Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware infestation [Closed]


  • This topic is locked This topic is locked

#1
Sarvesh Govenkar

Sarvesh Govenkar

    Member

  • Member
  • PipPip
  • 18 posts
hey
i have an old pc that i use for browsing and storage, its an old machine i run xp on it it has 700 mb of ram and 80 gb hard disk divided in two  equal parts
i have two windows folder coz i didn't install xp properly but the machine was running smoothly and i din't have patience to go through the whole ordeal again
 
the trouble began when my sister plugged in a infested usb from her college since then i have been facing lots of problem, shockwave flash started to crash,chrome takes long time to boot and load,machine overall is running slow.....but the main problem is the missing space on my disk i have uninstalled all the programmes from my c drive including Microsoft office but it still is eating chunks from hard drive without any reason. 
please help me i know it no due to my incompetence in installing xp because i did that in sept last year and trouble started couple of weeks ago when my sister plugged in the pendrive i don't want to install xp again or format my drive coz i have valuable data on this machine
 
please help thankyou 

  • 0

Advertisements


#2
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hello Sarvesh Govenkar,
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.   xsmile.png.pagespeed.ic.CwSpBGGvqN.png
 
======================================================

Important: I have laid out some "ground rules" I would appreciate you follow. Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Ensure you are subscribed to this topic to receive instant email notifications of my responses.
    • Scroll to the top of this page and ensure you see the following: 6hgDYJ6.png.pagespeed.ce.OQFpZhD8dz.png
    • If you are not set to follow this topic, click the Follow this topic button and follow the prompts.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 5 days. Please inform me if you require additional time to complete my instructions.

======================================================
 
Please be advised that I am currently in training at WhattheTech.com. My responses will need to be approved by a instructor at WhattheTech.com before I post in order to ensure you are receiving accurate instructions. I will return as soon as possible.


  • 0

#3
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hello Sarvesh Govenkar, 
 

the trouble began when my sister plugged in a infested usb from her college

Why do you believe your sister's USB drive was infected? 
 

but the main problem is the missing space on my disk i have uninstalled all the programmes from my c drive including Microsoft office but it still is eating chunks from hard drive without any reason.

We can investigate the disappearing Hard Drive space. I must first ensure you are aware of the following:
 

goGMWSt.gif Unsupported Operating System Warning

------------------------------

On April 8th 2014, Microsoft officially declared Windows XP as unsupported, and consequently ceased the production and release of Windows XP Updates and Security Patches. Please read the following articles:

Without Windows Updates, your computer will be continuously susceptible to malware infection. In the past, vulnerabilities found in the Windows XP software were patched shortly after by Microsoft issuing an Update. Now that XP is no long supported with Updates, once a vulnerability is discovered, it will not be patched, allowing malware authors to freely distribute their exploit in the knowledge the vulnerability will not be patched.

 

 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) and save the file to your desktop.
  • Double-click FRST.exe
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
iAdP9bf.png Malwarebytes Anti-Rootkit (MBAR)

  • Please download Malwarebytes Anti-Rootkit and save the file to your desktop.
  • Double-click MBAR.exe to run the installer.
  • Select a convenient location to extract the contents and click OK. Navigate to the location you selected.
  • Double-click MBAR.exe to run the programme.
  • Follow the prompts to update the programme and scan your computer. 
  • Upon completion, click Cleanup and reboot your computer. If no threats are found, close the programme and skip the next bullet point. 
  • After the reboot, rerun the programme to verify no threats remain. If threats are still detected, click the Cleanup button once more. 
  • Upon completion, two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply.
  • Note: Both logs can be found in the MBAR folder
     

STEP 3
58k7hrY.png WinDirStat

  • Please download WinDirStat and save it to your desktop.
  • Double-click the WinDirStat icon to run the programme.
  • Follow the prompts.
  • Select the drive you wish to verify (C:\) and let the programme run until it has finished enumerating all files/folders. 
  • On the left hand side, expand any folders that appear to be consuming a large amount of space. 
  • Do the same for folders within the folder(s) you have already expanded. 
  • Take a screenshot and post the image in your next reply.
    • For instructions on how to take a screenshot, please refer to this article and upload the image to Imgur.com.
       

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • mbar-log.txt 
  • system-log.txt
  • WinDirStat screenshot

  • 0

#4
Sarvesh Govenkar

Sarvesh Govenkar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Frst.txt
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-07-2014 01
Ran by sirgovernor (administrator) on COMPUTER_1 on 24-07-2014 13:51:58
Running from C:\Documents and Settings\sirgovernor\My Documents\Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\WINDOWS.0\system32\smss.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\winlogon.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\services.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\lsass.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\spoolsv.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\ctfmon.exe
(eLitecore Technologies Ltd.) C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
(Ginger Software) C:\Program Files\Ginger\GingerClient.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS.0\explorer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Winlogon: [Userinit] C:\WINDOWS.0\system32\userinit.exe,
Winlogon\Notify\crypt32chain: C:\WINDOWS.0\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS.0\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS.0\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS.0\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS.0\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS.0\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS.0\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS.0\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS.0\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS.0\system32\wlnotify.dll (Microsoft Corporation)
HKU\S-1-5-21-854245398-651377827-1417001333-1003\...\Run: [Adobe Reader Speed Launcher] => C:\Documents and Settings\sirgovernor\Application Data\service350.exe [173824 2012-06-27] ()
HKU\S-1-5-21-854245398-651377827-1417001333-1003\...\Run: [ctfmon.exe] => C:\WINDOWS.0\system32\ctfmon.exe [15360 2013-09-19] (Microsoft Corporation)
HKU\S-1-5-21-854245398-651377827-1417001333-1003\...\Run: [DownloadAccelerator] => C:\FRST\Quarantine\C\Program Files\DAP\DAP\DAP.exe [3865232 2014-03-30] (Speedbit Ltd.)
HKU\S-1-5-21-854245398-651377827-1417001333-1003\...\MountPoints2: {5661ab46-2600-11e3-b29b-0019db4826db} - E:\AdobeReader\DSCI5271.jpg
HKU\S-1-5-21-854245398-651377827-1417001333-1003\...\MountPoints2: {5af27ac5-b33a-11e3-b498-0019db4826db} - E:\AdobeReader\DSCI5271.jpg
HKU\S-1-5-21-854245398-651377827-1417001333-1003\...\MountPoints2: {5af27ac6-b33a-11e3-b498-0019db4826db} - E:\AdobeReader\DSCI5271.jpg
HKU\S-1-5-21-854245398-651377827-1417001333-1003\...\MountPoints2: {c69fd042-2261-11e3-8800-806d6172696f} - E:\setup.exe
Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\24Online Client.lnk
ShortcutTarget: 24Online Client.lnk -> C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe (eLitecore Technologies Ltd.)
Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Ginger.lnk
ShortcutTarget: Ginger.lnk -> C:\WINDOWS.0\Installer\{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}\GingerClientStartu_3C297780F1D34554B9F292E4DAC788DA.exe (Flexera Software LLC)
Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\24Online Client.lnk
ShortcutTarget: 24Online Client.lnk -> C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe (eLitecore Technologies Ltd.)
Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Ginger.lnk
ShortcutTarget: Ginger.lnk -> C:\WINDOWS.0\Installer\{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}\GingerClientStartu_3C297780F1D34554B9F292E4DAC788DA.exe (Flexera Software LLC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS.0\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS.0\system32\SHELL32.dll (Microsoft Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS.0\system32\mshtml.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS.0\system32\wiascr.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS.0\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS.0\system32\shell32.dll [8461312 2013-09-19] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{EA8D39BD-BEAE-413C-92DB-02D30F03F612}: [NameServer]202.88.130.15,202.88.130.67
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\sirgovernor\Application Data\Mozilla\Firefox\Profiles\b24issf2.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: gingersoftware.com/gingerPlugin - C:\Program Files\Ginger\GingerServices\GingerServicesProxy.dll (Ginger Software)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: EPUBReader - C:\Documents and Settings\sirgovernor\Application Data\Mozilla\Firefox\Profiles\b24issf2.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-01-19]
FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://mixidj.delta-search.com/?babsrc=HP_ss&mntrId=2C4B0019DB4826DB&affID=121136&tsp=5013", "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Documents and Settings\sirgovernor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-21]
CHR Extension: (Google Drive) - C:\Documents and Settings\sirgovernor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-21]
CHR Extension: (YouTube) - C:\Documents and Settings\sirgovernor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-21]
CHR Extension: (Kingdom Rush) - C:\Documents and Settings\sirgovernor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim [2014-01-21]
CHR Extension: (Google Search) - C:\Documents and Settings\sirgovernor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-21]
CHR Extension: (Disable Image Auto-Resize) - C:\Documents and Settings\sirgovernor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\moddnadogdmplfabcifkcmdhlkkijkak [2014-01-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\sirgovernor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-21]
CHR Extension: (Marc Ecko) - C:\Documents and Settings\sirgovernor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2014-01-24]
CHR Extension: (Gmail) - C:\Documents and Settings\sirgovernor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-21]
CHR HKLM\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files\DAP\DAPChrome\DAPChrome6.crx [2013-09-21]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe [262320 2014-07-08] (Adobe Systems Incorporated)
S4 Alerter; C:\WINDOWS.0\system32\alrsvc.dll [17408 2013-09-19] (Microsoft Corporation)
R3 ALG; C:\WINDOWS.0\System32\alg.exe [44544 2013-09-19] (Microsoft Corporation)
S2 AntiVirScheduler; D:\software\New Folder\Avira\AntiVir PersonalEdition Classic\sched.exe [68865 2008-06-12] (Avira GmbH) [File not signed]
S2 AntiVirService; D:\software\New Folder\Avira\AntiVir PersonalEdition Classic\avguard.exe [149761 2008-08-07] (Avira GmbH) [File not signed]
S3 AppMgmt; C:\WINDOWS.0\System32\appmgmts.dll [167936 2013-09-19] (Microsoft Corporation)
R2 AudioSrv; C:\WINDOWS.0\System32\audiosrv.dll [42496 2013-09-19] (Microsoft Corporation)
R2 BITS; C:\WINDOWS.0\system32\qmgr.dll [409088 2013-09-19] (Microsoft Corporation)
R2 Browser; C:\WINDOWS.0\System32\browser.dll [77824 2013-09-19] (Microsoft Corporation)
S3 CiSvc; C:\WINDOWS.0\system32\cisvc.exe [5632 2013-09-19] (Microsoft Corporation)
S4 ClipSrv; C:\WINDOWS.0\system32\clipsrv.exe [33280 2013-09-19] (Microsoft Corporation)
S3 COMSysApp; C:\WINDOWS.0\system32\dllhost.exe [5120 2013-09-19] (Microsoft Corporation)
R2 CryptSvc; C:\WINDOWS.0\System32\cryptsvc.dll [62464 2013-09-19] (Microsoft Corporation)
R2 DcomLaunch; C:\WINDOWS.0\system32\rpcss.dll [399360 2013-09-19] (Microsoft Corporation)
R2 Dhcp; C:\WINDOWS.0\System32\dhcpcsvc.dll [126976 2013-09-19] (Microsoft Corporation)
S3 dmadmin; C:\WINDOWS.0\System32\dmadmin.exe [224768 2013-09-19] (Microsoft Corp., Veritas Software)
R2 dmserver; C:\WINDOWS.0\System32\dmserver.dll [23552 2013-09-19] (Microsoft Corp.)
R2 Dnscache; C:\WINDOWS.0\System32\dnsrslvr.dll [45568 2013-09-19] (Microsoft Corporation)
S3 Dot3svc; C:\WINDOWS.0\System32\dot3svc.dll [132096 2013-09-19] (Microsoft Corporation)
S3 EapHost; C:\WINDOWS.0\System32\eapsvc.dll [33792 2013-09-19] (Microsoft Corporation)
R2 ERSvc; C:\WINDOWS.0\System32\ersvc.dll [23040 2013-09-19] (Microsoft Corporation)
R2 Eventlog; C:\WINDOWS.0\system32\services.exe [108544 2013-09-19] (Microsoft Corporation)
R3 EventSystem; C:\WINDOWS.0\system32\es.dll [246272 2013-09-19] (Microsoft Corporation)
R3 FastUserSwitchingCompatibility; C:\WINDOWS.0\System32\shsvcs.dll [135168 2013-09-19] (Microsoft Corporation)
S2 GingerUpdateService; C:\Program Files\Ginger\GingerUpdateService\GingerUpdateService.exe [280976 2014-07-03] (Ginger Software)
R2 helpsvc; C:\WINDOWS.0\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2013-09-19] (Microsoft Corporation)
S3 hkmsvc; C:\WINDOWS.0\System32\kmsvc.dll [61440 2013-09-19] (Microsoft Corporation)
S3 HTTPFilter; C:\WINDOWS.0\System32\w3ssl.dll [15872 2013-09-19] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS.0\system32\imapi.exe [150528 2013-09-19] (Microsoft Corporation)
R2 LanmanServer; C:\WINDOWS.0\System32\srvsvc.dll [96768 2013-09-19] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINDOWS.0\System32\wkssvc.dll [132096 2013-09-19] (Microsoft Corporation)
R2 LmHosts; C:\WINDOWS.0\System32\lmhsvc.dll [13824 2013-09-19] (Microsoft Corporation)
S4 Messenger; C:\WINDOWS.0\System32\msgsvc.dll [33792 2013-09-19] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS.0\system32\mnmsrvc.exe [32768 2013-09-19] (Microsoft Corporation)
S3 MSDTC; C:\WINDOWS.0\system32\msdtc.exe [6144 2013-09-19] (Microsoft Corporation)
S3 MSIServer; C:\WINDOWS.0\System32\msiexec.exe [78848 2013-09-19] (Microsoft Corporation)
S3 napagent; C:\WINDOWS.0\System32\qagentrt.dll [291328 2013-09-19] (Microsoft Corporation)
S4 NetDDE; C:\WINDOWS.0\system32\netdde.exe [111104 2013-09-19] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINDOWS.0\system32\netdde.exe [111104 2013-09-19] (Microsoft Corporation)
S3 Netlogon; C:\WINDOWS.0\system32\lsass.exe [13312 2013-09-19] (Microsoft Corporation)
R3 Netman; C:\WINDOWS.0\System32\netman.dll [198144 2013-09-19] (Microsoft Corporation)
R3 Nla; C:\WINDOWS.0\System32\mswsock.dll [245248 2013-09-19] (Microsoft Corporation)
S3 NtLmSsp; C:\WINDOWS.0\system32\lsass.exe [13312 2013-09-19] (Microsoft Corporation)
S3 NtmsSvc; C:\WINDOWS.0\system32\ntmssvc.dll [435200 2013-09-19] (Microsoft Corporation)
R2 PlugPlay; C:\WINDOWS.0\system32\services.exe [108544 2013-09-19] (Microsoft Corporation)
R2 PolicyAgent; C:\WINDOWS.0\system32\lsass.exe [13312 2013-09-19] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINDOWS.0\system32\lsass.exe [13312 2013-09-19] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS.0\System32\rasauto.dll [88576 2013-09-19] (Microsoft Corporation)
S3 RasMan; C:\WINDOWS.0\System32\rasmans.dll [186368 2013-09-19] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS.0\system32\sessmgr.exe [141312 2013-09-19] (Microsoft Corporation)
S4 RemoteAccess; C:\WINDOWS.0\System32\mprdim.dll [53248 2013-09-19] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINDOWS.0\system32\regsvc.dll [59904 2013-09-19] (Microsoft Corporation)
S3 RpcLocator; C:\WINDOWS.0\system32\locator.exe [75264 2013-09-19] (Microsoft Corporation)
R2 RpcSs; C:\WINDOWS.0\system32\rpcss.dll [399360 2013-09-19] (Microsoft Corporation)
S3 RSVP; C:\WINDOWS.0\system32\rsvp.exe [132608 2013-09-19] (Microsoft Corporation)
R2 SamSs; C:\WINDOWS.0\system32\lsass.exe [13312 2013-09-19] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS.0\System32\SCardSvr.exe [95744 2013-09-19] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS.0\system32\schedsvc.dll [192512 2013-09-19] (Microsoft Corporation)
R2 seclogon; C:\WINDOWS.0\System32\seclogon.dll [18944 2013-09-19] (Microsoft Corporation)
R2 SENS; C:\WINDOWS.0\system32\sens.dll [39424 2013-09-19] (Microsoft Corporation)
R2 SharedAccess; C:\WINDOWS.0\System32\ipnathlp.dll [331264 2013-09-19] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINDOWS.0\System32\shsvcs.dll [135168 2013-09-19] (Microsoft Corporation)
R2 Spooler; C:\WINDOWS.0\system32\spoolsv.exe [57856 2013-09-19] (Microsoft Corporation)
R2 srservice; C:\WINDOWS.0\system32\srsvc.dll [171008 2013-09-19] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS.0\System32\ssdpsrv.dll [71680 2013-09-19] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS.0\system32\wiaservc.dll [333824 2013-09-19] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 SwPrv; C:\WINDOWS.0\system32\dllhost.exe [5120 2013-09-19] (Microsoft Corporation)
S3 SysmonLog; C:\WINDOWS.0\system32\smlogsvc.exe [89600 2013-09-19] (Microsoft Corporation)
S3 TapiSrv; C:\WINDOWS.0\System32\tapisrv.dll [249856 2013-09-19] (Microsoft Corporation)
R3 TermService; C:\WINDOWS.0\System32\termsrv.dll [295424 2013-09-19] (Microsoft Corporation)
R2 Themes; C:\WINDOWS.0\System32\shsvcs.dll [135168 2013-09-19] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS.0\system32\tlntsvr.exe [73216 2013-09-19] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS.0\system32\trkwks.dll [90112 2013-09-19] (Microsoft Corporation)
S3 upnphost; C:\WINDOWS.0\System32\upnphost.dll [185856 2013-09-19] (Microsoft Corporation)
S3 UPS; C:\WINDOWS.0\System32\ups.exe [18432 2013-09-19] (Microsoft Corporation)
S3 VSS; C:\WINDOWS.0\System32\vssvc.exe [289792 2013-09-19] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS.0\system32\w32time.dll [175104 2013-09-19] (Microsoft Corporation)
R2 WebClient; C:\WINDOWS.0\System32\webclnt.dll [68096 2013-09-19] (Microsoft Corporation)
R2 winmgmt; C:\WINDOWS.0\system32\wbem\WMIsvc.dll [144896 2013-09-19] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS.0\system32\mspmsnsv.dll [52224 2013-09-19] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS.0\System32\advapi32.dll [617472 2013-09-19] (Microsoft Corporation)
S3 WmiApSrv; C:\WINDOWS.0\system32\wbem\wmiapsrv.exe [126464 2013-09-19] (Microsoft Corporation)
R2 wscsvc; C:\WINDOWS.0\system32\wscsvc.dll [80896 2013-09-19] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS.0\system32\wuauserv.dll [6656 2013-09-19] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS.0\System32\wzcsvc.dll [483840 2013-09-19] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS.0\System32\xmlprov.dll [129024 2013-09-19] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ACPI; C:\WINDOWS.0\System32\DRIVERS\ACPI.sys [187776 2013-09-19] (Microsoft Corporation)
S4 ACPIEC; C:\WINDOWS.0\system32\Drivers\ACPIEC.sys [11648 2013-09-19] (Microsoft Corporation)
S3 aec; C:\WINDOWS.0\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
R1 AFD; C:\WINDOWS.0\System32\drivers\afd.sys [138112 2013-09-19] (Microsoft Corporation)
S3 AsyncMac; C:\WINDOWS.0\System32\DRIVERS\asyncmac.sys [14336 2013-09-19] (Microsoft Corporation)
R0 atapi; C:\WINDOWS.0\System32\DRIVERS\atapi.sys [96512 2013-09-19] (Microsoft Corporation)
S3 Atmarpc; C:\WINDOWS.0\System32\DRIVERS\atmarpc.sys [59904 2013-09-19] (Microsoft Corporation)
R3 audstub; C:\WINDOWS.0\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R1 avgio; D:\software\New Folder\Avira\AntiVir PersonalEdition Classic\avgio.sys [11840 2007-02-27] (Avira GmbH)
S3 avgntflt; D:\software\New Folder\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [52032 2008-05-20] (Avira GmbH)
R1 avipbb; C:\WINDOWS.0\System32\DRIVERS\avipbb.sys [75072 2008-06-27] (Avira GmbH)
R1 Beep; C:\WINDOWS.0\system32\Drivers\Beep.sys [4224 2013-09-19] (Microsoft Corporation)
S4 cbidf2k; C:\WINDOWS.0\system32\Drivers\cbidf2k.sys [13952 2013-09-19] (Microsoft Corporation)
S1 Cdaudio; C:\WINDOWS.0\system32\Drivers\Cdaudio.sys [18688 2013-09-19] (Microsoft Corporation)
S4 Cdfs; C:\WINDOWS.0\system32\Drivers\Cdfs.sys [63744 2013-09-19] (Microsoft Corporation)
S1 Cdrom; C:\WINDOWS.0\System32\DRIVERS\cdrom.sys [62976 2013-09-19] (Microsoft Corporation)
R0 Disk; C:\WINDOWS.0\System32\DRIVERS\disk.sys [36352 2013-09-19] (Microsoft Corporation)
S4 dmboot; C:\WINDOWS.0\System32\drivers\dmboot.sys [799744 2013-09-19] (Microsoft Corp., Veritas Software)
R0 dmio; C:\WINDOWS.0\System32\drivers\dmio.sys [153344 2013-09-19] (Microsoft Corp., Veritas Software)
R0 dmload; C:\WINDOWS.0\System32\drivers\dmload.sys [5888 2013-09-19] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINDOWS.0\System32\drivers\DMusic.sys [52864 2008-04-14] (Microsoft Corporation)
S3 drmkaud; C:\WINDOWS.0\System32\drivers\drmkaud.sys [2944 2008-04-14] (Microsoft Corporation)
R4 Fastfat; C:\WINDOWS.0\system32\Drivers\Fastfat.sys [143744 2013-09-19] (Microsoft Corporation)
R3 Fdc; C:\WINDOWS.0\System32\DRIVERS\fdc.sys [27392 2013-09-19] (Microsoft Corporation)
R3 FETNDIS; C:\WINDOWS.0\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc.              )
R1 Fips; C:\WINDOWS.0\system32\Drivers\Fips.sys [44544 2013-09-19] (Microsoft Corporation)
S1 Flpydisk; C:\WINDOWS.0\system32\Drivers\Flpydisk.sys [20480 2013-09-19] (Microsoft Corporation)
R0 FltMgr; C:\WINDOWS.0\System32\DRIVERS\fltMgr.sys [129792 2013-09-19] (Microsoft Corporation)
U1 Fs_Rec; C:\WINDOWS.0\system32\Drivers\Fs_Rec.sys [7936 2013-09-19] (Microsoft Corporation)
R0 Ftdisk; C:\WINDOWS.0\System32\DRIVERS\ftdisk.sys [125056 2013-09-19] (Microsoft Corporation)
R0 gagp30kx; C:\WINDOWS.0\System32\DRIVERS\gagp30kx.sys [46464 2008-04-13] (Microsoft Corporation)
R3 Gpc; C:\WINDOWS.0\System32\DRIVERS\msgpc.sys [35072 2013-09-19] (Microsoft Corporation)
S3 HidUsb; C:\WINDOWS.0\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation)
R3 HTTP; C:\WINDOWS.0\System32\Drivers\HTTP.sys [264832 2013-09-19] (Microsoft Corporation)
R1 i8042prt; C:\WINDOWS.0\System32\DRIVERS\i8042prt.sys [52480 2013-09-19] (Microsoft Corporation)
S1 Imapi; C:\WINDOWS.0\System32\DRIVERS\imapi.sys [42112 2013-09-19] (Microsoft Corporation)
S3 Ip6Fw; C:\WINDOWS.0\System32\DRIVERS\Ip6Fw.sys [36608 2013-09-19] (Microsoft Corporation)
S3 IpFilterDriver; C:\WINDOWS.0\System32\DRIVERS\ipfltdrv.sys [32896 2013-09-19] (Microsoft Corporation)
S3 IpInIp; C:\WINDOWS.0\System32\DRIVERS\ipinip.sys [20864 2013-09-19] (Microsoft Corporation)
R3 IpNat; C:\WINDOWS.0\System32\DRIVERS\ipnat.sys [152832 2013-09-19] (Microsoft Corporation)
R1 IPSec; C:\WINDOWS.0\System32\DRIVERS\ipsec.sys [75264 2013-09-19] (Microsoft Corporation)
S3 IRENUM; C:\WINDOWS.0\System32\DRIVERS\irenum.sys [11264 2013-09-19] (Microsoft Corporation)
R0 isapnp; C:\WINDOWS.0\System32\DRIVERS\isapnp.sys [37248 2013-09-19] (Microsoft Corporation)
R1 Kbdclass; C:\WINDOWS.0\System32\DRIVERS\kbdclass.sys [24576 2013-09-19] (Microsoft Corporation)
S1 kbdhid; C:\WINDOWS.0\System32\DRIVERS\kbdhid.sys [14592 2008-04-14] (Microsoft Corporation)
S3 kmixer; C:\WINDOWS.0\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft Corporation)
R0 KSecDD; C:\WINDOWS.0\system32\Drivers\KSecDD.sys [92288 2013-09-19] (Microsoft Corporation)
R1 mnmdd; C:\WINDOWS.0\system32\Drivers\mnmdd.sys [4224 2013-09-19] (Microsoft Corporation)
S3 Modem; C:\WINDOWS.0\system32\Drivers\Modem.sys [30080 2013-09-19] (Microsoft Corporation)
R1 Mouclass; C:\WINDOWS.0\System32\DRIVERS\mouclass.sys [23040 2013-09-19] (Microsoft Corporation)
R0 MountMgr; C:\WINDOWS.0\system32\Drivers\MountMgr.sys [42368 2013-09-19] (Microsoft Corporation)
R3 MRxDAV; C:\WINDOWS.0\System32\DRIVERS\mrxdav.sys [180608 2013-09-19] (Microsoft Corporation)
R1 MRxSmb; C:\WINDOWS.0\System32\DRIVERS\mrxsmb.sys [456576 2013-09-19] (Microsoft Corporation)
R1 Msfs; C:\WINDOWS.0\system32\Drivers\Msfs.sys [19072 2013-09-19] (Microsoft Corporation)
S3 MSKSSRV; C:\WINDOWS.0\System32\drivers\MSKSSRV.sys [7552 2008-04-14] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINDOWS.0\System32\drivers\MSPCLOCK.sys [5376 2008-04-14] (Microsoft Corporation)
S3 MSPQM; C:\WINDOWS.0\System32\drivers\MSPQM.sys [4992 2008-04-14] (Microsoft Corporation)
R3 mssmbios; C:\WINDOWS.0\System32\DRIVERS\mssmbios.sys [15488 2013-09-19] (Microsoft Corporation)
R0 Mup; C:\WINDOWS.0\system32\Drivers\Mup.sys [105344 2013-09-19] (Microsoft Corporation)
R0 NDIS; C:\WINDOWS.0\system32\Drivers\NDIS.sys [182656 2013-09-19] (Microsoft Corporation)
R3 NdisTapi; C:\WINDOWS.0\System32\DRIVERS\ndistapi.sys [10112 2013-09-19] (Microsoft Corporation)
R3 Ndisuio; C:\WINDOWS.0\System32\DRIVERS\ndisuio.sys [14592 2013-09-19] (Microsoft Corporation)
R3 NdisWan; C:\WINDOWS.0\System32\DRIVERS\ndiswan.sys [91520 2013-09-19] (Microsoft Corporation)
R3 NDProxy; C:\WINDOWS.0\system32\Drivers\NDProxy.sys [40576 2013-09-19] (Microsoft Corporation)
R1 NetBIOS; C:\WINDOWS.0\System32\DRIVERS\netbios.sys [34688 2013-09-19] (Microsoft Corporation)
R1 NetBT; C:\WINDOWS.0\System32\DRIVERS\netbt.sys [162816 2013-09-19] (Microsoft Corporation)
R1 Npfs; C:\WINDOWS.0\system32\Drivers\Npfs.sys [30848 2013-09-19] (Microsoft Corporation)
R4 Ntfs; C:\WINDOWS.0\system32\Drivers\Ntfs.sys [574976 2013-09-19] (Microsoft Corporation)
R1 Null; C:\WINDOWS.0\system32\Drivers\Null.sys [2944 2013-09-19] (Microsoft Corporation)
S3 NwlnkFlt; C:\WINDOWS.0\System32\DRIVERS\nwlnkflt.sys [12416 2013-09-19] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINDOWS.0\System32\DRIVERS\nwlnkfwd.sys [32512 2013-09-19] (Microsoft Corporation)
R3 Parport; C:\WINDOWS.0\System32\DRIVERS\parport.sys [80128 2013-09-19] (Microsoft Corporation)
R0 PartMgr; C:\WINDOWS.0\system32\Drivers\PartMgr.sys [19712 2013-09-19] (Microsoft Corporation)
R2 ParVdm; C:\WINDOWS.0\system32\Drivers\ParVdm.sys [6784 2013-09-19] (Microsoft Corporation)
S3 pccsmcfd; C:\WINDOWS.0\System32\DRIVERS\pccsmcfd.sys [19072 2012-06-11] (Nokia)
R0 PCI; C:\WINDOWS.0\System32\DRIVERS\pci.sys [68224 2013-09-19] (Microsoft Corporation)
R0 PCIIde; C:\WINDOWS.0\System32\DRIVERS\pciide.sys [3328 2013-09-19] (Microsoft Corporation)
S4 Pcmcia; C:\WINDOWS.0\system32\Drivers\Pcmcia.sys [120192 2013-09-19] (Microsoft Corporation)
R3 PptpMiniport; C:\WINDOWS.0\System32\DRIVERS\raspptp.sys [48384 2013-09-19] (Microsoft Corporation)
R1 Processor; C:\WINDOWS.0\System32\DRIVERS\processr.sys [35840 2013-09-19] (Microsoft Corporation)
R3 PSched; C:\WINDOWS.0\System32\DRIVERS\psched.sys [69120 2013-09-19] (Microsoft Corporation)
R3 Ptilink; C:\WINDOWS.0\System32\DRIVERS\ptilink.sys [17792 2013-09-19] (Parallel Technologies, Inc.)
R1 RasAcd; C:\WINDOWS.0\System32\DRIVERS\rasacd.sys [8832 2013-09-19] (Microsoft Corporation)
R3 Rasl2tp; C:\WINDOWS.0\System32\DRIVERS\rasl2tp.sys [51328 2013-09-19] (Microsoft Corporation)
R3 RasPppoe; C:\WINDOWS.0\System32\DRIVERS\raspppoe.sys [41472 2013-09-19] (Microsoft Corporation)
R3 Raspti; C:\WINDOWS.0\System32\DRIVERS\raspti.sys [16512 2013-09-19] (Microsoft Corporation)
R1 Rdbss; C:\WINDOWS.0\System32\DRIVERS\rdbss.sys [175744 2013-09-19] (Microsoft Corporation)
R1 RDPCDD; C:\WINDOWS.0\System32\DRIVERS\RDPCDD.sys [4224 2013-09-19] (Microsoft Corporation)
R3 rdpdr; C:\WINDOWS.0\System32\DRIVERS\rdpdr.sys [196224 2008-04-14] (Microsoft Corporation)
S3 RDPWD; C:\WINDOWS.0\system32\Drivers\RDPWD.sys [139656 2013-09-19] (Microsoft Corporation)
S1 redbook; C:\WINDOWS.0\System32\DRIVERS\redbook.sys [57600 2008-04-14] (Microsoft Corporation)
R2 Secdrv; C:\WINDOWS.0\System32\DRIVERS\secdrv.sys [20480 2013-09-19] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R3 serenum; C:\WINDOWS.0\System32\DRIVERS\serenum.sys [15744 2013-09-19] (Microsoft Corporation)
R1 Serial; C:\WINDOWS.0\System32\DRIVERS\serial.sys [64512 2013-09-19] (Microsoft Corporation)
S1 Sfloppy; C:\WINDOWS.0\system32\Drivers\Sfloppy.sys [11392 2013-09-19] (Microsoft Corporation)
S3 splitter; C:\WINDOWS.0\System32\drivers\splitter.sys [6272 2008-04-14] (Microsoft Corporation)
R0 sr; C:\WINDOWS.0\System32\DRIVERS\sr.sys [73472 2013-09-19] (Microsoft Corporation)
R3 Srv; C:\WINDOWS.0\System32\DRIVERS\srv.sys [334848 2013-09-19] (Microsoft Corporation)
R1 ssmdrv; C:\WINDOWS.0\System32\DRIVERS\ssmdrv.sys [28352 2007-03-01] (Avira GmbH)
S3 SWDUMon; C:\WINDOWS.0\System32\DRIVERS\SWDUMon.sys [13464 2014-06-14] ()
R3 swenum; C:\WINDOWS.0\System32\DRIVERS\swenum.sys [4352 2013-09-19] (Microsoft Corporation)
S3 swmidi; C:\WINDOWS.0\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft Corporation)
R3 sysaudio; C:\WINDOWS.0\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft Corporation)
R1 Tcpip; C:\WINDOWS.0\System32\DRIVERS\tcpip.sys [361344 2013-09-19] (Microsoft Corporation)
S3 TDPIPE; C:\WINDOWS.0\system32\Drivers\TDPIPE.sys [12040 2013-09-19] (Microsoft Corporation)
S3 TDTCP; C:\WINDOWS.0\system32\Drivers\TDTCP.sys [21896 2013-09-19] (Microsoft Corporation)
R1 TermDD; C:\WINDOWS.0\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)
S4 Udfs; C:\WINDOWS.0\system32\Drivers\Udfs.sys [66048 2013-09-19] (Microsoft Corporation)
R3 Update; C:\WINDOWS.0\System32\DRIVERS\update.sys [384768 2013-09-19] (Microsoft Corporation)
S3 usbccgp; C:\WINDOWS.0\System32\DRIVERS\usbccgp.sys [32128 2008-04-14] (Microsoft Corporation)
R3 usbehci; C:\WINDOWS.0\System32\DRIVERS\usbehci.sys [30208 2013-09-19] (Microsoft Corporation)
R3 usbhub; C:\WINDOWS.0\System32\DRIVERS\usbhub.sys [59520 2013-09-19] (Microsoft Corporation)
S3 usbscan; C:\WINDOWS.0\System32\DRIVERS\usbscan.sys [15104 2008-04-14] (Microsoft Corporation)
S3 usbser; C:\WINDOWS.0\System32\drivers\usbser.sys [26112 2008-04-14] (Microsoft Corporation)
R3 usbstor; C:\WINDOWS.0\System32\DRIVERS\USBSTOR.SYS [26368 2013-09-19] (Microsoft Corporation)
R3 usbuhci; C:\WINDOWS.0\System32\DRIVERS\usbuhci.sys [20608 2013-09-19] (Microsoft Corporation)
R1 VgaSave; C:\WINDOWS.0\System32\drivers\vga.sys [20992 2013-09-19] (Microsoft Corporation)
R3 viagfx; C:\WINDOWS.0\System32\DRIVERS\vtmini.sys [283904 2007-04-28] (Copyright © VIA/S3 Graphics Co, Ltd.)
R0 ViaIde; C:\WINDOWS.0\System32\DRIVERS\viaide.sys [5376 2013-09-19] (Microsoft Corporation)
R3 VIAudio; C:\WINDOWS.0\System32\drivers\vinyl97.sys [207488 2007-06-27] (VIA Technologies, Inc.)
R0 VolSnap; C:\WINDOWS.0\system32\Drivers\VolSnap.sys [52352 2013-09-19] (Microsoft Corporation)
R3 Wanarp; C:\WINDOWS.0\System32\DRIVERS\wanarp.sys [34560 2013-09-19] (Microsoft Corporation)
S3 Wdf01000; C:\WINDOWS.0\System32\Drivers\wdf01000.sys [444136 2009-07-14] (Microsoft Corporation)
R3 wdmaud; C:\WINDOWS.0\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft Corporation)
S4 WS2IFSL; C:\WINDOWS.0\System32\drivers\ws2ifsl.sys [12032 2013-09-19] (Microsoft Corporation)
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S4 IntelIde; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-23 02:07 - 2014-07-23 10:37 - 00000000 ____D () C:\Documents and Settings\sirgovernor\workspace
2014-07-21 12:55 - 2014-07-21 12:55 - 00000000 ___HD () C:\WINDOWS.0\PIF
2014-07-21 05:47 - 2012-06-27 13:52 - 00173824 __RSH () C:\Documents and Settings\sirgovernor\Application Data\service350.exe
2014-07-20 13:39 - 2012-06-27 13:52 - 00173824 __RSH () C:\Documents and Settings\sirgovernor\Application Data\service755.exe
2014-07-19 00:01 - 2012-06-27 13:52 - 00173824 __RSH () C:\Documents and Settings\sirgovernor\Application Data\service820.exe
2014-07-18 10:13 - 2012-06-27 13:52 - 00173824 __RSH () C:\Documents and Settings\sirgovernor\Application Data\service515.exe
2014-07-15 05:54 - 2014-07-15 05:54 - 00195451 _____ () C:\Documents and Settings\sirgovernor\Desktop\challan.aspx.htm
2014-07-09 21:32 - 2014-07-09 21:32 - 00000000 ____D () C:\Documents and Settings\sirgovernor\Application Data\Acapela Group
2014-07-09 21:31 - 2014-07-09 21:32 - 00001534 _____ () C:\GingerSetupHelper.log
2014-07-09 21:31 - 2014-07-09 21:32 - 00000000 ____D () C:\Program Files\Ginger
2014-07-09 21:31 - 2014-07-09 21:31 - 00002799 _____ () C:\GingerSetup.log
2014-07-09 21:31 - 2014-07-09 21:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Ginger
2014-07-09 21:31 - 2014-07-09 21:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Ginger
2014-07-05 17:23 - 2014-07-05 17:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-01 11:29 - 2014-07-14 22:52 - 00018643 ____H () C:\Documents and Settings\sirgovernor\My Documents\~WRL0004.tmp
2014-07-01 11:29 - 2014-07-14 05:12 - 00018586 ____H () C:\Documents and Settings\sirgovernor\My Documents\~WRL3086.tmp
2014-07-01 11:29 - 2014-07-10 13:52 - 00014184 ____H () C:\Documents and Settings\sirgovernor\My Documents\~WRL0005.tmp
2014-06-30 13:30 - 2014-07-01 04:54 - 00012832 ____H () C:\Documents and Settings\sirgovernor\My Documents\~WRL0003.tmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-24 13:52 - 2014-05-30 04:08 - 00000000 ____D () C:\FRST
2014-07-24 13:52 - 2013-09-21 02:30 - 00000000 ____D () C:\Documents and Settings\sirgovernor\Local Settings\Temp
2014-07-24 13:49 - 2014-03-30 14:03 - 00000000 ____D () C:\Documents and Settings\sirgovernor\Application Data\EQATEC Analytics
2014-07-24 13:49 - 2013-12-15 05:00 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP
2014-07-24 13:49 - 2013-12-15 05:00 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP
2014-07-24 13:49 - 2013-09-21 03:28 - 00000892 _____ () C:\WINDOWS.0\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-24 13:49 - 2013-09-21 02:13 - 01890076 _____ () C:\WINDOWS.0\WindowsUpdate.log
2014-07-24 13:49 - 2013-09-20 19:09 - 00000159 _____ () C:\WINDOWS.0\wiadebug.log
2014-07-24 13:48 - 2013-09-21 02:29 - 00000006 ____H () C:\WINDOWS.0\Tasks\SA.DAT
2014-07-24 13:48 - 2013-09-20 19:09 - 00000049 _____ () C:\WINDOWS.0\wiaservc.log
2014-07-24 13:07 - 2013-09-21 02:30 - 00000178 ___SH () C:\Documents and Settings\sirgovernor\ntuser.ini
2014-07-24 13:07 - 2013-09-21 02:29 - 00032508 _____ () C:\WINDOWS.0\SchedLgU.Txt
2014-07-24 12:52 - 2014-03-30 14:03 - 00070799 _____ () C:\Documents and Settings\All Users.bak
2014-07-24 12:47 - 2013-09-21 03:28 - 00000896 _____ () C:\WINDOWS.0\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-24 12:29 - 2013-09-24 05:46 - 00000834 _____ () C:\WINDOWS.0\Tasks\Adobe Flash Player Updater.job
2014-07-24 00:06 - 2013-09-20 19:03 - 00000000 ____D () C:\WINDOWS.0\Temp
2014-07-23 13:28 - 2014-05-29 05:08 - 00001823 _____ () C:\Documents and Settings\sirgovernor\Desktop\Serial ddd.txt
2014-07-23 10:37 - 2014-07-23 02:07 - 00000000 ____D () C:\Documents and Settings\sirgovernor\workspace
2014-07-23 02:07 - 2013-09-21 02:30 - 00000000 ____D () C:\Documents and Settings\sirgovernor
2014-07-22 11:25 - 2013-09-23 11:21 - 00076800 _____ () C:\Documents and Settings\sirgovernor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-22 10:23 - 2014-03-30 14:03 - 00000960 _____ () C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Download Accelerator Plus (DAP).lnk
2014-07-22 10:23 - 2014-03-30 14:03 - 00000960 _____ () C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Download Accelerator Plus (DAP).lnk
2014-07-22 07:16 - 2013-09-21 02:11 - 00051830 _____ () C:\WINDOWS.0\wmsetup.log
2014-07-21 12:55 - 2014-07-21 12:55 - 00000000 ___HD () C:\WINDOWS.0\PIF
2014-07-21 12:55 - 2013-09-20 19:03 - 00000000 ____D () C:\WINDOWS.0
2014-07-21 01:25 - 2013-09-21 03:49 - 00001813 _____ () C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Google Chrome.lnk
2014-07-20 12:06 - 2014-06-11 17:53 - 00000000 ____D () C:\Documents and Settings\sirgovernor\Desktop\pngs
2014-07-20 09:45 - 2013-09-19 02:51 - 00002206 _____ () C:\WINDOWS.0\system32\wpa.dbl
2014-07-18 08:31 - 2014-03-21 16:24 - 00344434 _____ () C:\WINDOWS.0\setupapi.log
2014-07-15 05:54 - 2014-07-15 05:54 - 00195451 _____ () C:\Documents and Settings\sirgovernor\Desktop\challan.aspx.htm
2014-07-14 22:52 - 2014-07-01 11:29 - 00018643 ____H () C:\Documents and Settings\sirgovernor\My Documents\~WRL0004.tmp
2014-07-14 05:12 - 2014-07-01 11:29 - 00018586 ____H () C:\Documents and Settings\sirgovernor\My Documents\~WRL3086.tmp
2014-07-10 13:52 - 2014-07-01 11:29 - 00014184 ____H () C:\Documents and Settings\sirgovernor\My Documents\~WRL0005.tmp
2014-07-09 23:30 - 2013-09-20 19:05 - 03574360 _____ () C:\WINDOWS.0\system32\FNTCACHE.DAT
2014-07-09 21:33 - 2013-09-22 00:06 - 00071928 _____ () C:\Documents and Settings\sirgovernor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-07-09 21:32 - 2014-07-09 21:32 - 00000000 ____D () C:\Documents and Settings\sirgovernor\Application Data\Acapela Group
2014-07-09 21:32 - 2014-07-09 21:31 - 00001534 _____ () C:\GingerSetupHelper.log
2014-07-09 21:32 - 2014-07-09 21:31 - 00000000 ____D () C:\Program Files\Ginger
2014-07-09 21:31 - 2014-07-09 21:31 - 00002799 _____ () C:\GingerSetup.log
2014-07-09 21:31 - 2014-07-09 21:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Ginger
2014-07-09 21:31 - 2014-07-09 21:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Ginger
2014-07-09 21:31 - 2012-06-03 23:18 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-09 12:51 - 2014-01-24 21:02 - 00000132 _____ () C:\Documents and Settings\sirgovernor\Application Data\Adobe PNG Format CS5 Prefs
2014-07-08 20:39 - 2013-09-24 05:46 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS.0\system32\FlashPlayerApp.exe
2014-07-08 20:39 - 2013-09-24 05:46 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS.0\system32\FlashPlayerCPLApp.cpl
2014-07-07 03:54 - 2013-03-05 13:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-05 17:24 - 2014-07-05 17:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-03 19:15 - 2014-06-06 15:59 - 00025644 ____H () C:\Documents and Settings\sirgovernor\Desktop\~WRL0384.tmp
2014-07-01 17:49 - 2014-06-06 15:59 - 00020242 ____H () C:\Documents and Settings\sirgovernor\Desktop\~WRL0003.tmp
2014-07-01 04:54 - 2014-06-30 13:30 - 00012832 ____H () C:\Documents and Settings\sirgovernor\My Documents\~WRL0003.tmp
 
Some content of TEMP:
====================
C:\Documents and Settings\sirgovernor\Local Settings\Temp\KMP_3.2.0.0.exe
C:\Documents and Settings\sirgovernor\Local Settings\Temp\{03C53714-471F-4494-B95B-52B7EEF2D293}-36.0.1985.125_chrome_installer.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS.0\explorer.exe => File is digitally signed
C:\WINDOWS.0\system32\winlogon.exe => File is digitally signed
C:\WINDOWS.0\system32\svchost.exe => File is digitally signed
C:\WINDOWS.0\system32\services.exe => File is digitally signed
C:\WINDOWS.0\system32\User32.dll => File is digitally signed
C:\WINDOWS.0\system32\userinit.exe => File is digitally signed
C:\WINDOWS.0\system32\rpcss.dll => File is digitally signed
C:\WINDOWS.0\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
addition.txt
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:24-07-2014 01
Ran by sirgovernor at 2014-07-24 13:53:38
Running from C:\Documents and Settings\sirgovernor\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29126 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Cheat Engine 6.1 (HKLM\...\Cheat Engine 6.1_is1) (Version:  - Dark Byte)
Cyberoam Client for 24Online (HKLM\...\Cyberoam Client for 24Online) (Version:  - )
Download Accelerator Plus (DAP) (HKLM\...\Download Accelerator Plus (DAP)) (Version: 10053 (Build 2558) - Speedbit Ltd.)
DriverIdentifier 4.2.7 (HKLM\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version:  - DriverIdentifier)
DriverUpdate (HKLM\...\{C67F5282-3EB4-4FE2-A5C7-ABEE4BE42F6D}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)
Ginger (Version: 3.5.127 - Ginger Software) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Medal of Honor Allied Assault (HKLM\...\{0DEA94ED-915A-4834-A87E-388D012C8E02}) (Version:  - )
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 30.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 30.0 (x86 en-GB)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5582 - Realtek Semiconductor Corp.)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version:  - )
VIA/S3G Display Driver (HKLM\...\VIA/S3G Display Driver) (Version:  - )
VVaudix (HKLM\...\{681002C6-5019-81A2-7871-A43754F71E56}) (Version: 2.3.0.1281 - Vaudix)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.10 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.1 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
29-05-2014 04:49:56 System Checkpoint
30-05-2014 05:09:42 System Checkpoint
31-05-2014 13:51:22 System Checkpoint
01-06-2014 15:01:17 System Checkpoint
02-06-2014 01:28:46 Installed Microsoft Office Enterprise 2007
02-06-2014 01:35:50 Printer Driver Send To Microsoft OneNote Driver Installed
03-06-2014 18:07:23 System Checkpoint
05-06-2014 01:37:01 System Checkpoint
06-06-2014 09:46:38 System Checkpoint
07-06-2014 09:57:17 System Checkpoint
08-06-2014 11:57:08 System Checkpoint
09-06-2014 16:57:08 System Checkpoint
10-06-2014 17:39:40 System Checkpoint
12-06-2014 02:28:55 System Checkpoint
15-06-2014 13:39:15 System Checkpoint
16-06-2014 13:56:00 System Checkpoint
17-06-2014 14:21:21 System Checkpoint
19-06-2014 09:30:38 System Checkpoint
20-06-2014 13:31:40 System Checkpoint
21-06-2014 14:26:51 System Checkpoint
23-06-2014 13:20:39 System Checkpoint
24-06-2014 14:41:15 System Checkpoint
25-06-2014 15:10:19 System Checkpoint
26-06-2014 15:23:18 System Checkpoint
27-06-2014 22:31:05 System Checkpoint
29-06-2014 14:07:14 System Checkpoint
30-06-2014 15:17:25 System Checkpoint
01-07-2014 15:19:37 System Checkpoint
02-07-2014 17:37:29 System Checkpoint
04-07-2014 09:59:51 System Checkpoint
05-07-2014 14:02:14 System Checkpoint
07-07-2014 02:19:20 System Checkpoint
08-07-2014 07:03:21 System Checkpoint
09-07-2014 21:21:31 System Checkpoint
10-07-2014 04:31:12 Installed Ginger
11-07-2014 04:43:43 System Checkpoint
12-07-2014 04:48:55 System Checkpoint
13-07-2014 05:48:48 System Checkpoint
14-07-2014 08:56:13 System Checkpoint
15-07-2014 10:56:06 System Checkpoint
16-07-2014 16:38:19 System Checkpoint
18-07-2014 15:25:42 System Checkpoint
21-07-2014 07:21:34 System Checkpoint
22-07-2014 10:13:04 System Checkpoint
23-07-2014 12:55:05 System Checkpoint
24-07-2014 14:57:52 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-09-19 02:22 - 2013-09-19 02:22 - 00000768 ____A C:\WINDOWS.0\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 mpa.one.microsoft.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS.0\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS.0\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS.0\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-19 02:31 - 2013-09-19 02:31 - 00014336 _____ () C:\WINDOWS.0\system32\msdmo.dll
2013-09-19 02:17 - 2013-09-19 02:17 - 00059904 _____ () C:\WINDOWS.0\system32\devenum.dll
2014-07-21 01:25 - 2014-07-15 02:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-21 01:25 - 2014-07-15 02:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-21 01:25 - 2014-07-15 02:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-21 01:25 - 2014-07-15 02:24 - 14664008 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP:56E2E879
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP:56E2E879
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe Reader Speed Launcher => C:\Documents and Settings\sirgovernor\Application Data\service838.exe
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeBridge => 
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: avgnt => "D:\software\New Folder\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS.0\system32\ctfmon.exe
MSCONFIG\startupreg: DownloadAccelerator => "C:\Program Files\DAP\DAP.EXE" /STARTUP
MSCONFIG\startupreg: DriverUpdate => "C:\Program Files\DriverUpdate\DriverUpdate.exe" -boot
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: Nokia.PCSync => "C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe" /NoDialog
MSCONFIG\startupreg: SMSERIAL => sm56hlpr.exe
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: uTorrent => "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: VTTimer => VTTimer.exe
MSCONFIG\startupreg: VTTrayp => VTtrayp.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/21/2014 05:50:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Photoshop.exe, version 12.1.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (07/17/2014 01:00:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application CyberoamClient.exe, version 1.3.6.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (07/15/2014 10:35:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application CyberoamClient.exe, version 1.3.6.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (07/15/2014 05:35:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Photoshop.exe, version 12.1.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (07/15/2014 05:34:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]
 
Error: (07/15/2014 05:34:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application photoshop.exe, version 12.1.0.0, faulting module photoshop.exe, version 12.1.0.0, fault address 0x008c2b30.
Processing media-specific event for [photoshop.exe!ws!]
 
Error: (07/15/2014 05:22:10 AM) (Source: Microsoft Office 12) (EventID: 1000) (User: )
Description: Faulting application ois.exe, version 12.0.4518.1014, stamp 454175ff, faulting module kernel32.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault address 0x00012aeb.
 
Error: (07/09/2014 09:31:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application office.exe, version 3.5.127.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037efb.
Processing media-specific event for [office.exe!ws!]
 
Error: (06/18/2014 09:37:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application CyberoamClient.exe, version 1.3.6.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (06/14/2014 00:52:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application CyberoamClient.exe, version 1.3.6.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (07/24/2014 01:49:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GingerUpdateService service failed to start due to the following error: 
%%1053
 
Error: (07/24/2014 01:49:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the GingerUpdateService service to connect.
 
Error: (07/24/2014 01:49:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avira AntiVir Personal - Free Antivirus Guard service failed to start due to the following error: 
%%1053
 
Error: (07/24/2014 01:49:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Avira AntiVir Personal - Free Antivirus Guard service to connect.
 
Error: (07/24/2014 01:49:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avira AntiVir Personal - Free Antivirus Scheduler service failed to start due to the following error: 
%%1053
 
Error: (07/24/2014 01:49:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Avira AntiVir Personal - Free Antivirus Scheduler service to connect.
 
Error: (07/24/2014 00:52:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GingerUpdateService service failed to start due to the following error: 
%%1053
 
Error: (07/24/2014 00:52:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the GingerUpdateService service to connect.
 
Error: (07/24/2014 00:52:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avira AntiVir Personal - Free Antivirus Guard service failed to start due to the following error: 
%%1053
 
Error: (07/24/2014 00:52:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Avira AntiVir Personal - Free Antivirus Guard service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (07/18/2014 10:13:38 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4221 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 75%
Total physical RAM: 735.48 MB
Available physical RAM: 181.99 MB
Total Pagefile: 1798.77 MB
Available Pagefile: 1211.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.68 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:37.25 GB) (Free:1.28 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (THE CRAPS I) (Fixed) (Total:37.27 GB) (Free:7.9 GB) FAT32
Drive g: () (Removable) (Total:14.54 GB) (Free:9.32 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: ACD3ACD3)
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=37 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
 
==================== End Of Log ============================
 
 
 
 
mbar log
 
 
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
 
Database version: v2014.07.25.06
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
sirgovernor :: COMPUTER_1 [administrator]
 
7/25/2014 12:29:38 PM
mbar-log-2014-07-25 (12-29-38).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 406011
Time elapsed: 18 minute(s), 10 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Documents and Settings\sir governor\Application Data\temp.bin (Backdoor.Bot) -> Delete on reboot. [4859277963181f17f806715bc93748b8]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
mbar log 2
 
 
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
 
Database version: v2014.07.25.06
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
sirgovernor :: COMPUTER_1 [administrator]
 
7/25/2014 12:52:48 PM
mbar-log-2014-07-25 (12-52-48).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 406091
Time elapsed: 17 minute(s), 38 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
system log
 
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 6.0.2900.5512
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.600000 GHz
Memory total: 771211264, free: 229699584
 
Downloaded database version: v2014.07.24.07
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 6.0.2900.5512
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.599000 GHz
Memory total: 771211264, free: 127827968
 
Downloaded database version: v2014.07.25.06
Downloaded database version: v2014.07.17.01
Initializing...
=======================================
------------ Kernel report ------------
     07/25/2014 12:27:35
------------ Loaded modules -----------
\WINDOWS.0\system32\ntkrnlpa.exe
\WINDOWS.0\system32\hal.dll
\WINDOWS.0\system32\KDCOM.DLL
\WINDOWS.0\system32\BOOTVID.dll
ACPI.sys
\WINDOWS.0\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS.0\system32\DRIVERS\PCIIDEX.SYS
viaide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
gagp30kx.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\vtmini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\vinyl97.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\fetnd5.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\??\D:\software\New Folder\Avira\AntiVir PersonalEdition Classic\avgio.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\vtdisp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS.0\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS.0\system32\drivers\MBAMSwissArmy.sys
\WINDOWS.0\system32\ntdll.dll
----------- End -----------
Done!
Module: \??\\WINDOWS.0\system32\ntkrnlpa.exe could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loaded<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff82d4bab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff82d96b00
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff82d4bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff82d87900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff82d4bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff82d96b00, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS.0\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: ACD3ACD3
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 78124032
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 78124095  Numsec = 78172290
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 80026361856 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Done!
Infected: C:\Documents and Settings\sir governor\Application Data\temp.bin --> [Backdoor.Bot]
File "C:\WINDOWS.0\system32\config\software" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\config\software" is compressed (flags = 1)
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
Removal queue found; removal started
Removing C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 6.0.2900.5512
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.599000 GHz
Memory total: 771211264, free: 547123200
 
=======================================
Initializing...
------------ Kernel report ------------
     07/25/2014 12:51:37
------------ Loaded modules -----------
\WINDOWS.0\system32\ntkrnlpa.exe
\WINDOWS.0\system32\hal.dll
\WINDOWS.0\system32\KDCOM.DLL
\WINDOWS.0\system32\BOOTVID.dll
imofugc.sys
ACPI.sys
\WINDOWS.0\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS.0\system32\DRIVERS\PCIIDEX.SYS
viaide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
gagp30kx.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\vtmini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\vinyl97.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\fetnd5.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\??\D:\software\New Folder\Avira\AntiVir PersonalEdition Classic\avgio.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\vtdisp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS.0\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS.0\system32\drivers\MBAMSwissArmy.sys
\WINDOWS.0\system32\ntdll.dll
----------- End -----------
Done!
Module: \??\\WINDOWS.0\system32\ntkrnlpa.exe could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS could not be loaded<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff82d8cab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff82d0cd98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff82d8cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff82d8d900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff82d8cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff82d0cd98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS.0\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: ACD3ACD3
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 78124032
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 78124095  Numsec = 78172290
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 80026361856 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Done!
File "C:\WINDOWS.0\system32\config\software" is compressed (flags = 1)
File "C:\WINDOWS.0\system32\config\software" is compressed (flags = 1)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
 
 
 
 
hey Adam sorry for taking some time 
and thanks for the help in advance

  • 0

#5
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hello, 
 
Please run the following two programmes for me. 
 
STEP 1
XrDFflh.png CKScanner

  • Please download CKScanner and save the file to your Desktop.
  • Right-Click CKScanner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Please run this programme only once.
  • A log (CKFiles.txt) will be created on your desktopCopy the contents of the log and paste in your next reply.
     

STEP 2
DmqaAZx.png MGADiag

  • Please download MGADiag and save the file to your desktop.
  • Double-click the MGADiag icon on your desktop.
  • Click continue.png.
  • Click copy.png.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Click Edit followed by Paste in Notepad.
  • Replace the numbers & letters with 'x's in the line beginning with Windows Product Key (to hide your Product Key from the public). 
  • Copy the contents of the log and paste in your next reply.
     

======================================================

STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • CKFiles.txt
  • MGADiag log

  • 0

#6
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hello, 

 

Do you still require assistance?


  • 0

#7
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,643 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP