Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Not sure what infection but webpages not opening up and wireless adapt

Started by cadonn , Feb 18 2013 09:38 AM

This topic is locked

#16
cadonn

Posted 20 February 2013 - 06:12 PM

Member

Topic Starter
Member
33 posts

Here you go the combo

ComboFix 13-02-20.01 - DRyder 02/20/2013 18:38:04.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.534 [GMT -5:00]
Running from: c:\documents and settings\DRyder\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\cstsm.pad
c:\documents and settings\All Users\Application Data\dapeton.pad
c:\documents and settings\All Users\Application Data\reyalphsalf.pad
c:\documents and settings\All Users\Application Data\sqj.pad
c:\documents and settings\All Users\VIPRERescue8582.exe
c:\documents and settings\DRyder\Application Data\Adobe\plugs
c:\documents and settings\DRyder\Application Data\Adobe\shed
c:\program files\HP\HPBTWD.exe
c:\windows\system32\OLDFD.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-21 to 2013-02-21 )))))))))))))))))))))))))))))))
.
.
2013-02-20 23:29 . 2013-02-20 23:29 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18DB76F8-9AFF-4B46-A12F-BF2517D84733}\MpKsl55b7bb06.sys
2013-02-20 21:37 . 2013-02-20 21:37 -------- d-----w- C:\_OTL
2013-02-20 20:36 . 2013-02-08 00:45 6954968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18DB76F8-9AFF-4B46-A12F-BF2517D84733}\mpengine.dll
2013-02-18 22:32 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-18 00:05 . 2013-02-18 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-03 18:15 . 2013-02-03 18:15 -------- d-----w- c:\documents and settings\CRyder\Local Settings\Application Data\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 06:28 . 2010-07-14 00:03 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-08 04:57 . 2010-07-20 12:23 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-06 737280]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"Multimedia Keyboard"="c:\program files\MultiMedia Keyboard\KBLED.exe" [2009-10-21 40960]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\DRyder\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - d:\common\EpsonReg\EpsonReg.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP]
2009-07-14 10:54 589104 ----a-w- c:\program files\Hewlett-Packard\HP QuickSync\QuickSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 04:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-15 09:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Hewlett-Packard\\HP QuickSync\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [8/25/2009 7:31 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [8/25/2009 7:31 PM 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [7/2/2009 1:10 AM 103792]
R1 MpKsl55b7bb06;MpKsl55b7bb06;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18DB76F8-9AFF-4B46-A12F-BF2517D84733}\MpKsl55b7bb06.sys [2/20/2013 6:29 PM 29904]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [8/25/2009 7:31 PM 25584]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [3/2/2011 7:51 AM 98392]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [7/9/2009 6:08 AM 199152]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [10/16/2011 11:34 AM 12184]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [8/25/2009 7:18 PM 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/31/2009 3:11 PM 39424]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2/18/2013 5:33 PM 398184]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/18/2013 5:33 PM 682344]
S3 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 9:05 PM 457200]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/18/2013 5:32 PM 21104]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL55B7BB06
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2013-02-20 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-07-09 11:09]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-21 02:16]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-21 02:16]
.
2013-02-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>
Trusted Zone: servicecanada.gc.ca\www
TCP: DhcpNameServer = 24.226.1.93 24.226.10.193
FF - ProfilePath - c:\documents and settings\DRyder\Application Data\Mozilla\Firefox\Profiles\agz1quun.default\
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.type -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HP BTW Detect Program - c:\program files\HP\HPBTWD.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-20 19:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD16 rev.13.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys SahdIa32.sys >>UNKNOWN [0x85BCD439]<<
c:\docume~1\DRyder\LOCALS~1\Temp\catchme.sys
c:\windows\system32\drivers\SahdIa32.sys Sonic Solutions
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85bd37d0]; MOV EAX, [0x85bd384c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8654F550]
3 CLASSPNP[0xF75C8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8654FAB8]
5 SahdIa32[0xF75E9939] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86579028]
\Driver\iaStor[0x86575030] -> IRP_MJ_CREATE -> 0x85BCD439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskWDC_WD1600BEVT-60ZCT1___________________13.01A13#4&9cf173c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'lsass.exe'(600)
c:\windows\system32\WININET.dll
.
Completion time: 2013-02-20 19:07:04
ComboFix-quarantined-files.txt 2013-02-21 00:06
.
Pre-Run: 123,343,175,680 bytes free
Post-Run: 129,428,500,480 bytes free
.
- - End Of File - - 5AFA098D3D797AC0CF9088A61583CEE1

#17
Essexboy

Posted 21 February 2013 - 06:55 AM

GeekU Moderator

Retired Staff
69,964 posts

OK after this run could you let me know what problems remain

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application
Then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Get the report by selecting Reports
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

#18
cadonn

Posted 21 February 2013 - 04:19 PM

Member

Topic Starter
Member
33 posts

Thank you. I won't be able to get back to this until tomorrow late afternoon. I will post the results as soon as I can.
Thank you.

Cat

#19
cadonn

Posted 23 February 2013 - 03:05 PM

Member

Topic Starter
Member
33 posts

Hi I am back. See below for the report from TDSS: While it seems I can get on the internet now, it is really slow.

15:48:55.0546 3560 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:48:55.0921 3560 ============================================================
15:48:55.0921 3560 Current date / time: 2013/02/23 15:48:55.0921
15:48:55.0921 3560 SystemInfo:
15:48:55.0921 3560
15:48:55.0921 3560 OS Version: 5.1.2600 ServicePack: 3.0
15:48:55.0921 3560 Product type: Workstation
15:48:55.0921 3560 ComputerName: DONNIE
15:48:55.0921 3560 UserName: DRyder
15:48:55.0921 3560 Windows directory: C:\WINDOWS
15:48:55.0921 3560 System windows directory: C:\WINDOWS
15:48:55.0921 3560 Processor architecture: Intel x86
15:48:55.0921 3560 Number of processors: 2
15:48:55.0921 3560 Page size: 0x1000
15:48:55.0921 3560 Boot type: Normal boot
15:48:55.0921 3560 ============================================================
15:48:58.0406 3560 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:48:58.0781 3560 Drive \Device\Harddisk1\DR2 - Size: 0xF580000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:48:58.0781 3560 ============================================================
15:48:58.0781 3560 \Device\Harddisk0\DR0:
15:48:58.0781 3560 MBR partitions:
15:48:58.0781 3560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A14400
15:48:58.0781 3560 \Device\Harddisk1\DR2:
15:48:58.0781 3560 MBR partitions:
15:48:58.0781 3560 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x7ABE0
15:48:58.0781 3560 ============================================================
15:48:58.0843 3560 C: <-> \Device\Harddisk0\DR0\Partition1
15:48:58.0843 3560 ============================================================
15:48:58.0843 3560 Initialize success
15:48:58.0843 3560 ============================================================
15:50:24.0796 0424 ============================================================
15:50:24.0796 0424 Scan started
15:50:24.0796 0424 Mode: Manual; SigCheck; TDLFS;
15:50:24.0796 0424 ============================================================
15:50:25.0156 0424 ================ Scan system memory ========================
15:50:25.0156 0424 System memory - ok
15:50:25.0156 0424 ================ Scan services =============================
15:50:25.0343 0424 [ A15069EEC83EBC54150564B2585CFDBA ] 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
15:50:25.0984 0424 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
15:50:26.0156 0424 Abiosdsk - ok
15:50:26.0218 0424 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:50:26.0375 0424 abp480n5 - ok
15:50:26.0421 0424 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:50:26.0734 0424 ACPI - ok
15:50:26.0734 0424 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:50:27.0015 0424 ACPIEC - ok
15:50:27.0062 0424 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:50:27.0406 0424 adpu160m - ok
15:50:27.0484 0424 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:50:27.0828 0424 aec - ok
15:50:27.0906 0424 [ 822D53766D57C90C437536232ECE9023 ] AESTAud C:\WINDOWS\system32\drivers\AESTAud.sys
15:50:28.0078 0424 AESTAud - ok
15:50:28.0125 0424 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:50:28.0265 0424 AFD - ok
15:50:28.0296 0424 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
15:50:28.0671 0424 agp440 - ok
15:50:28.0687 0424 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:50:29.0000 0424 agpCPQ - ok
15:50:29.0015 0424 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:50:29.0140 0424 Aha154x - ok
15:50:29.0171 0424 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:50:29.0484 0424 aic78u2 - ok
15:50:29.0531 0424 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:50:29.0875 0424 aic78xx - ok
15:50:29.0906 0424 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:50:30.0234 0424 Alerter - ok
15:50:30.0265 0424 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:50:30.0484 0424 ALG - ok
15:50:30.0546 0424 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
15:50:30.0812 0424 AliIde - ok
15:50:30.0859 0424 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:50:31.0171 0424 alim1541 - ok
15:50:31.0234 0424 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:50:31.0546 0424 amdagp - ok
15:50:31.0593 0424 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
15:50:31.0734 0424 amsint - ok
15:50:31.0750 0424 AppMgmt - ok
15:50:31.0781 0424 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
15:50:32.0062 0424 asc - ok
15:50:32.0109 0424 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:50:32.0265 0424 asc3350p - ok
15:50:32.0296 0424 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:50:32.0562 0424 asc3550 - ok
15:50:32.0750 0424 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:50:32.0890 0424 aspnet_state - ok
15:50:32.0906 0424 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:50:33.0171 0424 AsyncMac - ok
15:50:33.0203 0424 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:50:33.0562 0424 atapi - ok
15:50:33.0578 0424 Atdisk - ok
15:50:33.0609 0424 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:50:33.0937 0424 Atmarpc - ok
15:50:34.0000 0424 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:50:34.0296 0424 AudioSrv - ok
15:50:34.0328 0424 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:50:34.0578 0424 audstub - ok
15:50:34.0703 0424 [ 69DD2805F42F2DE52A5FCBCFA9D8848F ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:50:34.0968 0424 BCM43XX - ok
15:50:34.0984 0424 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:50:35.0312 0424 Beep - ok
15:50:35.0375 0424 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
15:50:35.0812 0424 BITS - ok
15:50:35.0953 0424 [ 06902820703ECB60C192B4581AB13754 ] BOTService C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
15:50:36.0140 0424 BOTService - ok
15:50:36.0187 0424 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
15:50:36.0500 0424 Browser - ok
15:50:36.0625 0424 catchme - ok
15:50:36.0671 0424 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:50:36.0984 0424 cbidf - ok
15:50:36.0984 0424 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:50:37.0265 0424 cbidf2k - ok
15:50:37.0312 0424 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:50:37.0609 0424 CCDECODE - ok
15:50:37.0625 0424 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:50:37.0765 0424 cd20xrnt - ok
15:50:37.0781 0424 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:50:38.0093 0424 Cdaudio - ok
15:50:38.0125 0424 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:50:38.0453 0424 Cdfs - ok
15:50:38.0468 0424 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:50:38.0843 0424 Cdrom - ok
15:50:38.0843 0424 Changer - ok
15:50:38.0890 0424 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:50:39.0218 0424 CiSvc - ok
15:50:39.0296 0424 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:50:39.0625 0424 ClipSrv - ok
15:50:39.0671 0424 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:50:39.0812 0424 clr_optimization_v2.0.50727_32 - ok
15:50:39.0859 0424 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:50:40.0140 0424 CmBatt - ok
15:50:40.0171 0424 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:50:40.0453 0424 CmdIde - ok
15:50:40.0484 0424 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:50:40.0750 0424 Compbatt - ok
15:50:40.0750 0424 COMSysApp - ok
15:50:40.0796 0424 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:50:41.0062 0424 Cpqarray - ok
15:50:41.0093 0424 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:50:41.0421 0424 CryptSvc - ok
15:50:41.0453 0424 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:50:41.0781 0424 dac2w2k - ok
15:50:41.0859 0424 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:50:42.0140 0424 dac960nt - ok
15:50:42.0218 0424 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:50:42.0421 0424 DcomLaunch - ok
15:50:42.0453 0424 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:50:42.0750 0424 Dhcp - ok
15:50:42.0765 0424 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:50:43.0093 0424 Disk - ok
15:50:43.0093 0424 dmadmin - ok
15:50:43.0140 0424 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:50:43.0515 0424 dmboot - ok
15:50:43.0562 0424 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:50:43.0875 0424 dmio - ok
15:50:43.0890 0424 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:50:44.0187 0424 dmload - ok
15:50:44.0218 0424 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:50:44.0531 0424 dmserver - ok
15:50:44.0578 0424 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:50:44.0890 0424 DMusic - ok
15:50:44.0921 0424 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:50:45.0234 0424 Dnscache - ok
15:50:45.0281 0424 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:50:45.0687 0424 Dot3svc - ok
15:50:45.0718 0424 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:50:45.0984 0424 dpti2o - ok
15:50:46.0015 0424 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:50:46.0281 0424 drmkaud - ok
15:50:46.0296 0424 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:50:46.0609 0424 EapHost - ok
15:50:46.0640 0424 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:50:46.0937 0424 ERSvc - ok
15:50:46.0984 0424 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:50:47.0125 0424 Eventlog - ok
15:50:47.0156 0424 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
15:50:47.0312 0424 EventSystem - ok
15:50:47.0359 0424 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:50:47.0640 0424 Fastfat - ok
15:50:47.0703 0424 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:50:47.0812 0424 FastUserSwitchingCompatibility - ok
15:50:47.0828 0424 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
15:50:48.0125 0424 Fdc - ok
15:50:48.0156 0424 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:50:48.0468 0424 Fips - ok
15:50:48.0468 0424 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
15:50:48.0796 0424 Flpydisk - ok
15:50:48.0812 0424 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:50:49.0125 0424 FltMgr - ok
15:50:49.0265 0424 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:50:49.0328 0424 FontCache3.0.0.0 - ok
15:50:49.0343 0424 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:50:49.0625 0424 Fs_Rec - ok
15:50:49.0640 0424 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:50:49.0906 0424 Ftdisk - ok
15:50:50.0046 0424 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
15:50:50.0296 0424 GameConsoleService - ok
15:50:50.0328 0424 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:50:50.0640 0424 Gpc - ok
15:50:50.0734 0424 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:50:50.0937 0424 gupdate - ok
15:50:50.0984 0424 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:50:51.0156 0424 gupdatem - ok
15:50:51.0218 0424 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:50:51.0453 0424 gusvc - ok
15:50:51.0484 0424 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:50:51.0796 0424 HDAudBus - ok
15:50:51.0921 0424 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:50:52.0312 0424 helpsvc - ok
15:50:52.0406 0424 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
15:50:52.0703 0424 HidServ - ok
15:50:52.0750 0424 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:50:53.0078 0424 HidUsb - ok
15:50:53.0125 0424 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:50:53.0500 0424 hkmsvc - ok
15:50:53.0562 0424 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
15:50:53.0906 0424 hpn - ok
15:50:54.0031 0424 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
15:50:54.0359 0424 hpqwmiex - ok
15:50:54.0453 0424 [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:50:54.0640 0424 HPZid412 - ok
15:50:54.0703 0424 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:50:54.0828 0424 HPZipr12 - ok
15:50:54.0875 0424 [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:50:54.0984 0424 HPZius12 - ok
15:50:55.0046 0424 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:50:55.0156 0424 HTTP - ok
15:50:55.0203 0424 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:50:55.0609 0424 HTTPFilter - ok
15:50:55.0640 0424 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
15:50:55.0984 0424 i2omgmt - ok
15:50:56.0046 0424 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:50:56.0406 0424 i2omp - ok
15:50:56.0484 0424 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:50:56.0875 0424 i8042prt - ok
15:50:57.0187 0424 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:50:57.0750 0424 ialm - ok
15:50:57.0828 0424 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
15:50:57.0968 0424 iaStor - ok
15:50:58.0093 0424 [ 6F95324909B502E2651442C1548AB12F ] IDriverT c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:50:58.0265 0424 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:50:58.0265 0424 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:50:58.0390 0424 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:50:58.0953 0424 idsvc - ok
15:50:59.0000 0424 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:50:59.0468 0424 Imapi - ok
15:50:59.0515 0424 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:50:59.0968 0424 ImapiService - ok
15:51:00.0031 0424 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:51:00.0406 0424 ini910u - ok
15:51:00.0468 0424 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:51:00.0890 0424 IntelIde - ok
15:51:00.0937 0424 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:51:01.0312 0424 intelppm - ok
15:51:01.0359 0424 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:51:01.0812 0424 Ip6Fw - ok
15:51:01.0859 0424 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:51:02.0218 0424 IpFilterDriver - ok
15:51:02.0265 0424 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:51:02.0671 0424 IpInIp - ok
15:51:02.0718 0424 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:51:03.0078 0424 IpNat - ok
15:51:03.0109 0424 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:51:03.0546 0424 IPSec - ok
15:51:03.0609 0424 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:51:03.0781 0424 IRENUM - ok
15:51:03.0843 0424 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\ISAPNP.SYS
15:51:04.0328 0424 isapnp - ok
15:51:04.0484 0424 [ 39133291CB607BDD87CFC565A4A1E7A5 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
15:51:04.0875 0424 JavaQuickStarterService - ok
15:51:04.0921 0424 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:51:05.0359 0424 Kbdclass - ok
15:51:05.0421 0424 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:51:05.0828 0424 kbdhid - ok
15:51:05.0921 0424 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:51:06.0281 0424 kmixer - ok
15:51:06.0343 0424 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:51:06.0515 0424 KSecDD - ok
15:51:06.0546 0424 [ 140F9B777FA84E2F5EEEA5CADC112E53 ] L1c C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
15:51:06.0671 0424 L1c - ok
15:51:06.0750 0424 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
15:51:06.0875 0424 LanmanServer - ok
15:51:06.0937 0424 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:51:07.0046 0424 lanmanworkstation - ok
15:51:07.0109 0424 [ 5644ACFA1B281CE2212353552147D1A0 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
15:51:07.0218 0424 LBeepKE - ok
15:51:07.0234 0424 lbrtfdc - ok
15:51:07.0359 0424 [ 9582504591A9F405F7505FEFB4F64123 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:51:07.0718 0424 LBTServ - ok
15:51:07.0765 0424 [ 05D6B85ECC3204931923AB7940B9596E ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:51:07.0921 0424 LHidFilt - ok
15:51:07.0984 0424 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:51:08.0343 0424 LmHosts - ok
15:51:08.0406 0424 [ 053DBCC1082FDF74AB145A71917A6556 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:51:08.0515 0424 LMouFilt - ok
15:51:08.0562 0424 [ 95DAB70D56BBAC7DDB7E6D0017D71369 ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
15:51:08.0656 0424 LUsbFilt - ok
15:51:08.0718 0424 [ DD1414A386EB10AE98D76481D923673F ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
15:51:08.0812 0424 MBAMProtector - ok
15:51:08.0937 0424 [ A7681A33B660C6FE3B54BB81E0AB3F09 ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:51:09.0343 0424 MBAMScheduler - ok
15:51:09.0421 0424 [ F4548FDAB21216E5CBA3BC87E8E0F5B7 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:51:09.0859 0424 MBAMService - ok
15:51:09.0906 0424 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:51:10.0265 0424 Messenger - ok
15:51:10.0421 0424 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:51:10.0734 0424 mnmdd - ok
15:51:10.0812 0424 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:51:11.0250 0424 mnmsrvc - ok
15:51:11.0281 0424 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:51:11.0625 0424 Modem - ok
15:51:11.0718 0424 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:51:12.0125 0424 Mouclass - ok
15:51:12.0187 0424 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:51:12.0562 0424 mouhid - ok
15:51:12.0609 0424 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:51:12.0984 0424 MountMgr - ok
15:51:13.0031 0424 [ C98301AD8173A2235A9AB828955C32BB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:51:13.0156 0424 MpFilter - ok
15:51:13.0281 0424 [ A69630D039C38018689190234F866D77 ] MpKslb4801660 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13B8561E-3019-4401-8A32-5D845FAA085A}\MpKslb4801660.sys
15:51:13.0406 0424 MpKslb4801660 - ok
15:51:13.0453 0424 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:51:13.0781 0424 mraid35x - ok
15:51:13.0796 0424 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:51:14.0140 0424 MRxDAV - ok
15:51:14.0234 0424 [ F3AEFB11ABC521122B67095044169E98 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:51:14.0453 0424 MRxSmb - ok
15:51:14.0500 0424 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:51:14.0859 0424 MSDTC - ok
15:51:14.0906 0424 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:51:15.0625 0424 Msfs - ok
15:51:15.0625 0424 MSIServer - ok
15:51:15.0671 0424 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:51:16.0000 0424 MSKSSRV - ok
15:51:16.0156 0424 [ 578C809BF745608646EA338A9AC48158 ] MsMpSvc c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
15:51:16.0421 0424 MsMpSvc - ok
15:51:16.0468 0424 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:51:16.0906 0424 MSPCLOCK - ok
15:51:16.0937 0424 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:51:17.0312 0424 MSPQM - ok
15:51:17.0375 0424 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:51:17.0718 0424 mssmbios - ok
15:51:17.0781 0424 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
15:51:18.0140 0424 MSTEE - ok
15:51:18.0187 0424 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:51:18.0625 0424 Mup - ok
15:51:18.0671 0424 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:51:19.0093 0424 NABTSFEC - ok
15:51:19.0171 0424 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:51:19.0687 0424 napagent - ok
15:51:19.0781 0424 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:51:20.0187 0424 NDIS - ok
15:51:20.0218 0424 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:51:20.0593 0424 NdisIP - ok
15:51:20.0625 0424 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:51:21.0046 0424 NdisTapi - ok
15:51:21.0109 0424 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:51:21.0484 0424 Ndisuio - ok
15:51:21.0500 0424 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:51:21.0968 0424 NdisWan - ok
15:51:22.0062 0424 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:51:22.0187 0424 NDProxy - ok
15:51:22.0234 0424 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:51:22.0593 0424 NetBIOS - ok
15:51:22.0640 0424 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:51:23.0140 0424 NetBT - ok
15:51:23.0203 0424 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:51:23.0750 0424 NetDDE - ok
15:51:23.0765 0424 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:51:24.0218 0424 NetDDEdsdm - ok
15:51:24.0296 0424 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:51:24.0562 0424 Netlogon - ok
15:51:24.0609 0424 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:51:24.0937 0424 Netman - ok
15:51:24.0984 0424 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:51:25.0062 0424 NetTcpPortSharing - ok
15:51:25.0125 0424 [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla C:\WINDOWS\System32\mswsock.dll
15:51:25.0281 0424 Nla - ok
15:51:25.0343 0424 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:51:25.0625 0424 Npfs - ok
15:51:25.0671 0424 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:51:26.0015 0424 Ntfs - ok
15:51:26.0062 0424 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:51:26.0312 0424 NtLmSsp - ok
15:51:26.0359 0424 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:51:26.0703 0424 NtmsSvc - ok
15:51:26.0734 0424 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:51:26.0968 0424 Null - ok
15:51:27.0015 0424 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:51:27.0281 0424 NwlnkFlt - ok
15:51:27.0328 0424 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:51:27.0609 0424 NwlnkFwd - ok
15:51:27.0765 0424 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:51:28.0031 0424 odserv - ok
15:51:28.0078 0424 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:51:28.0312 0424 ose - ok
15:51:28.0343 0424 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
15:51:28.0671 0424 Parport - ok
15:51:28.0718 0424 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:51:28.0968 0424 PartMgr - ok
15:51:29.0000 0424 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:51:29.0281 0424 ParVdm - ok
15:51:29.0296 0424 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:51:29.0609 0424 PCI - ok
15:51:29.0625 0424 PCIDump - ok
15:51:29.0625 0424 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:51:29.0875 0424 PCIIde - ok
15:51:29.0921 0424 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:51:30.0203 0424 Pcmcia - ok
15:51:30.0203 0424 PDCOMP - ok
15:51:30.0218 0424 PDFRAME - ok
15:51:30.0250 0424 PDRELI - ok
15:51:30.0250 0424 PDRFRAME - ok
15:51:30.0296 0424 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
15:51:30.0562 0424 perc2 - ok
15:51:30.0562 0424 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:51:30.0843 0424 perc2hib - ok
15:51:30.0890 0424 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:51:31.0000 0424 PlugPlay - ok
15:51:31.0078 0424 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
15:51:31.0765 0424 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:51:31.0765 0424 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:51:31.0781 0424 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:51:32.0015 0424 PolicyAgent - ok
15:51:32.0062 0424 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:51:32.0359 0424 PptpMiniport - ok
15:51:32.0375 0424 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:51:32.0625 0424 ProtectedStorage - ok
15:51:32.0640 0424 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:51:33.0000 0424 PSched - ok
15:51:33.0015 0424 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:51:33.0296 0424 Ptilink - ok
15:51:33.0343 0424 [ 5491E4E7D93804F43ABE8CE3C39F5A86 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:51:33.0437 0424 PxHelp20 - ok
15:51:33.0453 0424 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:51:33.0765 0424 ql1080 - ok
15:51:33.0812 0424 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:51:34.0187 0424 Ql10wnt - ok
15:51:34.0234 0424 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:51:34.0609 0424 ql12160 - ok
15:51:34.0625 0424 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:51:34.0937 0424 ql1240 - ok
15:51:35.0000 0424 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:51:35.0359 0424 ql1280 - ok
15:51:35.0406 0424 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:51:35.0734 0424 RasAcd - ok
15:51:35.0765 0424 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:51:36.0265 0424 RasAuto - ok
15:51:36.0328 0424 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:51:36.0765 0424 Rasl2tp - ok
15:51:36.0796 0424 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:51:37.0265 0424 RasMan - ok
15:51:37.0296 0424 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:51:37.0703 0424 RasPppoe - ok
15:51:37.0718 0424 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:51:38.0078 0424 Raspti - ok
15:51:38.0140 0424 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:51:38.0500 0424 Rdbss - ok
15:51:38.0531 0424 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:51:38.0859 0424 RDPCDD - ok
15:51:38.0921 0424 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:51:39.0265 0424 rdpdr - ok
15:51:39.0296 0424 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:51:39.0781 0424 RDPWD - ok
15:51:39.0859 0424 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:51:40.0312 0424 RDSessMgr - ok
15:51:40.0375 0424 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:51:40.0765 0424 redbook - ok
15:51:40.0875 0424 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:51:41.0296 0424 RemoteAccess - ok
15:51:41.0343 0424 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
15:51:41.0750 0424 RpcLocator - ok
15:51:41.0812 0424 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:51:42.0015 0424 RpcSs - ok
15:51:42.0031 0424 RSUSBSTOR - ok
15:51:42.0078 0424 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:51:42.0484 0424 RSVP - ok
15:51:42.0531 0424 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:51:42.0921 0424 rtl8139 - ok
15:51:42.0937 0424 Rts516xIR - ok
15:51:43.0078 0424 [ 0B2D5D2341437D7D7E1A6C7BBCE3786A ] SahdIa32 C:\WINDOWS\system32\Drivers\SahdIa32.sys
15:51:43.0218 0424 SahdIa32 - ok
15:51:43.0265 0424 [ 7A5F65B16249AF2BC9D18D815F5D7172 ] SaibIa32 C:\WINDOWS\system32\Drivers\SaibIa32.sys
15:51:43.0359 0424 SaibIa32 - ok
15:51:43.0437 0424 [ E333C9515822DE586A3FF759A0C9B7BF ] SaibVd32 C:\WINDOWS\system32\Drivers\SaibVd32.sys
15:51:43.0531 0424 SaibVd32 - ok
15:51:43.0578 0424 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:51:43.0921 0424 SamSs - ok
15:51:44.0015 0424 [ C1AE5D1F53285D79A0B73A62AF20734F ] SBRE C:\WINDOWS\system32\drivers\SBREdrv.sys
15:51:44.0078 0424 SBRE - ok
15:51:44.0140 0424 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:51:44.0578 0424 SCardSvr - ok
15:51:44.0640 0424 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:51:45.0109 0424 Schedule - ok
15:51:45.0140 0424 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:51:45.0390 0424 Secdrv - ok
15:51:45.0500 0424 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:51:45.0843 0424 seclogon - ok
15:51:45.0859 0424 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:51:46.0234 0424 SENS - ok
15:51:46.0296 0424 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
15:51:46.0812 0424 Serial - ok
15:51:46.0890 0424 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:51:47.0234 0424 Sfloppy - ok
15:51:47.0312 0424 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:51:47.0843 0424 SharedAccess - ok
15:51:47.0890 0424 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:51:48.0046 0424 ShellHWDetection - ok
15:51:48.0062 0424 Simbad - ok
15:51:48.0093 0424 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:51:48.0500 0424 sisagp - ok
15:51:48.0531 0424 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:51:48.0843 0424 SLIP - ok
15:51:48.0953 0424 [ 473F35E2A378B854731E67C377A3BEA7 ] SNP2UVC C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
15:51:49.0312 0424 SNP2UVC - ok
15:51:49.0359 0424 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:51:49.0593 0424 Sparrow - ok
15:51:49.0671 0424 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:51:50.0000 0424 splitter - ok
15:51:50.0109 0424 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:51:52.0078 0424 Spooler - ok
15:51:52.0140 0424 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:51:52.0437 0424 sr - ok
15:51:52.0500 0424 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:51:52.0750 0424 srservice - ok
15:51:52.0812 0424 [ 0F6AEFAD3641A657E18081F52D0C15AF ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:51:52.0953 0424 Srv - ok
15:51:53.0000 0424 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:51:53.0281 0424 SSDPSRV - ok
15:51:53.0656 0424 [ F10F876ACBCA088F666AE6DF920B2B24 ] STacSV c:\program files\idt\wdm\STacSV.exe
15:51:53.0890 0424 STacSV - ok
15:51:54.0031 0424 [ 4F500B19D3E5E7D0FFB4488E404A95B4 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
15:51:54.0312 0424 STHDA - ok
15:51:54.0359 0424 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:51:54.0718 0424 stisvc - ok
15:51:54.0734 0424 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:51:55.0031 0424 streamip - ok
15:51:55.0078 0424 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:51:55.0328 0424 swenum - ok
15:51:55.0375 0424 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:51:55.0656 0424 swmidi - ok
15:51:55.0671 0424 SwPrv - ok
15:51:55.0734 0424 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
15:51:56.0031 0424 symc810 - ok
15:51:56.0046 0424 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:51:56.0312 0424 symc8xx - ok
15:51:56.0328 0424 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:51:56.0609 0424 sym_hi - ok
15:51:56.0609 0424 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:51:56.0875 0424 sym_u3 - ok
15:51:56.0890 0424 [ 8DA49473F997D4C5D821F1E358F94F2D ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:51:56.0968 0424 SynTP - ok
15:51:57.0015 0424 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:51:57.0328 0424 sysaudio - ok
15:51:57.0390 0424 [ 9C1C6212623484331CCE11EBBBFA3139 ] SysCow C:\WINDOWS\system32\drivers\syscow32x.sys
15:51:57.0546 0424 SysCow - ok
15:51:57.0593 0424 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:51:57.0906 0424 SysmonLog - ok
15:51:57.0984 0424 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:51:58.0250 0424 TapiSrv - ok
15:51:58.0328 0424 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:51:58.0453 0424 Tcpip - ok
15:51:58.0500 0424 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:51:58.0765 0424 TDPIPE - ok
15:51:58.0781 0424 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:51:59.0078 0424 TDTCP - ok
15:51:59.0125 0424 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:51:59.0406 0424 TermDD - ok
15:51:59.0468 0424 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:51:59.0765 0424 TermService - ok
15:51:59.0796 0424 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:51:59.0890 0424 Themes - ok
15:51:59.0906 0424 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
15:52:00.0140 0424 TosIde - ok
15:52:00.0171 0424 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:52:00.0437 0424 TrkWks - ok
15:52:00.0468 0424 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:52:00.0765 0424 Udfs - ok
15:52:00.0781 0424 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
15:52:00.0921 0424 ultra - ok
15:52:00.0953 0424 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:52:01.0218 0424 Update - ok
15:52:01.0250 0424 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:52:01.0484 0424 upnphost - ok
15:52:01.0500 0424 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:52:01.0890 0424 UPS - ok
15:52:01.0984 0424 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:52:02.0250 0424 usbccgp - ok
15:52:02.0265 0424 USBCCID - ok
15:52:02.0312 0424 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:52:02.0593 0424 usbehci - ok
15:52:02.0625 0424 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:52:02.0921 0424 usbhub - ok
15:52:02.0968 0424 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:52:03.0250 0424 usbprint - ok
15:52:03.0296 0424 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:52:03.0562 0424 usbscan - ok
15:52:03.0609 0424 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:52:03.0890 0424 USBSTOR - ok
15:52:03.0937 0424 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:52:04.0250 0424 usbuhci - ok
15:52:04.0281 0424 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
15:52:04.0531 0424 usbvideo - ok
15:52:04.0578 0424 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:52:04.0828 0424 VgaSave - ok
15:52:04.0859 0424 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:52:05.0250 0424 viaagp - ok
15:52:05.0281 0424 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
15:52:05.0515 0424 ViaIde - ok
15:52:05.0515 0424 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:52:05.0812 0424 VolSnap - ok
15:52:05.0875 0424 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:52:06.0140 0424 VSS - ok
15:52:06.0171 0424 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
15:52:06.0484 0424 W32Time - ok
15:52:06.0546 0424 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:52:06.0828 0424 Wanarp - ok
15:52:06.0906 0424 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
15:52:07.0031 0424 Wdf01000 - ok
15:52:07.0046 0424 WDICA - ok
15:52:07.0078 0424 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:52:07.0406 0424 wdmaud - ok
15:52:07.0468 0424 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:52:07.0718 0424 WebClient - ok
15:52:07.0828 0424 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:52:08.0187 0424 winmgmt - ok
15:52:08.0234 0424 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:52:08.0343 0424 WmdmPmSN - ok
15:52:08.0375 0424 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:52:08.0609 0424 WmiAcpi - ok
15:52:08.0687 0424 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:52:09.0046 0424 WmiApSrv - ok
15:52:09.0140 0424 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:52:09.0906 0424 WMPNetworkSvc - ok
15:52:09.0937 0424 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:52:10.0203 0424 WS2IFSL - ok
15:52:10.0281 0424 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:52:10.0593 0424 wscsvc - ok
15:52:10.0625 0424 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:52:10.0890 0424 WSTCODEC - ok
15:52:10.0906 0424 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:52:11.0171 0424 wuauserv - ok
15:52:11.0218 0424 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:52:11.0375 0424 WudfPf - ok
15:52:11.0406 0424 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:52:11.0562 0424 WudfRd - ok
15:52:11.0609 0424 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:52:11.0703 0424 WudfSvc - ok
15:52:11.0734 0424 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:52:12.0109 0424 WZCSVC - ok
15:52:12.0140 0424 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:52:12.0468 0424 xmlprov - ok
15:52:12.0484 0424 ================ Scan global ===============================
15:52:12.0593 0424 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:52:12.0625 0424 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
15:52:12.0656 0424 [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
15:52:12.0687 0424 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:52:12.0687 0424 [Global] - ok
15:52:12.0703 0424 ================ Scan MBR ==================================
15:52:12.0703 0424 [ 2839639FA37B8353E792A2A30A12CED3 ] \Device\Harddisk0\DR0
15:52:12.0703 0424 Suspicious mbr (Forged): \Device\Harddisk0\DR0
15:52:12.0718 0424 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
15:52:12.0718 0424 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
15:52:12.0734 0424 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:52:12.0734 0424 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:52:12.0750 0424 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR2
15:52:14.0390 0424 \Device\Harddisk1\DR2 - ok
15:52:14.0390 0424 ================ Scan VBR ==================================
15:52:14.0453 0424 [ 32BA98D2DD919F2D3D23222500D119B8 ] \Device\Harddisk0\DR0\Partition1
15:52:14.0468 0424 \Device\Harddisk0\DR0\Partition1 - ok
15:52:14.0468 0424 [ 311635F39A85B2B614E2111903509F31 ] \Device\Harddisk1\DR2\Partition1
15:52:14.0468 0424 \Device\Harddisk1\DR2\Partition1 - ok
15:52:14.0484 0424 ============================================================
15:52:14.0484 0424 Scan finished
15:52:14.0484 0424 ============================================================
15:52:14.0609 1564 Detected object count: 4
15:52:14.0609 1564 Actual detected object count: 4
15:54:00.0968 1564 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:00.0968 1564 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:00.0984 1564 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:00.0984 1564 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:02.0953 1564 \Device\Harddisk0\DR0\# - copied to quarantine
15:54:03.0171 1564 \Device\Harddisk0\DR0 - copied to quarantine
15:54:03.0359 1564 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
15:54:03.0375 1564 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
15:54:03.0546 1564 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
15:54:03.0593 1564 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:54:03.0812 1564 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:54:03.0890 1564 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:54:04.0015 1564 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:54:04.0171 1564 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:54:04.0500 1564 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:54:05.0921 1564 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:54:11.0218 1564 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
15:54:11.0343 1564 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
15:54:11.0375 1564 \Device\Harddisk0\DR0 - ok
15:54:11.0453 1564 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
15:54:11.0453 1564 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:54:11.0453 1564 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Cat

#20
Essexboy

Posted 23 February 2013 - 04:24 PM

GeekU Moderator

Retired Staff
69,964 posts

OK could you now re-run TDSSKiller with the same parameters as before
When this element appears select delete:

\Device\Harddisk0\DR0 ( TDSS File System )

Then could you run a fresh OTL scan please, there will be just one log this time

#21
cadonn

Posted 23 February 2013 - 04:50 PM

Member

Topic Starter
Member
33 posts

Am I running Run Scan or Quick Scan on OTL

Cat

#22
cadonn

Posted 23 February 2013 - 05:14 PM

Member

Topic Starter
Member
33 posts

Okay here is the OTL Log File - I selected Quick Scan:

OTL logfile created on: 2/23/2013 6:00:15 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\DRyder\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 472.30 Mb Available Physical Memory | 46.52% Memory free
2.38 Gb Paging File | 1.96 Gb Available in Paging File | 82.06% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 120.19 Gb Free Space | 80.64% Space Free | Partition Type: NTFS
Drive D: | 245.23 Mb Total Space | 150.72 Mb Free Space | 61.46% Space Free | Partition Type: FAT

Computer Name: DONNIE | User Name: DRyder | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/18 10:25:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DRyder\Desktop\OTL.exe
PRC - [2012/12/14 16:49:34 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:34 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:34 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/06/23 18:44:22 | 001,386,776 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/06/17 02:35:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/12/03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/10/21 17:36:34 | 000,040,960 | ---- | M] (NONE) -- C:\Program Files\MultiMedia Keyboard\KBLED.exe
PRC - [2009/07/06 16:06:46 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009/06/29 15:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\stacsv.exe
PRC - [2008/04/15 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2011/06/23 18:44:34 | 000,877,848 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2010/11/30 10:47:08 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
MOD - [2010/11/30 09:06:45 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
MOD - [2010/11/30 09:05:49 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
MOD - [2010/11/30 08:51:17 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
MOD - [2010/11/30 08:49:11 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
MOD - [2008/04/15 07:00:00 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/12/14 16:49:34 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:34 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/06/17 02:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/06/29 15:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2009/06/02 21:05:58 | 000,457,200 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DRyder\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/02/23 16:00:23 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13B8561E-3019-4401-8A32-5D845FAA085A}\MpKslaf056251.sys -- (MpKslaf056251)
DRV - [2012/12/14 16:49:34 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/30 07:00:20 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/04/30 07:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 07:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 06:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/12/26 16:32:01 | 001,746,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/07/02 01:10:54 | 000,103,792 | ---- | M] (Sonic Solutions) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\syscow32x.sys -- (SysCow)
DRV - [2009/06/29 15:44:38 | 001,642,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/06/02 03:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2009/06/02 03:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2009/06/02 03:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2009/04/21 12:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/31 15:11:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/03/13 16:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008/04/14 09:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{134F8DC0-1B88-4705-9A4E-943B1C48A9FC}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{1C4D1ED7-689C-4E50-B0B4-F67D670A8A93}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpl
IE - HKLM\..\SearchScopes\{4B6D3303-7DF2-44EF-8C55-6F1B1C7D0BA9}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\SearchScopes,DefaultScope = {134F8DC0-1B88-4705-9A4E-943B1C48A9FC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{134F8DC0-1B88-4705-9A4E-943B1C48A9FC}: "URL" = http://www.google.co...1I7ADFA_enCA472
IE - HKCU\..\SearchScopes\{1C4D1ED7-689C-4E50-B0B4-F67D670A8A93}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpl
IE - HKCU\..\SearchScopes\{4B6D3303-7DF2-44EF-8C55-6F1B1C7D0BA9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://search.live.c...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/24 06:32:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/18 14:59:53 | 000,000,000 | ---D | M]

[2010/07/13 07:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DRyder\Application Data\Mozilla\Extensions
[2010/07/13 18:02:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DRyder\Application Data\Mozilla\Firefox\Profiles\agz1quun.default\extensions
[2010/07/13 18:02:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\DRyder\Application Data\Mozilla\Firefox\Profiles\agz1quun.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/18 14:59:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/26 16:14:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2013/02/20 19:00:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Multimedia Keyboard] C:\Program Files\MultiMedia Keyboard\KBLED.exe (NONE)
O4 - Startup: C:\Documents and Settings\DRyder\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: servicecanada.gc.ca ([www] http in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F62DC4FB-A462-4A7E-8F62-F59EACF10F7A}: DhcpNameServer = 24.226.1.93 24.226.10.193
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Firestorm High.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Firestorm High.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/23 16:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/02/23 15:54:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/02/23 15:48:47 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\DRyder\Desktop\tdsskiller.exe
[2013/02/20 18:33:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/02/20 18:33:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/02/20 18:33:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/02/20 18:33:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/02/20 18:29:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/20 18:29:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\DRyder\My Documents\My Videos
[2013/02/20 18:29:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2013/02/20 18:29:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\DRyder\Start Menu\Programs\Administrative Tools
[2013/02/20 18:28:14 | 005,034,373 | R--- | C] (Swearware) -- C:\Documents and Settings\DRyder\Desktop\ComboFix.exe
[2013/02/20 16:37:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/18 18:15:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DRyder\Desktop\OTL.exe
[2013/02/18 17:32:54 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/02/17 19:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/17 19:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/13 16:40:44 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\mbam-setup-1.46.exe
[2010/07/13 16:27:25 | 001,870,800 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\HousecallLauncher.exe
[2010/07/13 16:26:23 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\All Users\spybotsd162.exe
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/23 18:03:16 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
[2013/02/23 17:46:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/23 17:43:40 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/23 16:02:57 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/02/23 15:57:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/23 15:45:48 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\DRyder\Desktop\tdsskiller.exe
[2013/02/23 15:31:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/20 19:00:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/02/20 18:23:00 | 005,034,373 | R--- | M] (Swearware) -- C:\Documents and Settings\DRyder\Desktop\ComboFix.exe
[2013/02/18 17:33:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/18 17:21:08 | 000,207,551 | ---- | M] () -- C:\Documents and Settings\DRyder\Local Settings\Application Data\census.cache
[2013/02/18 17:20:55 | 000,192,274 | ---- | M] () -- C:\Documents and Settings\DRyder\Local Settings\Application Data\ars.cache
[2013/02/18 17:09:18 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\DRyder\Local Settings\Application Data\housecall.guid.cache
[2013/02/18 10:25:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DRyder\Desktop\OTL.exe
[2013/02/14 18:33:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/20 18:33:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/02/20 18:33:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/02/20 18:33:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/02/20 18:33:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/02/20 18:33:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/02/18 17:33:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/18 17:21:08 | 000,207,551 | ---- | C] () -- C:\Documents and Settings\DRyder\Local Settings\Application Data\census.cache
[2013/02/18 17:20:55 | 000,192,274 | ---- | C] () -- C:\Documents and Settings\DRyder\Local Settings\Application Data\ars.cache
[2013/02/18 17:09:18 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\DRyder\Local Settings\Application Data\housecall.guid.cache
[2012/10/20 12:31:20 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\DRyder\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/11 17:31:33 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/02/11 17:31:32 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/02/11 17:31:32 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/02/11 17:31:32 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/02/11 17:31:32 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/02/11 17:31:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/02/11 17:31:31 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/02/11 17:31:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/02/11 17:31:31 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/02/11 17:31:31 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/02/11 17:31:31 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/02/11 17:31:31 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/02/11 17:31:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/02/11 17:31:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/02/11 17:31:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/02/11 17:31:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/02/11 17:28:19 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPWF320.ini
[2010/04/25 13:26:38 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\DRyder\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2009/08/25 18:42:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/15 07:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/15 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/02/11 17:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/03/02 18:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\oFpHdOc06504
[2009/12/26 16:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/12/26 16:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2012/02/22 17:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRyder\Application Data\Epson
[2011/10/16 11:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRyder\Application Data\Leadertech
[2009/12/26 17:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRyder\Application Data\Skinux

========== Purity Check ==========

< End of report >

Cat

#23
Essexboy

Posted 24 February 2013 - 04:55 AM

GeekU Moderator

Retired Staff
69,964 posts

That looks to have killed the lot, how is the system running now ?

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

#24
cadonn

Posted 25 February 2013 - 04:17 PM

Member

Topic Starter
Member
33 posts

Hi sorry I won't be able to get back to this until tomorrow evening Feb 26th. Thank you for all your help.

Cat

#25
cadonn

Posted 27 February 2013 - 03:24 PM

Member

Topic Starter
Member
33 posts

Here is the mbam log from second computer. I can get on the internet now although it is very, very slow:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.27.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
DRyder :: DONNIE [administrator]

2/27/2013 4:09:58 PM
mbam-log-2013-02-27 (16-09-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221535
Time elapsed: 8 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Cat

#26
Essexboy

Posted 27 February 2013 - 03:30 PM

GeekU Moderator

Retired Staff
69,964 posts

After this let me know if the internet speed improves

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files
ipconfig /flushdns /c

:Commands
[resethosts]
[emptytemp]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
In the Run box, type in ComboFix /Uninstall
(Notice the space between the "x" and "/")
then click OK
Follow the prompts on the screen
A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit