | 002,789,376 | ---- | M] () -- C:\Documents and Settings\F S B\NTUSER.rhk
[2012/08/06 17:30:52 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/08/06 16:42:46 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2012/08/06 06:33:38 | 000,294,178 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\cT07Y.png
[2012/08/04 18:57:02 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\F S B\Application Data\Microsoft\Internet Explorer\Quick Launch\PTR.lnk
[2012/08/04 18:29:17 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft Beta.lnk
[2012/07/16 22:38:27 | 000,473,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/16 22:38:27 | 000,076,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/10 16:58:01 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\gmer.zip
[2012/08/10 16:21:18 | 000,001,452 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\MBR.zip
[2012/08/10 16:19:10 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\MBR.dat
[2012/08/10 15:46:38 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/08/10 15:43:31 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2012/08/10 15:43:02 | 005,154,304 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\WindowsDefender.msi
[2012/08/09 17:22:00 | 001,144,963 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\ProcessExplorer.zip
[2012/08/06 17:34:48 | 002,789,376 | ---- | C] () -- C:\Documents and Settings\F S B\NTUSER.rhk
[2012/08/06 16:42:46 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2012/08/06 06:33:36 | 000,294,178 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\cT07Y.png
[2012/08/04 18:17:20 | 000,001,032 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft Beta.lnk
[2012/07/16 00:08:25 | 000,287,993 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1644491937-1123561945-839522115-1004-0.dat
[2012/07/16 00:08:24 | 000,084,186 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/07/07 19:21:04 | 000,175,312 | ---- | C] () -- C:\Documents and Settings\F S B\Local Settings\Application Data\census.cache
[2012/07/07 19:21:01 | 000,155,647 | ---- | C] () -- C:\Documents and Settings\F S B\Local Settings\Application Data\ars.cache
[2012/07/07 19:15:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\F S B\Local Settings\Application Data\housecall.guid.cache
[2012/07/07 14:27:43 | 000,000,804 | ---- | C] () -- C:\WINDOWS\Installer\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\L\[email protected]
[2012/05/10 23:04:54 | 000,570,360 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/02 22:54:46 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2012/04/30 13:42:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2012/02/15 12:07:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/09 19:41:59 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2011/12/09 17:42:29 | 000,139,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/12/09 17:42:28 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\F S B\Application Data\PnkBstrK.sys
[2011/12/09 17:42:03 | 000,282,472 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/12/09 17:42:01 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/12/09 17:42:00 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2011/11/22 10:20:04 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\F S B\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/21 02:09:58 | 000,640,957 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011/11/21 02:09:58 | 000,000,799 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011/11/11 20:18:37 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/11/11 20:12:04 | 000,294,056 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/11/11 20:12:04 | 000,294,056 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/11/11 20:12:04 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/11/11 20:11:52 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/11/11 19:43:44 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/11 18:22:04 | 000,005,876 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/11/11 18:16:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/11 18:12:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/11 13:05:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/11 13:03:53 | 000,095,864 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2006/02/28 08:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\@
[2006/02/28 08:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\F S B\Local Settings\Application Data\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\@

========== LOP Check ==========

[2012/08/05 03:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2011/11/11 19:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/04/22 14:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\.minecraft
[2012/03/12 22:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\Amazon
[2012/04/30 13:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\Atari
[2012/08/10 15:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\ElevatedDiagnostics
[2012/07/15 16:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\Garmin
[2012/04/30 13:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\Leadertech
[2012/03/17 12:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\SystemRequirementsLab
[2012/04/26 13:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\TS3Client
[2012/04/26 13:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\ts3overlay
[2012/08/06 16:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\Wise Registry Cleaner
[2012/08/10 17:08:43 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, FSB75! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into b]Safe Mode[/b] and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 2.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 3.

Please post:

aswMBR log
OTL.txt
Extras.txt


Give me an update on your computer's issues.

Also what resident antivirus are you running? I only see an antispyware (MalwareBytes') which is not the same.
  • 0

#3
FSB75

FSB75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 22:14:01
-----------------------------
22:14:01.359 OS Version: Windows 5.1.2600 Service Pack 3
22:14:01.359 Number of processors: 2 586 0xF06
22:14:01.359 ComputerName: HAL3000 UserName: F S B
22:14:03.843 Initialize success
22:14:13.453 AVAST engine defs: 12081001
22:15:41.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
22:15:41.453 Disk 0 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
22:15:41.453 Device \Driver\atapi -> DriverStartIo 8977f2e2
22:15:41.453 Disk 0 MBR read successfully
22:15:41.453 Disk 0 MBR scan
22:15:41.484 Disk 0 Windows XP default MBR code
22:15:41.484 Disk 0 MBR hidden
22:15:41.484 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 238464 MB offset 63
22:15:41.500 Disk 0 scanning sectors +488376000
22:15:41.562 Disk 0 scanning C:\WINDOWS\system32\drivers
22:15:49.109 Service scanning
22:15:59.734 Modules scanning
22:16:03.078 Disk 0 trace - called modules:
22:16:03.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8977f4b1]<<
22:16:03.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a203ab8]
22:16:03.578 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000062[0x8a208f18]
22:16:03.578 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> [0x8a2a7940]
22:16:03.578 \Driver\atapi[0x8a1a6a08] -> IRP_MJ_CREATE -> 0x8977f4b1
22:16:04.265 AVAST engine scan C:\WINDOWS
22:16:11.937 AVAST engine scan C:\WINDOWS\system32
22:17:48.453 AVAST engine scan C:\WINDOWS\system32\drivers
22:17:55.562 AVAST engine scan C:\Documents and Settings\F S B
22:19:32.453 File: C:\Documents and Settings\F S B\Local Settings\Temp\210.tmp **INFECTED** Win32:Alureon-AVC [Trj]
22:22:51.812 AVAST engine scan C:\Documents and Settings\All Users
22:23:03.546 Scan finished successfully
22:23:15.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\F S B\Desktop\MBR.dat"
22:23:15.281 The log file has been saved successfully to "C:\Documents and Settings\F S B\Desktop\aswMBR.txt"

__________________________________________________________________________________________________________________________________________

OTL logfile created on: 8/10/2012 10:25:41 PM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\F S B\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 60.61% Memory free
4.59 Gb Paging File | 3.69 Gb Available in Paging File | 80.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 132.22 Gb Free Space | 56.78% Space Free | Partition Type: NTFS
Drive D: | 615.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HAL3000 | User Name: F S B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/10 16:43:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\F S B\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\F S B\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/02/29 19:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/04/12 16:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Naga\RazerNagaSysTray.exe
PRC - [2009/07/15 01:32:20 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2009/07/15 01:32:20 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/07 11:52:12 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Tarantula\razerhid.exe
PRC - [2007/03/05 19:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Tarantula\razertra.exe


========== Modules (No Company Name) ==========

MOD - [2009/07/15 01:32:20 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
MOD - [2009/07/15 01:32:20 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
MOD - [2009/07/15 01:32:14 | 000,436,768 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
MOD - [2009/07/15 01:31:38 | 000,068,128 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
MOD - [2007/03/05 19:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Tarantula\razertra.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/19 08:59:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/03 10:44:46 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2012/02/29 19:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/15 01:32:20 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009/07/15 01:32:20 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\FSB~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/03 10:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Unknown] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2011/11/22 16:48:07 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Program Files\RealTemp_360\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2011/09/21 11:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2011/08/30 18:28:46 | 006,435,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011/03/31 16:01:50 | 000,103,424 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RzSynapse.sys -- (RzSynapse)
DRV - [2009/11/18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/07/01 12:52:02 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/07/01 12:52:00 | 000,067,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/04/11 17:23:48 | 000,045,440 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UsbFltr.sys -- (TarFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1644491937-1123561945-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1644491937-1123561945-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1644491937-1123561945-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1644491937-1123561945-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-1123561945-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\F S B\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 08:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/10 10:41:26 | 000,000,000 | ---D | M]

[2011/11/11 19:39:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\F S B\Application Data\Mozilla\Extensions
[2012/08/06 06:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\F S B\Application Data\Mozilla\Firefox\Profiles\xghf74wg.default\extensions
[2012/06/16 12:03:17 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Documents and Settings\F S B\Application Data\Mozilla\Firefox\Profiles\xghf74wg.default\extensions\[email protected]
[2012/03/17 11:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/22 14:11:51 | 000,246,025 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\F S B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XGHF74WG.DEFAULT\EXTENSIONS\[email protected]
[2006/02/28 08:00:00 | 000,004,819 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\F S B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XGHF74WG.DEFAULT\EXTENSIONS\[email protected]
[2012/03/09 18:40:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/07/19 08:59:17 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/18 18:01:46 | 001,826,704 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012/06/20 16:52:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/20 16:52:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Tarantula] C:\Program Files\Razer\Tarantula\razerhid.exe (Razer USA Ltd.)
O4 - HKU\S-1-5-19..\Run: [Apple] rundll32.exe "C:\Documents and Settings\F S B\Local Settings\Application Data\Deployment\Apple\mibhoh.dll",CreateInstance File not found
O4 - HKU\S-1-5-20..\Run: [Apple] rundll32.exe "C:\Documents and Settings\F S B\Local Settings\Application Data\Deployment\Apple\mibhoh.dll",CreateInstance File not found
O4 - HKU\S-1-5-21-1644491937-1123561945-839522115-1004..\Run: [Akamai NetSession Interface] C:\Documents and Settings\F S B\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1644491937-1123561945-839522115-1006..\Run: [Apple] rundll32.exe "C:\Documents and Settings\F S B\Local Settings\Application Data\Deployment\Apple\mibhoh.dll",CreateInstance File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-1123561945-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1644491937-1123561945-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1644491937-1123561945-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1344551802453 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1344556933140 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5453F6C3-F749-446F-8084-EB868A78129D}: DhcpNameServer = 192.168.2.1 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/11 18:15:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: BITS - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/10 19:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\Application Data\Canneverbe Limited
[2012/08/10 19:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2012/08/10 19:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2012/08/10 19:21:24 | 005,360,088 | ---- | C] (Canneverbe Limited ) -- C:\Documents and Settings\F S B\Desktop\cdbxp_setup_4.4.1.3341.exe
[2012/08/10 18:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\Desktop\To be moved
[2012/08/10 16:43:43 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\F S B\Desktop\OTL.exe
[2012/08/10 16:38:14 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\F S B\Desktop\tdsskiller.exe
[2012/08/10 16:08:36 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\F S B\Desktop\aswMBR.exe
[2012/08/10 15:57:34 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\F S B\Desktop\MicrosoftFixit.wu.LB.107268059446496718.1.1.Run.exe
[2012/08/10 15:44:41 | 018,180,664 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\F S B\Desktop\mpas-fe.exe
[2012/08/10 15:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2012/08/10 15:42:29 | 000,803,584 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\F S B\Desktop\mssstool32.exe
[2012/08/10 07:01:51 | 001,266,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\F S B\Desktop\WindowsXP-KB927891-v3-x86-ENU.exe
[2012/08/10 07:01:00 | 006,216,032 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\F S B\Desktop\windowsupdateagent30-x86(1).exe
[2012/08/09 20:07:42 | 016,373,192 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\F S B\Desktop\Windows-KB890830-V4.10.exe
[2012/08/09 18:24:36 | 006,216,032 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\F S B\Desktop\windowsupdateagent30-x86.exe
[2012/08/09 18:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/08/09 17:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\Desktop\ProcessExplorer
[2012/08/06 17:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\My Documents\Firewall [bleep]
[2012/08/06 16:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\Application Data\Wise Registry Cleaner
[2012/08/06 16:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise Registry Cleaner
[2012/08/06 16:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Wise
[2012/08/06 16:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\Application Data\ElevatedDiagnostics
[2012/08/06 16:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/08/06 16:37:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/08/04 18:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft Beta
[2012/08/03 09:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/08/03 09:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/15 17:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\My Documents\GarminBackup
[2012/07/15 16:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/07/15 16:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\Application Data\Garmin
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/10 22:26:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/10 22:23:15 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\MBR.dat
[2012/08/10 21:35:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/10 21:35:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/10 19:22:30 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\F S B\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk
[2012/08/10 19:22:30 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2012/08/10 19:21:27 | 005,360,088 | ---- | M] (Canneverbe Limited ) -- C:\Documents and Settings\F S B\Desktop\cdbxp_setup_4.4.1.3341.exe
[2012/08/10 18:23:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/10 17:08:43 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/08/10 16:58:03 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\gmer.zip
[2012/08/10 16:43:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\F S B\Desktop\OTL.exe
[2012/08/10 16:38:18 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\F S B\Desktop\tdsskiller.exe
[2012/08/10 16:21:20 | 000,001,452 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\MBR.zip
[2012/08/10 16:09:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\F S B\Desktop\aswMBR.exe
[2012/08/10 16:05:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/10 15:57:34 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\F S B\Desktop\MicrosoftFixit.wu.LB.107268059446496718.1.1.Run.exe
[2012/08/10 15:44:53 | 018,180,664 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\F S B\Desktop\mpas-fe.exe
[2012/08/10 15:43:05 | 005,154,304 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\WindowsDefender.msi
[2012/08/10 15:42:29 | 000,803,584 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\F S B\Desktop\mssstool32.exe
[2012/08/10 07:01:51 | 001,266,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\F S B\Desktop\WindowsXP-KB927891-v3-x86-ENU.exe
[2012/08/10 07:01:01 | 006,216,032 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\F S B\Desktop\windowsupdateagent30-x86(1).exe
[2012/08/09 20:09:32 | 016,373,192 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\F S B\Desktop\Windows-KB890830-V4.10.exe
[2012/08/09 18:36:06 | 006,216,032 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\F S B\Desktop\windowsupdateagent30-x86.exe
[2012/08/09 17:22:01 | 001,144,963 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\ProcessExplorer.zip
[2012/08/06 17:34:49 | 002,789,376 | ---- | M] () -- C:\Documents and Settings\F S B\NTUSER.rhk
[2012/08/06 17:30:52 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/08/06 16:42:46 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2012/08/06 06:33:38 | 000,294,178 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\cT07Y.png
[2012/08/04 18:57:02 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\F S B\Application Data\Microsoft\Internet Explorer\Quick Launch\PTR.lnk
[2012/08/04 18:29:17 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft Beta.lnk
[2012/07/28 09:52:38 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/28 09:52:38 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/16 22:38:27 | 000,473,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/16 22:38:27 | 000,076,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/10 19:22:30 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012/08/10 19:22:30 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\F S B\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk
[2012/08/10 19:22:30 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2012/08/10 19:22:30 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
[2012/08/10 17:49:33 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\gmer.exe
[2012/08/10 17:17:30 | 000,232,960 | ---- | C] () -- C:\WINDOWS\Installer\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\U\[email protected]
[2012/08/10 17:17:16 | 000,092,160 | ---- | C] () -- C:\WINDOWS\Installer\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\U\[email protected]
[2012/08/10 17:17:13 | 000,013,312 | ---- | C] () -- C:\WINDOWS\Installer\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\U\[email protected]
[2012/08/10 17:17:13 | 000,001,632 | ---- | C] () -- C:\WINDOWS\Installer\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\U\[email protected]
[2012/08/10 17:17:11 | 000,002,048 | ---- | C] () -- C:\WINDOWS\Installer\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\U\[email protected]
[2012/08/10 16:58:01 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\gmer.zip
[2012/08/10 16:21:18 | 000,001,452 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\MBR.zip
[2012/08/10 16:19:10 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\MBR.dat
[2012/08/10 15:46:38 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/08/10 15:43:31 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2012/08/10 15:43:02 | 005,154,304 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\WindowsDefender.msi
[2012/08/09 17:22:00 | 001,144,963 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\ProcessExplorer.zip
[2012/08/06 17:34:48 | 002,789,376 | ---- | C] () -- C:\Documents and Settings\F S B\NTUSER.rhk
[2012/08/06 16:42:46 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2012/08/06 06:33:36 | 000,294,178 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\cT07Y.png
[2012/08/04 18:17:20 | 000,001,032 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft Beta.lnk
[2012/07/16 00:08:25 | 000,287,993 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1644491937-1123561945-839522115-1004-0.dat
[2012/07/16 00:08:24 | 000,084,186 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/07/07 19:21:04 | 000,175,312 | ---- | C] () -- C:\Documents and Settings\F S B\Local Settings\Application Data\census.cache
[2012/07/07 19:21:01 | 000,155,647 | ---- | C] () -- C:\Documents and Settings\F S B\Local Settings\Application Data\ars.cache
[2012/07/07 19:15:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\F S B\Local Settings\Application Data\housecall.guid.cache
[2012/07/07 14:27:43 | 000,000,804 | ---- | C] () -- C:\WINDOWS\Installer\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\L\[email protected]
[2012/05/10 23:04:54 | 000,570,360 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/02 22:54:46 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2012/04/30 13:42:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2012/02/15 12:07:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/09 19:41:59 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2011/12/09 17:42:29 | 000,139,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/12/09 17:42:28 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\F S B\Application Data\PnkBstrK.sys
[2011/12/09 17:42:03 | 000,282,472 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/12/09 17:42:01 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/12/09 17:42:00 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2011/11/22 10:20:04 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\F S B\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/21 02:09:58 | 000,640,957 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011/11/21 02:09:58 | 000,000,799 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011/11/11 20:18:37 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/11/11 20:12:04 | 000,294,056 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/11/11 20:12:04 | 000,294,056 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/11/11 20:12:04 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/11/11 20:11:52 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/11/11 19:43:44 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/11 18:22:04 | 000,005,876 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/11/11 18:16:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/11 18:12:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/11 13:05:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/11 13:03:53 | 000,095,864 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2006/02/28 08:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\@
[2006/02/28 08:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\@
[2006/02/28 08:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\F S B\Local Settings\Application Data\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\@

========== LOP Check ==========

[2012/08/05 03:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2012/08/10 19:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/11/11 19:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/04/22 14:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\.minecraft
[2012/03/12 22:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\Amazon
[2012/04/30 13:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\Atari
[2012/08/10 19:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\Canneverbe Limited
[2012/08/10 15:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\ElevatedDiagnostics
[2012/07/15 16:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\Garmin
[2012/04/30 13:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\Leadertech
[2012/03/17 12:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\SystemRequirementsLab
[2012/04/26 13:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\TS3Client
[2012/04/26 13:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\ts3overlay
[2012/08/06 16:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\Wise Registry Cleaner
[2012/04/26 13:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\ts3overlay
[2012/08/10 17:08:43 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2006/02/28 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/04/04 01:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2006/02/28 08:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SERVICES.LNK >
[2011/11/11 18:15:15 | 000,001,602 | ---- | M] () MD5=F07B9C4D75E3CA8BBE7878B3FCA49C5F -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/08/06 16:11:27 | 000,001,189 | ---- | M] () MD5=D7806FEE105655E04A1963C412C06136 -- C:\Documents and Settings\F S B\Application Data\Macromedia\Flash Player\#SharedObjects\KCC9ML84\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MSC >
[2006/02/28 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2006/02/28 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< End of report >

________________________________________________________________________________________________________________________________________________

OTL Extras logfile created on: 8/10/2012 10:25:42 PM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\F S B\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 60.61% Memory free
4.59 Gb Paging File | 3.69 Gb Available in Paging File | 80.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 132.22 Gb Free Space | 56.78% Space Free | Partition Type: NTFS
Drive D: | 615.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HAL3000 | User Name: F S B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1644491937-1123561945-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\F S B\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\F S B\Local Settings\Application Data\Akamai\netsession_win.exe:*:Disabled:Akamai NetSession Client -- (Akamai Technologies, Inc)
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1199\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1199\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
"C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1225\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1225\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{18026153-83A4-40E0-96B6-41E441607518}" = Eraser 6.0.9.2343
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{655B9514-3963-490B-9EE1-431E80444889}" = Razer Tarantula
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel® Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C98876CB-9847-4DCB-96F6-98CD5D66D2E2}" = Document Express DjVu Plug-in
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60
"Diablo III" = Diablo III
"Fraps" = Fraps (remove only)
"ie8" = Windows Internet Explorer 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Matrix Code Emulator_is1" = Matrix Code Emulator 1.50
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"Steam App 10090" = Call of Duty: World at War
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.41
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"World of Warcraft Public Test" = World of Warcraft Public Test
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1644491937-1123561945-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Akamai" = Akamai NetSession Interface
"c5c968b829b4973b" = Curse Client - Test
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/6/2012 5:30:00 PM | Computer Name = HAL3000 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/10/2012 3:43:43 PM | Computer Name = HAL3000 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 8/10/2012 3:43:50 PM | Computer Name = HAL3000 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 8/10/2012 3:43:51 PM | Computer Name = HAL3000 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 8/10/2012 3:45:08 PM | Computer Name = HAL3000 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 8/10/2012 3:45:26 PM | Computer Name = HAL3000 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 8/10/2012 3:51:23 PM | Computer Name = HAL3000 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 8/10/2012 3:57:10 PM | Computer Name = HAL3000 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 8/10/2012 3:57:16 PM | Computer Name = HAL3000 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 8/10/2012 3:57:17 PM | Computer Name = HAL3000 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 8/10/2012 5:07:13 PM | Computer Name = HAL3000 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 8/10/2012 5:07:13 PM | Computer Name = HAL3000 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 8/10/2012 5:14:48 PM | Computer Name = HAL3000 | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 8/10/2012 5:14:52 PM | Computer Name = HAL3000 | Source = Service Control Manager | ID = 7031
Description = The Windows Defender service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 15000 milliseconds:
Restart the service.

Error - 8/10/2012 5:15:03 PM | Computer Name = HAL3000 | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 8/10/2012 5:22:23 PM | Computer Name = HAL3000 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/10/2012 5:34:21 PM | Computer Name = HAL3000 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/10/2012 6:11:04 PM | Computer Name = HAL3000 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/10/2012 6:24:13 PM | Computer Name = HAL3000 | Source = NVENETFD | ID = 5008
Description = NVIDIA nForce 10/100/1000 Mbps Ethernet : Has encountered an invalid
network address.

Error - 8/10/2012 6:36:02 PM | Computer Name = HAL3000 | Source = NVENETFD | ID = 5008
Description = NVIDIA nForce 10/100/1000 Mbps Ethernet : Has encountered an invalid
network address.


< End of report >


Give me an update on your computer's issues.


Currently my PC has a process named svchost.exe with a "Mem Usage" of 582,804K. The problem still exist, and outside of simply "bogging" the system down, it would be unnoticeable. Control of my Windows Firewall was, again, compromised, but...and again, restored earlier this evening.

Also what resident antivirus are you running? I only see an antispyware (MalwareBytes') which is not the same.


As stated in my original post, I do not use an AV program, but rather scan the system from time to time when I suspect a problem exist. It's not that I place a lot, if any, trust in "built in" protections like the Windows Firewall or Windows Defender. Not at all. I simply practice safe surfing. This will be my second major virus (of it is as such) in roughly 12 years. I don't think that's too bad.

Thanks in advance for any and all help. It is understood that the time you spend here is completely volunteer.
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
We expect anyone we help to have an antivirus installed and on. While your record is noble for not getting an infection, we have an expectation based on our considerable experience in helping people clean their computers. So please complete this step before we continue.


Antvirus software is a necessity. This is your primary line of defense against the type of malware that has infected your computer. Each of the following products have real-time protection and scheduled scans. Please choose one, install it, update the antivirus database/definitions, and run a complete scan.

These are among the best free antivirus/antispyware products.
*Please note* You should never install more than one anti-virus program on a PC because it will cause conflicts.
  • 0

#5
FSB75

FSB75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

We expect anyone we help to have an antivirus installed and on. While your record is noble for not getting an infection, we have an expectation based on our considerable experience in helping people clean their computers. So please complete this step before we continue.


Antvirus software is a necessity. This is your primary line of defense against the type of malware that has infected your computer. Each of the following products have real-time protection and scheduled scans. Please choose one, install it, update the antivirus database/definitions, and run a complete scan.

These are among the best free antivirus/antispyware products.
*Please note* You should never install more than one anti-virus program on a PC because it will cause conflicts.


*heavy labored breathing*

As you wish, my Master!

Okay, just a sec...
  • 0

#6
FSB75

FSB75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
As per your request, I DLed, installed, updated, and ran both a complete, as well as the program suggested boot, scan with Avast!

I do apologize in advance if the corrective actions taken, using the Avast! program, were not ideal. I used my best judgement to cause minimal "change", as I was not instructed to do anything other than scan, and the program did detect numerous infections. As infections were found, I didn't want to simply choose the "do nothing" or "repair" options. As such, I used the "Move to Chest" and/or the "Delete" options. additonally, I could not find an option to export the log files. I have provided them below, as best I could.


Full System Scan
Posted Image


Boot Time Scan
Posted Image

Obviously, so much for being "virus free". I suppose using the Kaspersky online virus removal tool (for viruses) and Malewarebytes (for everything else) wasn't enough this time. I appreciate your extended patience with my choices regarding the files found to be infected. Half of me didn't want to do anything, because i wasn't told to do anything. The other half wanted to minimize already done damage...IF I could. Hopefully, and at best, I didn't make anything worse. Thank you.
  • 0

#7
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
You did great thanks :thumbsup:

Now I need you to run OTL again so just open it again select Scan All users, Lop check, and Purity check.

Then click Quick Scan, it will produce a log, OTL.txt

Please post the new log.
  • 0

#8
FSB75

FSB75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
UPDATE

As of the requested virus scan and quarantine (Move to Chest), the highest Mem Usage of svchost.exe (1080 PID) has been is, holding steady, at 15,328K. Additionally, the TCP/IP traffic is no longer on "everyone use my internet please". Although I'm sure the problem is not fully resolved, as things are rarely this easy for me, Avast! is no longer yelling at me approximately every 3 minutes I'm connected online that something is trying to attack my PC. As a matter of fact, it hasn't "said" anything all morning.


OTL logfile created on: 8/11/2012 10:13:40 AM - Run 3
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\F S B\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 70.86% Memory free
4.59 Gb Paging File | 3.98 Gb Available in Paging File | 86.68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 130.96 Gb Free Space | 56.24% Space Free | Partition Type: NTFS

Computer Name: HAL3000 | User Name: F S B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/10 16:43:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\F S B\Desktop\OTL.exe
PRC - [2012/07/19 08:59:17 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/03 10:44:46 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\F S B\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/02/29 19:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/04/12 16:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Naga\RazerNagaSysTray.exe
PRC - [2009/07/15 01:32:20 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2009/07/15 01:32:20 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2008/04/13 20:12:25 | 001,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:12:16 | 000,105,472 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\system32\dfrgntfs.exe
PRC - [2007/05/07 11:52:12 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Tarantula\razerhid.exe
PRC - [2007/03/05 19:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Tarantula\razertra.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/11 02:09:13 | 001,792,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12081100\algo.dll
MOD - [2012/07/19 08:59:15 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/03 10:44:46 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2012/03/09 18:39:59 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2009/07/15 01:32:20 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
MOD - [2009/07/15 01:32:20 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
MOD - [2009/07/15 01:32:14 | 000,436,768 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
MOD - [2009/07/15 01:31:38 | 000,068,128 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
MOD - [2007/03/05 19:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Tarantula\razertra.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/19 08:59:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/06/03 10:44:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2012/02/29 19:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/15 01:32:20 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009/07/15 01:32:20 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 12:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 12:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/06/03 10:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2011/11/22 16:48:07 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Program Files\RealTemp_360\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2011/09/21 11:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2011/08/30 18:28:46 | 006,435,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011/03/31 16:01:50 | 000,103,424 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RzSynapse.sys -- (RzSynapse)
DRV - [2009/11/18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/07/01 12:52:02 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/07/01 12:52:00 | 000,067,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/04/11 17:23:48 | 000,045,440 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UsbFltr.sys -- (TarFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1644491937-1123561945-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1644491937-1123561945-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1644491937-1123561945-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1644491937-1123561945-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-1123561945-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\F S B\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/10 23:08:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 08:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/10 10:41:26 | 000,000,000 | ---D | M]

[2011/11/11 19:39:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\F S B\Application Data\Mozilla\Extensions
[2012/08/06 06:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\F S B\Application Data\Mozilla\Firefox\Profiles\xghf74wg.default\extensions
[2012/06/16 12:03:17 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Documents and Settings\F S B\Application Data\Mozilla\Firefox\Profiles\xghf74wg.default\extensions\[email protected]
[2012/03/17 11:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/22 14:11:51 | 000,246,025 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\F S B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XGHF74WG.DEFAULT\EXTENSIONS\[email protected]
[2006/02/28 08:00:00 | 000,004,819 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\F S B\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XGHF74WG.DEFAULT\EXTENSIONS\[email protected]
[2012/08/10 23:08:46 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/03/09 18:40:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/07/19 08:59:17 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/18 18:01:46 | 001,826,704 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012/06/20 16:52:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/20 16:52:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Tarantula] C:\Program Files\Razer\Tarantula\razerhid.exe (Razer USA Ltd.)
O4 - HKU\S-1-5-19..\Run: [Apple] rundll32.exe "C:\Documents and Settings\F S B\Local Settings\Application Data\Deployment\Apple\mibhoh.dll",CreateInstance File not found
O4 - HKU\S-1-5-20..\Run: [Apple] rundll32.exe "C:\Documents and Settings\F S B\Local Settings\Application Data\Deployment\Apple\mibhoh.dll",CreateInstance File not found
O4 - HKU\S-1-5-21-1644491937-1123561945-839522115-1004..\Run: [Akamai NetSession Interface] C:\Documents and Settings\F S B\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1644491937-1123561945-839522115-1006..\Run: [Apple] rundll32.exe "C:\Documents and Settings\F S B\Local Settings\Application Data\Deployment\Apple\mibhoh.dll",CreateInstance File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-1123561945-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1644491937-1123561945-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1644491937-1123561945-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1344551802453 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1344556933140 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5453F6C3-F749-446F-8084-EB868A78129D}: DhcpNameServer = 192.168.2.1 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/11 18:15:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:7ad7b20dcd30)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/10 23:09:02 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/08/10 23:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/08/10 23:09:01 | 000,353,688 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/08/10 23:08:59 | 000,721,000 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/08/10 23:08:59 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/08/10 23:08:59 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/08/10 23:08:57 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/08/10 23:08:57 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/08/10 23:08:57 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/08/10 23:08:40 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/08/10 23:08:40 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/08/10 23:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/10 23:08:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/10 22:57:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/10 19:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\Application Data\Canneverbe Limited
[2012/08/10 19:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2012/08/10 19:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2012/08/10 19:21:24 | 005,360,088 | ---- | C] (Canneverbe Limited ) -- C:\Documents and Settings\F S B\Desktop\cdbxp_setup_4.4.1.3341.exe
[2012/08/10 18:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\Desktop\To be moved
[2012/08/10 16:43:43 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\F S B\Desktop\OTL.exe
[2012/08/10 16:38:14 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\F S B\Desktop\tdsskiller.exe
[2012/08/10 16:08:36 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\F S B\Desktop\aswMBR.exe
[2012/08/10 15:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2012/08/09 18:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/08/09 17:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\Desktop\ProcessExplorer
[2012/08/06 17:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\My Documents\Firewall [bleep]
[2012/08/06 16:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\Application Data\Wise Registry Cleaner
[2012/08/06 16:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise Registry Cleaner
[2012/08/06 16:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Wise
[2012/08/06 16:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\Application Data\ElevatedDiagnostics
[2012/08/06 16:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/08/06 16:37:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/08/04 18:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft Beta
[2012/08/03 09:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/08/03 09:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/15 17:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\My Documents\GarminBackup
[2012/07/15 16:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/07/15 16:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\F S B\Application Data\Garmin
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/11 09:35:19 | 000,462,156 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\Virus Chest.JPG
[2012/08/11 09:35:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/11 09:25:44 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/11 09:25:42 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/11 09:25:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/11 09:06:56 | 000,109,070 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\bootscan.JPG
[2012/08/11 09:05:27 | 000,269,753 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\completescan.JPG
[2012/08/10 23:12:39 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/10 23:09:02 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/08/10 23:08:58 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/08/10 23:07:55 | 089,340,632 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\avast_free_antivirus_setup.exe
[2012/08/10 22:59:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/10 22:23:15 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\MBR.dat
[2012/08/10 19:22:30 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\F S B\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk
[2012/08/10 19:22:30 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2012/08/10 19:21:27 | 005,360,088 | ---- | M] (Canneverbe Limited ) -- C:\Documents and Settings\F S B\Desktop\cdbxp_setup_4.4.1.3341.exe
[2012/08/10 17:08:43 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/08/10 16:58:03 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\gmer.zip
[2012/08/10 16:43:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\F S B\Desktop\OTL.exe
[2012/08/10 16:38:18 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\F S B\Desktop\tdsskiller.exe
[2012/08/10 16:21:20 | 000,001,452 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\MBR.zip
[2012/08/10 16:09:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\F S B\Desktop\aswMBR.exe
[2012/08/10 15:43:05 | 005,154,304 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\WindowsDefender.msi
[2012/08/09 17:22:01 | 001,144,963 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\ProcessExplorer.zip
[2012/08/06 17:34:49 | 002,789,376 | ---- | M] () -- C:\Documents and Settings\F S B\NTUSER.rhk
[2012/08/06 17:30:52 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/08/06 16:42:46 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2012/08/06 06:33:38 | 000,294,178 | ---- | M] () -- C:\Documents and Settings\F S B\Desktop\cT07Y.png
[2012/08/04 18:57:02 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\F S B\Application Data\Microsoft\Internet Explorer\Quick Launch\PTR.lnk
[2012/08/04 18:29:17 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft Beta.lnk
[2012/07/16 22:38:27 | 000,473,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/16 22:38:27 | 000,076,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/11 09:33:17 | 000,462,156 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\Virus Chest.JPG
[2012/08/11 09:06:56 | 000,109,070 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\bootscan.JPG
[2012/08/11 09:05:27 | 000,269,753 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\completescan.JPG
[2012/08/10 23:09:02 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/08/10 23:08:57 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/10 23:06:34 | 089,340,632 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\avast_free_antivirus_setup.exe
[2012/08/10 19:22:30 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012/08/10 19:22:30 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\F S B\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk
[2012/08/10 19:22:30 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2012/08/10 19:22:30 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
[2012/08/10 17:49:33 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\gmer.exe
[2012/08/10 16:58:01 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\gmer.zip
[2012/08/10 16:21:18 | 000,001,452 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\MBR.zip
[2012/08/10 16:19:10 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\MBR.dat
[2012/08/10 15:46:38 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/08/10 15:43:31 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2012/08/10 15:43:02 | 005,154,304 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\WindowsDefender.msi
[2012/08/09 17:22:00 | 001,144,963 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\ProcessExplorer.zip
[2012/08/06 17:34:48 | 002,789,376 | ---- | C] () -- C:\Documents and Settings\F S B\NTUSER.rhk
[2012/08/06 16:42:46 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2012/08/06 06:33:36 | 000,294,178 | ---- | C] () -- C:\Documents and Settings\F S B\Desktop\cT07Y.png
[2012/08/04 18:17:20 | 000,001,032 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft Beta.lnk
[2012/07/16 00:08:25 | 000,287,993 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1644491937-1123561945-839522115-1004-0.dat
[2012/07/16 00:08:24 | 000,084,186 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/07/07 19:21:04 | 000,175,312 | ---- | C] () -- C:\Documents and Settings\F S B\Local Settings\Application Data\census.cache
[2012/07/07 19:21:01 | 000,155,647 | ---- | C] () -- C:\Documents and Settings\F S B\Local Settings\Application Data\ars.cache
[2012/07/07 19:15:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\F S B\Local Settings\Application Data\housecall.guid.cache
[2012/07/07 14:27:43 | 000,000,804 | ---- | C] () -- C:\WINDOWS\Installer\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\L\[email protected]
[2012/05/10 23:04:54 | 000,570,360 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/02 22:54:46 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2012/04/30 13:42:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2012/02/15 12:07:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/09 19:41:59 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2011/12/09 17:42:29 | 000,139,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/12/09 17:42:28 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\F S B\Application Data\PnkBstrK.sys
[2011/12/09 17:42:03 | 000,282,472 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/12/09 17:42:01 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/12/09 17:42:00 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2011/11/22 10:20:04 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\F S B\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/21 02:09:58 | 000,640,957 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011/11/21 02:09:58 | 000,000,799 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011/11/11 20:18:37 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/11/11 20:12:04 | 000,294,056 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/11/11 20:12:04 | 000,294,056 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/11/11 20:12:04 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/11/11 20:11:52 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/11/11 19:43:44 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/11 18:22:04 | 000,005,876 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/11/11 18:16:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/11 18:12:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/11 13:05:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/11 13:03:53 | 000,095,864 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2006/02/28 08:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\@
[2006/02/28 08:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\@
[2006/02/28 08:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\F S B\Local Settings\Application Data\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\@

========== LOP Check ==========

[2012/08/10 23:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/05 03:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2012/08/10 19:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/11/11 19:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/04/22 14:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\.minecraft
[2012/03/12 22:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\Amazon
[2012/04/30 13:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\Atari
[2012/08/10 19:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\Canneverbe Limited
[2012/08/10 15:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\ElevatedDiagnostics
[2012/07/15 16:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\Garmin
[2012/04/30 13:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\Leadertech
[2012/03/17 12:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\SystemRequirementsLab
[2012/04/26 13:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\TS3Client
[2012/04/26 13:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\ts3overlay
[2012/08/06 16:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\F S B\Application Data\Wise Registry Cleaner
[2012/04/26 13:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\ts3overlay
[2012/08/11 09:25:44 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012/08/10 17:08:43 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >


Thank you again for your very quick responses, continued patience, and determination to help me fight the urge to simply "Format it all"!
  • 0

#9
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
PunkBuster Advice:

There are some Issues with infections in relation to PunkBuster...The computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.
It is not a certainty that your computer can be cleaned without breaking or removing some of these programs, and this would result in not being able to play the associated games, or worse.
Since we are dedicated to causing No Harm, we won't normally work on machines with this type of program installed without explicit permission from the owner.
If you want to continue using the machine in this way, you should consider using imaging software like Norton Ghost or Acronis TrueImage, or Terabyte Image, which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe.

If you really want to clean this machine, I will help, but if you so choose, understand there is no assurance you will be able to do games afterwards.
If the Uninstaller ever fails, it is a nightmare to remove, just as they have intended.

So my advice would be download the Removal Tool for PunkBuster to the desktop.

Right-click on pbsvc.exe and select Run as Administrator >> follow the prompts.

You may reinstall Punkbuster when I give the all clear if you so wish.




Step 1.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    [2012/03/09 18:40:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O4 - HKU\S-1-5-20..\Run: [Apple] rundll32.exe "C:\Documents and Settings\F S B\Local Settings\Application Data\Deployment\Apple\mibhoh.dll",CreateInstance File not found
    
    
    :Reg
    [HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
    ""="%systemroot%\system32\wbem\wbemess.dll"
    [-HKCU\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}]
    
    
    :Files
    C:\Documents and Settings\F S B\Local Settings\Temp\210.tmp
    C:\WINDOWS\Installer\{56b32510-08d6-a75e-9773-b38b1f4e31a5}
    C:\Documents and Settings\F S B\Local Settings\Application Data\{56b32510-08d6-a75e-9773-b38b1f4e31a5}
    netsh int ip reset c:\resetlog.txt /c
    ipconfig /release /c
    ipconfig /renew /c
    sc create BITS binpath= "c:\windows\system32\svchost.exe -k netsvcs" start= delayed-auto /c
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 2.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. This infection will require a reboot to correct so make sure these are turned off and will not turn back on at reboot. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions
3. If you cannot connect to the internet or have other issues after ComboFix completes,simply reboot the computer.



Step 3.

Download farbar service scanner to your desktop and then run it.

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply


Step 4.

Please post:

OTL fix log
ComboFix.txt
FSS.txt



What are the current issues with your computer
  • 0

#10
FSB75

FSB75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTL Fix Log

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome\content folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre6\bin\ssv.dll moved successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Apple deleted successfully.
========== REGISTRY ==========
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\""|"%systemroot%\system32\wbem\wbemess.dll" /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12d0253a-7c96-815c-11e0-3034bbd97cc0}\ not found.
========== FILES ==========
File\Folder C:\Documents and Settings\F S B\Local Settings\Temp\210.tmp not found.
C:\WINDOWS\Installer\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\U folder moved successfully.
C:\WINDOWS\Installer\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\L folder moved successfully.
C:\WINDOWS\Installer\{56b32510-08d6-a75e-9773-b38b1f4e31a5} folder moved successfully.
C:\Documents and Settings\F S B\Local Settings\Application Data\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\U folder moved successfully.
C:\Documents and Settings\F S B\Local Settings\Application Data\{56b32510-08d6-a75e-9773-b38b1f4e31a5}\L folder moved successfully.
C:\Documents and Settings\F S B\Local Settings\Application Data\{56b32510-08d6-a75e-9773-b38b1f4e31a5} folder moved successfully.
< netsh int ip reset c:\resetlog.txt /c >
WARNING: Could not obtain host information from machine: [HAL3000]. Some commands may not be available.
The specified module could not be found.
C:\Documents and Settings\F S B\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\F S B\Desktop\cmd.txt deleted successfully.
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\F S B\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\F S B\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : Belkin
IP Address. . . . . . . . . . . . : 192.168.2.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
C:\Documents and Settings\F S B\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\F S B\Desktop\cmd.txt deleted successfully.
< sc create BITS binpath= "c:\windows\system32\svchost.exe -k netsvcs" start= delayed-auto /c >
invalid start= field
Modifies a service entry in the registry and Service Database.
SYNTAX:
sc <server> config [service name] <option1> <option2>...
CONFIG OPTIONS:
NOTE: The option name includes the equal sign.
type= <own|share|interact|kernel|filesys|rec|adapt>
start= <boot|system|auto|demand|disabled>
error= <normal|severe|critical|ignore>
binPath= <BinaryPathName>
group= <LoadOrderGroup>
tag= <yes|no>
depend= <Dependencies(separated by / (forward slash))>
obj= <AccountName|ObjectName>
DisplayName= <display name>
password= <password>
C:\Documents and Settings\F S B\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\F S B\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: F S B
->Temp folder emptied: 1627158145 bytes
->Temporary Internet Files folder emptied: 393991470 bytes
->Java cache emptied: 2781381 bytes
->FireFox cache emptied: 734585820 bytes
->Flash cache emptied: 8463035 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 697956258 bytes
->Flash cache emptied: 19030 bytes

User: NetworkService
->Temp folder emptied: 227504 bytes
->Temporary Internet Files folder emptied: 10756203 bytes
->Java cache emptied: 12 bytes
->Flash cache emptied: 31535 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 3770897 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 392285203 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 94177734 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1218895688 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,947.00 mb

System Restore Service not available.

OTL by OldTimer - Version 3.2.56.0 log created on 08112012_111157

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012/08/11 11:22:07 | 000,000,000 | ---- | M] () C:\WINDOWS\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...


ComBo Fix

ComboFix 12-08-09.01 - F S B 08/11/2012 11:30:07.1.2 - x86
Running from: c:\documents and settings\F S B\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-11 15:11 . 2012-08-11 15:11 -------- d-----w- C:\_OTL
2012-08-11 03:09 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-11 03:09 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-11 03:08 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-11 03:08 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-11 03:08 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-11 03:08 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-11 03:08 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-11 03:08 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-11 03:08 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-11 03:08 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-11 03:08 . 2012-08-11 03:08 -------- d-----w- c:\program files\AVAST Software
2012-08-11 03:08 . 2012-08-11 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-08-11 02:57 . 2012-08-11 02:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-10 23:22 . 2012-08-10 23:22 -------- d-----w- c:\documents and settings\F S B\Application Data\Canneverbe Limited
2012-08-10 23:22 . 2012-08-10 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2012-08-10 23:22 . 2012-06-03 14:44 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-08-10 23:22 . 2012-08-10 23:22 -------- d-----w- c:\program files\CDBurnerXP
2012-08-10 19:55 . 2012-07-16 06:41 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{5CD5016F-5ED1-4432-812F-2C74EBDEF946}\mpengine.dll
2012-08-10 19:45 . 2012-07-16 06:41 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-08-10 19:43 . 2012-08-10 19:43 -------- d-----w- c:\program files\Windows Defender
2012-08-10 00:18 . 2012-08-10 00:18 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-08-06 20:43 . 2012-08-06 20:44 -------- d-----w- c:\documents and settings\F S B\Application Data\Wise Registry Cleaner
2012-08-06 20:42 . 2012-08-06 20:42 -------- d-----w- c:\program files\Wise
2012-08-06 20:37 . 2012-08-10 19:58 -------- d-----w- c:\documents and settings\F S B\Application Data\ElevatedDiagnostics
2012-07-15 20:55 . 2012-07-15 20:55 -------- d-----w- c:\program files\Microsoft.NET
2012-07-15 20:51 . 2012-07-15 20:51 -------- d-----w- c:\documents and settings\F S B\Application Data\Garmin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 13:52 . 2012-04-05 19:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-28 13:52 . 2011-11-11 23:41 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-11 18:59 . 2012-04-30 17:42 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2012-06-13 22:13 . 2011-12-09 23:44 282472 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2011-11-11 22:13 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 21:35 . 2011-12-05 14:53 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2011-11-11 22:28 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2011-11-11 22:28 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2011-11-11 22:13 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2011-11-11 22:13 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2011-11-11 22:28 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2011-11-11 22:28 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2011-11-11 22:13 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2011-11-11 22:13 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2011-11-11 22:28 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2011-11-11 22:13 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2011-11-11 22:13 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2011-12-05 14:53 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2011-12-05 14:53 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-01 21:34 . 2011-12-09 21:42 282472 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-05-31 16:25 . 2012-07-07 23:32 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-19 12:59 . 2011-11-11 23:38 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\F S B\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tarantula"="c:\program files\Razer\Tarantula\razerhid.exe" [2007-05-07 159744]
"Razer Naga Driver"="c:\program files\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-17 20064872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:7ad7b20dcd30
.
[HKLM\~\startupfolder\C:^Documents and Settings^F S B^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\documents and settings\F S B\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccipStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 -c--a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2011-11-05 17:17 980368 -c--a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-12-23 18:49 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\F S B\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1199\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1225\\Agent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1053:TCP"= 1053:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\RealTemp_360\WinRing0.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
S3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\Drivers\UsbFltr.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-11 16:21]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-18 15:15]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-18 15:15]
.
2012-08-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\documents and settings\F S B\Application Data\Mozilla\Firefox\Profiles\xghf74wg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
SafeBoot-WinDefend
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-11 11:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(572)
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
.
Completion time: 2012-08-11 11:34:10
ComboFix-quarantined-files.txt 2012-08-11 15:34
.
Pre-Run: 145,464,303,616 bytes free
Post-Run: 145,411,399,680 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - BC22F56E5FB312764469C3F0C232E860

FSS

Farbar Service Scanner Version: 06-08-2012
Ran by F S B (administrator) on 11-08-2012 at 11:35:53
Running from "C:\Documents and Settings\F S B\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.
  • 0

Advertisements


#11
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Get the report by selecting Reports

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#12
FSB75

FSB75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I forgot the "thank you" in my last reply. So....thank you thank you thank you.

11:50:33.0890 3520 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:50:34.0187 3520 ============================================================
11:50:34.0187 3520 Current date / time: 2012/08/11 11:50:34.0187
11:50:34.0187 3520 SystemInfo:
11:50:34.0187 3520
11:50:34.0187 3520 OS Version: 5.1.2600 ServicePack: 3.0
11:50:34.0187 3520 Product type: Workstation
11:50:34.0187 3520 ComputerName: HAL3000
11:50:34.0187 3520 UserName: F S B
11:50:34.0187 3520 Windows directory: C:\WINDOWS
11:50:34.0187 3520 System windows directory: C:\WINDOWS
11:50:34.0187 3520 Processor architecture: Intel x86
11:50:34.0187 3520 Number of processors: 2
11:50:34.0187 3520 Page size: 0x1000
11:50:34.0187 3520 Boot type: Normal boot
11:50:34.0187 3520 ============================================================
11:50:35.0281 3520 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:50:35.0281 3520 ============================================================
11:50:35.0281 3520 \Device\Harddisk0\DR0:
11:50:35.0281 3520 MBR partitions:
11:50:35.0281 3520 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
11:50:35.0281 3520 ============================================================
11:50:35.0312 3520 C: <-> \Device\Harddisk0\DR0\Partition0
11:50:35.0312 3520 ============================================================
11:50:35.0312 3520 Initialize success
11:50:35.0312 3520 ============================================================
11:50:41.0546 2512 ============================================================
11:50:41.0546 2512 Scan started
11:50:41.0546 2512 Mode: Manual; SigCheck; TDLFS;
11:50:41.0546 2512 ============================================================
11:50:41.0890 2512 Aavmker4 (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
11:50:42.0000 2512 Aavmker4 - ok
11:50:42.0000 2512 Abiosdsk - ok
11:50:42.0000 2512 abp480n5 - ok
11:50:42.0031 2512 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:50:42.0187 2512 ACPI - ok
11:50:42.0218 2512 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:50:42.0296 2512 ACPIEC - ok
11:50:42.0296 2512 adpu160m - ok
11:50:42.0312 2512 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:50:42.0406 2512 aec - ok
11:50:42.0437 2512 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:50:42.0453 2512 AFD - ok
11:50:42.0468 2512 Aha154x - ok
11:50:42.0468 2512 aic78u2 - ok
11:50:42.0468 2512 aic78xx - ok
11:50:42.0500 2512 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:50:42.0578 2512 Alerter - ok
11:50:42.0593 2512 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:50:42.0687 2512 ALG - ok
11:50:42.0687 2512 AliIde - ok
11:50:42.0765 2512 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
11:50:42.0812 2512 Ambfilt - ok
11:50:42.0843 2512 amsint - ok
11:50:42.0859 2512 AppMgmt - ok
11:50:42.0859 2512 asc - ok
11:50:42.0859 2512 asc3350p - ok
11:50:42.0859 2512 asc3550 - ok
11:50:42.0968 2512 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:50:42.0968 2512 aspnet_state - ok
11:50:43.0000 2512 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:50:43.0015 2512 aswFsBlk - ok
11:50:43.0046 2512 aswMon2 (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
11:50:43.0046 2512 aswMon2 - ok
11:50:43.0062 2512 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\AswRdr.sys
11:50:43.0062 2512 AswRdr - ok
11:50:43.0109 2512 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
11:50:43.0140 2512 aswSnx - ok
11:50:43.0171 2512 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
11:50:43.0187 2512 aswSP - ok
11:50:43.0203 2512 aswTdi (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
11:50:43.0218 2512 aswTdi - ok
11:50:43.0250 2512 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:50:43.0312 2512 AsyncMac - ok
11:50:43.0343 2512 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:50:43.0421 2512 atapi - ok
11:50:43.0421 2512 Atdisk - ok
11:50:43.0437 2512 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:50:43.0515 2512 Atmarpc - ok
11:50:43.0546 2512 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:50:43.0625 2512 AudioSrv - ok
11:50:43.0640 2512 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:50:43.0734 2512 audstub - ok
11:50:43.0781 2512 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:50:43.0796 2512 avast! Antivirus - ok
11:50:43.0812 2512 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:50:43.0890 2512 Beep - ok
11:50:43.0937 2512 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:50:44.0000 2512 Browser - ok
11:50:44.0031 2512 catchme - ok
11:50:44.0062 2512 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:50:44.0140 2512 cbidf2k - ok
11:50:44.0140 2512 cd20xrnt - ok
11:50:44.0156 2512 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:50:44.0234 2512 Cdaudio - ok
11:50:44.0250 2512 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:50:44.0328 2512 Cdfs - ok
11:50:44.0343 2512 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:50:44.0421 2512 Cdrom - ok
11:50:44.0421 2512 Changer - ok
11:50:44.0453 2512 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:50:44.0531 2512 CiSvc - ok
11:50:44.0562 2512 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:50:44.0625 2512 ClipSrv - ok
11:50:44.0640 2512 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:50:44.0656 2512 clr_optimization_v2.0.50727_32 - ok
11:50:44.0718 2512 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:50:44.0734 2512 clr_optimization_v4.0.30319_32 - ok
11:50:44.0734 2512 CmdIde - ok
11:50:44.0734 2512 COMSysApp - ok
11:50:44.0750 2512 Cpqarray - ok
11:50:44.0765 2512 cpuz135 (3411fdf098aa20193eee5ffa36ba43b2) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
11:50:44.0781 2512 cpuz135 - ok
11:50:44.0781 2512 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:50:44.0875 2512 CryptSvc - ok
11:50:44.0875 2512 dac2w2k - ok
11:50:44.0875 2512 dac960nt - ok
11:50:44.0906 2512 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:50:44.0953 2512 DcomLaunch - ok
11:50:44.0984 2512 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:50:45.0078 2512 Dhcp - ok
11:50:45.0109 2512 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:50:45.0187 2512 Disk - ok
11:50:45.0187 2512 dmadmin - ok
11:50:45.0234 2512 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:50:45.0328 2512 dmboot - ok
11:50:45.0343 2512 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:50:45.0406 2512 dmio - ok
11:50:45.0421 2512 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:50:45.0500 2512 dmload - ok
11:50:45.0515 2512 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:50:45.0609 2512 dmserver - ok
11:50:45.0625 2512 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:50:45.0703 2512 DMusic - ok
11:50:45.0734 2512 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:50:45.0781 2512 Dnscache - ok
11:50:45.0812 2512 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:50:45.0890 2512 Dot3svc - ok
11:50:45.0890 2512 dpti2o - ok
11:50:45.0906 2512 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:50:45.0984 2512 drmkaud - ok
11:50:46.0000 2512 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:50:46.0062 2512 EapHost - ok
11:50:46.0093 2512 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:50:46.0171 2512 ERSvc - ok
11:50:46.0203 2512 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:50:46.0234 2512 Eventlog - ok
11:50:46.0281 2512 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:50:46.0312 2512 EventSystem - ok
11:50:46.0328 2512 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:50:46.0406 2512 Fastfat - ok
11:50:46.0453 2512 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:50:46.0484 2512 FastUserSwitchingCompatibility - ok
11:50:46.0500 2512 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:50:46.0562 2512 Fdc - ok
11:50:46.0578 2512 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:50:46.0656 2512 Fips - ok
11:50:46.0671 2512 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:50:46.0750 2512 Flpydisk - ok
11:50:46.0781 2512 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:50:46.0843 2512 FltMgr - ok
11:50:46.0937 2512 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:50:46.0953 2512 FontCache3.0.0.0 - ok
11:50:47.0046 2512 ForceWare Intelligent Application Manager (IAM) (f2dc38c54cd1daede5852a42abd8cba8) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
11:50:47.0062 2512 ForceWare Intelligent Application Manager (IAM) - ok
11:50:47.0093 2512 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:50:47.0187 2512 Fs_Rec - ok
11:50:47.0203 2512 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:50:47.0281 2512 Ftdisk - ok
11:50:47.0312 2512 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:50:47.0390 2512 Gpc - ok
11:50:47.0437 2512 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:50:47.0453 2512 gupdate - ok
11:50:47.0453 2512 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:50:47.0468 2512 gupdatem - ok
11:50:47.0484 2512 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:50:47.0562 2512 HDAudBus - ok
11:50:47.0593 2512 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:50:47.0656 2512 helpsvc - ok
11:50:47.0656 2512 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
11:50:47.0750 2512 HidServ - ok
11:50:47.0765 2512 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:50:47.0843 2512 hidusb - ok
11:50:47.0859 2512 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:50:47.0953 2512 hkmsvc - ok
11:50:47.0953 2512 hpn - ok
11:50:47.0984 2512 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:50:48.0015 2512 HTTP - ok
11:50:48.0046 2512 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:50:48.0125 2512 HTTPFilter - ok
11:50:48.0125 2512 i2omgmt - ok
11:50:48.0125 2512 i2omp - ok
11:50:48.0156 2512 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
11:50:48.0250 2512 i8042prt - ok
11:50:48.0312 2512 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:50:48.0343 2512 idsvc - ok
11:50:48.0375 2512 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:50:48.0453 2512 Imapi - ok
11:50:48.0484 2512 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:50:48.0546 2512 ImapiService - ok
11:50:48.0562 2512 ini910u - ok
11:50:48.0859 2512 IntcAzAudAddService (85ab23f3e4ba6696fae8beb9d434edd6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:50:49.0031 2512 IntcAzAudAddService - ok
11:50:49.0140 2512 IntelIde - ok
11:50:49.0171 2512 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:50:49.0250 2512 intelppm - ok
11:50:49.0250 2512 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:50:49.0343 2512 Ip6Fw - ok
11:50:49.0375 2512 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:50:49.0437 2512 IpFilterDriver - ok
11:50:49.0453 2512 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:50:49.0531 2512 IpInIp - ok
11:50:49.0546 2512 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:50:49.0625 2512 IpNat - ok
11:50:49.0640 2512 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:50:49.0718 2512 IPSec - ok
11:50:49.0734 2512 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:50:49.0828 2512 IRENUM - ok
11:50:49.0843 2512 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:50:49.0937 2512 isapnp - ok
11:50:49.0984 2512 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
11:50:49.0984 2512 JavaQuickStarterService - ok
11:50:50.0015 2512 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:50:50.0078 2512 Kbdclass - ok
11:50:50.0093 2512 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:50:50.0171 2512 kbdhid - ok
11:50:50.0203 2512 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:50:50.0296 2512 kmixer - ok
11:50:50.0312 2512 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:50:50.0343 2512 KSecDD - ok
11:50:50.0390 2512 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:50:50.0406 2512 lanmanserver - ok
11:50:50.0437 2512 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:50:50.0453 2512 lanmanworkstation - ok
11:50:50.0453 2512 lbrtfdc - ok
11:50:50.0484 2512 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:50:50.0562 2512 LmHosts - ok
11:50:50.0578 2512 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:50:50.0656 2512 Messenger - ok
11:50:50.0671 2512 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:50:50.0765 2512 mnmdd - ok
11:50:50.0781 2512 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:50:50.0859 2512 mnmsrvc - ok
11:50:50.0875 2512 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:50:50.0953 2512 Modem - ok
11:50:51.0015 2512 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
11:50:51.0062 2512 Monfilt - ok
11:50:51.0078 2512 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:50:51.0140 2512 Mouclass - ok
11:50:51.0156 2512 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:50:51.0250 2512 mouhid - ok
11:50:51.0265 2512 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:50:51.0343 2512 MountMgr - ok
11:50:51.0375 2512 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:50:51.0390 2512 MozillaMaintenance - ok
11:50:51.0390 2512 mraid35x - ok
11:50:51.0421 2512 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:50:51.0515 2512 MRxDAV - ok
11:50:51.0546 2512 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:50:51.0578 2512 MRxSmb - ok
11:50:51.0625 2512 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:50:51.0687 2512 MSDTC - ok
11:50:51.0703 2512 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:50:51.0781 2512 Msfs - ok
11:50:51.0781 2512 MSIServer - ok
11:50:51.0812 2512 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:50:51.0875 2512 MSKSSRV - ok
11:50:51.0875 2512 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:50:51.0968 2512 MSPCLOCK - ok
11:50:51.0968 2512 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:50:52.0046 2512 MSPQM - ok
11:50:52.0078 2512 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:50:52.0140 2512 mssmbios - ok
11:50:52.0156 2512 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:50:52.0171 2512 Mup - ok
11:50:52.0187 2512 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:50:52.0281 2512 napagent - ok
11:50:52.0281 2512 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:50:52.0359 2512 NDIS - ok
11:50:52.0375 2512 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:50:52.0375 2512 NdisTapi - ok
11:50:52.0390 2512 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:50:52.0468 2512 Ndisuio - ok
11:50:52.0484 2512 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:50:52.0578 2512 NdisWan - ok
11:50:52.0593 2512 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:50:52.0625 2512 NDProxy - ok
11:50:52.0625 2512 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:50:52.0687 2512 NetBIOS - ok
11:50:52.0718 2512 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:50:52.0781 2512 NetBT - ok
11:50:52.0812 2512 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:50:52.0890 2512 NetDDE - ok
11:50:52.0890 2512 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:50:52.0968 2512 NetDDEdsdm - ok
11:50:52.0984 2512 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:50:53.0046 2512 Netlogon - ok
11:50:53.0093 2512 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:50:53.0171 2512 Netman - ok
11:50:53.0234 2512 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:50:53.0250 2512 NetTcpPortSharing - ok
11:50:53.0265 2512 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:50:53.0312 2512 Nla - ok
11:50:53.0375 2512 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files\CDBurnerXP\NMSAccessU.exe
11:50:53.0375 2512 NMSAccess - ok
11:50:53.0390 2512 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:50:53.0468 2512 Npfs - ok
11:50:53.0531 2512 nSvcIp (cd12196ec247e48f50862ced2ec65e90) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
11:50:53.0546 2512 nSvcIp - ok
11:50:53.0562 2512 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:50:53.0640 2512 Ntfs - ok
11:50:53.0656 2512 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:50:53.0734 2512 NtLmSsp - ok
11:50:53.0765 2512 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:50:53.0843 2512 NtmsSvc - ok
11:50:53.0875 2512 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:50:53.0968 2512 Null - ok
11:50:54.0562 2512 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:50:54.0921 2512 nv - ok
11:50:55.0015 2512 NVENETFD (85f2ffe9aa05487c7e48503b0c336d70) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
11:50:55.0031 2512 NVENETFD - ok
11:50:55.0031 2512 nvnetbus (683ed64f70cb63c8ea84657e45a66974) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
11:50:55.0046 2512 nvnetbus - ok
11:50:55.0109 2512 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
11:50:55.0125 2512 NVSvc - ok
11:50:55.0234 2512 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:50:55.0312 2512 nvUpdatusService - ok
11:50:55.0421 2512 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:50:55.0500 2512 NwlnkFlt - ok
11:50:55.0515 2512 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:50:55.0593 2512 NwlnkFwd - ok
11:50:55.0609 2512 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:50:55.0703 2512 Parport - ok
11:50:55.0703 2512 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:50:55.0796 2512 PartMgr - ok
11:50:55.0812 2512 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:50:55.0890 2512 ParVdm - ok
11:50:55.0906 2512 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:50:55.0984 2512 PCI - ok
11:50:55.0984 2512 PCIDump - ok
11:50:56.0015 2512 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:50:56.0093 2512 PCIIde - ok
11:50:56.0125 2512 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:50:56.0203 2512 Pcmcia - ok
11:50:56.0203 2512 PDCOMP - ok
11:50:56.0203 2512 PDFRAME - ok
11:50:56.0203 2512 PDRELI - ok
11:50:56.0218 2512 PDRFRAME - ok
11:50:56.0218 2512 perc2 - ok
11:50:56.0218 2512 perc2hib - ok
11:50:56.0265 2512 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:50:56.0296 2512 PlugPlay - ok
11:50:56.0296 2512 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:50:56.0359 2512 PolicyAgent - ok
11:50:56.0375 2512 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:50:56.0453 2512 PptpMiniport - ok
11:50:56.0453 2512 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:50:56.0531 2512 ProtectedStorage - ok
11:50:56.0531 2512 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:50:56.0609 2512 PSched - ok
11:50:56.0640 2512 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:50:56.0718 2512 Ptilink - ok
11:50:56.0718 2512 ql1080 - ok
11:50:56.0734 2512 Ql10wnt - ok
11:50:56.0734 2512 ql12160 - ok
11:50:56.0734 2512 ql1240 - ok
11:50:56.0734 2512 ql1280 - ok
11:50:56.0750 2512 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:50:56.0828 2512 RasAcd - ok
11:50:56.0843 2512 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:50:56.0937 2512 RasAuto - ok
11:50:56.0953 2512 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:50:57.0031 2512 Rasl2tp - ok
11:50:57.0062 2512 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:50:57.0140 2512 RasMan - ok
11:50:57.0140 2512 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:50:57.0218 2512 RasPppoe - ok
11:50:57.0218 2512 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:50:57.0312 2512 Raspti - ok
11:50:57.0343 2512 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:50:57.0406 2512 Rdbss - ok
11:50:57.0437 2512 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:50:57.0515 2512 RDPCDD - ok
11:50:57.0546 2512 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
11:50:57.0562 2512 RDPWD - ok
11:50:57.0593 2512 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:50:57.0671 2512 RDSessMgr - ok
11:50:57.0687 2512 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:50:57.0781 2512 redbook - ok
11:50:57.0812 2512 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:50:57.0875 2512 RemoteAccess - ok
11:50:57.0906 2512 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:50:57.0984 2512 RpcLocator - ok
11:50:58.0000 2512 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
11:50:58.0046 2512 RpcSs - ok
11:50:58.0078 2512 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:50:58.0156 2512 RSVP - ok
11:50:58.0187 2512 RzSynapse (2e2f0d988f6d46e5e5e84d9fcad39081) C:\WINDOWS\system32\DRIVERS\RzSynapse.sys
11:50:58.0203 2512 RzSynapse - ok
11:50:58.0234 2512 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:50:58.0296 2512 SamSs - ok
11:50:58.0312 2512 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:50:58.0390 2512 SCardSvr - ok
11:50:58.0437 2512 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:50:58.0515 2512 Schedule - ok
11:50:58.0546 2512 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:50:58.0609 2512 Secdrv - ok
11:50:58.0625 2512 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:50:58.0703 2512 seclogon - ok
11:50:58.0718 2512 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:50:58.0796 2512 SENS - ok
11:50:58.0796 2512 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:50:58.0875 2512 serenum - ok
11:50:58.0921 2512 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:50:59.0000 2512 Serial - ok
11:50:59.0015 2512 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:50:59.0093 2512 Sfloppy - ok
11:50:59.0125 2512 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:50:59.0187 2512 SharedAccess - ok
11:50:59.0218 2512 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:50:59.0250 2512 ShellHWDetection - ok
11:50:59.0250 2512 Simbad - ok
11:50:59.0250 2512 Sparrow - ok
11:50:59.0281 2512 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:50:59.0343 2512 splitter - ok
11:50:59.0375 2512 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:50:59.0390 2512 Spooler - ok
11:50:59.0421 2512 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:50:59.0500 2512 sr - ok
11:50:59.0515 2512 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:50:59.0593 2512 srservice - ok
11:50:59.0640 2512 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:50:59.0656 2512 Srv - ok
11:50:59.0703 2512 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:50:59.0781 2512 SSDPSRV - ok
11:50:59.0812 2512 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
11:50:59.0812 2512 StarOpen ( UnsignedFile.Multi.Generic ) - warning
11:50:59.0812 2512 StarOpen - detected UnsignedFile.Multi.Generic (1)
11:50:59.0843 2512 Steam Client Service - ok
11:50:59.0859 2512 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:50:59.0953 2512 stisvc - ok
11:50:59.0968 2512 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:51:00.0046 2512 swenum - ok
11:51:00.0078 2512 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:51:00.0140 2512 swmidi - ok
11:51:00.0140 2512 SwPrv - ok
11:51:00.0156 2512 symc810 - ok
11:51:00.0156 2512 symc8xx - ok
11:51:00.0156 2512 sym_hi - ok
11:51:00.0156 2512 sym_u3 - ok
11:51:00.0171 2512 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:51:00.0250 2512 sysaudio - ok
11:51:00.0265 2512 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:51:00.0343 2512 SysmonLog - ok
11:51:00.0375 2512 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:51:00.0468 2512 TapiSrv - ok
11:51:00.0500 2512 TarFltr (3f92b6b36f2ef23da1fa44874294785c) C:\WINDOWS\system32\Drivers\UsbFltr.sys
11:51:00.0531 2512 TarFltr - ok
11:51:00.0578 2512 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:51:00.0593 2512 Tcpip - ok
11:51:00.0640 2512 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:51:00.0718 2512 TDPIPE - ok
11:51:00.0734 2512 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:51:00.0812 2512 TDTCP - ok
11:51:00.0828 2512 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:51:00.0921 2512 TermDD - ok
11:51:00.0953 2512 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:51:01.0046 2512 TermService - ok
11:51:01.0078 2512 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:51:01.0093 2512 Themes - ok
11:51:01.0093 2512 TosIde - ok
11:51:01.0093 2512 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:51:01.0187 2512 TrkWks - ok
11:51:01.0203 2512 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:51:01.0281 2512 Udfs - ok
11:51:01.0281 2512 ultra - ok
11:51:01.0312 2512 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:51:01.0390 2512 Update - ok
11:51:01.0406 2512 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:51:01.0500 2512 upnphost - ok
11:51:01.0500 2512 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:51:01.0578 2512 UPS - ok
11:51:01.0593 2512 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:51:01.0687 2512 usbccgp - ok
11:51:01.0687 2512 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:51:01.0750 2512 usbehci - ok
11:51:01.0765 2512 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:51:01.0828 2512 usbhub - ok
11:51:01.0843 2512 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:51:01.0921 2512 usbohci - ok
11:51:01.0921 2512 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:51:02.0000 2512 USBSTOR - ok
11:51:02.0015 2512 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:51:02.0093 2512 VgaSave - ok
11:51:02.0109 2512 ViaIde - ok
11:51:02.0109 2512 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:51:02.0171 2512 VolSnap - ok
11:51:02.0203 2512 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:51:02.0281 2512 VSS - ok
11:51:02.0312 2512 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:51:02.0390 2512 W32Time - ok
11:51:02.0406 2512 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:51:02.0468 2512 Wanarp - ok
11:51:02.0515 2512 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
11:51:02.0531 2512 Wdf01000 - ok
11:51:02.0531 2512 WDICA - ok
11:51:02.0562 2512 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:51:02.0625 2512 wdmaud - ok
11:51:02.0656 2512 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:51:02.0734 2512 WebClient - ok
11:51:02.0796 2512 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:51:02.0859 2512 winmgmt - ok
11:51:02.0906 2512 WinRing0_1_2_0 (845af1ba23c8d5e64def61bcc441604c) C:\Program Files\RealTemp_360\WinRing0.sys
11:51:02.0921 2512 WinRing0_1_2_0 - ok
11:51:03.0015 2512 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:51:03.0046 2512 wlidsvc - ok
11:51:03.0140 2512 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:51:03.0171 2512 WmdmPmSN - ok
11:51:03.0218 2512 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:51:03.0296 2512 WmiApSrv - ok
11:51:03.0375 2512 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:51:03.0406 2512 WMPNetworkSvc - ok
11:51:03.0531 2512 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:51:03.0562 2512 WPFFontCache_v0400 - ok
11:51:03.0640 2512 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:51:03.0718 2512 WS2IFSL - ok
11:51:03.0750 2512 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:51:03.0828 2512 wscsvc - ok
11:51:03.0843 2512 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:51:03.0921 2512 wuauserv - ok
11:51:03.0937 2512 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:51:03.0953 2512 WudfPf - ok
11:51:03.0968 2512 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:51:03.0984 2512 WudfRd - ok
11:51:03.0984 2512 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:51:04.0015 2512 WudfSvc - ok
11:51:04.0046 2512 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:51:04.0140 2512 WZCSVC - ok
11:51:04.0140 2512 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:51:04.0234 2512 xmlprov - ok
11:51:04.0250 2512 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:51:04.0578 2512 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:51:04.0578 2512 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:51:04.0578 2512 Boot (0x1200) (f15c257fdb06c54d59f32454a9c0116b) \Device\Harddisk0\DR0\Partition0
11:51:04.0578 2512 \Device\Harddisk0\DR0\Partition0 - ok
11:51:04.0578 2512 ============================================================
11:51:04.0578 2512 Scan finished
11:51:04.0578 2512 ============================================================
11:51:04.0687 3128 Detected object count: 2
11:51:04.0687 3128 Actual detected object count: 2
11:51:27.0312 3128 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:27.0312 3128 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:27.0312 3128 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:51:27.0312 3128 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0

#13
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Please rerun TDSSKiller and select delete for:

\Device\Harddisk0\DR0 ( TDSS File System )


Then post the updated log
  • 0

#14
FSB75

FSB75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
As per your request...

Additional note. While performing the "delete" option, Avast! file system shield blocked a threat.

Object: C:\TDSSKiller_Quarantine\11.08.2012_12.05.25\tdlfs0000\tsk0001.dta
Infection: Win32Maleware-gen.
Action: Moved to chest
Process: C:\Documents and settings\F S B\tdsskiller.exe

The threat was deteced and blocked whent he file was created or modified.


My extended apologies. I understand that this information was not requested, may have been expected, and perhaps even hoped. It took 2 minutes to type, and I felt it warranted a quick note. Thanks again.

12:05:25.0531 1788 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:05:25.0843 1788 ============================================================
12:05:25.0843 1788 Current date / time: 2012/08/11 12:05:25.0843
12:05:25.0843 1788 SystemInfo:
12:05:25.0843 1788
12:05:25.0843 1788 OS Version: 5.1.2600 ServicePack: 3.0
12:05:25.0843 1788 Product type: Workstation
12:05:25.0843 1788 ComputerName: HAL3000
12:05:25.0843 1788 UserName: F S B
12:05:25.0843 1788 Windows directory: C:\WINDOWS
12:05:25.0843 1788 System windows directory: C:\WINDOWS
12:05:25.0843 1788 Processor architecture: Intel x86
12:05:25.0843 1788 Number of processors: 2
12:05:25.0843 1788 Page size: 0x1000
12:05:25.0843 1788 Boot type: Normal boot
12:05:25.0843 1788 ============================================================
12:05:27.0250 1788 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:05:27.0250 1788 ============================================================
12:05:27.0250 1788 \Device\Harddisk0\DR0:
12:05:27.0250 1788 MBR partitions:
12:05:27.0250 1788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
12:05:27.0250 1788 ============================================================
12:05:27.0281 1788 C: <-> \Device\Harddisk0\DR0\Partition0
12:05:27.0281 1788 ============================================================
12:05:27.0281 1788 Initialize success
12:05:27.0281 1788 ============================================================
12:05:38.0453 1592 ============================================================
12:05:38.0453 1592 Scan started
12:05:38.0453 1592 Mode: Manual; SigCheck; TDLFS;
12:05:38.0453 1592 ============================================================
12:05:38.0812 1592 Aavmker4 (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
12:05:38.0921 1592 Aavmker4 - ok
12:05:38.0921 1592 Abiosdsk - ok
12:05:38.0921 1592 abp480n5 - ok
12:05:38.0968 1592 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:05:39.0109 1592 ACPI - ok
12:05:39.0125 1592 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:05:39.0218 1592 ACPIEC - ok
12:05:39.0218 1592 adpu160m - ok
12:05:39.0234 1592 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:05:39.0328 1592 aec - ok
12:05:39.0359 1592 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:05:39.0390 1592 AFD - ok
12:05:39.0390 1592 Aha154x - ok
12:05:39.0390 1592 aic78u2 - ok
12:05:39.0390 1592 aic78xx - ok
12:05:39.0421 1592 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:05:39.0515 1592 Alerter - ok
12:05:39.0531 1592 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:05:39.0625 1592 ALG - ok
12:05:39.0625 1592 AliIde - ok
12:05:39.0718 1592 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
12:05:39.0765 1592 Ambfilt - ok
12:05:39.0828 1592 amsint - ok
12:05:39.0843 1592 AppMgmt - ok
12:05:39.0843 1592 asc - ok
12:05:39.0843 1592 asc3350p - ok
12:05:39.0843 1592 asc3550 - ok
12:05:39.0921 1592 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:05:39.0937 1592 aspnet_state - ok
12:05:39.0968 1592 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:05:39.0968 1592 aswFsBlk - ok
12:05:40.0000 1592 aswMon2 (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
12:05:40.0015 1592 aswMon2 - ok
12:05:40.0015 1592 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\AswRdr.sys
12:05:40.0031 1592 AswRdr - ok
12:05:40.0062 1592 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
12:05:40.0093 1592 aswSnx - ok
12:05:40.0125 1592 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
12:05:40.0156 1592 aswSP - ok
12:05:40.0171 1592 aswTdi (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
12:05:40.0171 1592 aswTdi - ok
12:05:40.0203 1592 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:05:40.0281 1592 AsyncMac - ok
12:05:40.0296 1592 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:05:40.0390 1592 atapi - ok
12:05:40.0390 1592 Atdisk - ok
12:05:40.0421 1592 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:05:40.0500 1592 Atmarpc - ok
12:05:40.0531 1592 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:05:40.0609 1592 AudioSrv - ok
12:05:40.0640 1592 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:05:40.0718 1592 audstub - ok
12:05:40.0781 1592 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:05:40.0796 1592 avast! Antivirus - ok
12:05:40.0812 1592 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:05:40.0906 1592 Beep - ok
12:05:40.0937 1592 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:05:41.0015 1592 Browser - ok
12:05:41.0046 1592 catchme - ok
12:05:41.0062 1592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:05:41.0156 1592 cbidf2k - ok
12:05:41.0156 1592 cd20xrnt - ok
12:05:41.0171 1592 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:05:41.0250 1592 Cdaudio - ok
12:05:41.0265 1592 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:05:41.0343 1592 Cdfs - ok
12:05:41.0359 1592 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:05:41.0437 1592 Cdrom - ok
12:05:41.0437 1592 Changer - ok
12:05:41.0484 1592 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:05:41.0562 1592 CiSvc - ok
12:05:41.0578 1592 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:05:41.0656 1592 ClipSrv - ok
12:05:41.0671 1592 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:05:41.0687 1592 clr_optimization_v2.0.50727_32 - ok
12:05:41.0750 1592 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:05:41.0765 1592 clr_optimization_v4.0.30319_32 - ok
12:05:41.0765 1592 CmdIde - ok
12:05:41.0765 1592 COMSysApp - ok
12:05:41.0765 1592 Cpqarray - ok
12:05:41.0796 1592 cpuz135 (3411fdf098aa20193eee5ffa36ba43b2) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
12:05:41.0796 1592 cpuz135 - ok
12:05:41.0812 1592 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:05:41.0906 1592 CryptSvc - ok
12:05:41.0906 1592 dac2w2k - ok
12:05:41.0906 1592 dac960nt - ok
12:05:41.0953 1592 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:05:41.0984 1592 DcomLaunch - ok
12:05:42.0031 1592 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:05:42.0125 1592 Dhcp - ok
12:05:42.0156 1592 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:05:42.0234 1592 Disk - ok
12:05:42.0234 1592 dmadmin - ok
12:05:42.0281 1592 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:05:42.0375 1592 dmboot - ok
12:05:42.0390 1592 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:05:42.0468 1592 dmio - ok
12:05:42.0484 1592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:05:42.0578 1592 dmload - ok
12:05:42.0593 1592 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:05:42.0671 1592 dmserver - ok
12:05:42.0687 1592 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:05:42.0781 1592 DMusic - ok
12:05:42.0812 1592 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:05:42.0859 1592 Dnscache - ok
12:05:42.0890 1592 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:05:42.0968 1592 Dot3svc - ok
12:05:42.0984 1592 dpti2o - ok
12:05:42.0984 1592 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:05:43.0062 1592 drmkaud - ok
12:05:43.0078 1592 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:05:43.0156 1592 EapHost - ok
12:05:43.0187 1592 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:05:43.0265 1592 ERSvc - ok
12:05:43.0281 1592 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:05:43.0312 1592 Eventlog - ok
12:05:43.0359 1592 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:05:43.0390 1592 EventSystem - ok
12:05:43.0406 1592 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:05:43.0500 1592 Fastfat - ok
12:05:43.0546 1592 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:05:43.0578 1592 FastUserSwitchingCompatibility - ok
12:05:43.0593 1592 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:05:43.0671 1592 Fdc - ok
12:05:43.0671 1592 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:05:43.0750 1592 Fips - ok
12:05:43.0765 1592 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:05:43.0859 1592 Flpydisk - ok
12:05:43.0890 1592 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:05:43.0968 1592 FltMgr - ok
12:05:44.0046 1592 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:05:44.0062 1592 FontCache3.0.0.0 - ok
12:05:44.0156 1592 ForceWare Intelligent Application Manager (IAM) (f2dc38c54cd1daede5852a42abd8cba8) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
12:05:44.0171 1592 ForceWare Intelligent Application Manager (IAM) - ok
12:05:44.0203 1592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:05:44.0296 1592 Fs_Rec - ok
12:05:44.0328 1592 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:05:44.0421 1592 Ftdisk - ok
12:05:44.0437 1592 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:05:44.0531 1592 Gpc - ok
12:05:44.0578 1592 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:05:44.0593 1592 gupdate - ok
12:05:44.0593 1592 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:05:44.0609 1592 gupdatem - ok
12:05:44.0625 1592 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:05:44.0703 1592 HDAudBus - ok
12:05:44.0750 1592 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:05:44.0828 1592 helpsvc - ok
12:05:44.0828 1592 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:05:44.0921 1592 HidServ - ok
12:05:44.0921 1592 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:05:45.0015 1592 hidusb - ok
12:05:45.0031 1592 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:05:45.0109 1592 hkmsvc - ok
12:05:45.0109 1592 hpn - ok
12:05:45.0156 1592 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:05:45.0171 1592 HTTP - ok
12:05:45.0203 1592 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:05:45.0296 1592 HTTPFilter - ok
12:05:45.0296 1592 i2omgmt - ok
12:05:45.0296 1592 i2omp - ok
12:05:45.0343 1592 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
12:05:45.0437 1592 i8042prt - ok
12:05:45.0484 1592 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:05:45.0515 1592 idsvc - ok
12:05:45.0546 1592 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:05:45.0640 1592 Imapi - ok
12:05:45.0671 1592 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:05:45.0750 1592 ImapiService - ok
12:05:45.0750 1592 ini910u - ok
12:05:46.0046 1592 IntcAzAudAddService (85ab23f3e4ba6696fae8beb9d434edd6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:05:46.0296 1592 IntcAzAudAddService - ok
12:05:46.0406 1592 IntelIde - ok
12:05:46.0437 1592 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:05:46.0515 1592 intelppm - ok
12:05:46.0562 1592 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:05:46.0656 1592 Ip6Fw - ok
12:05:46.0671 1592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:05:46.0750 1592 IpFilterDriver - ok
12:05:46.0765 1592 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:05:46.0859 1592 IpInIp - ok
12:05:46.0890 1592 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:05:46.0968 1592 IpNat - ok
12:05:47.0000 1592 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:05:47.0078 1592 IPSec - ok
12:05:47.0093 1592 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:05:47.0187 1592 IRENUM - ok
12:05:47.0203 1592 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:05:47.0296 1592 isapnp - ok
12:05:47.0359 1592 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
12:05:47.0375 1592 JavaQuickStarterService - ok
12:05:47.0390 1592 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:05:47.0468 1592 Kbdclass - ok
12:05:47.0484 1592 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:05:47.0562 1592 kbdhid - ok
12:05:47.0609 1592 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:05:47.0687 1592 kmixer - ok
12:05:47.0734 1592 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:05:47.0765 1592 KSecDD - ok
12:05:47.0796 1592 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:05:47.0812 1592 lanmanserver - ok
12:05:47.0859 1592 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:05:47.0875 1592 lanmanworkstation - ok
12:05:47.0875 1592 lbrtfdc - ok
12:05:47.0906 1592 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:05:47.0984 1592 LmHosts - ok
12:05:48.0015 1592 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:05:48.0093 1592 Messenger - ok
12:05:48.0109 1592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:05:48.0203 1592 mnmdd - ok
12:05:48.0218 1592 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:05:48.0296 1592 mnmsrvc - ok
12:05:48.0312 1592 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:05:48.0390 1592 Modem - ok
12:05:48.0468 1592 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
12:05:48.0500 1592 Monfilt - ok
12:05:48.0531 1592 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:05:48.0593 1592 Mouclass - ok
12:05:48.0625 1592 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:05:48.0703 1592 mouhid - ok
12:05:48.0718 1592 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:05:48.0812 1592 MountMgr - ok
12:05:48.0859 1592 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:05:48.0875 1592 MozillaMaintenance - ok
12:05:48.0875 1592 mraid35x - ok
12:05:48.0906 1592 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:05:49.0000 1592 MRxDAV - ok
12:05:49.0031 1592 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:05:49.0062 1592 MRxSmb - ok
12:05:49.0109 1592 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:05:49.0187 1592 MSDTC - ok
12:05:49.0187 1592 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:05:49.0281 1592 Msfs - ok
12:05:49.0281 1592 MSIServer - ok
12:05:49.0296 1592 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:05:49.0375 1592 MSKSSRV - ok
12:05:49.0375 1592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:05:49.0468 1592 MSPCLOCK - ok
12:05:49.0468 1592 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:05:49.0546 1592 MSPQM - ok
12:05:49.0578 1592 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:05:49.0640 1592 mssmbios - ok
12:05:49.0671 1592 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:05:49.0671 1592 Mup - ok
12:05:49.0703 1592 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:05:49.0796 1592 napagent - ok
12:05:49.0796 1592 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:05:49.0890 1592 NDIS - ok
12:05:49.0906 1592 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:05:49.0921 1592 NdisTapi - ok
12:05:49.0921 1592 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:05:50.0000 1592 Ndisuio - ok
12:05:50.0015 1592 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:05:50.0109 1592 NdisWan - ok
12:05:50.0140 1592 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:05:50.0156 1592 NDProxy - ok
12:05:50.0171 1592 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:05:50.0234 1592 NetBIOS - ok
12:05:50.0265 1592 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:05:50.0343 1592 NetBT - ok
12:05:50.0375 1592 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:05:50.0453 1592 NetDDE - ok
12:05:50.0453 1592 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:05:50.0531 1592 NetDDEdsdm - ok
12:05:50.0546 1592 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:05:50.0625 1592 Netlogon - ok
12:05:50.0656 1592 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:05:50.0750 1592 Netman - ok
12:05:50.0796 1592 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:05:50.0812 1592 NetTcpPortSharing - ok
12:05:50.0843 1592 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:05:50.0890 1592 Nla - ok
12:05:50.0968 1592 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files\CDBurnerXP\NMSAccessU.exe
12:05:50.0968 1592 NMSAccess - ok
12:05:50.0984 1592 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:05:51.0062 1592 Npfs - ok
12:05:51.0140 1592 nSvcIp (cd12196ec247e48f50862ced2ec65e90) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
12:05:51.0156 1592 nSvcIp - ok
12:05:51.0171 1592 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:05:51.0265 1592 Ntfs - ok
12:05:51.0265 1592 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:05:51.0343 1592 NtLmSsp - ok
12:05:51.0375 1592 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:05:51.0468 1592 NtmsSvc - ok
12:05:51.0484 1592 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:05:51.0562 1592 Null - ok
12:05:52.0171 1592 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:05:52.0531 1592 nv - ok
12:05:52.0640 1592 NVENETFD (85f2ffe9aa05487c7e48503b0c336d70) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:05:52.0656 1592 NVENETFD - ok
12:05:52.0656 1592 nvnetbus (683ed64f70cb63c8ea84657e45a66974) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:05:52.0671 1592 nvnetbus - ok
12:05:52.0703 1592 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
12:05:52.0734 1592 NVSvc - ok
12:05:52.0828 1592 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:05:52.0921 1592 nvUpdatusService - ok
12:05:53.0015 1592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:05:53.0109 1592 NwlnkFlt - ok
12:05:53.0109 1592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:05:53.0203 1592 NwlnkFwd - ok
12:05:53.0234 1592 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:05:53.0328 1592 Parport - ok
12:05:53.0343 1592 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:05:53.0421 1592 PartMgr - ok
12:05:53.0437 1592 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:05:53.0531 1592 ParVdm - ok
12:05:53.0531 1592 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:05:53.0609 1592 PCI - ok
12:05:53.0625 1592 PCIDump - ok
12:05:53.0640 1592 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:05:53.0734 1592 PCIIde - ok
12:05:53.0750 1592 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:05:53.0843 1592 Pcmcia - ok
12:05:53.0843 1592 PDCOMP - ok
12:05:53.0843 1592 PDFRAME - ok
12:05:53.0843 1592 PDRELI - ok
12:05:53.0859 1592 PDRFRAME - ok
12:05:53.0859 1592 perc2 - ok
12:05:53.0859 1592 perc2hib - ok
12:05:53.0890 1592 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:05:53.0921 1592 PlugPlay - ok
12:05:53.0984 1592 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:05:54.0062 1592 PolicyAgent - ok
12:05:54.0093 1592 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:05:54.0187 1592 PptpMiniport - ok
12:05:54.0187 1592 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:05:54.0265 1592 ProtectedStorage - ok
12:05:54.0265 1592 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:05:54.0343 1592 PSched - ok
12:05:54.0359 1592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:05:54.0453 1592 Ptilink - ok
12:05:54.0453 1592 ql1080 - ok
12:05:54.0453 1592 Ql10wnt - ok
12:05:54.0468 1592 ql12160 - ok
12:05:54.0468 1592 ql1240 - ok
12:05:54.0468 1592 ql1280 - ok
12:05:54.0484 1592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:05:54.0562 1592 RasAcd - ok
12:05:54.0578 1592 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:05:54.0671 1592 RasAuto - ok
12:05:54.0703 1592 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:05:54.0765 1592 Rasl2tp - ok
12:05:54.0812 1592 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:05:54.0890 1592 RasMan - ok
12:05:54.0906 1592 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:05:54.0984 1592 RasPppoe - ok
12:05:55.0000 1592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:05:55.0093 1592 Raspti - ok
12:05:55.0109 1592 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:05:55.0187 1592 Rdbss - ok
12:05:55.0203 1592 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:05:55.0296 1592 RDPCDD - ok
12:05:55.0328 1592 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
12:05:55.0343 1592 RDPWD - ok
12:05:55.0375 1592 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:05:55.0453 1592 RDSessMgr - ok
12:05:55.0484 1592 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:05:55.0578 1592 redbook - ok
12:05:55.0593 1592 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:05:55.0671 1592 RemoteAccess - ok
12:05:55.0703 1592 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:05:55.0765 1592 RpcLocator - ok
12:05:55.0812 1592 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
12:05:55.0843 1592 RpcSs - ok
12:05:55.0875 1592 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:05:55.0968 1592 RSVP - ok
12:05:56.0000 1592 RzSynapse (2e2f0d988f6d46e5e5e84d9fcad39081) C:\WINDOWS\system32\DRIVERS\RzSynapse.sys
12:05:56.0015 1592 RzSynapse - ok
12:05:56.0031 1592 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:05:56.0109 1592 SamSs - ok
12:05:56.0125 1592 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:05:56.0234 1592 SCardSvr - ok
12:05:56.0265 1592 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:05:56.0343 1592 Schedule - ok
12:05:56.0375 1592 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:05:56.0437 1592 Secdrv - ok
12:05:56.0468 1592 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:05:56.0531 1592 seclogon - ok
12:05:56.0546 1592 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:05:56.0625 1592 SENS - ok
12:05:56.0640 1592 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:05:56.0718 1592 serenum - ok
12:05:56.0750 1592 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:05:56.0843 1592 Serial - ok
12:05:56.0859 1592 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:05:56.0937 1592 Sfloppy - ok
12:05:56.0953 1592 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:05:57.0046 1592 SharedAccess - ok
12:05:57.0078 1592 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:05:57.0093 1592 ShellHWDetection - ok
12:05:57.0093 1592 Simbad - ok
12:05:57.0093 1592 Sparrow - ok
12:05:57.0125 1592 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:05:57.0187 1592 splitter - ok
12:05:57.0218 1592 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:05:57.0234 1592 Spooler - ok
12:05:57.0250 1592 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:05:57.0343 1592 sr - ok
12:05:57.0343 1592 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:05:57.0437 1592 srservice - ok
12:05:57.0468 1592 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:05:57.0515 1592 Srv - ok
12:05:57.0546 1592 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:05:57.0640 1592 SSDPSRV - ok
12:05:57.0656 1592 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
12:05:57.0671 1592 StarOpen ( UnsignedFile.Multi.Generic ) - warning
12:05:57.0671 1592 StarOpen - detected UnsignedFile.Multi.Generic (1)
12:05:57.0703 1592 Steam Client Service - ok
12:05:57.0734 1592 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:05:57.0828 1592 stisvc - ok
12:05:57.0843 1592 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:05:57.0937 1592 swenum - ok
12:05:57.0953 1592 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:05:58.0015 1592 swmidi - ok
12:05:58.0031 1592 SwPrv - ok
12:05:58.0031 1592 symc810 - ok
12:05:58.0031 1592 symc8xx - ok
12:05:58.0031 1592 sym_hi - ok
12:05:58.0031 1592 sym_u3 - ok
12:05:58.0046 1592 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:05:58.0125 1592 sysaudio - ok
12:05:58.0156 1592 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:05:58.0234 1592 SysmonLog - ok
12:05:58.0265 1592 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:05:58.0359 1592 TapiSrv - ok
12:05:58.0390 1592 TarFltr (3f92b6b36f2ef23da1fa44874294785c) C:\WINDOWS\system32\Drivers\UsbFltr.sys
12:05:58.0421 1592 TarFltr - ok
12:05:58.0468 1592 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:05:58.0500 1592 Tcpip - ok
12:05:58.0531 1592 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:05:58.0625 1592 TDPIPE - ok
12:05:58.0640 1592 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:05:58.0718 1592 TDTCP - ok
12:05:58.0750 1592 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:05:58.0843 1592 TermDD - ok
12:05:58.0875 1592 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:05:58.0984 1592 TermService - ok
12:05:59.0000 1592 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:05:59.0015 1592 Themes - ok
12:05:59.0015 1592 TosIde - ok
12:05:59.0015 1592 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:05:59.0125 1592 TrkWks - ok
12:05:59.0140 1592 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:05:59.0218 1592 Udfs - ok
12:05:59.0218 1592 ultra - ok
12:05:59.0250 1592 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:05:59.0328 1592 Update - ok
12:05:59.0343 1592 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:05:59.0437 1592 upnphost - ok
12:05:59.0453 1592 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:05:59.0531 1592 UPS - ok
12:05:59.0562 1592 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:05:59.0656 1592 usbccgp - ok
12:05:59.0671 1592 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:05:59.0750 1592 usbehci - ok
12:05:59.0750 1592 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:05:59.0843 1592 usbhub - ok
12:05:59.0859 1592 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:05:59.0937 1592 usbohci - ok
12:05:59.0937 1592 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:06:00.0015 1592 USBSTOR - ok
12:06:00.0031 1592 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:06:00.0125 1592 VgaSave - ok
12:06:00.0125 1592 ViaIde - ok
12:06:00.0140 1592 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:06:00.0203 1592 VolSnap - ok
12:06:00.0234 1592 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:06:00.0312 1592 VSS - ok
12:06:00.0343 1592 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:06:00.0437 1592 W32Time - ok
12:06:00.0453 1592 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:06:00.0515 1592 Wanarp - ok
12:06:00.0562 1592 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:06:00.0593 1592 Wdf01000 - ok
12:06:00.0593 1592 WDICA - ok
12:06:00.0625 1592 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:06:00.0703 1592 wdmaud - ok
12:06:00.0703 1592 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:06:00.0796 1592 WebClient - ok
12:06:00.0859 1592 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:06:00.0937 1592 winmgmt - ok
12:06:00.0968 1592 WinRing0_1_2_0 (845af1ba23c8d5e64def61bcc441604c) C:\Program Files\RealTemp_360\WinRing0.sys
12:06:00.0984 1592 WinRing0_1_2_0 - ok
12:06:01.0062 1592 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:06:01.0109 1592 wlidsvc - ok
12:06:01.0203 1592 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:06:01.0218 1592 WmdmPmSN - ok
12:06:01.0250 1592 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:06:01.0343 1592 WmiApSrv - ok
12:06:01.0421 1592 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:06:01.0453 1592 WMPNetworkSvc - ok
12:06:01.0562 1592 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:06:01.0593 1592 WPFFontCache_v0400 - ok
12:06:01.0671 1592 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:06:01.0765 1592 WS2IFSL - ok
12:06:01.0796 1592 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
12:06:01.0875 1592 wscsvc - ok
12:06:01.0890 1592 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:06:01.0968 1592 wuauserv - ok
12:06:02.0000 1592 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:06:02.0000 1592 WudfPf - ok
12:06:02.0015 1592 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:06:02.0031 1592 WudfRd - ok
12:06:02.0046 1592 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:06:02.0078 1592 WudfSvc - ok
12:06:02.0125 1592 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:06:02.0218 1592 WZCSVC - ok
12:06:02.0234 1592 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:06:02.0312 1592 xmlprov - ok
12:06:02.0328 1592 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:06:02.0656 1592 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:06:02.0656 1592 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:06:02.0656 1592 Boot (0x1200) (f15c257fdb06c54d59f32454a9c0116b) \Device\Harddisk0\DR0\Partition0
12:06:02.0656 1592 \Device\Harddisk0\DR0\Partition0 - ok
12:06:02.0656 1592 ============================================================
12:06:02.0656 1592 Scan finished
12:06:02.0656 1592 ============================================================
12:06:02.0765 2456 Detected object count: 2
12:06:02.0765 2456 Actual detected object count: 2
12:06:12.0109 2456 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
12:06:12.0109 2456 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:06:12.0109 2456 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
12:06:12.0125 2456 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
12:06:13.0953 2456 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
12:06:13.0953 2456 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:06:14.0000 2456 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:06:14.0046 2456 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:06:14.0140 2456 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:06:14.0171 2456 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
12:06:14.0171 2456 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
12:06:14.0187 2456 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
12:06:14.0187 2456 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:06:14.0296 2456 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:06:14.0359 2456 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
12:06:14.0359 2456 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
12:06:14.0359 2456 \Device\Harddisk0\DR0\TDLFS - deleted
12:06:14.0359 2456 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
  • 0

#15
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Thanks for the note the file it hit was in quarantine so we are safe! :thumbsup:

Now we need to do a few repairs:

Step 1.

Download the attached reg file
Right click and select "Save Target As..." to your desktop
Right click the file and select merge
Reboot..
Attached File  wuauserv.reg   3.47KB   33 downloads

Step 2.

Click Start >> Run >> type services.msc >> click OK


Now in the list look for Background Intelligent Transfer Service.

Right click on Background Intelligent Transfer Service.
Click on Properties.

In the window that comes up you will see:

Startup type: (Select Automatic)

Service status is Stopped so click the Start button and Service status: display Started
Click OK to close.


Step 3.

Rerun Farbar Services Scanner with all boxes checked and post FSS.txt
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP