Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cant Update Windows/System Shutting Down! [Closed]


  • This topic is locked This topic is locked

#1
katvonb28

katvonb28

    Member

  • Member
  • PipPip
  • 18 posts
:surrender: Okay this is my first time doing this so I will try my best to be as clear and descriptive as I can. A few days ago I noticed that every time I would try and get into excel, word or even the net, my task manager would say they were open but nothing would appear on screen. I would end up having to shut down, restart (manually as I couldnt even restart from my "start" menu) and try again. I also noticed that randomly my Display Properties would change from Windows XP style (Which is where I wanted it) to Windows Classic and it would even give me the option to change it back to XP style. A few days into having these smaller issues my Eset (which I update and run religiously) told me I needed to update so I clicked the button and as always it took me to Windows Update. Where I never had a problem before now all of the sudden as soon as I clicked Express, it would run for a few minutes and then give me my update history with basically EVERYTHING I needed to update as "failed" It seems as if all my critical updates are failing. I went to my task manager to see what was running and first off I noticed svchost.exe is running at least 6 at a time, some under network systems and the rest under "System" the ones under system are running at over 30,000 memeory usage. I know I messed up because I decided to click "end task" to see what happened and all of the sudden everything started to run faster. It seemed like a nice little fix until my computer started running slow again and now, on top of not being able to update windows, my display properties changing randomly, NOW when I update my Superantispyware (which I also update and run religiously) when I check the next day it says I havent ran my updates for three days, sometimes even four days when I just updated yesterday! Now the last symptom that is kicking my butt is now when I am on the net, Im getting a shutdown message that says my system is shutting down! The message I get is The System is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown system was initiated by NT AU`HORITY\SYSTEM and that the RPC is what told it to do so? Now, I found online the whole run>shutdown -a to stop it from shutting down when I am trying to run a scan (For nothing because Eset isnt catching anything and either is SuperAntiSpyware, I even run CCcleaner and nothing) Any help you can provide is appreciated and Im sorry this is so long but I was trying to include as much info as I could. I did run the OTL and have the documents ready for anyone who can help me and needs them! Thanks!!!!!!!!!
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi could you post the OTL log please and additionally run this programme

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
katvonb28

katvonb28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hello! Here are the logs I got from running the OTL and the aswmbr. Thanks!!!!!

OTL:

OTL logfile created on: 1/8/2013 8:44:38 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Front Desk\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.42 Mb Total Physical Memory | 40.90 Mb Available Physical Memory | 9.16% Memory free
1.03 Gb Paging File | 0.59 Gb Available in Paging File | 57.51% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 63.31 Gb Free Space | 88.60% Space Free | Partition Type: NTFS

Computer Name: FRONT | User Name: Front Desk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/08 08:44:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Front Desk\Desktop\OTL.exe
PRC - [2012/09/10 07:38:23 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012/03/07 14:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/27 14:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/14 08:52:20 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ebb4c6a7\mscorlib.dll
MOD - [2012/11/14 08:52:16 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_cfacdccf\system.drawing.dll
MOD - [2012/11/14 08:51:58 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_39654bc6\system.xml.dll
MOD - [2012/11/14 08:51:51 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_7a4dad5f\system.windows.forms.dll
MOD - [2012/11/14 08:51:35 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2b5d28b4\system.dll
MOD - [2012/11/14 08:51:20 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/11/14 08:51:17 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/06/13 07:56:03 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2011/12/07 09:03:24 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2011/12/06 09:49:21 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2011/12/06 09:49:21 | 000,006,656 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll
MOD - [2011/12/06 09:49:16 | 000,614,400 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2011/12/06 09:48:52 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2011/12/06 09:48:31 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.66__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2011/12/06 09:48:31 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.66__9cf889f53ea9b907\lead.drawing.dll
MOD - [2011/12/06 09:48:31 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.66__9cf889f53ea9b907\lead.dll
MOD - [2011/12/06 09:48:31 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.66__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2011/12/06 09:48:30 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2011/12/06 09:48:30 | 000,249,856 | ---- | M] () -- c:\windows\assembly\gac\hpqtray.resources\3.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll
MOD - [2011/12/06 09:48:30 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2011/12/06 09:48:30 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2011/12/06 09:48:29 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2011/12/06 09:48:29 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2011/12/06 09:48:29 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2011/12/06 09:48:29 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2011/12/06 09:48:29 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2011/12/06 09:48:29 | 000,007,168 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll
MOD - [2011/12/06 09:47:20 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2011/12/06 09:47:20 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2011/12/06 09:47:19 | 000,557,056 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2011/12/06 09:47:19 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2011/12/06 09:47:19 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2011/12/06 09:47:19 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2011/12/06 09:44:28 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2006/08/23 14:12:44 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006/08/23 14:12:38 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/19 10:42:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/10 07:38:23 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\AmdK8.sys -- (AmdK8)
DRV - [2012/03/14 07:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2012/03/14 07:40:04 | 000,061,936 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2012/03/14 07:40:04 | 000,040,336 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2012/03/14 07:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2012/03/14 07:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012/01/24 08:32:51 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/07/27 14:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/17 11:03:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/06/26 09:43:03 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

Hosts file not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} http://aolsvc.aol.co...eb.1.0.0.13.cab (CPlayFirstChocolatierControl Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1345039943562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A863E2A-AAED-4900-A363-9ED39C3D7205}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Front Desk\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Front Desk\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/01 11:45:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/08 08:44:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Front Desk\Desktop\OTL.exe
[2013/01/08 08:23:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Front Desk\Recent
[2012/12/27 15:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Front Desk\Desktop\New Folder
[2012/12/20 08:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/12/17 13:18:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/10/18 13:12:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\lsass.exe
[6 C:\Documents and Settings\Front Desk\Desktop\*.tmp files -> C:\Documents and Settings\Front Desk\Desktop\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/08 08:44:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Front Desk\Desktop\OTL.exe
[2013/01/08 08:29:54 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Front Desk\Desktop\Excel.lnk
[2013/01/08 08:23:40 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/01/08 08:23:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/07 09:30:56 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Front Desk\Desktop\Word.lnk
[2013/01/07 08:06:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/28 13:45:59 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/27 12:43:34 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/12/27 09:28:27 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[6 C:\Documents and Settings\Front Desk\Desktop\*.tmp files -> C:\Documents and Settings\Front Desk\Desktop\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/21 08:22:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/05 15:13:55 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Front Desk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/29 14:42:03 | 000,018,012 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/18 13:12:26 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vsloops.pad
[2012/02/17 08:26:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/06 10:03:04 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Front Desk\Local Settings\Application Data\fusioncache.dat
[2011/12/06 09:39:19 | 000,104,291 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/12/06 09:39:19 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/12/01 16:12:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/12/01 13:53:48 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011/12/01 13:53:47 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011/12/01 13:53:47 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011/12/01 13:53:47 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011/12/01 13:53:46 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011/12/01 13:53:46 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/12/01 13:53:46 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2011/12/01 13:53:46 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2011/12/01 13:53:44 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/12/01 13:53:44 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2011/12/01 13:53:43 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011/12/01 11:47:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/01 11:42:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/01 06:33:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== ZeroAccess Check ==========

[2011/12/06 09:44:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/03 09:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/06/26 09:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/01/04 14:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET(2)
[2012/01/04 14:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET(3)
[2012/01/04 14:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET(4)
[2011/12/01 15:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\ESET

========== Purity Check ==========



< End of report >

OTL Extras:

OTL logfile created on: 1/8/2013 8:44:38 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Front Desk\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.42 Mb Total Physical Memory | 40.90 Mb Available Physical Memory | 9.16% Memory free
1.03 Gb Paging File | 0.59 Gb Available in Paging File | 57.51% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 63.31 Gb Free Space | 88.60% Space Free | Partition Type: NTFS

Computer Name: FRONT | User Name: Front Desk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/08 08:44:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Front Desk\Desktop\OTL.exe
PRC - [2012/09/10 07:38:23 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012/03/07 14:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/27 14:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/14 08:52:20 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ebb4c6a7\mscorlib.dll
MOD - [2012/11/14 08:52:16 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_cfacdccf\system.drawing.dll
MOD - [2012/11/14 08:51:58 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_39654bc6\system.xml.dll
MOD - [2012/11/14 08:51:51 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_7a4dad5f\system.windows.forms.dll
MOD - [2012/11/14 08:51:35 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2b5d28b4\system.dll
MOD - [2012/11/14 08:51:20 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/11/14 08:51:17 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/06/13 07:56:03 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2011/12/07 09:03:24 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2011/12/06 09:49:21 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2011/12/06 09:49:21 | 000,006,656 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll
MOD - [2011/12/06 09:49:16 | 000,614,400 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2011/12/06 09:48:52 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2011/12/06 09:48:31 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.66__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2011/12/06 09:48:31 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.66__9cf889f53ea9b907\lead.drawing.dll
MOD - [2011/12/06 09:48:31 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.66__9cf889f53ea9b907\lead.dll
MOD - [2011/12/06 09:48:31 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.66__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2011/12/06 09:48:30 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2011/12/06 09:48:30 | 000,249,856 | ---- | M] () -- c:\windows\assembly\gac\hpqtray.resources\3.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll
MOD - [2011/12/06 09:48:30 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2011/12/06 09:48:30 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2011/12/06 09:48:29 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2011/12/06 09:48:29 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2011/12/06 09:48:29 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2011/12/06 09:48:29 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2011/12/06 09:48:29 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2011/12/06 09:48:29 | 000,007,168 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll
MOD - [2011/12/06 09:47:20 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2011/12/06 09:47:20 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2011/12/06 09:47:19 | 000,557,056 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2011/12/06 09:47:19 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2011/12/06 09:47:19 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2011/12/06 09:47:19 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2011/12/06 09:44:28 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2006/08/23 14:12:44 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006/08/23 14:12:38 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/19 10:42:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/10 07:38:23 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\AmdK8.sys -- (AmdK8)
DRV - [2012/03/14 07:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2012/03/14 07:40:04 | 000,061,936 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2012/03/14 07:40:04 | 000,040,336 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2012/03/14 07:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2012/03/14 07:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012/01/24 08:32:51 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/07/27 14:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/17 11:03:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/06/26 09:43:03 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

Hosts file not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} http://aolsvc.aol.co...eb.1.0.0.13.cab (CPlayFirstChocolatierControl Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1345039943562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A863E2A-AAED-4900-A363-9ED39C3D7205}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Front Desk\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Front Desk\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/01 11:45:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/08 08:44:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Front Desk\Desktop\OTL.exe
[2013/01/08 08:23:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Front Desk\Recent
[2012/12/27 15:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Front Desk\Desktop\New Folder
[2012/12/20 08:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/12/17 13:18:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/10/18 13:12:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\lsass.exe
[6 C:\Documents and Settings\Front Desk\Desktop\*.tmp files -> C:\Documents and Settings\Front Desk\Desktop\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/08 08:44:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Front Desk\Desktop\OTL.exe
[2013/01/08 08:29:54 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Front Desk\Desktop\Excel.lnk
[2013/01/08 08:23:40 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/01/08 08:23:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/07 09:30:56 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Front Desk\Desktop\Word.lnk
[2013/01/07 08:06:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/28 13:45:59 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/27 12:43:34 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/12/27 09:28:27 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[6 C:\Documents and Settings\Front Desk\Desktop\*.tmp files -> C:\Documents and Settings\Front Desk\Desktop\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/21 08:22:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/05 15:13:55 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Front Desk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/29 14:42:03 | 000,018,012 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/18 13:12:26 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vsloops.pad
[2012/02/17 08:26:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/06 10:03:04 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Front Desk\Local Settings\Application Data\fusioncache.dat
[2011/12/06 09:39:19 | 000,104,291 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/12/06 09:39:19 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/12/01 16:12:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/12/01 13:53:48 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011/12/01 13:53:47 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011/12/01 13:53:47 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011/12/01 13:53:47 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011/12/01 13:53:46 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011/12/01 13:53:46 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/12/01 13:53:46 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2011/12/01 13:53:46 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2011/12/01 13:53:44 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/12/01 13:53:44 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2011/12/01 13:53:43 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011/12/01 11:47:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/01 11:42:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/01 06:33:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== ZeroAccess Check ==========

[2011/12/06 09:44:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/03 09:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/06/26 09:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/01/04 14:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET(2)
[2012/01/04 14:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET(3)
[2012/01/04 14:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET(4)
[2011/12/01 15:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\ESET

========== Purity Check ==========



< End of report >

And finally the aswrMBR. For some reason I had to do it as an attachment? Attached File  MBR.dat   512bytes   33 downloads
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There should be an MBR.txt on your desktop could you post that please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
[2012/10/18 13:12:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\lsass.exe
[2012/10/18 13:12:26 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vsloops.pad

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the GMER Rootkit Scanner. to your Desktop, it will be a randomly named .exe file .

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click the file you downloaded. The program will begin to run.
Posted Image

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#5
katvonb28

katvonb28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Sorry! I was looking at the wrong thing lol here is the text file of that scan!

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-08 10:46:19
-----------------------------
10:46:19.662 OS Version: Windows 5.1.2600 Service Pack 3
10:46:19.662 Number of processors: 1 586 0x5F02
10:46:19.662 ComputerName: FRONT UserName:
10:46:21.771 Initialize success
10:46:47.237 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:46:47.237 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
10:46:47.237 Device \Driver\atapi -> DriverStartIo 8459d2e2
10:46:47.237 Disk 0 MBR read successfully
10:46:47.237 Disk 0 MBR scan
10:46:47.237 Disk 0 Windows XP default MBR code
10:46:47.237 Disk 0 MBR hidden
10:46:47.252 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
10:46:47.268 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 73171 MB offset 80325
10:46:47.299 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 149934645
10:46:47.299 Disk 0 scanning sectors +156232125
10:46:47.377 Disk 0 scanning C:\WINDOWS\system32\drivers
10:46:54.548 Service scanning
10:47:06.578 Modules scanning
10:47:19.545 Disk 0 trace - called modules:
10:47:19.560 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8459d4b1]<<
10:47:19.560 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84b948c8]
10:47:19.560 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\0000005c[0x849fff18]
10:47:19.560 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> [0x84b96030]
10:47:19.560 \Driver\atapi[0x847f04b0] -> IRP_MJ_CREATE -> 0x8459d4b1
10:47:19.560 Scan finished successfully
10:47:28.793 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Front Desk\Desktop\MBR.dat"
10:47:28.840 The log file has been saved successfully to "C:\Documents and Settings\Front Desk\Desktop\aswMBR.txt"


I am going to run the OTL as you instructed now and will report back asap

  • 0

#6
katvonb28

katvonb28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here is the 2nd OTL scan, getting ready to run the rookit scan now, will post when finished

OTL logfile created on: 1/8/2013 12:15:07 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Front Desk\Desktop\New Folder (3)
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.42 Mb Total Physical Memory | 96.37 Mb Available Physical Memory | 21.59% Memory free
1.03 Gb Paging File | 0.52 Gb Available in Paging File | 50.61% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 63.35 Gb Free Space | 88.66% Space Free | Partition Type: NTFS

Computer Name: FRONT | User Name: Front Desk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/08 08:44:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Front Desk\Desktop\New Folder (3)\OTL.exe
PRC - [2012/09/10 07:38:23 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012/03/07 14:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/27 14:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/14 08:52:20 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ebb4c6a7\mscorlib.dll
MOD - [2012/11/14 08:52:16 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_cfacdccf\system.drawing.dll
MOD - [2012/11/14 08:51:58 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_39654bc6\system.xml.dll
MOD - [2012/11/14 08:51:51 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_7a4dad5f\system.windows.forms.dll
MOD - [2012/11/14 08:51:35 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2b5d28b4\system.dll
MOD - [2012/11/14 08:51:20 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/11/14 08:51:17 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/06/13 07:56:03 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2011/12/07 09:03:24 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2011/12/06 09:49:21 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2011/12/06 09:49:21 | 000,006,656 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll
MOD - [2011/12/06 09:49:16 | 000,614,400 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2011/12/06 09:48:52 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2011/12/06 09:48:31 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.66__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2011/12/06 09:48:31 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.66__9cf889f53ea9b907\lead.drawing.dll
MOD - [2011/12/06 09:48:31 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.66__9cf889f53ea9b907\lead.dll
MOD - [2011/12/06 09:48:31 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.66__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2011/12/06 09:48:30 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2011/12/06 09:48:30 | 000,249,856 | ---- | M] () -- c:\windows\assembly\gac\hpqtray.resources\3.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll
MOD - [2011/12/06 09:48:30 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2011/12/06 09:48:30 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2011/12/06 09:48:29 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2011/12/06 09:48:29 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2011/12/06 09:48:29 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2011/12/06 09:48:29 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2011/12/06 09:48:29 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2011/12/06 09:48:29 | 000,007,168 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll
MOD - [2011/12/06 09:47:20 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2011/12/06 09:47:20 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2011/12/06 09:47:19 | 000,557,056 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2011/12/06 09:47:19 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2011/12/06 09:47:19 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2011/12/06 09:47:19 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2011/12/06 09:44:28 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2006/08/23 14:12:38 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/19 10:42:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/10 07:38:23 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\AmdK8.sys -- (AmdK8)
DRV - [2012/03/14 07:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2012/03/14 07:40:04 | 000,061,936 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2012/03/14 07:40:04 | 000,040,336 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2012/03/14 07:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2012/03/14 07:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012/01/24 08:32:51 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/07/27 14:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/17 11:03:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/06/26 09:43:03 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

O1 HOSTS File: ([2013/01/08 12:02:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} http://aolsvc.aol.co...eb.1.0.0.13.cab (CPlayFirstChocolatierControl Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1345039943562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A863E2A-AAED-4900-A363-9ED39C3D7205}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Front Desk\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Front Desk\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/01 11:45:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/08 12:05:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Front Desk\Recent
[2013/01/08 12:01:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/08 11:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Front Desk\Desktop\New Folder (3)
[2012/12/27 15:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Front Desk\Desktop\New Folder
[2012/12/20 08:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/12/17 13:18:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

========== Files - Modified Within 30 Days ==========

[2013/01/08 12:04:52 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/01/08 12:04:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/08 12:02:00 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/01/08 09:18:54 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/08 08:29:54 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Front Desk\Desktop\Excel.lnk
[2013/01/07 09:30:56 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Front Desk\Desktop\Word.lnk
[2013/01/07 08:06:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/27 12:43:34 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/12/27 09:28:27 | 000,000,211 | -HS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2012/12/21 08:22:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/05 15:13:55 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Front Desk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/29 14:42:03 | 000,018,012 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/02/17 08:26:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/06 10:03:04 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Front Desk\Local Settings\Application Data\fusioncache.dat
[2011/12/06 09:39:19 | 000,104,291 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/12/06 09:39:19 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/12/01 16:12:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/12/01 13:53:48 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011/12/01 13:53:47 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011/12/01 13:53:47 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011/12/01 13:53:47 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011/12/01 13:53:46 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011/12/01 13:53:46 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/12/01 13:53:46 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2011/12/01 13:53:46 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2011/12/01 13:53:44 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/12/01 13:53:44 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2011/12/01 13:53:43 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011/12/01 11:47:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/01 11:42:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/01 06:33:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== ZeroAccess Check ==========

[2011/12/06 09:44:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/03 09:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/06/26 09:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/01/04 14:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET(2)
[2012/01/04 14:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET(3)
[2012/01/04 14:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET(4)
[2011/12/01 15:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\ESET

========== Purity Check ==========



< End of report >
  • 0

#7
katvonb28

katvonb28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Okay here is the GMER.txt log.

OTL logfile created on: 1/8/2013 12:15:07 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Front Desk\Desktop\New Folder (3)
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.42 Mb Total Physical Memory | 96.37 Mb Available Physical Memory | 21.59% Memory free
1.03 Gb Paging File | 0.52 Gb Available in Paging File | 50.61% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 63.35 Gb Free Space | 88.66% Space Free | Partition Type: NTFS

Computer Name: FRONT | User Name: Front Desk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/08 08:44:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Front Desk\Desktop\New Folder (3)\OTL.exe
PRC - [2012/09/10 07:38:23 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012/03/07 14:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/27 14:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/14 08:52:20 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ebb4c6a7\mscorlib.dll
MOD - [2012/11/14 08:52:16 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_cfacdccf\system.drawing.dll
MOD - [2012/11/14 08:51:58 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_39654bc6\system.xml.dll
MOD - [2012/11/14 08:51:51 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_7a4dad5f\system.windows.forms.dll
MOD - [2012/11/14 08:51:35 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2b5d28b4\system.dll
MOD - [2012/11/14 08:51:20 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/11/14 08:51:17 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/06/13 07:56:03 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2011/12/07 09:03:24 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2011/12/06 09:49:21 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2011/12/06 09:49:21 | 000,006,656 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll
MOD - [2011/12/06 09:49:16 | 000,614,400 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2011/12/06 09:48:52 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2011/12/06 09:48:31 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.66__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2011/12/06 09:48:31 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.66__9cf889f53ea9b907\lead.drawing.dll
MOD - [2011/12/06 09:48:31 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.66__9cf889f53ea9b907\lead.dll
MOD - [2011/12/06 09:48:31 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.66__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2011/12/06 09:48:30 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2011/12/06 09:48:30 | 000,249,856 | ---- | M] () -- c:\windows\assembly\gac\hpqtray.resources\3.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll
MOD - [2011/12/06 09:48:30 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2011/12/06 09:48:30 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2011/12/06 09:48:29 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2011/12/06 09:48:29 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2011/12/06 09:48:29 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2011/12/06 09:48:29 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2011/12/06 09:48:29 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2011/12/06 09:48:29 | 000,007,168 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll
MOD - [2011/12/06 09:47:20 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2011/12/06 09:47:20 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2011/12/06 09:47:19 | 000,557,056 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2011/12/06 09:47:19 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2011/12/06 09:47:19 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2011/12/06 09:47:19 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2011/12/06 09:44:28 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2006/08/23 14:12:38 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/19 10:42:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/10 07:38:23 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\AmdK8.sys -- (AmdK8)
DRV - [2012/03/14 07:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2012/03/14 07:40:04 | 000,061,936 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2012/03/14 07:40:04 | 000,040,336 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2012/03/14 07:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2012/03/14 07:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012/01/24 08:32:51 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/07/27 14:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/17 11:03:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/06/26 09:43:03 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Documents and Settings\Front Desk\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

O1 HOSTS File: ([2013/01/08 12:02:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} http://aolsvc.aol.co...eb.1.0.0.13.cab (CPlayFirstChocolatierControl Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1345039943562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A863E2A-AAED-4900-A363-9ED39C3D7205}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Front Desk\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Front Desk\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/01 11:45:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/08 12:05:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Front Desk\Recent
[2013/01/08 12:01:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/08 11:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Front Desk\Desktop\New Folder (3)
[2012/12/27 15:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Front Desk\Desktop\New Folder
[2012/12/20 08:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/12/17 13:18:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

========== Files - Modified Within 30 Days ==========

[2013/01/08 12:04:52 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/01/08 12:04:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/08 12:02:00 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/01/08 09:18:54 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/08 08:29:54 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Front Desk\Desktop\Excel.lnk
[2013/01/07 09:30:56 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Front Desk\Desktop\Word.lnk
[2013/01/07 08:06:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/27 12:43:34 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/12/27 09:28:27 | 000,000,211 | -HS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2012/12/21 08:22:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/05 15:13:55 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Front Desk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/29 14:42:03 | 000,018,012 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/02/17 08:26:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/06 10:03:04 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Front Desk\Local Settings\Application Data\fusioncache.dat
[2011/12/06 09:39:19 | 000,104,291 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/12/06 09:39:19 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/12/01 16:12:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/12/01 13:53:48 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011/12/01 13:53:47 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011/12/01 13:53:47 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011/12/01 13:53:47 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011/12/01 13:53:46 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011/12/01 13:53:46 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/12/01 13:53:46 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2011/12/01 13:53:46 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2011/12/01 13:53:44 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/12/01 13:53:44 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2011/12/01 13:53:43 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011/12/01 11:47:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/01 11:42:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/01 06:33:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== ZeroAccess Check ==========

[2011/12/06 09:44:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/03 09:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/06/26 09:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/01/04 14:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET(2)
[2012/01/04 14:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET(3)
[2012/01/04 14:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET(4)
[2011/12/01 15:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Front Desk\Application Data\ESET

========== Purity Check ==========



< End of report >


:thumbsup:
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Oops you posted the wrong log.. However, aswMBR gave me a hint

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#9
katvonb28

katvonb28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Sorry about that! the only other thing I saw was when I initially clicked on the gmer randomly named file it ran a quick (REALLY quick) little scan and I got this

GMER 2.0.18444 - http://www.gmer.net
Rootkit quick scan 2013-01-08 13:31:37
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD800JD-75MSA3 rev.10.01E04 74.51GB
Running: syu8ed5i.exe; Driver: C:\DOCUME~1\FRONTD~1\LOCALS~1\Temp\fxtdypog.sys


---- Disk sectors - GMER 2.0 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 2.0 ----


Is that the right one? Im going to run the TDSSkiller now and will post

Thank you so much!
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks like the bad boy
  • 0

Advertisements


#11
katvonb28

katvonb28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
So I give you full permission to kick my butt after what Im about to say lol.

I ran the TDSSkiller and it found about five threats. 4 were "skipped" and one had the cure option. I cured it and it rebooted and THEN I realized I didnt click report so I could post it here!

UGH! So I ran it again afterwards and the only things that are coming up are the threats that are "Skip-able) the fifth threat isnt there anymore WOO HOO!!!

BUT My ESET went nuts when I was running the TDSSKiller scan and I have a bunch of stuff in my "quarintine" on ESET now. Should I post that?

Again, I give my full permission to kick my butt!

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK the log will be at C:\TDSSKiller date time (the biggest one ) :)

Nope, no need for kicking. ESET probably quarantined the files that TDSSKiller was moving
  • 0

#13
katvonb28

katvonb28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Found it!!!! Yay!!!!!!!!!! Here it is

13:33:35.0953 1228 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:33:36.0578 1228 ============================================================
13:33:36.0578 1228 Current date / time: 2013/01/08 13:33:36.0578
13:33:36.0578 1228 SystemInfo:
13:33:36.0578 1228
13:33:36.0578 1228 OS Version: 5.1.2600 ServicePack: 3.0
13:33:36.0578 1228 Product type: Workstation
13:33:36.0578 1228 ComputerName: FRONT
13:33:36.0578 1228 UserName: Front Desk
13:33:36.0578 1228 Windows directory: C:\WINDOWS
13:33:36.0578 1228 System windows directory: C:\WINDOWS
13:33:36.0578 1228 Processor architecture: Intel x86
13:33:36.0578 1228 Number of processors: 1
13:33:36.0578 1228 Page size: 0x1000
13:33:36.0578 1228 Boot type: Normal boot
13:33:36.0578 1228 ============================================================
13:33:47.0609 1228 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:33:47.0609 1228 ============================================================
13:33:47.0609 1228 \Device\Harddisk0\DR0:
13:33:47.0609 1228 MBR partitions:
13:33:47.0609 1228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8EE9870
13:33:47.0609 1228 ============================================================
13:33:47.0703 1228 C: <-> \Device\Harddisk0\DR0\Partition1
13:33:47.0718 1228 ============================================================
13:33:47.0718 1228 Initialize success
13:33:47.0718 1228 ============================================================
13:34:06.0390 2216 ============================================================
13:34:06.0390 2216 Scan started
13:34:06.0390 2216 Mode: Manual; SigCheck; TDLFS;
13:34:06.0390 2216 ============================================================
13:34:07.0203 2216 ================ Scan system memory ========================
13:34:07.0218 2216 System memory - ok
13:34:07.0218 2216 ================ Scan services =============================
13:34:07.0406 2216 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:34:07.0500 2216 !SASCORE - ok
13:34:07.0546 2216 Abiosdsk - ok
13:34:07.0546 2216 abp480n5 - ok
13:34:07.0609 2216 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:34:09.0359 2216 ACPI - ok
13:34:09.0390 2216 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:34:09.0546 2216 ACPIEC - ok
13:34:09.0671 2216 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:34:09.0718 2216 AdobeFlashPlayerUpdateSvc - ok
13:34:09.0734 2216 adpu160m - ok
13:34:09.0765 2216 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:34:09.0906 2216 aec - ok
13:34:09.0968 2216 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:34:10.0046 2216 AFD - ok
13:34:10.0062 2216 Aha154x - ok
13:34:10.0078 2216 aic78u2 - ok
13:34:10.0078 2216 aic78xx - ok
13:34:10.0109 2216 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:34:10.0265 2216 Alerter - ok
13:34:10.0281 2216 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:34:10.0343 2216 ALG - ok
13:34:10.0343 2216 AliIde - ok
13:34:10.0359 2216 AmdK8 - ok
13:34:10.0375 2216 amsint - ok
13:34:10.0375 2216 AppMgmt - ok
13:34:10.0390 2216 asc - ok
13:34:10.0390 2216 asc3350p - ok
13:34:10.0406 2216 asc3550 - ok
13:34:10.0500 2216 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
13:34:10.0531 2216 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
13:34:10.0531 2216 aspnet_state - detected UnsignedFile.Multi.Generic (1)
13:34:10.0593 2216 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:34:10.0718 2216 AsyncMac - ok
13:34:10.0765 2216 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:34:10.0937 2216 atapi - ok
13:34:10.0968 2216 Atdisk - ok
13:34:11.0000 2216 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:34:11.0156 2216 Atmarpc - ok
13:34:11.0203 2216 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:34:11.0343 2216 AudioSrv - ok
13:34:11.0375 2216 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:34:11.0515 2216 audstub - ok
13:34:11.0578 2216 [ 78E7B52DA292FA90BAD2F887BBF22159 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
13:34:11.0625 2216 bcm4sbxp - ok
13:34:11.0671 2216 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:34:11.0812 2216 Beep - ok
13:34:11.0843 2216 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:34:12.0000 2216 BITS - ok
13:34:12.0046 2216 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:34:12.0140 2216 Browser - ok
13:34:12.0156 2216 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:34:12.0343 2216 cbidf2k - ok
13:34:12.0359 2216 cd20xrnt - ok
13:34:12.0375 2216 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:34:12.0515 2216 Cdaudio - ok
13:34:12.0515 2216 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:34:12.0671 2216 Cdfs - ok
13:34:12.0734 2216 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:34:12.0875 2216 Cdrom - ok
13:34:12.0890 2216 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
13:34:12.0890 2216 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
13:34:12.0890 2216 cercsr6 - detected UnsignedFile.Multi.Generic (1)
13:34:12.0906 2216 Changer - ok
13:34:12.0921 2216 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:34:13.0078 2216 CiSvc - ok
13:34:13.0093 2216 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:34:13.0234 2216 ClipSrv - ok
13:34:13.0234 2216 CmdIde - ok
13:34:13.0250 2216 COMSysApp - ok
13:34:13.0265 2216 Cpqarray - ok
13:34:13.0296 2216 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:34:13.0468 2216 CryptSvc - ok
13:34:13.0468 2216 dac2w2k - ok
13:34:13.0484 2216 dac960nt - ok
13:34:13.0546 2216 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:34:13.0593 2216 DcomLaunch - ok
13:34:13.0656 2216 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:34:13.0812 2216 Dhcp - ok
13:34:13.0890 2216 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:34:14.0046 2216 Disk - ok
13:34:14.0046 2216 dmadmin - ok
13:34:14.0109 2216 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:34:14.0296 2216 dmboot - ok
13:34:14.0328 2216 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:34:14.0500 2216 dmio - ok
13:34:14.0531 2216 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:34:14.0703 2216 dmload - ok
13:34:14.0734 2216 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:34:14.0906 2216 dmserver - ok
13:34:14.0937 2216 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:34:15.0093 2216 DMusic - ok
13:34:15.0140 2216 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:34:15.0265 2216 Dnscache - ok
13:34:15.0312 2216 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:34:15.0484 2216 Dot3svc - ok
13:34:15.0500 2216 dpti2o - ok
13:34:15.0515 2216 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:34:15.0671 2216 drmkaud - ok
13:34:15.0796 2216 [ 8C2B6BBC82AD12CD9A2E73E5DCBBA705 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
13:34:15.0828 2216 eamon - ok
13:34:15.0843 2216 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:34:16.0000 2216 EapHost - ok
13:34:16.0046 2216 [ 5412ED24FFFCA64E2F0168399B86C952 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
13:34:16.0062 2216 ehdrv - ok
13:34:16.0203 2216 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
13:34:16.0265 2216 ekrn - ok
13:34:16.0375 2216 [ 774BABCB1144513DC86992003740B774 ] epfw C:\WINDOWS\system32\DRIVERS\epfw.sys
13:34:16.0390 2216 epfw - ok
13:34:16.0421 2216 [ 4B86DA2C58063B647577CD669CFFAEEB ] Epfwndis C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
13:34:16.0421 2216 Epfwndis - ok
13:34:16.0437 2216 [ 1B36748EA9E25549EBE5D8EA105BD981 ] epfwtdi C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
13:34:16.0453 2216 epfwtdi - ok
13:34:16.0468 2216 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:34:16.0625 2216 ERSvc - ok
13:34:16.0687 2216 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:34:16.0750 2216 Eventlog - ok
13:34:16.0812 2216 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
13:34:16.0859 2216 EventSystem - ok
13:34:16.0906 2216 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:34:17.0078 2216 Fastfat - ok
13:34:17.0140 2216 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:34:17.0203 2216 FastUserSwitchingCompatibility - ok
13:34:17.0234 2216 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
13:34:17.0406 2216 Fdc - ok
13:34:17.0421 2216 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:34:17.0562 2216 Fips - ok
13:34:17.0562 2216 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
13:34:17.0703 2216 Flpydisk - ok
13:34:17.0750 2216 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:34:17.0890 2216 FltMgr - ok
13:34:17.0890 2216 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:34:18.0062 2216 Fs_Rec - ok
13:34:18.0125 2216 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:34:18.0265 2216 Ftdisk - ok
13:34:18.0312 2216 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:34:18.0468 2216 Gpc - ok
13:34:18.0484 2216 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:34:18.0625 2216 HDAudBus - ok
13:34:18.0718 2216 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:34:18.0875 2216 helpsvc - ok
13:34:18.0890 2216 HidServ - ok
13:34:18.0921 2216 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:34:19.0062 2216 hidusb - ok
13:34:19.0109 2216 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:34:19.0250 2216 hkmsvc - ok
13:34:19.0265 2216 hpn - ok
13:34:19.0328 2216 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:34:19.0421 2216 HPZid412 - ok
13:34:19.0421 2216 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:34:19.0531 2216 HPZipr12 - ok
13:34:19.0546 2216 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:34:19.0656 2216 HPZius12 - ok
13:34:19.0718 2216 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:34:19.0812 2216 HTTP - ok
13:34:19.0843 2216 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:34:20.0000 2216 HTTPFilter - ok
13:34:20.0015 2216 i2omgmt - ok
13:34:20.0015 2216 i2omp - ok
13:34:20.0062 2216 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
13:34:20.0203 2216 i8042prt - ok
13:34:20.0265 2216 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:34:20.0421 2216 Imapi - ok
13:34:20.0468 2216 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:34:20.0625 2216 ImapiService - ok
13:34:20.0640 2216 ini910u - ok
13:34:20.0640 2216 IntelIde - ok
13:34:20.0687 2216 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:34:20.0859 2216 Ip6Fw - ok
13:34:20.0890 2216 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:34:21.0031 2216 IpFilterDriver - ok
13:34:21.0031 2216 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:34:21.0203 2216 IpInIp - ok
13:34:21.0218 2216 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:34:21.0359 2216 IpNat - ok
13:34:21.0406 2216 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:34:21.0562 2216 IPSec - ok
13:34:21.0593 2216 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:34:21.0671 2216 IRENUM - ok
13:34:21.0718 2216 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:34:21.0875 2216 isapnp - ok
13:34:21.0968 2216 [ 91061352084424820AC6268808CB8EE3 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
13:34:22.0000 2216 JavaQuickStarterService - ok
13:34:22.0015 2216 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:34:22.0171 2216 Kbdclass - ok
13:34:22.0171 2216 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:34:22.0312 2216 kbdhid - ok
13:34:22.0390 2216 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:34:22.0546 2216 kmixer - ok
13:34:22.0593 2216 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:34:22.0843 2216 KSecDD - ok
13:34:22.0906 2216 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:34:22.0968 2216 lanmanserver - ok
13:34:23.0046 2216 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:34:23.0109 2216 lanmanworkstation - ok
13:34:23.0140 2216 lbrtfdc - ok
13:34:23.0203 2216 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:34:23.0343 2216 LmHosts - ok
13:34:23.0359 2216 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:34:23.0515 2216 Messenger - ok
13:34:23.0546 2216 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:34:23.0703 2216 mnmdd - ok
13:34:23.0750 2216 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:34:23.0890 2216 mnmsrvc - ok
13:34:23.0921 2216 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:34:24.0093 2216 Modem - ok
13:34:24.0109 2216 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:34:24.0250 2216 Mouclass - ok
13:34:24.0265 2216 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:34:24.0406 2216 mouhid - ok
13:34:24.0421 2216 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:34:24.0578 2216 MountMgr - ok
13:34:24.0578 2216 mraid35x - ok
13:34:24.0593 2216 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:34:24.0734 2216 MRxDAV - ok
13:34:24.0796 2216 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:34:24.0875 2216 MRxSmb - ok
13:34:24.0890 2216 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:34:25.0093 2216 MSDTC - ok
13:34:25.0093 2216 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:34:25.0250 2216 Msfs - ok
13:34:25.0265 2216 MSIServer - ok
13:34:25.0296 2216 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:34:25.0437 2216 MSKSSRV - ok
13:34:25.0484 2216 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:34:25.0640 2216 MSPCLOCK - ok
13:34:25.0671 2216 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:34:25.0843 2216 MSPQM - ok
13:34:25.0875 2216 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:34:26.0015 2216 mssmbios - ok
13:34:26.0062 2216 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:34:26.0078 2216 Mup - ok
13:34:26.0140 2216 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:34:26.0281 2216 napagent - ok
13:34:26.0296 2216 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:34:26.0437 2216 NDIS - ok
13:34:26.0484 2216 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:34:26.0531 2216 NdisTapi - ok
13:34:26.0578 2216 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:34:26.0718 2216 Ndisuio - ok
13:34:26.0718 2216 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:34:26.0875 2216 NdisWan - ok
13:34:26.0921 2216 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:34:27.0000 2216 NDProxy - ok
13:34:27.0000 2216 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:34:27.0140 2216 NetBIOS - ok
13:34:27.0156 2216 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:34:27.0296 2216 NetBT - ok
13:34:27.0359 2216 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:34:27.0500 2216 NetDDE - ok
13:34:27.0500 2216 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:34:27.0812 2216 NetDDEdsdm - ok
13:34:27.0828 2216 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:34:27.0968 2216 Netlogon - ok
13:34:28.0031 2216 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:34:28.0171 2216 Netman - ok
13:34:28.0187 2216 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:34:28.0218 2216 Nla - ok
13:34:28.0218 2216 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:34:28.0375 2216 Npfs - ok
13:34:28.0406 2216 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:34:28.0593 2216 Ntfs - ok
13:34:28.0609 2216 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:34:28.0750 2216 NtLmSsp - ok
13:34:28.0828 2216 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:34:28.0984 2216 NtmsSvc - ok
13:34:29.0015 2216 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:34:29.0171 2216 Null - ok
13:34:29.0359 2216 [ 15A6306A0B958BF60F09688D0EE70479 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:34:29.0593 2216 nv - ok
13:34:29.0640 2216 [ 986D6666E076AFD2B60ACAFD5B01A00F ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
13:34:29.0656 2216 NVSvc - ok
13:34:29.0718 2216 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:34:29.0859 2216 NwlnkFlt - ok
13:34:29.0890 2216 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:34:30.0046 2216 NwlnkFwd - ok
13:34:30.0125 2216 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:34:30.0140 2216 ose - ok
13:34:30.0203 2216 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
13:34:30.0343 2216 Parport - ok
13:34:30.0359 2216 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:34:30.0531 2216 PartMgr - ok
13:34:30.0562 2216 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:34:30.0718 2216 ParVdm - ok
13:34:30.0750 2216 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:34:30.0890 2216 PCI - ok
13:34:30.0906 2216 PCIDump - ok
13:34:30.0937 2216 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:34:31.0062 2216 PCIIde - ok
13:34:31.0109 2216 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:34:31.0250 2216 Pcmcia - ok
13:34:31.0265 2216 PDCOMP - ok
13:34:31.0265 2216 PDFRAME - ok
13:34:31.0281 2216 PDRELI - ok
13:34:31.0281 2216 PDRFRAME - ok
13:34:31.0296 2216 perc2 - ok
13:34:31.0312 2216 perc2hib - ok
13:34:31.0343 2216 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:34:31.0359 2216 PlugPlay - ok
13:34:31.0421 2216 [ 901C43516504CBE582E4C4193E00876A ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
13:34:31.0421 2216 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:34:31.0421 2216 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:34:31.0437 2216 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:34:31.0562 2216 PolicyAgent - ok
13:34:31.0593 2216 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:34:31.0734 2216 PptpMiniport - ok
13:34:31.0765 2216 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
13:34:31.0921 2216 Processor - ok
13:34:31.0921 2216 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:34:32.0062 2216 ProtectedStorage - ok
13:34:32.0062 2216 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:34:32.0218 2216 PSched - ok
13:34:32.0234 2216 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:34:32.0359 2216 Ptilink - ok
13:34:32.0359 2216 ql1080 - ok
13:34:32.0375 2216 Ql10wnt - ok
13:34:32.0390 2216 ql12160 - ok
13:34:32.0390 2216 ql1240 - ok
13:34:32.0406 2216 ql1280 - ok
13:34:32.0421 2216 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:34:32.0562 2216 RasAcd - ok
13:34:32.0593 2216 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:34:32.0765 2216 RasAuto - ok
13:34:32.0796 2216 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:34:32.0921 2216 Rasl2tp - ok
13:34:33.0000 2216 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:34:33.0125 2216 RasMan - ok
13:34:33.0140 2216 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:34:33.0281 2216 RasPppoe - ok
13:34:33.0296 2216 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:34:33.0437 2216 Raspti - ok
13:34:33.0453 2216 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:34:33.0593 2216 Rdbss - ok
13:34:33.0593 2216 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:34:33.0734 2216 RDPCDD - ok
13:34:33.0796 2216 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:34:33.0843 2216 RDPWD - ok
13:34:33.0890 2216 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:34:34.0046 2216 RDSessMgr - ok
13:34:34.0062 2216 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:34:34.0218 2216 redbook - ok
13:34:34.0250 2216 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:34:34.0421 2216 RemoteAccess - ok
13:34:34.0437 2216 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:34:34.0609 2216 RpcLocator - ok
13:34:34.0640 2216 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:34:34.0671 2216 RpcSs - ok
13:34:34.0718 2216 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:34:34.0875 2216 RSVP - ok
13:34:34.0906 2216 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:34:35.0062 2216 SamSs - ok
13:34:35.0109 2216 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:34:35.0125 2216 SASDIFSV - ok
13:34:35.0187 2216 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:34:35.0203 2216 SASKUTIL - ok
13:34:35.0234 2216 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:34:35.0375 2216 SCardSvr - ok
13:34:35.0421 2216 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:34:35.0562 2216 Schedule - ok
13:34:35.0609 2216 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:34:35.0671 2216 Secdrv - ok
13:34:35.0765 2216 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:34:35.0921 2216 seclogon - ok
13:34:35.0953 2216 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:34:36.0093 2216 SENS - ok
13:34:36.0140 2216 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
13:34:36.0281 2216 Serial - ok
13:34:36.0296 2216 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:34:36.0437 2216 Sfloppy - ok
13:34:36.0515 2216 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:34:36.0671 2216 SharedAccess - ok
13:34:36.0718 2216 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:34:36.0734 2216 ShellHWDetection - ok
13:34:36.0750 2216 Simbad - ok
13:34:36.0750 2216 Sparrow - ok
13:34:36.0765 2216 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:34:36.0906 2216 splitter - ok
13:34:36.0968 2216 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:34:37.0062 2216 Spooler - ok
13:34:37.0062 2216 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:34:37.0125 2216 sr - ok
13:34:37.0140 2216 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:34:37.0203 2216 srservice - ok
13:34:37.0265 2216 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:34:37.0343 2216 Srv - ok
13:34:37.0359 2216 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:34:37.0406 2216 SSDPSRV - ok
13:34:37.0484 2216 [ 8990440E4B2A7CA5A56A1833B03741FD ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
13:34:37.0593 2216 STHDA - ok
13:34:37.0656 2216 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:34:37.0828 2216 stisvc - ok
13:34:37.0890 2216 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:34:38.0031 2216 swenum - ok
13:34:38.0062 2216 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:34:38.0218 2216 swmidi - ok
13:34:38.0218 2216 SwPrv - ok
13:34:38.0234 2216 symc810 - ok
13:34:38.0250 2216 symc8xx - ok
13:34:38.0265 2216 sym_hi - ok
13:34:38.0265 2216 sym_u3 - ok
13:34:38.0281 2216 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:34:38.0421 2216 sysaudio - ok
13:34:38.0468 2216 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:34:38.0609 2216 SysmonLog - ok
13:34:38.0640 2216 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:34:38.0781 2216 TapiSrv - ok
13:34:38.0828 2216 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:34:38.0875 2216 Tcpip - ok
13:34:38.0921 2216 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:34:39.0078 2216 TDPIPE - ok
13:34:39.0125 2216 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:34:39.0250 2216 TDTCP - ok
13:34:39.0296 2216 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:34:39.0437 2216 TermDD - ok
13:34:39.0468 2216 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:34:39.0640 2216 TermService - ok
13:34:39.0671 2216 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:34:39.0687 2216 Themes - ok
13:34:39.0687 2216 TosIde - ok
13:34:39.0703 2216 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:34:39.0859 2216 TrkWks - ok
13:34:39.0890 2216 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:34:40.0046 2216 Udfs - ok
13:34:40.0062 2216 ultra - ok
13:34:40.0125 2216 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:34:40.0265 2216 Update - ok
13:34:40.0296 2216 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:34:40.0375 2216 upnphost - ok
13:34:40.0406 2216 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:34:40.0562 2216 UPS - ok
13:34:40.0609 2216 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:34:40.0750 2216 usbccgp - ok
13:34:40.0781 2216 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:34:40.0906 2216 usbehci - ok
13:34:40.0968 2216 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:34:41.0125 2216 usbhub - ok
13:34:41.0156 2216 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:34:41.0281 2216 usbohci - ok
13:34:41.0328 2216 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:34:41.0468 2216 usbprint - ok
13:34:41.0515 2216 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:34:41.0640 2216 usbscan - ok
13:34:41.0687 2216 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:34:41.0828 2216 USBSTOR - ok
13:34:41.0859 2216 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:34:42.0000 2216 VgaSave - ok
13:34:42.0015 2216 ViaIde - ok
13:34:42.0031 2216 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:34:42.0171 2216 VolSnap - ok
13:34:42.0218 2216 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:34:42.0281 2216 VSS - ok
13:34:42.0328 2216 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
13:34:42.0453 2216 W32Time - ok
13:34:42.0515 2216 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:34:42.0656 2216 Wanarp - ok
13:34:42.0656 2216 WDICA - ok
13:34:42.0718 2216 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:34:42.0859 2216 wdmaud - ok
13:34:42.0906 2216 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:34:43.0046 2216 WebClient - ok
13:34:43.0171 2216 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:34:43.0312 2216 winmgmt - ok
13:34:43.0375 2216 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
13:34:43.0531 2216 WmdmPmSN - ok
13:34:43.0562 2216 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:34:43.0718 2216 WmiApSrv - ok
13:34:43.0812 2216 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:34:43.0937 2216 wscsvc - ok
13:34:44.0000 2216 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:34:44.0140 2216 wuauserv - ok
13:34:44.0218 2216 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:34:44.0421 2216 WZCSVC - ok
13:34:44.0437 2216 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:34:44.0593 2216 xmlprov - ok
13:34:44.0609 2216 ================ Scan global ===============================
13:34:44.0671 2216 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:34:44.0734 2216 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:34:44.0750 2216 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:34:44.0781 2216 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:34:44.0796 2216 [Global] - ok
13:34:44.0796 2216 ================ Scan MBR ==================================
13:34:44.0796 2216 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:34:44.0796 2216 Suspicious mbr (Forged): \Device\Harddisk0\DR0
13:34:44.0828 2216 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
13:34:44.0828 2216 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
13:34:44.0843 2216 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:34:44.0843 2216 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:34:44.0843 2216 ================ Scan VBR ==================================
13:34:44.0875 2216 [ 5E71CC358D41A57186428EEBC0BE740F ] \Device\Harddisk0\DR0\Partition1
13:34:44.0890 2216 \Device\Harddisk0\DR0\Partition1 - ok
13:34:44.0890 2216 ============================================================
13:34:44.0890 2216 Scan finished
13:34:44.0890 2216 ============================================================
13:34:45.0000 1196 Detected object count: 5
13:34:45.0000 1196 Actual detected object count: 5
13:35:18.0390 1196 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:18.0390 1196 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:18.0390 1196 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:18.0390 1196 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:18.0390 1196 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:18.0390 1196 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:18.0968 1196 \Device\Harddisk0\DR0\# - copied to quarantine
13:35:18.0984 1196 \Device\Harddisk0\DR0 - copied to quarantine
13:35:19.0000 1196 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
13:35:19.0015 1196 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
13:35:30.0218 1196 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
13:35:34.0593 1196 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
13:35:35.0359 1196 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
13:35:35.0640 1196 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
13:35:35.0656 1196 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
13:35:35.0656 1196 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
13:35:35.0656 1196 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
13:35:35.0968 1196 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
13:35:36.0328 1196 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
13:35:36.0328 1196 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
13:35:36.0390 1196 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
13:35:36.0421 1196 \Device\Harddisk0\DR0 - ok
13:35:36.0437 1196 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
13:35:36.0437 1196 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:35:36.0437 1196 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
13:35:55.0421 1432 Deinitialize success

  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets get rid of the last bit

Re-run TDSSKiller with the same parameters as before
When this element appears select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

ESET will alert on it

Then could you let me know what problems are outstanding ... Try windows updates as the latest batch are ready for collection :)
  • 0

#15
katvonb28

katvonb28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Okay

Everything seems like its running a bit smoother but my Display Properties is STILL reverting randomly back to Windows Classic with no option to go back to Windows XP Style? Also Im just curious for my own sanity, the svchost.exe that I see running in my task bar under SYSTEM at 12K and higher memory usage is okay?

Thanks!!!

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP