Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help with Alureon-K rootkit and other possible infections (SlowPC

Started by scoobysnack2012 , Aug 26 2012 07:09 PM

  • This topic is locked This topic is locked

#1
scoobysnack2012
Posted 26 August 2012 - 07:09 PM

scoobysnack2012

    New Member

  • Member
  • Pip
  • 4 posts
I have my brother-in-law's computer and it seems to be infected by the Alureon-K rootkit and some other viruses.

Symptoms are slow/sluggish, random shut-downs, pop-ups (slow pc fighter). Avast will pop-up showing "rootkit found" in location MBR:\\PHYSICALDRIVE0\Partition3 and will then perform a boot scan. It will find multiple items, the Alureon thing it shows as deleting, but it will always come back upon boot-up. It also finds the SlowPCFighter thing, but comes up with an error when trying to delete.

I ran OTL, but under normal XP boot-up it would freeze-up during the "checking Firefox settings", so I tried using it in safe mode and it did work and those logs are included below, the regular log as well as the extra it saved.

I don't have this machine hooked up network wise, but can use other machines to download any items required and to post any further logs needed.

Thanks in advance for any help, it's much appreciated, and other info I can help with, just let me know.



OTL logfile created on: 8/27/2012 8:10:52 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Administrator.HOME-8908F1FABE\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.48 Mb Total Physical Memory | 386.16 Mb Available Physical Memory | 76.70% Memory free
843.42 Mb Paging File | 783.53 Mb Available in Paging File | 92.90% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.20 Gb Total Space | 22.62 Gb Free Space | 66.15% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.04 Gb Free Space | 81.31% Space Free | Partition Type: FAT32
Drive H: | 4.08 Gb Total Space | 3.85 Gb Free Space | 94.33% Space Free | Partition Type: NTFS

Computer Name: HOME-8908F1FABE | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/26 19:31:44 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.HOME-8908F1FABE\Desktop\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/09/02 09:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Sacm2A.sys -- (USBCM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UNDPX2A.SYS -- (UNDPX2A)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\szkgfs.sys -- (szkgfs)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\STV680.sys -- (STV680)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\is3srv.sys -- (is3srv)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\spfc.sys -- (gtbwyifa)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avfsfilter.sys -- (AVFSFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AGRSM.sys -- (AgereSoftModem)
DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 12:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 12:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/04 10:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- H:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/09/23 03:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2002/02/11 13:13:36 | 000,009,024 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stv680m.sys -- (STV680m)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\2.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/18 00:21:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: H:\Program Files\Mozilla Firefox\components [2012/05/05 14:35:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: H:\Program Files\Mozilla Firefox\plugins [2011/09/17 00:08:36 | 000,000,000 | ---D | M]

[2010/10/24 06:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.HOME-8908F1FABE\Application Data\Mozilla\Extensions
[2011/11/06 12:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.HOME-8908F1FABE\Application Data\Mozilla\Firefox\Profiles\qoeua4p5.default\extensions
[2010/10/24 06:40:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator.HOME-8908F1FABE\Application Data\Mozilla\Firefox\Profiles\qoeua4p5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/06 12:43:39 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Documents and Settings\Administrator.HOME-8908F1FABE\Application Data\Mozilla\Firefox\Profiles\qoeua4p5.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}

O1 HOSTS File: ([2010/06/14 01:16:57 | 000,000,734 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Pricebum) - {B12C5F4B-B652-4096-BB0B-969871796CFD} - C:\Program Files\Pricebum\Pricebum_ie1.1.dll ()
O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL File not found
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [WinPatrol] H:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F349027-3C66-43E8-8174-37B7F82BE488}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\video/x-flv - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/29 14:09:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/27 20:10:35 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.HOME-8908F1FABE\Desktop\OTL.exe
[2012/08/01 22:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/08/01 22:14:18 | 000,353,688 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/08/01 22:14:18 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/08/01 22:14:13 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/08/01 22:14:13 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/08/01 22:14:12 | 000,721,000 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/08/01 22:14:10 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/08/01 22:14:10 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/08/01 22:14:10 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/27 20:09:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/27 20:09:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/27 20:08:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F03A4923-A27A-482F-A53E-7C4BB1AC769C}.job
[2012/08/27 20:04:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/08/27 19:56:39 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/26 19:31:44 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.HOME-8908F1FABE\Desktop\OTL.exe
[2012/08/18 00:21:50 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/08/17 21:53:07 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/01 22:14:19 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/07/31 23:58:35 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/01 22:14:19 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/07/31 23:58:35 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/05 23:58:11 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/07 21:39:47 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/07 21:39:47 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/19 17:23:47 | 000,000,028 | ---- | C] () -- C:\WINDOWS\tmp5610210.exe
[2011/03/19 12:21:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\tmp5645610210.exe
[2010/10/28 16:56:18 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/10/28 15:04:43 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/10/28 15:02:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/10/24 06:38:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

========== LOP Check ==========

[2010/10/24 05:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.HOME-8908F1FABE\Application Data\Uniblue
[2010/10/24 06:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.HOME-8908F1FABE\Application Data\WinPatrol
[2010/10/24 14:34:20 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\050500f
[2012/01/07 21:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\111F
[2010/10/24 08:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/07/22 14:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/11/07 12:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/08/01 01:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\clp
[2012/06/17 11:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Toolkit Suite
[2012/08/01 22:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2011/11/06 12:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iMesh
[2010/06/02 18:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/10/24 06:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/06/10 16:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/06/03 11:29:39 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SMBSBFAV
[2010/10/24 06:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/11/06 13:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2011/12/22 12:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/10/24 05:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/09 19:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/11/06 12:44:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{168F2BF3-5528-4D9C-A12E-B02CA5A44257}
[2010/12/02 19:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/02/10 14:21:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2011/11/19 12:11:22 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/08/27 20:04:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/11/19 12:13:38 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\SLOW-PCfighter-Bettsy - Dave-Startup.job
[2012/08/27 20:08:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F03A4923-A27A-482F-A53E-7C4BB1AC769C}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >



OTL Extras logfile created on: 8/27/2012 8:10:53 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Administrator.HOME-8908F1FABE\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.48 Mb Total Physical Memory | 386.16 Mb Available Physical Memory | 76.70% Memory free
843.42 Mb Paging File | 783.53 Mb Available in Paging File | 92.90% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.20 Gb Total Space | 22.62 Gb Free Space | 66.15% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.04 Gb Free Space | 81.31% Space Free | Partition Type: FAT32
Drive H: | 4.08 Gb Total Space | 3.85 Gb Free Space | 94.33% Space Free | Partition Type: NTFS

Computer Name: HOME-8908F1FABE | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- H:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "H:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "H:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "H:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "H:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "H:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\050500f\SM0505.exe" = C:\Documents and Settings\All Users\Application Data\050500f\SM0505.exe:*:Enabled:Security Master AV
"C:\Documents and Settings\Bettsy - Dave\My Documents\Downloads\facebook-pic00049859501982.exe" = c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Oracle)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)
"C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker
"C:\Program Files\FrostWire 5\FrostWire.exe" = C:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c6c214df-2922-4809-94aa-f4d67d4451ec}" = Music Oasis
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"iMesh" = iMesh
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"Orbit_is1" = Orbit Downloader
"Pricebum" = Pricebum 1.1
"Search Toolbar" = Search Toolbar
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/5/2012 2:41:24 PM | Computer Name = HOME-8908F1FABE | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 8556, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 5/5/2012 2:41:24 PM | Computer Name = HOME-8908F1FABE | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 5/5/2012 2:41:27 PM | Computer Name = HOME-8908F1FABE | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 8556, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

[ System Events ]
Error - 8/27/2012 7:44:31 PM | Computer Name = HOME-8908F1FABE | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 8/27/2012 8:09:49 PM | Computer Name = HOME-8908F1FABE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 8/27/2012 8:09:51 PM | Computer Name = HOME-8908F1FABE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/27/2012 8:10:14 PM | Computer Name = HOME-8908F1FABE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/27/2012 8:10:36 PM | Computer Name = HOME-8908F1FABE | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 8/27/2012 8:10:36 PM | Computer Name = HOME-8908F1FABE | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 8/27/2012 8:10:36 PM | Computer Name = HOME-8908F1FABE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service
service to connect.

Error - 8/27/2012 8:10:36 PM | Computer Name = HOME-8908F1FABE | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%1053

Error - 8/27/2012 8:10:36 PM | Computer Name = HOME-8908F1FABE | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 8/27/2012 8:10:36 PM | Computer Name = HOME-8908F1FABE | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31


< End of report >
  • 0

Advertisements

#2
ali.B
Posted 26 August 2012 - 11:42 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi :welcome:

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.


Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.



Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Things I would like to see in your reply:
  • TDSSKiller log
  • Combofix log

  • 0

#3
scoobysnack2012
Posted 27 August 2012 - 07:01 PM

scoobysnack2012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for your response. I was able to run both and their logs are below. The only issue was the computer wasn't hooked up to the network so ComboFix couldn't install the "windows recovery console", but it did continue to scan and produce a log. I can hook it up so it's able to download if it's needed to run again, but will await next instructions to see if that is required.




20:03:36.0218 2760 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:03:36.0375 2760 ============================================================
20:03:36.0375 2760 Current date / time: 2012/08/28 20:03:36.0375
20:03:36.0375 2760 SystemInfo:
20:03:36.0375 2760
20:03:36.0375 2760 OS Version: 5.1.2600 ServicePack: 3.0
20:03:36.0375 2760 Product type: Workstation
20:03:36.0375 2760 ComputerName: HOME-8908F1FABE
20:03:36.0375 2760 UserName: Bettsy - Dave
20:03:36.0375 2760 Windows directory: C:\WINDOWS
20:03:36.0375 2760 System windows directory: C:\WINDOWS
20:03:36.0375 2760 Processor architecture: Intel x86
20:03:36.0375 2760 Number of processors: 1
20:03:36.0390 2760 Page size: 0x1000
20:03:36.0390 2760 Boot type: Normal boot
20:03:36.0390 2760 ============================================================
20:03:38.0718 2760 Drive \Device\Harddisk0\DR0 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x14BE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
20:03:38.0953 2760 Drive \Device\Harddisk5\DR12 - Size: 0xEFE80000 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:03:38.0953 2760 ============================================================
20:03:38.0953 2760 \Device\Harddisk0\DR0:
20:03:38.0953 2760 MBR partitions:
20:03:38.0953 2760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x829521
20:03:38.0953 2760 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x829560, BlocksNum 0x4464570
20:03:38.0953 2760 \Device\Harddisk5\DR12:
20:03:38.0953 2760 MBR partitions:
20:03:38.0953 2760 \Device\Harddisk5\DR12\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x77B900
20:03:38.0953 2760 ============================================================
20:03:39.0015 2760 C: <-> \Device\Harddisk0\DR0\Partition2
20:03:39.0062 2760 H: <-> \Device\Harddisk0\DR0\Partition1
20:03:39.0062 2760 ============================================================
20:03:39.0062 2760 Initialize success
20:03:39.0062 2760 ============================================================
20:04:46.0750 2788 ============================================================
20:04:46.0750 2788 Scan started
20:04:46.0750 2788 Mode: Manual; SigCheck; TDLFS;
20:04:46.0750 2788 ============================================================
20:04:47.0171 2788 ================ Scan system memory ========================
20:04:47.0171 2788 System memory - ok
20:04:47.0203 2788 ================ Scan services =============================
20:04:47.0531 2788 [ 0B27AE82C113D3687024D18459440426 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
20:04:47.0921 2788 Aavmker4 - ok
20:04:47.0953 2788 Abiosdsk - ok
20:04:48.0000 2788 abp480n5 - ok
20:04:48.0078 2788 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:04:50.0750 2788 ACPI - ok
20:04:50.0843 2788 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:04:51.0218 2788 ACPIEC - ok
20:04:51.0250 2788 adpu160m - ok
20:04:51.0390 2788 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:04:51.0640 2788 aec - ok
20:04:51.0765 2788 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:04:51.0906 2788 AFD - ok
20:04:51.0937 2788 AgereSoftModem - ok
20:04:51.0968 2788 Aha154x - ok
20:04:52.0015 2788 aic78u2 - ok
20:04:52.0046 2788 aic78xx - ok
20:04:52.0781 2788 [ DD8520280304B6145A6BE31008748C7C ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
20:04:54.0140 2788 ALCXWDM - ok
20:04:54.0187 2788 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:04:54.0421 2788 Alerter - ok
20:04:54.0484 2788 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:04:54.0734 2788 ALG - ok
20:04:54.0750 2788 AliIde - ok
20:04:54.0781 2788 amsint - ok
20:04:55.0125 2788 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:04:55.0140 2788 Apple Mobile Device - ok
20:04:55.0265 2788 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:04:55.0531 2788 AppMgmt - ok
20:04:55.0546 2788 asc - ok
20:04:55.0578 2788 asc3350p - ok
20:04:55.0609 2788 asc3550 - ok
20:04:55.0859 2788 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:04:56.0125 2788 aspnet_state - ok
20:04:56.0203 2788 [ 1C1F3D6DDDC046C920C493A779649F66 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:04:56.0218 2788 aswFsBlk - ok
20:04:56.0312 2788 [ 9E912FE7B41650701EF2B227ACA440F3 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
20:04:56.0343 2788 aswMon2 - ok
20:04:56.0390 2788 [ 982E275D1C5801042FE94209FB0160FB ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
20:04:56.0406 2788 aswRdr - ok
20:04:56.0468 2788 [ 73DBCF808E00580F2A47F93DD9B03876 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
20:04:56.0500 2788 aswSnx - ok
20:04:56.0578 2788 [ 6CBD7D3A33F498D09C831CDD732DA2E0 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
20:04:56.0656 2788 aswSP - ok
20:04:56.0718 2788 [ 7109A9AA551F37CD168C02368465957E ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
20:04:56.0734 2788 aswTdi - ok
20:04:56.0843 2788 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:04:57.0046 2788 AsyncMac - ok
20:04:57.0093 2788 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:04:57.0296 2788 atapi - ok
20:04:57.0312 2788 Atdisk - ok
20:04:57.0375 2788 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:04:57.0593 2788 Atmarpc - ok
20:04:57.0640 2788 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:04:57.0859 2788 AudioSrv - ok
20:04:57.0953 2788 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:04:58.0156 2788 audstub - ok
20:04:58.0296 2788 [ 2F7C0F3E39C45E0127FB78B2F18A41F3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:04:58.0312 2788 avast! Antivirus - ok
20:04:58.0328 2788 AVFSFilter - ok
20:04:58.0437 2788 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:04:58.0671 2788 Beep - ok
20:04:58.0796 2788 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:04:59.0109 2788 BITS - ok
20:04:59.0328 2788 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:04:59.0390 2788 Bonjour Service - ok
20:04:59.0453 2788 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
20:04:59.0656 2788 Browser - ok
20:04:59.0703 2788 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:04:59.0937 2788 cbidf2k - ok
20:04:59.0984 2788 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:05:00.0171 2788 CCDECODE - ok
20:05:00.0203 2788 cd20xrnt - ok
20:05:00.0250 2788 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:05:00.0546 2788 Cdaudio - ok
20:05:00.0609 2788 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:05:00.0796 2788 Cdfs - ok
20:05:00.0875 2788 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:05:01.0093 2788 Cdrom - ok
20:05:01.0140 2788 Changer - ok
20:05:01.0234 2788 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:05:01.0453 2788 CiSvc - ok
20:05:01.0500 2788 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:05:01.0703 2788 ClipSrv - ok
20:05:01.0781 2788 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:05:02.0328 2788 clr_optimization_v2.0.50727_32 - ok
20:05:02.0343 2788 CmdIde - ok
20:05:02.0375 2788 COMSysApp - ok
20:05:02.0437 2788 Cpqarray - ok
20:05:02.0531 2788 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:05:02.0765 2788 CryptSvc - ok
20:05:02.0796 2788 dac2w2k - ok
20:05:02.0843 2788 dac960nt - ok
20:05:03.0062 2788 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:05:03.0218 2788 DcomLaunch - ok
20:05:03.0296 2788 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:05:03.0546 2788 Dhcp - ok
20:05:03.0656 2788 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:05:03.0859 2788 Disk - ok
20:05:03.0906 2788 dmadmin - ok
20:05:04.0015 2788 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:05:04.0312 2788 dmboot - ok
20:05:04.0375 2788 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:05:04.0593 2788 dmio - ok
20:05:04.0671 2788 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:05:04.0890 2788 dmload - ok
20:05:04.0984 2788 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:05:05.0187 2788 dmserver - ok
20:05:05.0265 2788 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:05:05.0484 2788 DMusic - ok
20:05:05.0578 2788 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:05:05.0812 2788 Dnscache - ok
20:05:05.0906 2788 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:05:06.0140 2788 Dot3svc - ok
20:05:06.0187 2788 dpti2o - ok
20:05:06.0265 2788 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:05:06.0468 2788 drmkaud - ok
20:05:06.0531 2788 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:05:06.0734 2788 EapHost - ok
20:05:06.0796 2788 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:05:07.0000 2788 ERSvc - ok
20:05:07.0062 2788 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:05:07.0140 2788 Eventlog - ok
20:05:07.0265 2788 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:05:07.0312 2788 EventSystem - ok
20:05:07.0390 2788 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:05:07.0593 2788 Fastfat - ok
20:05:07.0671 2788 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:05:07.0750 2788 FastUserSwitchingCompatibility - ok
20:05:07.0812 2788 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
20:05:08.0015 2788 Fdc - ok
20:05:08.0062 2788 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:05:08.0265 2788 Fips - ok
20:05:08.0328 2788 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:05:08.0546 2788 Flpydisk - ok
20:05:08.0625 2788 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:05:08.0812 2788 FltMgr - ok
20:05:08.0921 2788 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:05:08.0937 2788 FontCache3.0.0.0 - ok
20:05:09.0000 2788 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:05:09.0234 2788 Fs_Rec - ok
20:05:09.0343 2788 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:05:09.0578 2788 Ftdisk - ok
20:05:09.0656 2788 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:05:09.0656 2788 GEARAspiWDM - ok
20:05:09.0734 2788 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:05:09.0921 2788 Gpc - ok
20:05:09.0953 2788 gtbwyifa - ok
20:05:10.0125 2788 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:05:10.0140 2788 gupdate - ok
20:05:10.0156 2788 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:05:10.0187 2788 gupdatem - ok
20:05:10.0281 2788 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:05:10.0484 2788 helpsvc - ok
20:05:10.0562 2788 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:05:10.0765 2788 HidServ - ok
20:05:10.0859 2788 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:05:11.0031 2788 hidusb - ok
20:05:11.0109 2788 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:05:11.0312 2788 hkmsvc - ok
20:05:11.0343 2788 hpn - ok
20:05:11.0515 2788 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:05:11.0640 2788 HTTP - ok
20:05:11.0750 2788 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:05:11.0984 2788 HTTPFilter - ok
20:05:12.0015 2788 i2omgmt - ok
20:05:12.0062 2788 i2omp - ok
20:05:12.0125 2788 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:05:12.0312 2788 i8042prt - ok
20:05:12.0437 2788 [ 0ACEBB31989CBF9A5663FE4A33D28D21 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:05:12.0531 2788 ialm ( UnsignedFile.Multi.Generic ) - warning
20:05:12.0531 2788 ialm - detected UnsignedFile.Multi.Generic (1)
20:05:12.0765 2788 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:05:13.0109 2788 idsvc - ok
20:05:13.0187 2788 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:05:13.0390 2788 Imapi - ok
20:05:13.0484 2788 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:05:13.0687 2788 ImapiService - ok
20:05:13.0750 2788 ini910u - ok
20:05:13.0843 2788 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:05:14.0062 2788 IntelIde - ok
20:05:14.0156 2788 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:05:14.0343 2788 intelppm - ok
20:05:14.0390 2788 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:05:14.0578 2788 Ip6Fw - ok
20:05:14.0640 2788 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:05:14.0859 2788 IpFilterDriver - ok
20:05:14.0890 2788 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:05:15.0046 2788 IpInIp - ok
20:05:15.0187 2788 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:05:15.0390 2788 IpNat - ok
20:05:15.0546 2788 [ 49918803B661367023BF325CF602AFDC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:05:15.0640 2788 iPod Service - ok
20:05:15.0734 2788 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:05:15.0937 2788 IPSec - ok
20:05:16.0000 2788 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:05:16.0218 2788 IRENUM - ok
20:05:16.0250 2788 is3srv - ok
20:05:16.0312 2788 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:05:16.0515 2788 isapnp - ok
20:05:16.0781 2788 [ E4AE0CBC0B55A5FAA6996E38CE6C981B ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:05:16.0875 2788 JavaQuickStarterService - ok
20:05:16.0890 2788 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:05:17.0093 2788 Kbdclass - ok
20:05:17.0187 2788 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:05:17.0359 2788 kbdhid - ok
20:05:17.0406 2788 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:05:17.0609 2788 kmixer - ok
20:05:17.0734 2788 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:05:17.0796 2788 KSecDD - ok
20:05:17.0843 2788 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:05:17.0937 2788 lanmanserver - ok
20:05:18.0062 2788 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:05:18.0171 2788 lanmanworkstation - ok
20:05:18.0875 2788 [ ED60FFD305AC0424920D146DB9F9ED78 ] Lavasoft Ad-Aware Service H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
20:05:20.0671 2788 Lavasoft Ad-Aware Service - ok
20:05:20.0718 2788 [ 6C4A3804510AD8E0F0C07B5BE3D44DDB ] Lavasoft Kernexplorer H:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
20:05:20.0765 2788 Lavasoft Kernexplorer - ok
20:05:20.0828 2788 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
20:05:20.0843 2788 Lbd - ok
20:05:20.0859 2788 lbrtfdc - ok
20:05:21.0000 2788 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:05:21.0218 2788 LmHosts - ok
20:05:21.0343 2788 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
20:05:21.0390 2788 McComponentHostService - ok
20:05:21.0468 2788 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:05:21.0671 2788 Messenger - ok
20:05:21.0750 2788 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:05:21.0984 2788 mnmdd - ok
20:05:22.0078 2788 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:05:22.0296 2788 mnmsrvc - ok
20:05:22.0359 2788 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:05:22.0562 2788 Modem - ok
20:05:22.0625 2788 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:05:22.0812 2788 Mouclass - ok
20:05:22.0859 2788 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:05:23.0093 2788 mouhid - ok
20:05:23.0140 2788 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:05:23.0312 2788 MountMgr - ok
20:05:23.0343 2788 mraid35x - ok
20:05:23.0468 2788 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:05:23.0703 2788 MRxDAV - ok
20:05:23.0875 2788 [ F3AEFB11ABC521122B67095044169E98 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:05:23.0953 2788 MRxSmb - ok
20:05:24.0046 2788 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:05:24.0265 2788 MSDTC - ok
20:05:24.0328 2788 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:05:24.0531 2788 Msfs - ok
20:05:24.0578 2788 MSIServer - ok
20:05:24.0687 2788 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:05:24.0859 2788 MSKSSRV - ok
20:05:24.0906 2788 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:05:25.0109 2788 MSPCLOCK - ok
20:05:25.0171 2788 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:05:25.0375 2788 MSPQM - ok
20:05:25.0468 2788 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:05:25.0656 2788 mssmbios - ok
20:05:25.0718 2788 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:05:25.0921 2788 MSTEE - ok
20:05:25.0984 2788 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:05:26.0187 2788 Mup - ok
20:05:26.0265 2788 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:05:26.0453 2788 NABTSFEC - ok
20:05:26.0656 2788 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:05:26.0921 2788 napagent - ok
20:05:27.0062 2788 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:05:27.0265 2788 NDIS - ok
20:05:27.0328 2788 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:05:27.0515 2788 NdisIP - ok
20:05:27.0562 2788 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:05:27.0750 2788 NdisTapi - ok
20:05:27.0812 2788 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:05:28.0000 2788 Ndisuio - ok
20:05:28.0046 2788 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:05:28.0250 2788 NdisWan - ok
20:05:28.0296 2788 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:05:28.0343 2788 NDProxy - ok
20:05:28.0437 2788 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:05:28.0609 2788 NetBIOS - ok
20:05:28.0718 2788 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:05:28.0968 2788 NetBT - ok
20:05:29.0046 2788 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:05:29.0265 2788 NetDDE - ok
20:05:29.0281 2788 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:05:29.0484 2788 NetDDEdsdm - ok
20:05:29.0578 2788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:05:29.0781 2788 Netlogon - ok
20:05:29.0906 2788 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:05:30.0140 2788 Netman - ok
20:05:30.0250 2788 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:05:30.0281 2788 NetTcpPortSharing - ok
20:05:30.0390 2788 [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla C:\WINDOWS\System32\mswsock.dll
20:05:30.0515 2788 Nla - ok
20:05:30.0578 2788 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:05:30.0781 2788 Npfs - ok
20:05:30.0937 2788 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:05:31.0218 2788 Ntfs - ok
20:05:31.0265 2788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:05:31.0421 2788 NtLmSsp - ok
20:05:31.0593 2788 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:05:32.0000 2788 NtmsSvc - ok
20:05:32.0062 2788 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:05:32.0250 2788 Null - ok
20:05:32.0312 2788 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:05:32.0531 2788 NwlnkFlt - ok
20:05:32.0562 2788 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:05:32.0750 2788 NwlnkFwd - ok
20:05:32.0828 2788 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:05:33.0031 2788 Parport - ok
20:05:33.0093 2788 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:05:33.0281 2788 PartMgr - ok
20:05:33.0328 2788 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:05:33.0531 2788 ParVdm - ok
20:05:33.0593 2788 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:05:33.0781 2788 PCI - ok
20:05:33.0796 2788 PCIDump - ok
20:05:33.0875 2788 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
20:05:34.0093 2788 PCIIde - ok
20:05:34.0234 2788 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:05:34.0437 2788 Pcmcia - ok
20:05:34.0468 2788 PDCOMP - ok
20:05:34.0500 2788 PDFRAME - ok
20:05:34.0562 2788 PDRELI - ok
20:05:34.0593 2788 PDRFRAME - ok
20:05:34.0640 2788 perc2 - ok
20:05:34.0671 2788 perc2hib - ok
20:05:34.0796 2788 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:05:34.0890 2788 PlugPlay - ok
20:05:34.0937 2788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:05:35.0109 2788 PolicyAgent - ok
20:05:35.0187 2788 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:05:35.0375 2788 PptpMiniport - ok
20:05:35.0406 2788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:05:35.0578 2788 ProtectedStorage - ok
20:05:35.0656 2788 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:05:35.0843 2788 PSched - ok
20:05:35.0921 2788 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:05:36.0140 2788 Ptilink - ok
20:05:36.0234 2788 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:05:36.0234 2788 PxHelp20 - ok
20:05:36.0281 2788 ql1080 - ok
20:05:36.0343 2788 Ql10wnt - ok
20:05:36.0375 2788 ql12160 - ok
20:05:36.0421 2788 ql1240 - ok
20:05:36.0453 2788 ql1280 - ok
20:05:36.0546 2788 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:05:36.0765 2788 RasAcd - ok
20:05:36.0828 2788 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:05:37.0046 2788 RasAuto - ok
20:05:37.0109 2788 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:05:37.0281 2788 Rasl2tp - ok
20:05:37.0406 2788 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:05:37.0578 2788 RasMan - ok
20:05:37.0656 2788 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:05:37.0796 2788 RasPppoe - ok
20:05:37.0859 2788 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:05:38.0062 2788 Raspti - ok
20:05:38.0156 2788 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:05:38.0359 2788 Rdbss - ok
20:05:38.0390 2788 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:05:38.0609 2788 RDPCDD - ok
20:05:38.0734 2788 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:05:38.0921 2788 rdpdr - ok
20:05:39.0046 2788 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:05:39.0281 2788 RDPWD - ok
20:05:39.0437 2788 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:05:39.0625 2788 RDSessMgr - ok
20:05:39.0656 2788 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:05:39.0875 2788 redbook - ok
20:05:39.0921 2788 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:05:40.0125 2788 RemoteAccess - ok
20:05:40.0234 2788 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:05:40.0468 2788 RemoteRegistry - ok
20:05:40.0531 2788 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:05:40.0750 2788 RpcLocator - ok
20:05:40.0890 2788 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:05:41.0078 2788 RpcSs - ok
20:05:41.0140 2788 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:05:41.0390 2788 RSVP - ok
20:05:41.0453 2788 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:05:41.0609 2788 rtl8139 - ok
20:05:41.0656 2788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:05:41.0828 2788 SamSs - ok
20:05:41.0906 2788 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:05:42.0140 2788 SCardSvr - ok
20:05:42.0265 2788 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:05:42.0500 2788 Schedule - ok
20:05:42.0609 2788 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:05:42.0796 2788 Secdrv - ok
20:05:42.0828 2788 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:05:43.0062 2788 seclogon - ok
20:05:43.0125 2788 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:05:43.0343 2788 SENS - ok
20:05:43.0437 2788 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:05:43.0625 2788 serenum - ok
20:05:43.0671 2788 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:05:43.0859 2788 Serial - ok
20:05:43.0953 2788 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:05:44.0187 2788 Sfloppy - ok
20:05:44.0296 2788 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:05:44.0562 2788 SharedAccess - ok
20:05:44.0656 2788 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:05:44.0703 2788 ShellHWDetection - ok
20:05:44.0718 2788 Simbad - ok
20:05:44.0796 2788 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:05:45.0000 2788 SLIP - ok
20:05:45.0031 2788 Sparrow - ok
20:05:45.0109 2788 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:05:45.0296 2788 splitter - ok
20:05:45.0375 2788 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:05:45.0421 2788 Spooler - ok
20:05:45.0531 2788 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:05:45.0734 2788 sr - ok
20:05:45.0796 2788 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:05:46.0078 2788 srservice - ok
20:05:46.0296 2788 [ 0F6AEFAD3641A657E18081F52D0C15AF ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:05:46.0500 2788 Srv - ok
20:05:46.0609 2788 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:05:46.0796 2788 SSDPSRV - ok
20:05:46.0953 2788 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:05:47.0375 2788 stisvc - ok
20:05:47.0421 2788 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:05:47.0609 2788 streamip - ok
20:05:47.0656 2788 STV680 - ok
20:05:47.0734 2788 [ 84BC7E28D97BE426B301879233F71DE6 ] STV680m C:\WINDOWS\system32\drivers\STV680m.sys
20:05:47.0796 2788 STV680m - ok
20:05:47.0828 2788 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:05:48.0046 2788 swenum - ok
20:05:48.0109 2788 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:05:48.0296 2788 swmidi - ok
20:05:48.0343 2788 SwPrv - ok
20:05:48.0390 2788 symc810 - ok
20:05:48.0437 2788 symc8xx - ok
20:05:48.0484 2788 sym_hi - ok
20:05:48.0515 2788 sym_u3 - ok
20:05:48.0593 2788 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:05:48.0765 2788 sysaudio - ok
20:05:48.0828 2788 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:05:49.0046 2788 SysmonLog - ok
20:05:49.0093 2788 szkg5 - ok
20:05:49.0125 2788 szkgfs - ok
20:05:49.0234 2788 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:05:49.0468 2788 TapiSrv - ok
20:05:49.0640 2788 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:05:49.0781 2788 Tcpip - ok
20:05:49.0859 2788 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:05:50.0031 2788 TDPIPE - ok
20:05:50.0093 2788 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:05:50.0281 2788 TDTCP - ok
20:05:50.0343 2788 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:05:50.0531 2788 TermDD - ok
20:05:50.0671 2788 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:05:50.0859 2788 TermService - ok
20:05:50.0906 2788 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:05:50.0953 2788 Themes - ok
20:05:51.0062 2788 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:05:51.0296 2788 TlntSvr - ok
20:05:51.0312 2788 TosIde - ok
20:05:51.0437 2788 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:05:51.0656 2788 TrkWks - ok
20:05:51.0796 2788 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:05:52.0000 2788 Udfs - ok
20:05:52.0031 2788 ultra - ok
20:05:52.0093 2788 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
20:05:52.0140 2788 UMWdf - ok
20:05:52.0187 2788 UNDPX2A - ok
20:05:52.0343 2788 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:05:52.0609 2788 Update - ok
20:05:52.0734 2788 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:05:52.0937 2788 upnphost - ok
20:05:53.0062 2788 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:05:53.0250 2788 UPS - ok
20:05:53.0375 2788 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
20:05:53.0406 2788 USBAAPL - ok
20:05:53.0500 2788 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:05:53.0687 2788 usbccgp - ok
20:05:53.0718 2788 USBCM - ok
20:05:53.0812 2788 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:05:54.0000 2788 usbehci - ok
20:05:54.0046 2788 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:05:54.0218 2788 usbhub - ok
20:05:54.0343 2788 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:05:54.0500 2788 usbscan - ok
20:05:54.0593 2788 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:05:54.0765 2788 usbstor - ok
20:05:54.0796 2788 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:05:55.0000 2788 usbuhci - ok
20:05:55.0062 2788 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:05:55.0250 2788 VgaSave - ok
20:05:55.0281 2788 ViaIde - ok
20:05:55.0375 2788 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:05:55.0562 2788 VolSnap - ok
20:05:55.0734 2788 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:05:55.0968 2788 VSS - ok
20:05:56.0109 2788 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:05:56.0312 2788 W32Time - ok
20:05:56.0390 2788 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:05:56.0562 2788 Wanarp - ok
20:05:56.0578 2788 WDICA - ok
20:05:56.0671 2788 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:05:56.0859 2788 wdmaud - ok
20:05:57.0015 2788 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:05:57.0265 2788 WebClient - ok
20:05:57.0484 2788 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:05:57.0671 2788 winmgmt - ok
20:05:57.0843 2788 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:05:57.0859 2788 WmdmPmSN - ok
20:05:58.0031 2788 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:05:58.0218 2788 Wmi - ok
20:05:58.0312 2788 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:05:58.0531 2788 WmiApSrv - ok
20:05:58.0640 2788 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:05:58.0875 2788 wscsvc - ok
20:05:58.0906 2788 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:05:59.0109 2788 WSTCODEC - ok
20:05:59.0203 2788 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:05:59.0453 2788 wuauserv - ok
20:05:59.0640 2788 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:05:59.0875 2788 WZCSVC - ok
20:05:59.0968 2788 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:06:00.0218 2788 xmlprov - ok
20:06:00.0296 2788 ================ Scan global ===============================
20:06:00.0390 2788 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:06:00.0484 2788 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
20:06:00.0625 2788 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
20:06:00.0687 2788 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:06:00.0687 2788 [Global] - ok
20:06:00.0703 2788 ================ Scan MBR ==================================
20:06:00.0750 2788 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:06:00.0875 2788 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
20:06:00.0890 2788 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
20:06:01.0078 2788 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:06:01.0078 2788 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:06:01.0109 2788 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR12
20:06:01.0281 2788 \Device\Harddisk5\DR12 - ok
20:06:01.0296 2788 ================ Scan VBR ==================================
20:06:01.0343 2788 [ 15AFD60B28E7A878F4418F547FCFB6E2 ] \Device\Harddisk0\DR0\Partition1
20:06:01.0343 2788 \Device\Harddisk0\DR0\Partition1 - ok
20:06:01.0375 2788 [ 7449EE47E4879210922B54D10F147FAE ] \Device\Harddisk0\DR0\Partition2
20:06:01.0375 2788 \Device\Harddisk0\DR0\Partition2 - ok
20:06:01.0406 2788 [ FA635C355FB063D9387AB4F422E4FD6D ] \Device\Harddisk5\DR12\Partition1
20:06:01.0406 2788 \Device\Harddisk5\DR12\Partition1 - ok
20:06:01.0421 2788 ============================================================
20:06:01.0421 2788 Scan finished
20:06:01.0421 2788 ============================================================
20:06:01.0578 2780 Detected object count: 3
20:06:01.0578 2780 Actual detected object count: 3
20:07:29.0125 2780 ialm ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:29.0125 2780 ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:07:29.0859 2780 \Device\Harddisk0\DR0\# - copied to quarantine
20:07:29.0859 2780 \Device\Harddisk0\DR0 - copied to quarantine
20:07:30.0000 2780 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
20:07:30.0015 2780 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
20:07:30.0015 2780 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
20:07:30.0015 2780 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
20:07:30.0031 2780 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
20:07:30.0078 2780 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
20:07:41.0953 2780 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
20:07:42.0265 2780 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
20:07:42.0593 2780 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
20:07:42.0750 2780 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:07:42.0968 2780 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:07:43.0187 2780 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:07:43.0343 2780 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:07:43.0484 2780 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
20:07:43.0500 2780 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
20:07:43.0593 2780 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
20:07:43.0656 2780 \Device\Harddisk0\DR0 - ok
20:07:43.0703 2780 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
20:07:43.0718 2780 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:07:43.0718 2780 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip




ComboFix 12-08-25.04 - Bettsy - Dave 08/28/2012 20:30:31.1.1 - x86
Running from: c:\documents and settings\Bettsy - Dave\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Bettsy - Dave\Application Data\Desktop Security
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\windows\system32\dllcache\msoe.dll.new
c:\windows\tmp5645610210.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))
.
.
2012-08-29 00:07 . 2012-08-29 00:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-02 02:14 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-02 02:14 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-02 02:14 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-02 02:14 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-02 02:14 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-02 02:14 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-02 02:14 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-02 02:14 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:46 . 2010-10-28 01:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21 . 2011-07-22 18:37 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-07-22 18:37 227648 ----a-w- c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B12C5F4B-B652-4096-BB0B-969871796CFD}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 01:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"WinPatrol"="h:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-10-01 329096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/27/2010 9:36 PM 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/1/2012 10:14 PM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/1/2012 10:14 PM 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/1/2012 10:14 PM 21256]
S0 gtbwyifa;gtbwyifa;c:\windows\system32\drivers\spfc.sys --> c:\windows\system32\drivers\spfc.sys [?]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;h:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [9/23/2010 3:46 AM 15232]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 29132621
*NewlyCreated* - 75235496
*Deregistered* - 29132621
*Deregistered* - 75235496
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-13 21:39]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-13 21:39]
.
2012-08-29 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-24 01:20]
.
2012-08-29 c:\windows\Tasks\User_Feed_Synchronization-{F03A4923-A27A-482F-A53E-7C4BB1AC769C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = About:Blank
uSearchMigratedDefaultUrl = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm5222CUS&ptb=koDOQhBBQgen4mWXRfHNng&psa=&ind=2010053118&ptnrS=ZKxdm5222CUS&si=161436&st=sb&n=77cef9fe&searchfor={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Bettsy - Dave\Application Data\Mozilla\Firefox\Profiles\3sqryats.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PPC&o=102944&locale=en_US&apn_uid=51537913-42f2-418a-953b-c2d907d8931c&apn_ptnrs=6L&apn_sauid=1DCCD334-B358-4BCE-9702-57BD6A56D604&apn_dtid=YYYYYYSSUS&&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - c:\progra~1\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL
HKCU-Run-FDPRO-5 - c:\program files\Fighters\FighterLauncher.exe
Notify-TPSvc - TPSvc.dll
SafeBoot-75235496.sys
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-28 20:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-08-28 20:47:03
ComboFix-quarantined-files.txt 2012-08-29 00:46
.
Pre-Run: 24,194,478,080 bytes free
Post-Run: 25,891,082,240 bytes free
.
- - End Of File - - 82AFF455E03CFF3BF28BA6080ED40A4A
  • 0

#4
ali.B
Posted 28 August 2012 - 04:08 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Re-run TDSSKiller with the same parameters as before
When you see this element then select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

Then post TDSSKiller log
  • 0

#5
scoobysnack2012
Posted 28 August 2012 - 08:05 PM

scoobysnack2012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I re-ran the TDSSkiller with the checked boxes, but the (TDSS File System) didn't come up to delete, it went to "no threats found", not sure if it ended up in quarantine or something. I think at some point there may have been a random shut-down>re-boot after the scan was complete as after I saved the log the "close" window was still up and I left the room for a minute and when I came back the window was gone and I had yet to click "close". The log saved as below. Thanks.




21:37:34.0515 3208 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:37:34.0890 3208 ============================================================
21:37:34.0890 3208 Current date / time: 2012/08/29 21:37:34.0890
21:37:34.0890 3208 SystemInfo:
21:37:34.0890 3208
21:37:34.0890 3208 OS Version: 5.1.2600 ServicePack: 3.0
21:37:34.0890 3208 Product type: Workstation
21:37:34.0890 3208 ComputerName: HOME-8908F1FABE
21:37:34.0890 3208 UserName: Bettsy - Dave
21:37:34.0890 3208 Windows directory: C:\WINDOWS
21:37:34.0890 3208 System windows directory: C:\WINDOWS
21:37:34.0890 3208 Processor architecture: Intel x86
21:37:34.0890 3208 Number of processors: 1
21:37:34.0890 3208 Page size: 0x1000
21:37:34.0890 3208 Boot type: Normal boot
21:37:34.0890 3208 ============================================================
21:37:37.0140 3208 Drive \Device\Harddisk0\DR0 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x14BE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
21:37:37.0312 3208 ============================================================
21:37:37.0328 3208 \Device\Harddisk0\DR0:
21:37:37.0328 3208 MBR partitions:
21:37:37.0328 3208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x829521
21:37:37.0328 3208 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x829560, BlocksNum 0x4464570
21:37:37.0328 3208 ============================================================
21:37:37.0421 3208 C: <-> \Device\Harddisk0\DR0\Partition2
21:37:37.0453 3208 H: <-> \Device\Harddisk0\DR0\Partition1
21:37:37.0609 3208 ============================================================
21:37:37.0609 3208 Initialize success
21:37:37.0609 3208 ============================================================
21:38:06.0296 3260 ============================================================
21:38:06.0296 3260 Scan started
21:38:06.0296 3260 Mode: Manual; SigCheck; TDLFS;
21:38:06.0296 3260 ============================================================
21:38:06.0640 3260 ================ Scan system memory ========================
21:38:06.0640 3260 System memory - ok
21:38:06.0640 3260 ================ Scan services =============================
21:38:06.0796 3260 [ 0B27AE82C113D3687024D18459440426 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
21:38:07.0031 3260 Aavmker4 - ok
21:38:07.0046 3260 Abiosdsk - ok
21:38:07.0046 3260 abp480n5 - ok
21:38:07.0109 3260 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:38:07.0421 3260 ACPI - ok
21:38:07.0468 3260 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:38:07.0671 3260 ACPIEC - ok
21:38:07.0687 3260 adpu160m - ok
21:38:07.0765 3260 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:38:07.0968 3260 aec - ok
21:38:08.0015 3260 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:38:08.0078 3260 AFD - ok
21:38:08.0093 3260 AgereSoftModem - ok
21:38:08.0109 3260 Aha154x - ok
21:38:08.0125 3260 aic78u2 - ok
21:38:08.0140 3260 aic78xx - ok
21:38:08.0343 3260 [ DD8520280304B6145A6BE31008748C7C ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:38:08.0781 3260 ALCXWDM - ok
21:38:08.0828 3260 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:38:09.0015 3260 Alerter - ok
21:38:09.0046 3260 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:38:09.0250 3260 ALG - ok
21:38:09.0250 3260 AliIde - ok
21:38:09.0265 3260 amsint - ok
21:38:09.0421 3260 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:38:09.0468 3260 Apple Mobile Device - ok
21:38:09.0546 3260 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:38:09.0796 3260 AppMgmt - ok
21:38:09.0812 3260 asc - ok
21:38:09.0843 3260 asc3350p - ok
21:38:09.0843 3260 asc3550 - ok
21:38:10.0000 3260 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:38:10.0062 3260 aspnet_state - ok
21:38:10.0109 3260 [ 1C1F3D6DDDC046C920C493A779649F66 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:38:10.0125 3260 aswFsBlk - ok
21:38:10.0171 3260 [ 9E912FE7B41650701EF2B227ACA440F3 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
21:38:10.0187 3260 aswMon2 - ok
21:38:10.0218 3260 [ 982E275D1C5801042FE94209FB0160FB ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
21:38:10.0250 3260 aswRdr - ok
21:38:10.0281 3260 [ 73DBCF808E00580F2A47F93DD9B03876 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
21:38:10.0375 3260 aswSnx - ok
21:38:10.0468 3260 [ 6CBD7D3A33F498D09C831CDD732DA2E0 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
21:38:10.0546 3260 aswSP - ok
21:38:10.0609 3260 [ 7109A9AA551F37CD168C02368465957E ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
21:38:10.0625 3260 aswTdi - ok
21:38:10.0671 3260 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:38:10.0859 3260 AsyncMac - ok
21:38:10.0921 3260 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:38:11.0109 3260 atapi - ok
21:38:11.0125 3260 Atdisk - ok
21:38:11.0156 3260 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:38:11.0328 3260 Atmarpc - ok
21:38:11.0375 3260 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:38:11.0562 3260 AudioSrv - ok
21:38:11.0593 3260 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:38:11.0781 3260 audstub - ok
21:38:11.0875 3260 [ 2F7C0F3E39C45E0127FB78B2F18A41F3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:38:11.0906 3260 avast! Antivirus - ok
21:38:11.0906 3260 AVFSFilter - ok
21:38:11.0968 3260 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:38:12.0343 3260 Beep - ok
21:38:12.0406 3260 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:38:12.0687 3260 BITS - ok
21:38:12.0781 3260 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:38:12.0843 3260 Bonjour Service - ok
21:38:12.0906 3260 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
21:38:13.0015 3260 Browser - ok
21:38:13.0250 3260 catchme - ok
21:38:13.0296 3260 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:38:13.0484 3260 cbidf2k - ok
21:38:13.0531 3260 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:38:13.0703 3260 CCDECODE - ok
21:38:13.0718 3260 cd20xrnt - ok
21:38:13.0750 3260 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:38:13.0968 3260 Cdaudio - ok
21:38:14.0015 3260 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:38:14.0218 3260 Cdfs - ok
21:38:14.0250 3260 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:38:14.0453 3260 Cdrom - ok
21:38:14.0453 3260 Changer - ok
21:38:14.0500 3260 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:38:14.0687 3260 CiSvc - ok
21:38:14.0718 3260 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:38:14.0906 3260 ClipSrv - ok
21:38:14.0953 3260 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:38:15.0062 3260 clr_optimization_v2.0.50727_32 - ok
21:38:15.0078 3260 CmdIde - ok
21:38:15.0093 3260 COMSysApp - ok
21:38:15.0125 3260 Cpqarray - ok
21:38:15.0171 3260 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:38:15.0375 3260 CryptSvc - ok
21:38:15.0390 3260 dac2w2k - ok
21:38:15.0406 3260 dac960nt - ok
21:38:15.0468 3260 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:38:15.0609 3260 DcomLaunch - ok
21:38:15.0687 3260 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:38:15.0890 3260 Dhcp - ok
21:38:15.0953 3260 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:38:16.0156 3260 Disk - ok
21:38:16.0156 3260 dmadmin - ok
21:38:16.0203 3260 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:38:16.0421 3260 dmboot - ok
21:38:16.0468 3260 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:38:16.0671 3260 dmio - ok
21:38:16.0750 3260 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:38:16.0968 3260 dmload - ok
21:38:16.0984 3260 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:38:17.0156 3260 dmserver - ok
21:38:17.0218 3260 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:38:17.0406 3260 DMusic - ok
21:38:17.0468 3260 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:38:17.0625 3260 Dnscache - ok
21:38:17.0687 3260 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:38:17.0906 3260 Dot3svc - ok
21:38:17.0921 3260 dpti2o - ok
21:38:17.0984 3260 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:38:18.0171 3260 drmkaud - ok
21:38:18.0218 3260 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:38:18.0406 3260 EapHost - ok
21:38:18.0453 3260 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:38:18.0625 3260 ERSvc - ok
21:38:18.0687 3260 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:38:18.0781 3260 Eventlog - ok
21:38:18.0859 3260 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
21:38:18.0937 3260 EventSystem - ok
21:38:19.0015 3260 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:38:19.0218 3260 Fastfat - ok
21:38:19.0281 3260 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:38:19.0359 3260 FastUserSwitchingCompatibility - ok
21:38:19.0390 3260 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:38:19.0578 3260 Fdc - ok
21:38:19.0625 3260 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:38:19.0812 3260 Fips - ok
21:38:19.0859 3260 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:38:20.0062 3260 Flpydisk - ok
21:38:20.0125 3260 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:38:20.0312 3260 FltMgr - ok
21:38:20.0390 3260 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:38:20.0406 3260 FontCache3.0.0.0 - ok
21:38:20.0453 3260 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:38:20.0656 3260 Fs_Rec - ok
21:38:20.0703 3260 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:38:20.0921 3260 Ftdisk - ok
21:38:20.0984 3260 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:38:21.0000 3260 GEARAspiWDM - ok
21:38:21.0062 3260 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:38:21.0250 3260 Gpc - ok
21:38:21.0265 3260 gtbwyifa - ok
21:38:21.0359 3260 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:38:21.0406 3260 gupdate - ok
21:38:21.0421 3260 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:38:21.0437 3260 gupdatem - ok
21:38:21.0515 3260 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:38:21.0703 3260 helpsvc - ok
21:38:21.0781 3260 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:38:21.0984 3260 HidServ - ok
21:38:22.0031 3260 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:38:22.0218 3260 hidusb - ok
21:38:22.0265 3260 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:38:22.0453 3260 hkmsvc - ok
21:38:22.0468 3260 hpn - ok
21:38:22.0531 3260 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:38:22.0609 3260 HTTP - ok
21:38:22.0656 3260 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:38:22.0843 3260 HTTPFilter - ok
21:38:22.0859 3260 i2omgmt - ok
21:38:22.0875 3260 i2omp - ok
21:38:22.0921 3260 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:38:23.0109 3260 i8042prt - ok
21:38:23.0171 3260 [ 0ACEBB31989CBF9A5663FE4A33D28D21 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:38:23.0312 3260 ialm - ok
21:38:23.0390 3260 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:38:23.0468 3260 idsvc - ok
21:38:23.0531 3260 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:38:23.0718 3260 Imapi - ok
21:38:23.0765 3260 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:38:23.0984 3260 ImapiService - ok
21:38:24.0000 3260 ini910u - ok
21:38:24.0046 3260 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:38:24.0234 3260 IntelIde - ok
21:38:24.0281 3260 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:38:24.0484 3260 intelppm - ok
21:38:24.0515 3260 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:38:24.0718 3260 Ip6Fw - ok
21:38:24.0750 3260 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:38:24.0921 3260 IpFilterDriver - ok
21:38:24.0953 3260 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:38:25.0156 3260 IpInIp - ok
21:38:25.0187 3260 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:38:25.0390 3260 IpNat - ok
21:38:25.0500 3260 [ 49918803B661367023BF325CF602AFDC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:38:25.0578 3260 iPod Service - ok
21:38:25.0656 3260 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:38:25.0859 3260 IPSec - ok
21:38:25.0890 3260 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:38:26.0281 3260 IRENUM - ok
21:38:26.0281 3260 is3srv - ok
21:38:26.0328 3260 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:38:26.0531 3260 isapnp - ok
21:38:26.0687 3260 [ E4AE0CBC0B55A5FAA6996E38CE6C981B ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
21:38:26.0718 3260 JavaQuickStarterService - ok
21:38:26.0765 3260 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:38:26.0953 3260 Kbdclass - ok
21:38:27.0000 3260 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:38:27.0156 3260 kbdhid - ok
21:38:27.0187 3260 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:38:27.0390 3260 kmixer - ok
21:38:27.0453 3260 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:38:27.0531 3260 KSecDD - ok
21:38:27.0593 3260 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:38:27.0671 3260 lanmanserver - ok
21:38:27.0718 3260 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:38:27.0796 3260 lanmanworkstation - ok
21:38:27.0984 3260 [ ED60FFD305AC0424920D146DB9F9ED78 ] Lavasoft Ad-Aware Service H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
21:38:28.0156 3260 Lavasoft Ad-Aware Service - ok
21:38:28.0250 3260 [ 6C4A3804510AD8E0F0C07B5BE3D44DDB ] Lavasoft Kernexplorer H:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
21:38:28.0281 3260 Lavasoft Kernexplorer - ok
21:38:28.0343 3260 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
21:38:28.0359 3260 Lbd - ok
21:38:28.0375 3260 lbrtfdc - ok
21:38:28.0453 3260 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:38:28.0640 3260 LmHosts - ok
21:38:28.0718 3260 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
21:38:28.0750 3260 McComponentHostService - ok
21:38:28.0796 3260 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:38:28.0984 3260 Messenger - ok
21:38:29.0031 3260 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:38:29.0234 3260 mnmdd - ok
21:38:29.0265 3260 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:38:29.0453 3260 mnmsrvc - ok
21:38:29.0484 3260 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:38:29.0671 3260 Modem - ok
21:38:29.0703 3260 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:38:29.0906 3260 Mouclass - ok
21:38:29.0937 3260 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:38:30.0140 3260 mouhid - ok
21:38:30.0187 3260 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:38:30.0406 3260 MountMgr - ok
21:38:30.0421 3260 mraid35x - ok
21:38:30.0453 3260 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:38:30.0640 3260 MRxDAV - ok
21:38:30.0703 3260 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:38:30.0812 3260 MRxSmb - ok
21:38:30.0859 3260 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:38:31.0046 3260 MSDTC - ok
21:38:31.0078 3260 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:38:31.0250 3260 Msfs - ok
21:38:31.0265 3260 MSIServer - ok
21:38:31.0328 3260 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:38:31.0484 3260 MSKSSRV - ok
21:38:31.0531 3260 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:38:31.0718 3260 MSPCLOCK - ok
21:38:32.0093 3260 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:38:32.0265 3260 MSPQM - ok
21:38:32.0312 3260 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:38:32.0500 3260 mssmbios - ok
21:38:32.0531 3260 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:38:32.0703 3260 MSTEE - ok
21:38:32.0750 3260 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:38:32.0812 3260 Mup - ok
21:38:32.0843 3260 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:38:33.0046 3260 NABTSFEC - ok
21:38:33.0125 3260 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:38:33.0312 3260 napagent - ok
21:38:33.0375 3260 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:38:33.0546 3260 NDIS - ok
21:38:33.0593 3260 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:38:33.0781 3260 NdisIP - ok
21:38:33.0812 3260 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:38:33.0875 3260 NdisTapi - ok
21:38:33.0921 3260 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:38:34.0109 3260 Ndisuio - ok
21:38:34.0140 3260 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:38:34.0328 3260 NdisWan - ok
21:38:34.0375 3260 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:38:34.0453 3260 NDProxy - ok
21:38:34.0515 3260 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:38:34.0718 3260 NetBIOS - ok
21:38:34.0750 3260 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:38:34.0953 3260 NetBT - ok
21:38:35.0031 3260 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:38:35.0218 3260 NetDDE - ok
21:38:35.0234 3260 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:38:35.0390 3260 NetDDEdsdm - ok
21:38:35.0453 3260 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:38:35.0625 3260 Netlogon - ok
21:38:35.0687 3260 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:38:35.0890 3260 Netman - ok
21:38:35.0953 3260 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:38:35.0968 3260 NetTcpPortSharing - ok
21:38:36.0000 3260 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:38:36.0093 3260 Nla - ok
21:38:36.0140 3260 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:38:36.0312 3260 Npfs - ok
21:38:36.0390 3260 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:38:36.0625 3260 Ntfs - ok
21:38:36.0656 3260 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:38:36.0828 3260 NtLmSsp - ok
21:38:36.0890 3260 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:38:37.0156 3260 NtmsSvc - ok
21:38:37.0187 3260 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:38:37.0390 3260 Null - ok
21:38:37.0437 3260 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:38:37.0625 3260 NwlnkFlt - ok
21:38:37.0656 3260 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:38:37.0859 3260 NwlnkFwd - ok
21:38:37.0921 3260 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:38:38.0093 3260 Parport - ok
21:38:38.0125 3260 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:38:38.0312 3260 PartMgr - ok
21:38:38.0359 3260 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:38:38.0546 3260 ParVdm - ok
21:38:38.0593 3260 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:38:38.0781 3260 PCI - ok
21:38:38.0781 3260 PCIDump - ok
21:38:38.0812 3260 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
21:38:39.0015 3260 PCIIde - ok
21:38:39.0062 3260 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:38:39.0250 3260 Pcmcia - ok
21:38:39.0265 3260 PDCOMP - ok
21:38:39.0281 3260 PDFRAME - ok
21:38:39.0296 3260 PDRELI - ok
21:38:39.0312 3260 PDRFRAME - ok
21:38:39.0343 3260 perc2 - ok
21:38:39.0343 3260 perc2hib - ok
21:38:39.0390 3260 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:38:39.0484 3260 PlugPlay - ok
21:38:39.0500 3260 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:38:39.0687 3260 PolicyAgent - ok
21:38:39.0734 3260 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:38:39.0921 3260 PptpMiniport - ok
21:38:39.0937 3260 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:38:40.0093 3260 ProtectedStorage - ok
21:38:40.0109 3260 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:38:40.0281 3260 PSched - ok
21:38:40.0312 3260 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:38:40.0500 3260 Ptilink - ok
21:38:40.0546 3260 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:38:40.0562 3260 PxHelp20 - ok
21:38:40.0578 3260 ql1080 - ok
21:38:40.0593 3260 Ql10wnt - ok
21:38:40.0609 3260 ql12160 - ok
21:38:40.0625 3260 ql1240 - ok
21:38:40.0640 3260 ql1280 - ok
21:38:40.0703 3260 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:38:40.0875 3260 RasAcd - ok
21:38:40.0921 3260 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:38:41.0093 3260 RasAuto - ok
21:38:41.0125 3260 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:38:41.0328 3260 Rasl2tp - ok
21:38:41.0375 3260 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:38:41.0562 3260 RasMan - ok
21:38:41.0609 3260 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:38:41.0781 3260 RasPppoe - ok
21:38:41.0796 3260 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:38:42.0000 3260 Raspti - ok
21:38:42.0062 3260 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:38:42.0250 3260 Rdbss - ok
21:38:42.0281 3260 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:38:42.0500 3260 RDPCDD - ok
21:38:42.0546 3260 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:38:42.0734 3260 rdpdr - ok
21:38:42.0781 3260 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:38:42.0859 3260 RDPWD - ok
21:38:42.0906 3260 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:38:43.0093 3260 RDSessMgr - ok
21:38:43.0140 3260 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:38:43.0328 3260 redbook - ok
21:38:43.0390 3260 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:38:43.0562 3260 RemoteAccess - ok
21:38:43.0609 3260 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:38:43.0796 3260 RemoteRegistry - ok
21:38:43.0828 3260 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:38:44.0000 3260 RpcLocator - ok
21:38:44.0031 3260 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:38:44.0140 3260 RpcSs - ok
21:38:44.0171 3260 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:38:44.0375 3260 RSVP - ok
21:38:44.0421 3260 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:38:44.0609 3260 rtl8139 - ok
21:38:44.0671 3260 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:38:44.0843 3260 SamSs - ok
21:38:44.0906 3260 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:38:45.0078 3260 SCardSvr - ok
21:38:45.0140 3260 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:38:45.0406 3260 Schedule - ok
21:38:45.0437 3260 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:38:45.0609 3260 Secdrv - ok
21:38:45.0671 3260 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:38:45.0843 3260 seclogon - ok
21:38:45.0890 3260 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:38:46.0093 3260 SENS - ok
21:38:46.0140 3260 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:38:46.0343 3260 serenum - ok
21:38:46.0359 3260 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:38:46.0531 3260 Serial - ok
21:38:46.0593 3260 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:38:46.0781 3260 Sfloppy - ok
21:38:46.0843 3260 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:38:47.0046 3260 SharedAccess - ok
21:38:47.0093 3260 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:38:47.0140 3260 ShellHWDetection - ok
21:38:47.0187 3260 Simbad - ok
21:38:47.0234 3260 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:38:47.0406 3260 SLIP - ok
21:38:47.0421 3260 Sparrow - ok
21:38:47.0484 3260 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:38:47.0656 3260 splitter - ok
21:38:47.0734 3260 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:38:47.0796 3260 Spooler - ok
21:38:47.0859 3260 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:38:48.0046 3260 sr - ok
21:38:48.0125 3260 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:38:48.0312 3260 srservice - ok
21:38:48.0359 3260 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:38:48.0437 3260 Srv - ok
21:38:48.0500 3260 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:38:48.0671 3260 SSDPSRV - ok
21:38:48.0718 3260 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:38:48.0984 3260 stisvc - ok
21:38:49.0031 3260 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:38:49.0203 3260 streamip - ok
21:38:49.0218 3260 STV680 - ok
21:38:49.0250 3260 [ 84BC7E28D97BE426B301879233F71DE6 ] STV680m C:\WINDOWS\system32\drivers\STV680m.sys
21:38:49.0328 3260 STV680m - ok
21:38:49.0359 3260 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:38:49.0531 3260 swenum - ok
21:38:49.0578 3260 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:38:49.0796 3260 swmidi - ok
21:38:49.0812 3260 SwPrv - ok
21:38:49.0828 3260 symc810 - ok
21:38:49.0843 3260 symc8xx - ok
21:38:49.0859 3260 sym_hi - ok
21:38:49.0875 3260 sym_u3 - ok
21:38:49.0953 3260 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:38:50.0140 3260 sysaudio - ok
21:38:50.0187 3260 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:38:50.0375 3260 SysmonLog - ok
21:38:50.0375 3260 szkg5 - ok
21:38:50.0390 3260 szkgfs - ok
21:38:50.0437 3260 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:38:50.0640 3260 TapiSrv - ok
21:38:50.0687 3260 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:38:50.0828 3260 Tcpip - ok
21:38:50.0875 3260 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:38:51.0062 3260 TDPIPE - ok
21:38:51.0109 3260 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:38:51.0281 3260 TDTCP - ok
21:38:51.0328 3260 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:38:51.0515 3260 TermDD - ok
21:38:51.0578 3260 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:38:51.0781 3260 TermService - ok
21:38:51.0828 3260 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:38:51.0859 3260 Themes - ok
21:38:51.0921 3260 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:38:52.0109 3260 TlntSvr - ok
21:38:52.0125 3260 TosIde - ok
21:38:52.0171 3260 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:38:52.0359 3260 TrkWks - ok
21:38:52.0390 3260 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:38:52.0562 3260 Udfs - ok
21:38:52.0578 3260 ultra - ok
21:38:52.0625 3260 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
21:38:52.0703 3260 UMWdf - ok
21:38:52.0718 3260 UNDPX2A - ok
21:38:52.0796 3260 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:38:53.0015 3260 Update - ok
21:38:53.0078 3260 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:38:53.0234 3260 upnphost - ok
21:38:53.0265 3260 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:38:53.0437 3260 UPS - ok
21:38:53.0484 3260 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:38:53.0531 3260 USBAAPL - ok
21:38:53.0609 3260 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:38:53.0828 3260 usbccgp - ok
21:38:53.0828 3260 USBCM - ok
21:38:53.0875 3260 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:38:54.0078 3260 usbehci - ok
21:38:54.0109 3260 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:38:54.0296 3260 usbhub - ok
21:38:54.0656 3260 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:38:54.0875 3260 usbscan - ok
21:38:54.0921 3260 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:38:55.0109 3260 usbstor - ok
21:38:55.0125 3260 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:38:55.0296 3260 usbuhci - ok
21:38:55.0343 3260 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:38:55.0515 3260 VgaSave - ok
21:38:55.0531 3260 ViaIde - ok
21:38:55.0578 3260 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:38:55.0765 3260 VolSnap - ok
21:38:55.0812 3260 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:38:56.0000 3260 VSS - ok
21:38:56.0046 3260 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
21:38:56.0218 3260 W32Time - ok
21:38:56.0234 3260 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:38:56.0437 3260 Wanarp - ok
21:38:56.0453 3260 WDICA - ok
21:38:56.0500 3260 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:38:56.0703 3260 wdmaud - ok
21:38:56.0734 3260 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:38:56.0937 3260 WebClient - ok
21:38:57.0046 3260 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:38:57.0234 3260 winmgmt - ok
21:38:57.0343 3260 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:38:57.0406 3260 WmdmPmSN - ok
21:38:57.0453 3260 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:38:57.0609 3260 Wmi - ok
21:38:57.0656 3260 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:38:57.0828 3260 WmiApSrv - ok
21:38:57.0875 3260 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:38:58.0062 3260 WS2IFSL - ok
21:38:58.0109 3260 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:38:58.0296 3260 wscsvc - ok
21:38:58.0328 3260 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:38:58.0515 3260 WSTCODEC - ok
21:38:58.0546 3260 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:38:58.0734 3260 wuauserv - ok
21:38:58.0796 3260 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:38:59.0031 3260 WZCSVC - ok
21:38:59.0078 3260 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:38:59.0265 3260 xmlprov - ok
21:38:59.0281 3260 ================ Scan global ===============================
21:38:59.0343 3260 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:38:59.0406 3260 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:38:59.0437 3260 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:38:59.0468 3260 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:38:59.0484 3260 [Global] - ok
21:38:59.0484 3260 ================ Scan MBR ==================================
21:38:59.0515 3260 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:38:59.0953 3260 \Device\Harddisk0\DR0 - ok
21:38:59.0953 3260 ================ Scan VBR ==================================
21:38:59.0953 3260 [ 15AFD60B28E7A878F4418F547FCFB6E2 ] \Device\Harddisk0\DR0\Partition1
21:38:59.0953 3260 \Device\Harddisk0\DR0\Partition1 - ok
21:39:00.0015 3260 [ 7449EE47E4879210922B54D10F147FAE ] \Device\Harddisk0\DR0\Partition2
21:39:00.0015 3260 \Device\Harddisk0\DR0\Partition2 - ok
21:39:00.0015 3260 ============================================================
21:39:00.0015 3260 Scan finished
21:39:00.0015 3260 ============================================================
21:39:00.0140 3252 Detected object count: 0
21:39:00.0140 3252 Actual detected object count: 0
  • 0

#6
ali.B
Posted 28 August 2012 - 11:25 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

ESET Online Scanner


  • Click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 0

#7
scoobysnack2012
Posted 30 August 2012 - 12:01 AM

scoobysnack2012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Computer seems to be running much better, haven't seen any random shutdown/re-boots and performance is more in tune with what it should be. Both scans requested were run and their logs are below. Thanks.


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.29.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bettsy - Dave :: HOME-8908F1FABE [administrator]

8/30/2012 10:07:40 PM
mbam-log-2012-08-30 (22-07-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221575
Time elapsed: 10 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)






C:\Documents and Settings\All Users\Application Data\Fighters\SLOW-PCfighter\InstallCache\{7269CBA7-2A83-4CA4-9014-EC7FB0104CE1}\SLOW-PCfighter.msi a variant of Win32/SlowPCfighter application deleted - quarantined
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Documents and Settings\Bettsy - Dave\My Documents\Downloads\FrostWireInstaller.exe Win32/FreeInstaller application cleaned by deleting - quarantined
C:\Documents and Settings\Bettsy - Dave\My Documents\Downloads\intunemp3.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\Bettsy - Dave\My Documents\Downloads\musicoasis(2).exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\Bettsy - Dave\My Documents\Downloads\musicoasis.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\Bettsy - Dave\My Documents\Downloads\slow-pcfighterWeb_Inst(1).exe a variant of Win32/SlowPCfighter application cleaned by deleting - quarantined
C:\Documents and Settings\Bettsy - Dave\My Documents\Downloads\slow-pcfighterWeb_Inst(2).exe a variant of Win32/SlowPCfighter application cleaned by deleting - quarantined
C:\Documents and Settings\Bettsy - Dave\My Documents\Downloads\slow-pcfighterWeb_Inst.exe a variant of Win32/SlowPCfighter application cleaned by deleting - quarantined
C:\Documents and Settings\Bettsy - Dave\My Documents\Downloads\slow-pcfighter_Web(1).exe a variant of Win32/SlowPCfighter application cleaned by deleting - quarantined
C:\Documents and Settings\Bettsy - Dave\My Documents\Downloads\slow-pcfighter_Web.exe a variant of Win32/SlowPCfighter application cleaned by deleting - quarantined
C:\System Volume Information\_restore{4939D0AB-FE49-4865-9A66-D025965E43CB}\RP691\A3304062.msi a variant of Win32/SlowPCfighter application deleted - quarantined
C:\System Volume Information\_restore{4939D0AB-FE49-4865-9A66-D025965E43CB}\RP692\A3305227.msi a variant of Win32/SlowPCfighter application deleted - quarantined
C:\System Volume Information\_restore{4939D0AB-FE49-4865-9A66-D025965E43CB}\RP692\A3305239.msi a variant of Win32/SlowPCfighter application deleted - quarantined
C:\System Volume Information\_restore{4939D0AB-FE49-4865-9A66-D025965E43CB}\RP694\A3309096.msi a variant of Win32/SlowPCfighter application deleted - quarantined
C:\System Volume Information\_restore{4939D0AB-FE49-4865-9A66-D025965E43CB}\RP694\A3309097.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
  • 0

#8
ali.B
Posted 30 August 2012 - 12:39 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
you need to be careful what you download ;)

what are your current problems ?
  • 0

#9
ali.B
Posted 06 September 2012 - 11:56 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP