TechSpot

AVG detects smb.sys Trojan horse Hider.QPR

Solved
By 5ublim3
Apr 29, 2012
  1. I have tried many of the different antivirus-malware programs you guys have listed to help others however even though it removed the other two infections it originally had this one keeps popping up whenever i restart. I have uninstalled avg now to try running some of the other software.

    AVG 2012 Anti-Virus command line scanner
    Copyright (c) 1992 - 2012 AVG Technologies
    Program version 2012.0.2169, engine 2012.0.2411
    Virus Database: Version 2411/4964 2012-04-28
    C:\Boot\BCD Locked file. Not tested.
    C:\Boot\BCD.LOG Locked file. Not tested.
    C:\Documents and Settings\ Locked file. Not tested.
    C:\pagefile.sys Locked file. Not tested.
    C:\ProgramData\Desktop\ Locked file. Not tested.
    C:\ProgramData\Documents\ Locked file. Not tested.
    C:\ProgramData\Favorites\ Locked file. Not tested.
    C:\System Volume Information\ Locked file. Not tested.
    C:\Users\Default\AppData\Local\History\ Locked file. Not tested.
    C:\Users\Default\AppData\Local\Temporary Internet Files\ Locked file. Not tested.
    C:\Users\Default\Cookies\ Locked file. Not tested.
    C:\Users\Default\Documents\My Music\ Locked file. Not tested.
    C:\Users\Default\Documents\My Pictures\ Locked file. Not tested.
    C:\Users\Default\Documents\My Videos\ Locked file. Not tested.
    C:\Users\Default\NetHood\ Locked file. Not tested.
    C:\Users\Default\PrintHood\ Locked file. Not tested.
    C:\Users\Default\Recent\ Locked file. Not tested.
    C:\Users\Default\Templates\ Locked file. Not tested.
    C:\Users\Xavi\AppData\Local\History\ Locked file. Not tested.
    C:\Users\Xavi\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
    C:\Users\Xavi\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested.
    C:\Users\Xavi\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested.
    C:\Users\Xavi\Documents\My Music\ Locked file. Not tested.
    C:\Users\Xavi\Documents\My Pictures\ Locked file. Not tested.
    C:\Users\Xavi\Documents\My Videos\ Locked file. Not tested.
    C:\Users\Xavi\NetHood\ Locked file. Not tested.
    C:\Users\Xavi\NTUSER.DAT Locked file. Not tested.
    C:\Users\Xavi\ntuser.dat.LOG1 Locked file. Not tested.
    C:\Users\Xavi\ntuser.dat.LOG2 Locked file. Not tested.
    C:\Users\Xavi\PrintHood\ Locked file. Not tested.
    C:\Users\Xavi\Templates\ Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\COMPONENTS Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\COMPONENTS.LOG1 Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\COMPONENTS.LOG2 Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\DEFAULT Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\DEFAULT.LOG1 Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\DEFAULT.LOG2 Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\RegBack\COMPONENTS Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\RegBack\DEFAULT Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\RegBack\SAM Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\RegBack\SECURITY Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\RegBack\SOFTWARE Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\RegBack\SYSTEM Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\SAM Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\SAM.LOG1 Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\SAM.LOG2 Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\SECURITY Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\SECURITY.LOG1 Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\SECURITY.LOG2 Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\SOFTWARE Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\SOFTWARE.LOG1 Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\SOFTWARE.LOG2 Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\SYSTEM Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\SYSTEM.LOG1 Locked file. Not tested.
    C:\Windows\$NtUninstallKB28406$\SYSTEM.LOG2 Locked file. Not tested.
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested.
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested.
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Locked file. Not tested.
    C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Locked file. Not tested.
    C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Locked file. Not tested.
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Locked file. Not tested.
    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Locked file. Not tested.
    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Locked file. Not tested.
    C:\Windows\System32\catroot2\edb.log Locked file. Not tested.
    C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
    C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
    C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.
    C:\Windows\System32\drivers\smb.sys Trojan horse Hider.QPR
    ------------------------------------------------------------
    Test started: 28.4.2012 18:59:01
    Duration of test: 30 minute(s) 39 second(s)
    ------------------------------------------------------------
    Objects scanned : 1548614
    Found infections : 1
    Found PUPs : 0
    Healed infections : 0
    Healed PUPs : 0
    Warnings : 0
    ------------------------------------------------------------
     
  2. 5ublim3

    5ublim3 TS Rookie Topic Starter Posts: 21

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.04.29.06
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Xavi :: XAVI-PC [administrator]
    Protection: Disabled
    4/29/2012 2:27:22 PM
    mbam-log-2012-04-29 (14-27-22).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 187376
    Time elapsed: 3 minute(s), 21 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  3. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. 5ublim3

    5ublim3 TS Rookie Topic Starter Posts: 21

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-04-29 14:35:51
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0085
    Running: k12rdfp7.exe; Driver: C:\Users\Xavi\AppData\Local\Temp\kxldipod.sys

    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Xavi at 14:36:57 on 2012-04-29
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3032.1809 [GMT -5:00]
    .
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Windows\PixArt\Pac207\Monitor.exe
    C:\Windows\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
    mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
    DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{22C08851-91BF-4C13-B29F-02B840FACF95} : DhcpNameServer = 192.168.1.1
    Notify: igfxcui - igfxdev.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2011-6-11 81920]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-14 136176]
    S2 symantecantibotfilter;Cbidf2k;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 253088]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2011-6-16 84832]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-14 136176]
    S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2008-2-13 618112]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-04-29 19:09:02 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-29 19:09:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-29 18:49:02 -------- d-----w- C:\dell
    2012-04-29 15:02:22 -------- d-----w- c:\users\xavi\appdata\local\temp
    2012-04-29 15:01:37 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-04-29 14:13:52 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-04-29 12:49:05 -------- d-----w- C:\jgh15176j
    2012-04-28 19:45:17 98816 ----a-w- c:\windows\sed.exe
    2012-04-28 19:45:17 518144 ----a-w- c:\windows\SWREG.exe
    2012-04-28 19:45:17 256000 ----a-w- c:\windows\PEV.exe
    2012-04-28 19:45:17 208896 ----a-w- c:\windows\MBR.exe
    2012-04-28 19:37:20 -------- d-----w- C:\jgh
    2012-04-28 16:09:47 -------- d-----w- c:\users\xavi\appdata\roaming\Malwarebytes
    2012-04-28 16:09:42 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-21 19:38:44 0 ----a-w- c:\windows\invcol.tmp
    2012-04-21 19:18:34 53248 ----a-w- c:\windows\system32\CSVer.dll
    2012-04-20 10:59:44 -------- d-----w- c:\program files\World of Warcraft Beta
    2012-04-20 10:58:19 -------- d-----w- c:\programdata\Battle.net
    2012-04-11 05:51:02 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2012-04-09 21:03:16 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-09 20:59:41 -------- d-----w- c:\program files\SlySoft
    2012-04-09 20:53:12 -------- d-----w- c:\program files\DVD Shrink
    2012-04-06 03:20:06 -------- d-----w- c:\users\xavi\appdata\roaming\Doblon
    2012-04-06 03:19:42 -------- d-----w- c:\program files\common files\Doblon
    2012-04-06 03:19:41 -------- d-----w- c:\program files\common files\cdrdao
    2012-03-31 02:13:27 -------- d-----w- c:\program files\Doblon
    .
    ==================== Find3M ====================
    .
    2012-04-14 01:48:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-09 14:12:36 121208 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
    2012-03-06 06:39:00 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-06 06:39:00 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-02-14 15:45:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-02-14 15:45:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-02-13 14:12:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-02-13 13:47:57 683008 ----a-w- c:\windows\system32\d2d1.dll
    2012-02-13 13:44:40 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2012-02-02 15:16:25 2044416 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 14:37:15.18 ===============
     
  5. 5ublim3

    5ublim3 TS Rookie Topic Starter Posts: 21

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/11/2011 12:55:04 PM
    System Uptime: 4/29/2012 2:01:14 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | Microprocessor | 2167/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 42.953 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    AC3Filter (remove only)
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.0)
    AnyDVD
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Content Transfer
    Dell Resource CD
    Dell Touchpad
    DivX Setup
    DVD Shrink 3.2
    EPSON NX410 Series Printer Uninstall
    FrostWire 4.21.8
    FrostWire 5.3.2
    Google Earth Plug-in
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Rapid Storage Technology
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29
    LightScribe System Software 1.10.16.1
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office Word Viewer 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8 Essentials
    neroxml
    Power CD+G Burner
    PowerDVD
    QuickTime
    Realtek USB 2.0 Card Reader
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Skype™ 5.5
    TI Connect 1.6
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VC80CRTRedist - 8.0.50727.4053
    VCRedistSetup
    Ventrilo Client
    WinRAR 4.01 (32-bit)
    World of Warcraft
    World of Warcraft Beta
    Xvid 1.2.2 final uninstall
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/29/2012 7:47:39 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    4/29/2012 7:47:39 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    4/29/2012 7:47:39 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
    4/29/2012 7:47:39 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The YahooAUService service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Wmp54gssvc service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Usbsermptxp service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Usbatapi2000 service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Umpusbxp service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Tsmapip service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Tfsncofs service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Symidsco service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Statusagent4 service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Sleepy service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Si3132 service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Sfusvc service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The RR2Mjpeg service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Qconsvc service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The PhilCam8116_XP service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Oracleservicesecinst service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Odserv service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The NETw3x32 service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The MTDVC2 service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Mcvsrte service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Mcontrol service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Mafwboot service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Iaimfp3 service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Hsxhwazl service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The GoBack2K service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Fd16_700 service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The F700ius service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Elnkupdateservice service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The DumaNT service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Dsncservice service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Defwatch service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Cicsclient service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Ccalib8 service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Cbidf2k service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Btwdndis service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Atixsaudio service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Aswrdr service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The ASMMAP service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Ami0nt service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The {e2b953a6-195a-44f9-9ba3-3d5f4e32bb55} service terminated with the following error: The specified module could not be found.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    4/29/2012 2:03:15 PM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    4/29/2012 12:07:27 AM, Error: Service Control Manager [7034] - The Marvell Yukon Service service terminated unexpectedly. It has done this 1 time(s).
    4/29/2012 10:00:48 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    4/28/2012 1:58:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC ElbyCDIO NetBIOS netbt nsiproxy PSched RasAcd rdbss spldr sptd tdx Wanarpv6
    4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    4/28/2012 1:57:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    4/28/2012 1:57:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    4/28/2012 1:57:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    4/28/2012 1:57:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    4/28/2012 1:57:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    4/28/2012 1:57:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    4/28/2012 1:57:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    4/28/2012 1:56:35 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    4/24/2012 9:45:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 ElbyCDIO spldr sptd Wanarpv6
    4/24/2012 9:44:45 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
    4/24/2012 9:43:32 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    4/24/2012 9:38:27 PM, Error: Service Control Manager [7023] - The Mcontrol service terminated with the following error: Access is denied.
    4/24/2012 9:38:03 PM, Error: Service Control Manager [7023] - The Dsncservice service terminated with the following error: Access is denied.
    4/24/2012 9:21:49 PM, Error: Service Control Manager [7023] - The Tfsncofs service terminated with the following error: Access is denied.
    4/24/2012 9:20:49 PM, Error: Service Control Manager [7023] - The Wmp54gssvc service terminated with the following error: Access is denied.
    4/23/2012 9:56:07 AM, Error: Service Control Manager [7023] - The DumaNT service terminated with the following error: Access is denied.
    4/23/2012 9:52:34 AM, Error: Service Control Manager [7030] - The NetworkLog service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    4/23/2012 9:51:08 AM, Error: Service Control Manager [7023] - The Symidsco service terminated with the following error: Access is denied.
    4/23/2012 9:40:07 AM, Error: Service Control Manager [7023] - The Mcvsrte service terminated with the following error: Access is denied.
    4/23/2012 9:39:07 AM, Error: Service Control Manager [7023] - The Usbsermptxp service terminated with the following error: Access is denied.
    4/23/2012 9:36:07 AM, Error: Service Control Manager [7023] - The Statusagent4 service terminated with the following error: Access is denied.
    4/23/2012 9:35:08 AM, Error: Service Control Manager [7023] - The Cicsclient service terminated with the following error: Access is denied.
    4/23/2012 5:06:54 PM, Error: Service Control Manager [7023] - The RR2Mjpeg service terminated with the following error: Access is denied.
    4/23/2012 5:04:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    4/23/2012 4:50:37 PM, Error: Service Control Manager [7023] - The Ami0nt service terminated with the following error: Access is denied.
    4/23/2012 4:49:37 PM, Error: Service Control Manager [7023] - The Sleepy service terminated with the following error: Access is denied.
    4/23/2012 4:36:07 PM, Error: Service Control Manager [7023] - The NETw3x32 service terminated with the following error: Access is denied.
    4/23/2012 4:21:06 PM, Error: Service Control Manager [7023] - The ASMMAP service terminated with the following error: Access is denied.
    4/23/2012 4:06:06 PM, Error: Service Control Manager [7023] - The Aswrdr service terminated with the following error: Access is denied.
    4/23/2012 3:51:06 PM, Error: Service Control Manager [7023] - The Cbidf2k service terminated with the following error: Access is denied.
    4/23/2012 3:36:07 PM, Error: Service Control Manager [7023] - The Hsxhwazl service terminated with the following error: Access is denied.
    4/23/2012 3:21:07 PM, Error: Service Control Manager [7023] - The Umpusbxp service terminated with the following error: Access is denied.
    4/23/2012 3:06:07 PM, Error: Service Control Manager [7023] - The Btwdndis service terminated with the following error: Access is denied.
    4/23/2012 2:51:07 PM, Error: Service Control Manager [7023] - The MTDVC2 service terminated with the following error: Access is denied.
    4/23/2012 2:36:07 PM, Error: Service Control Manager [7023] - The Sfusvc service terminated with the following error: Access is denied.
    4/23/2012 2:21:07 PM, Error: Service Control Manager [7023] - The {e2b953a6-195a-44f9-9ba3-3d5f4e32bb55} service terminated with the following error: Access is denied.
    4/23/2012 2:06:07 PM, Error: Service Control Manager [7023] - The Odserv service terminated with the following error: Access is denied.
    4/23/2012 12:51:07 PM, Error: Service Control Manager [7023] - The PhilCam8116_XP service terminated with the following error: Access is denied.
    4/23/2012 12:36:07 PM, Error: Service Control Manager [7023] - The GoBack2K service terminated with the following error: Access is denied.
    4/23/2012 12:21:07 PM, Error: Service Control Manager [7023] - The Mafwboot service terminated with the following error: Access is denied.
    4/23/2012 12:06:07 PM, Error: Service Control Manager [7023] - The Fd16_700 service terminated with the following error: Access is denied.
    4/23/2012 11:51:07 AM, Error: Service Control Manager [7023] - The Si3132 service terminated with the following error: Access is denied.
    4/23/2012 11:36:07 AM, Error: Service Control Manager [7023] - The Iaimfp3 service terminated with the following error: Access is denied.
    4/23/2012 11:21:07 AM, Error: Service Control Manager [7023] - The Defwatch service terminated with the following error: Access is denied.
    4/23/2012 11:06:07 AM, Error: Service Control Manager [7023] - The Usbatapi2000 service terminated with the following error: Access is denied.
    4/23/2012 10:51:07 AM, Error: Service Control Manager [7023] - The Oracleservicesecinst service terminated with the following error: Access is denied.
    4/23/2012 10:36:07 AM, Error: Service Control Manager [7023] - The Tsmapip service terminated with the following error: Access is denied.
    4/23/2012 10:21:07 AM, Error: Service Control Manager [7023] - The Elnkupdateservice service terminated with the following error: Access is denied.
    4/23/2012 10:06:08 AM, Error: Service Control Manager [7023] - The F700ius service terminated with the following error: Access is denied.
    4/23/2012 1:51:07 PM, Error: Service Control Manager [7023] - The Atixsaudio service terminated with the following error: Access is denied.
    4/23/2012 1:36:07 PM, Error: Service Control Manager [7023] - The Qconsvc service terminated with the following error: Access is denied.
    4/23/2012 1:21:07 PM, Error: Service Control Manager [7023] - The YahooAUService service terminated with the following error: Access is denied.
    4/23/2012 1:06:07 PM, Error: Service Control Manager [7023] - The Ccalib8 service terminated with the following error: Access is denied.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===========================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  7. 5ublim3

    5ublim3 TS Rookie Topic Starter Posts: 21

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com
    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`03700000
    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Controlled by rootkit!
    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]

    Done;
    Press any key to quit...
     
  8. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    What about aswMBR?
     
  9. 5ublim3

    5ublim3 TS Rookie Topic Starter Posts: 21

    how do I post that its a .dat file and opens as a nero file..
     
  10. 5ublim3

    5ublim3 TS Rookie Topic Starter Posts: 21

    Nevermind I found it sorry.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-29 14:50:03
    -----------------------------
    14:50:03.250 OS Version: Windows 6.0.6002 Service Pack 2
    14:50:03.250 Number of processors: 2 586 0xF0D
    14:50:03.250 ComputerName: XAVI-PC UserName: Xavi
    14:50:04.701 Initialize success
    14:54:39.171 AVAST engine defs: 12042900
    14:54:43.321 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    14:54:43.336 Disk 0 Vendor: FUJITSU_ 0085 Size: 152627MB BusType: 3
    14:54:43.367 Disk 0 MBR read successfully
    14:54:43.367 Disk 0 MBR scan
    14:54:43.383 Disk 0 Windows VISTA default MBR code
    14:54:43.383 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
    14:54:43.399 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152571 MB offset 112640
    14:54:43.414 Disk 0 scanning sectors +312578048
    14:54:43.539 Disk 0 scanning C:\Windows\system32\drivers
    14:55:00.918 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Aluroot-C [Rtk]
    14:55:05.957 Disk 0 trace - called modules:
    14:55:06.004 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    14:55:06.020 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87265940]
    14:55:06.020 3 CLASSPNP.SYS[8a9a28b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85346028]
    14:55:07.814 AVAST engine scan C:\Windows
    14:55:15.208 AVAST engine scan C:\Windows\system32
    14:59:27.886 AVAST engine scan C:\Windows\system32\drivers
    14:59:41.458 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Aluroot-C [Rtk]
    14:59:47.558 AVAST engine scan C:\Users\Xavi
    15:06:49.923 AVAST engine scan C:\ProgramData
    15:07:57.100 Scan finished successfully
    15:08:59.896 Disk 0 MBR has been saved successfully to "C:\Users\Xavi\Desktop\MBR.dat"
    15:08:59.910 The log file has been saved successfully to "C:\Users\Xavi\Desktop\aswMBR.txt"
     
  11. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
     
  12. 5ublim3

    5ublim3 TS Rookie Topic Starter Posts: 21

    15:59:27.0033 1756 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
    15:59:27.0517 1756 ============================================================
    15:59:27.0517 1756 Current date / time: 2012/04/29 15:59:27.0517
    15:59:27.0517 1756 SystemInfo:
    15:59:27.0517 1756
    15:59:27.0517 1756 OS Version: 6.0.6002 ServicePack: 2.0
    15:59:27.0517 1756 Product type: Workstation
    15:59:27.0517 1756 ComputerName: XAVI-PC
    15:59:27.0517 1756 UserName: Xavi
    15:59:27.0517 1756 Windows directory: C:\Windows
    15:59:27.0517 1756 System windows directory: C:\Windows
    15:59:27.0517 1756 Processor architecture: Intel x86
    15:59:27.0517 1756 Number of processors: 2
    15:59:27.0517 1756 Page size: 0x1000
    15:59:27.0517 1756 Boot type: Normal boot
    15:59:27.0517 1756 ============================================================
    15:59:27.0954 1756 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    15:59:27.0954 1756 ============================================================
    15:59:27.0954 1756 \Device\Harddisk0\DR0:
    15:59:27.0954 1756 MBR partitions:
    15:59:27.0954 1756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x129FD800
    15:59:27.0954 1756 ============================================================
    15:59:27.0986 1756 C: <-> \Device\Harddisk0\DR0\Partition0
    15:59:27.0986 1756 ============================================================
    15:59:27.0986 1756 Initialize success
    15:59:27.0986 1756 ============================================================
    15:59:32.0776 2068 ============================================================
    15:59:32.0776 2068 Scan started
    15:59:32.0776 2068 Mode: Manual;
    15:59:32.0776 2068 ============================================================
    15:59:33.0275 2068 aavmker4 - ok
    15:59:33.0337 2068 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    15:59:33.0337 2068 ACPI - ok
    15:59:33.0431 2068 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    15:59:33.0431 2068 AdobeARMservice - ok
    15:59:33.0540 2068 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    15:59:33.0540 2068 AdobeFlashPlayerUpdateSvc - ok
    15:59:33.0634 2068 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    15:59:33.0649 2068 adp94xx - ok
    15:59:33.0681 2068 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    15:59:33.0696 2068 adpahci - ok
    15:59:33.0727 2068 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    15:59:33.0727 2068 adpu160m - ok
    15:59:33.0743 2068 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    15:59:33.0759 2068 adpu320 - ok
    15:59:33.0790 2068 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
    15:59:33.0805 2068 AeLookupSvc - ok
    15:59:33.0899 2068 AESTFilters (087b04ca45e2f059a55709b0b8f95ea9) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
    15:59:33.0899 2068 AESTFilters - ok
    15:59:33.0961 2068 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    15:59:33.0961 2068 AFD - ok
    15:59:34.0008 2068 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    15:59:34.0008 2068 agp440 - ok
    15:59:34.0024 2068 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    15:59:34.0024 2068 aic78xx - ok
    15:59:34.0071 2068 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
    15:59:34.0071 2068 ALG - ok
    15:59:34.0086 2068 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    15:59:34.0102 2068 aliide - ok
    15:59:34.0149 2068 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    15:59:34.0149 2068 amdagp - ok
    15:59:34.0180 2068 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    15:59:34.0180 2068 amdide - ok
    15:59:34.0211 2068 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    15:59:34.0211 2068 AmdK7 - ok
    15:59:34.0227 2068 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    15:59:34.0227 2068 AmdK8 - ok
    15:59:34.0289 2068 AnyDVD (1b1d306ef7518274835cc765a3902be9) C:\Windows\system32\Drivers\AnyDVD.sys
    15:59:34.0289 2068 AnyDVD - ok
    15:59:34.0336 2068 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\Windows\system32\DRIVERS\Apfiltr.sys
    15:59:34.0351 2068 ApfiltrService - ok
    15:59:34.0398 2068 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
    15:59:34.0398 2068 Appinfo - ok
    15:59:34.0492 2068 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    15:59:34.0507 2068 Apple Mobile Device - ok
    15:59:34.0554 2068 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    15:59:34.0554 2068 arc - ok
    15:59:34.0601 2068 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    15:59:34.0617 2068 arcsas - ok
    15:59:34.0679 2068 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
    15:59:34.0679 2068 ASPI - ok
    15:59:34.0726 2068 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    15:59:34.0726 2068 AsyncMac - ok
    15:59:34.0757 2068 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    15:59:34.0757 2068 atapi - ok
    15:59:34.0788 2068 atitunep - ok
    15:59:34.0851 2068 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    15:59:34.0866 2068 AudioEndpointBuilder - ok
    15:59:34.0866 2068 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    15:59:34.0866 2068 Audiosrv - ok
    15:59:34.0882 2068 awhost32 - ok
    15:59:35.0007 2068 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
    15:59:35.0053 2068 BCM43XX - ok
    15:59:35.0085 2068 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    15:59:35.0085 2068 Beep - ok
    15:59:35.0163 2068 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
    15:59:35.0163 2068 BFE - ok
    15:59:35.0241 2068 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
    15:59:35.0272 2068 BITS - ok
    15:59:35.0287 2068 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    15:59:35.0287 2068 blbdrive - ok
    15:59:35.0677 2068 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    15:59:35.0677 2068 Bonjour Service - ok
    15:59:35.0724 2068 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    15:59:35.0724 2068 bowser - ok
    15:59:35.0771 2068 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    15:59:35.0771 2068 BrFiltLo - ok
    15:59:35.0787 2068 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    15:59:35.0787 2068 BrFiltUp - ok
    15:59:35.0818 2068 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
    15:59:35.0818 2068 Browser - ok
    15:59:35.0849 2068 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    15:59:35.0849 2068 Brserid - ok
    15:59:35.0865 2068 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    15:59:35.0865 2068 BrSerWdm - ok
    15:59:35.0880 2068 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    15:59:35.0880 2068 BrUsbMdm - ok
    15:59:35.0911 2068 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    15:59:35.0911 2068 BrUsbSer - ok
    15:59:35.0958 2068 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    15:59:35.0958 2068 BTHMODEM - ok
    15:59:35.0974 2068 CAMFLT - ok
    15:59:36.0021 2068 catchme - ok
    15:59:36.0052 2068 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    15:59:36.0052 2068 cdfs - ok
    15:59:36.0114 2068 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    15:59:36.0114 2068 cdrom - ok
    15:59:36.0130 2068 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    15:59:36.0130 2068 CertPropSvc - ok
    15:59:36.0145 2068 cics.region2 - ok
    15:59:36.0177 2068 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    15:59:36.0177 2068 circlass - ok
    15:59:36.0223 2068 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    15:59:36.0223 2068 CLFS - ok
    15:59:36.0286 2068 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:59:36.0286 2068 clr_optimization_v2.0.50727_32 - ok
    15:59:36.0364 2068 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    15:59:36.0364 2068 clr_optimization_v4.0.30319_32 - ok
    15:59:36.0411 2068 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    15:59:36.0411 2068 CmBatt - ok
    15:59:36.0442 2068 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    15:59:36.0442 2068 cmdide - ok
    15:59:36.0473 2068 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    15:59:36.0473 2068 Compbatt - ok
    15:59:36.0473 2068 COMSysApp - ok
    15:59:36.0520 2068 cpudrv - ok
    15:59:36.0520 2068 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    15:59:36.0520 2068 crcdisk - ok
    15:59:36.0551 2068 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    15:59:36.0551 2068 Crusoe - ok
    15:59:36.0598 2068 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
    15:59:36.0598 2068 CryptSvc - ok
    15:59:36.0598 2068 ctaud2k - ok
    15:59:36.0676 2068 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    15:59:36.0676 2068 DcomLaunch - ok
    15:59:36.0723 2068 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    15:59:36.0723 2068 DfsC - ok
    15:59:36.0879 2068 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
    15:59:36.0925 2068 DFSR - ok
    15:59:37.0097 2068 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
    15:59:37.0113 2068 Dhcp - ok
    15:59:37.0159 2068 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    15:59:37.0159 2068 disk - ok
    15:59:37.0159 2068 diskperf - ok
    15:59:37.0191 2068 DniVad - ok
    15:59:37.0222 2068 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
    15:59:37.0222 2068 Dnscache - ok
    15:59:37.0253 2068 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
    15:59:37.0269 2068 dot3svc - ok
    15:59:37.0284 2068 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
    15:59:37.0300 2068 DPS - ok
    15:59:37.0331 2068 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    15:59:37.0331 2068 drmkaud - ok
    15:59:37.0393 2068 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    15:59:37.0409 2068 DXGKrnl - ok
    15:59:37.0456 2068 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    15:59:37.0456 2068 E1G60 - ok
    15:59:37.0456 2068 EACSvrMngr - ok
    15:59:37.0487 2068 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
    15:59:37.0487 2068 EapHost - ok
    15:59:37.0534 2068 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    15:59:37.0534 2068 Ecache - ok
    15:59:37.0581 2068 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
    15:59:37.0596 2068 ehRecvr - ok
    15:59:37.0627 2068 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
    15:59:37.0627 2068 ehSched - ok
    15:59:37.0627 2068 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
    15:59:37.0627 2068 ehstart - ok
    15:59:37.0674 2068 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
    15:59:37.0690 2068 ElbyCDIO - ok
    15:59:37.0752 2068 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    15:59:37.0768 2068 elxstor - ok
    15:59:37.0846 2068 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
    15:59:37.0877 2068 EMDMgmt - ok
    15:59:37.0877 2068 epsonbidirectionalservice - ok
    15:59:37.0908 2068 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    15:59:37.0908 2068 ErrDev - ok
    15:59:37.0971 2068 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
    15:59:37.0971 2068 EventSystem - ok
    15:59:38.0033 2068 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    15:59:38.0033 2068 exfat - ok
    15:59:38.0080 2068 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    15:59:38.0080 2068 fastfat - ok
    15:59:38.0127 2068 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    15:59:38.0127 2068 fdc - ok
    15:59:38.0158 2068 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
    15:59:38.0158 2068 fdPHost - ok
    15:59:38.0173 2068 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
    15:59:38.0173 2068 FDResPub - ok
    15:59:38.0173 2068 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    15:59:38.0173 2068 FileInfo - ok
    15:59:38.0189 2068 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    15:59:38.0189 2068 Filetrace - ok
    15:59:38.0220 2068 firelm01 - ok
    15:59:38.0251 2068 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    15:59:38.0251 2068 flpydisk - ok
    15:59:38.0298 2068 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    15:59:38.0298 2068 FltMgr - ok
    15:59:38.0407 2068 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
    15:59:38.0423 2068 FontCache - ok
    15:59:38.0470 2068 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    15:59:38.0470 2068 FontCache3.0.0.0 - ok
    15:59:38.0501 2068 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
    15:59:38.0501 2068 Fs_Rec - ok
    15:59:38.0532 2068 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    15:59:38.0532 2068 gagp30kx - ok
    15:59:38.0548 2068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    15:59:38.0548 2068 GEARAspiWDM - ok
    15:59:38.0595 2068 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
    15:59:38.0626 2068 gpsvc - ok
    15:59:38.0719 2068 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    15:59:38.0719 2068 gupdate - ok
    15:59:38.0735 2068 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    15:59:38.0735 2068 gupdatem - ok
    15:59:38.0797 2068 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    15:59:38.0813 2068 HdAudAddService - ok
    15:59:38.0891 2068 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    15:59:38.0907 2068 HDAudBus - ok
    15:59:38.0938 2068 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    15:59:38.0938 2068 HidBth - ok
    15:59:38.0969 2068 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    15:59:38.0969 2068 HidIr - ok
    15:59:39.0000 2068 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
    15:59:39.0000 2068 hidserv - ok
    15:59:39.0031 2068 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    15:59:39.0031 2068 HidUsb - ok
    15:59:39.0078 2068 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
    15:59:39.0078 2068 hkmsvc - ok
    15:59:39.0109 2068 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    15:59:39.0109 2068 HpCISSs - ok
    15:59:39.0187 2068 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    15:59:39.0203 2068 HTTP - ok
    15:59:39.0234 2068 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    15:59:39.0234 2068 i2omp - ok
    15:59:39.0281 2068 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    15:59:39.0281 2068 i8042prt - ok
    15:59:39.0343 2068 iaStor (4b80b97cbf0782b3bb3057f88d42c367) C:\Windows\system32\DRIVERS\iaStor.sys
    15:59:39.0343 2068 iaStor - ok
    15:59:39.0390 2068 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    15:59:39.0406 2068 iaStorV - ok
    15:59:39.0515 2068 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    15:59:39.0546 2068 idsvc - ok
    15:59:40.0108 2068 igfx (aa1636107c0c05a881bfbce41142c70f) C:\Windows\system32\DRIVERS\igdkmd32.sys
    15:59:40.0295 2068 igfx - ok
    15:59:40.0467 2068 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    15:59:40.0467 2068 iirsp - ok
    15:59:40.0529 2068 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
    15:59:40.0560 2068 IKEEXT - ok
    15:59:40.0560 2068 imapiservice - ok
    15:59:40.0591 2068 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    15:59:40.0591 2068 intelide - ok
    15:59:40.0607 2068 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    15:59:40.0607 2068 intelppm - ok
    15:59:40.0638 2068 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
    15:59:40.0638 2068 IPBusEnum - ok
    15:59:40.0669 2068 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:59:40.0669 2068 IpFilterDriver - ok
    15:59:40.0732 2068 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
    15:59:40.0732 2068 iphlpsvc - ok
    15:59:40.0747 2068 IpInIp - ok
    15:59:40.0779 2068 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    15:59:40.0779 2068 IPMIDRV - ok
    15:59:40.0794 2068 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    15:59:40.0794 2068 IPNAT - ok
    15:59:40.0919 2068 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
    15:59:40.0919 2068 iPod Service - ok
    15:59:40.0935 2068 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    15:59:40.0935 2068 IRENUM - ok
    15:59:40.0981 2068 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    15:59:40.0981 2068 isapnp - ok
    15:59:41.0044 2068 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    15:59:41.0059 2068 iScsiPrt - ok
    15:59:41.0091 2068 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    15:59:41.0091 2068 iteatapi - ok
    15:59:41.0106 2068 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    15:59:41.0106 2068 iteraid - ok
    15:59:41.0122 2068 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    15:59:41.0122 2068 kbdclass - ok
    15:59:41.0153 2068 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    15:59:41.0153 2068 kbdhid - ok
    15:59:41.0169 2068 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    15:59:41.0169 2068 KeyIso - ok
    15:59:41.0184 2068 konfig - ok
    15:59:41.0215 2068 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
    15:59:41.0247 2068 KSecDD - ok
    15:59:41.0293 2068 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
    15:59:41.0293 2068 KtmRm - ok
    15:59:41.0340 2068 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
    15:59:41.0340 2068 LanmanServer - ok
    15:59:41.0371 2068 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
    15:59:41.0387 2068 LanmanWorkstation - ok
    15:59:41.0403 2068 lbtserv - ok
    15:59:41.0403 2068 LHidUsbK - ok
    15:59:41.0496 2068 LightScribeService (75ac54b996f7c8e17594ebc32b6614bd) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    15:59:41.0496 2068 LightScribeService - ok
    15:59:41.0527 2068 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    15:59:41.0527 2068 lltdio - ok
    15:59:41.0559 2068 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
    15:59:41.0574 2068 lltdsvc - ok
    15:59:41.0590 2068 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
    15:59:41.0590 2068 lmhosts - ok
    15:59:41.0621 2068 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    15:59:41.0621 2068 LSI_FC - ok
    15:59:41.0668 2068 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    15:59:41.0683 2068 LSI_SAS - ok
    15:59:41.0699 2068 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    15:59:41.0699 2068 LSI_SCSI - ok
    15:59:41.0730 2068 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    15:59:41.0730 2068 luafv - ok
    15:59:41.0730 2068 lxby_device - ok
    15:59:41.0730 2068 lxcd_device - ok
    15:59:41.0746 2068 MaxtorFrontPanel1 - ok
    15:59:41.0761 2068 mcrdsvc - ok
    15:59:41.0808 2068 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2svc.dll
    15:59:41.0808 2068 Mcx2Svc - ok
    15:59:41.0855 2068 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    15:59:41.0855 2068 megasas - ok
    15:59:41.0902 2068 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    15:59:41.0917 2068 MegaSR - ok
    15:59:41.0917 2068 mgabgexe - ok
    15:59:41.0949 2068 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    15:59:41.0949 2068 MMCSS - ok
    15:59:41.0949 2068 mnsframework - ok
    15:59:41.0964 2068 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    15:59:41.0964 2068 Modem - ok
    15:59:41.0980 2068 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    15:59:41.0980 2068 monitor - ok
    15:59:42.0027 2068 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    15:59:42.0027 2068 mouclass - ok
    15:59:42.0027 2068 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    15:59:42.0027 2068 mouhid - ok
    15:59:42.0042 2068 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    15:59:42.0042 2068 MountMgr - ok
    15:59:42.0105 2068 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    15:59:42.0105 2068 mpio - ok
    15:59:42.0136 2068 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    15:59:42.0136 2068 mpsdrv - ok
    15:59:42.0198 2068 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
    15:59:42.0198 2068 MpsSvc - ok
    15:59:42.0229 2068 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    15:59:42.0229 2068 Mraid35x - ok
    15:59:42.0245 2068 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    15:59:42.0261 2068 MRxDAV - ok
    15:59:42.0276 2068 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:59:42.0276 2068 mrxsmb - ok
    15:59:42.0323 2068 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:59:42.0339 2068 mrxsmb10 - ok
    15:59:42.0339 2068 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:59:42.0354 2068 mrxsmb20 - ok
    15:59:42.0385 2068 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
    15:59:42.0385 2068 msahci - ok
    15:59:42.0432 2068 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    15:59:42.0432 2068 msdsm - ok
    15:59:42.0510 2068 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
    15:59:42.0510 2068 MSDTC - ok
    15:59:42.0557 2068 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    15:59:42.0557 2068 Msfs - ok
    15:59:42.0573 2068 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    15:59:42.0573 2068 msisadrv - ok
    15:59:42.0619 2068 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
    15:59:42.0619 2068 MSiSCSI - ok
    15:59:42.0619 2068 msiserver - ok
    15:59:42.0666 2068 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    15:59:42.0666 2068 MSKSSRV - ok
    15:59:42.0697 2068 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    15:59:42.0697 2068 MSPCLOCK - ok
    15:59:42.0713 2068 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    15:59:42.0713 2068 MSPQM - ok
    15:59:42.0760 2068 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    15:59:42.0760 2068 MsRPC - ok
    15:59:42.0791 2068 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    15:59:42.0791 2068 mssmbios - ok
    15:59:42.0807 2068 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    15:59:42.0807 2068 MSTEE - ok
    15:59:42.0822 2068 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    15:59:42.0822 2068 Mup - ok
    15:59:42.0869 2068 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
    15:59:42.0885 2068 napagent - ok
    15:59:42.0931 2068 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    15:59:42.0931 2068 NativeWifiP - ok
    15:59:42.0994 2068 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    15:59:43.0009 2068 NDIS - ok
    15:59:43.0041 2068 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    15:59:43.0041 2068 NdisTapi - ok
    15:59:43.0041 2068 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    15:59:43.0041 2068 Ndisuio - ok
    15:59:43.0056 2068 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    15:59:43.0072 2068 NdisWan - ok
    15:59:43.0072 2068 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    15:59:43.0087 2068 NDProxy - ok
    15:59:43.0243 2068 Nero BackItUp Scheduler 3 (6d4028d458eaaa1782099750790dc8c9) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    15:59:43.0243 2068 Nero BackItUp Scheduler 3 - ok
    15:59:43.0259 2068 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    15:59:43.0259 2068 NetBIOS - ok
    15:59:43.0290 2068 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    15:59:43.0306 2068 netbt - ok
    15:59:43.0337 2068 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    15:59:43.0337 2068 Netlogon - ok
    15:59:43.0384 2068 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
    15:59:43.0399 2068 Netman - ok
    15:59:43.0415 2068 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
    15:59:43.0431 2068 netprofm - ok
    15:59:43.0493 2068 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    15:59:43.0493 2068 NetTcpPortSharing - ok
    15:59:43.0540 2068 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    15:59:43.0540 2068 nfrd960 - ok
    15:59:43.0587 2068 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
    15:59:43.0602 2068 NlaSvc - ok
    15:59:43.0727 2068 NMIndexingService (d36107465e716cf2335a25c54b6d11c2) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    15:59:43.0758 2068 NMIndexingService - ok
    15:59:43.0789 2068 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    15:59:43.0789 2068 Npfs - ok
    15:59:43.0821 2068 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
    15:59:43.0821 2068 nsi - ok
    15:59:43.0852 2068 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    15:59:43.0852 2068 nsiproxy - ok
    15:59:43.0945 2068 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    15:59:43.0961 2068 Ntfs - ok
    15:59:43.0992 2068 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    15:59:43.0992 2068 ntrigdigi - ok
    15:59:43.0992 2068 ntrtscan - ok
    15:59:44.0023 2068 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    15:59:44.0023 2068 Null - ok
    15:59:44.0055 2068 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    15:59:44.0070 2068 nvraid - ok
    15:59:44.0086 2068 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    15:59:44.0086 2068 nvstor - ok
    15:59:44.0117 2068 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    15:59:44.0117 2068 nv_agp - ok
    15:59:44.0117 2068 NwlnkFlt - ok
    15:59:44.0133 2068 NwlnkFwd - ok
    15:59:44.0179 2068 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    15:59:44.0179 2068 ohci1394 - ok
    15:59:44.0289 2068 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    15:59:44.0289 2068 ose - ok
    15:59:44.0367 2068 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    15:59:44.0382 2068 p2pimsvc - ok
    15:59:44.0382 2068 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    15:59:44.0398 2068 p2psvc - ok
    15:59:44.0476 2068 PAC207 (4a410c7aea51123519c20d43a20bce96) C:\Windows\system32\DRIVERS\PFC027.SYS
    15:59:44.0491 2068 PAC207 - ok
    15:59:44.0538 2068 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    15:59:44.0538 2068 Parport - ok
    15:59:44.0569 2068 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    15:59:44.0569 2068 partmgr - ok
    15:59:44.0585 2068 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    15:59:44.0585 2068 Parvdm - ok
    15:59:44.0616 2068 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
    15:59:44.0632 2068 PcaSvc - ok
    15:59:44.0663 2068 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    15:59:44.0663 2068 pci - ok
    15:59:44.0694 2068 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    15:59:44.0710 2068 pciide - ok
    15:59:44.0725 2068 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    15:59:44.0741 2068 pcmcia - ok
    15:59:44.0757 2068 pctavsvc - ok
    15:59:44.0757 2068 pdlnebas - ok
    15:59:44.0850 2068 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    15:59:44.0866 2068 PEAUTH - ok
    15:59:44.0991 2068 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
    15:59:45.0037 2068 pla - ok
    15:59:45.0396 2068 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
    15:59:45.0412 2068 PlugPlay - ok
    15:59:45.0474 2068 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    15:59:45.0474 2068 PNRPAutoReg - ok
    15:59:45.0490 2068 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    15:59:45.0490 2068 PNRPsvc - ok
    15:59:45.0552 2068 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
    15:59:45.0552 2068 PolicyAgent - ok
    15:59:45.0599 2068 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    15:59:45.0615 2068 PptpMiniport - ok
    15:59:45.0630 2068 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    15:59:45.0630 2068 Processor - ok
    15:59:45.0677 2068 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
    15:59:45.0693 2068 ProfSvc - ok
    15:59:45.0724 2068 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    15:59:45.0724 2068 ProtectedStorage - ok
    15:59:45.0755 2068 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    15:59:45.0755 2068 PSched - ok
    15:59:45.0771 2068 qkbfiltr - ok
    15:59:45.0771 2068 ql10wnt - ok
    15:59:45.0771 2068 ql1240 - ok
    15:59:45.0895 2068 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    15:59:45.0927 2068 ql2300 - ok
    15:59:45.0958 2068 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    15:59:45.0958 2068 ql40xx - ok
    15:59:46.0020 2068 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
    15:59:46.0020 2068 QWAVE - ok
    15:59:46.0051 2068 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    15:59:46.0051 2068 QWAVEdrv - ok
    15:59:46.0067 2068 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    15:59:46.0067 2068 RasAcd - ok
    15:59:46.0114 2068 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
    15:59:46.0114 2068 RasAuto - ok
    15:59:46.0129 2068 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    15:59:46.0145 2068 Rasl2tp - ok
    15:59:46.0176 2068 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
    15:59:46.0192 2068 RasMan - ok
    15:59:46.0207 2068 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    15:59:46.0223 2068 RasPppoe - ok
    15:59:46.0223 2068 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    15:59:46.0239 2068 RasSstp - ok
    15:59:46.0270 2068 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    15:59:46.0285 2068 rdbss - ok
    15:59:46.0301 2068 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    15:59:46.0301 2068 RDPCDD - ok
    15:59:46.0363 2068 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    15:59:46.0363 2068 rdpdr - ok
    15:59:46.0363 2068 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    15:59:46.0363 2068 RDPENCDD - ok
    15:59:46.0410 2068 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
    15:59:46.0426 2068 RDPWD - ok
    15:59:46.0457 2068 relational - ok
    15:59:46.0488 2068 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
    15:59:46.0488 2068 RemoteAccess - ok
    15:59:46.0894 2068 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
    15:59:46.0894 2068 RemoteRegistry - ok
    15:59:46.0941 2068 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
    15:59:46.0941 2068 RimUsb - ok
    15:59:46.0972 2068 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
    15:59:46.0972 2068 RpcLocator - ok
    15:59:47.0221 2068 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    15:59:47.0237 2068 RpcSs - ok
    15:59:47.0362 2068 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    15:59:47.0362 2068 rspndr - ok
    15:59:47.0362 2068 rsvchost - ok
    15:59:47.0424 2068 RTSTOR (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS
    15:59:47.0424 2068 RTSTOR - ok
    15:59:47.0455 2068 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    15:59:47.0455 2068 SamSs - ok
    15:59:47.0487 2068 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    15:59:47.0487 2068 sbp2port - ok
    15:59:47.0533 2068 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
    15:59:47.0533 2068 SCardSvr - ok
    15:59:48.0157 2068 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
    15:59:48.0173 2068 Schedule - ok
    15:59:48.0204 2068 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    15:59:48.0204 2068 SCPolicySvc - ok
    15:59:48.0501 2068 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
    15:59:48.0516 2068 SDRSVC - ok
    15:59:48.0547 2068 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    15:59:48.0547 2068 secdrv - ok
    15:59:48.0579 2068 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
    15:59:48.0579 2068 seclogon - ok
    15:59:48.0594 2068 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
    15:59:48.0594 2068 SENS - ok
    15:59:48.0610 2068 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    15:59:48.0610 2068 Serenum - ok
    15:59:48.0641 2068 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    15:59:48.0641 2068 Serial - ok
    15:59:48.0688 2068 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    15:59:48.0688 2068 sermouse - ok
    15:59:48.0688 2068 server - ok
    15:59:48.0735 2068 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
    15:59:48.0750 2068 SessionEnv - ok
    15:59:48.0766 2068 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    15:59:48.0766 2068 sffdisk - ok
    15:59:48.0797 2068 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    15:59:48.0797 2068 sffp_mmc - ok
    15:59:48.0828 2068 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    15:59:48.0828 2068 sffp_sd - ok
    15:59:48.0844 2068 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    15:59:48.0844 2068 sfloppy - ok
    15:59:48.0844 2068 sfrem01 - ok
    15:59:48.0891 2068 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
    15:59:48.0891 2068 SharedAccess - ok
    15:59:48.0937 2068 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
    15:59:48.0937 2068 ShellHWDetection - ok
    15:59:48.0969 2068 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    15:59:48.0969 2068 sisagp - ok
    15:59:48.0969 2068 siskp - ok
    15:59:49.0000 2068 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    15:59:49.0000 2068 SiSRaid2 - ok
    15:59:49.0015 2068 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    15:59:49.0031 2068 SiSRaid4 - ok
    15:59:49.0561 2068 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
    15:59:49.0593 2068 slsvc - ok
    15:59:49.0967 2068 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
    15:59:49.0983 2068 SLUINotify - ok
    15:59:50.0014 2068 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
    15:59:50.0014 2068 SNMPTRAP - ok
    15:59:50.0029 2068 sonicatheaterinstallerservice - ok
    15:59:50.0076 2068 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    15:59:50.0076 2068 spldr - ok
    15:59:50.0139 2068 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
    15:59:50.0154 2068 Spooler - ok
    15:59:50.0404 2068 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys
     
  13. 5ublim3

    5ublim3 TS Rookie Topic Starter Posts: 21

    15:59:50.0451 2068 sptd - ok
    15:59:50.0841 2068 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    15:59:50.0856 2068 srv - ok
    15:59:51.0137 2068 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    15:59:51.0137 2068 srv2 - ok
    15:59:51.0199 2068 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    15:59:51.0199 2068 srvnet - ok
    15:59:51.0246 2068 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
    15:59:51.0262 2068 SSDPSRV - ok
    15:59:51.0293 2068 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
    15:59:51.0309 2068 SstpSvc - ok
    15:59:51.0948 2068 STacSV (cb2449150a5ea17caa0b94363d9440cc) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
    15:59:51.0948 2068 STacSV - ok
    15:59:52.0042 2068 STHDA (14a9ad287fda70a06463e09c4328c1f2) C:\Windows\system32\DRIVERS\stwrt.sys
    15:59:52.0057 2068 STHDA - ok
    15:59:52.0151 2068 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
    15:59:52.0182 2068 stisvc - ok
    15:59:52.0213 2068 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    15:59:52.0213 2068 swenum - ok
    15:59:52.0323 2068 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
    15:59:52.0354 2068 swprv - ok
    15:59:52.0354 2068 symantecantibotfilter - ok
    15:59:52.0369 2068 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    15:59:52.0385 2068 Symc8xx - ok
    15:59:52.0432 2068 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    15:59:52.0447 2068 Sym_hi - ok
    15:59:52.0463 2068 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    15:59:52.0463 2068 Sym_u3 - ok
    15:59:52.0541 2068 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
    15:59:52.0572 2068 SysMain - ok
    15:59:52.0603 2068 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
    15:59:52.0603 2068 TabletInputService - ok
    15:59:52.0650 2068 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
    15:59:52.0666 2068 TapiSrv - ok
    15:59:52.0681 2068 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
    15:59:52.0681 2068 TBS - ok
    15:59:53.0243 2068 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
    15:59:53.0259 2068 Tcpip - ok
    15:59:53.0274 2068 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
    15:59:53.0274 2068 Tcpip6 - ok
    15:59:53.0305 2068 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    15:59:53.0305 2068 tcpipreg - ok
    15:59:53.0352 2068 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    15:59:53.0368 2068 TDPIPE - ok
    15:59:53.0383 2068 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    15:59:53.0383 2068 TDTCP - ok
    15:59:53.0415 2068 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    15:59:53.0415 2068 tdx - ok
    15:59:53.0461 2068 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    15:59:53.0461 2068 TermDD - ok
    15:59:53.0851 2068 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
    15:59:53.0883 2068 TermService - ok
    15:59:53.0929 2068 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
    15:59:53.0929 2068 Themes - ok
    15:59:54.0007 2068 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    15:59:54.0007 2068 THREADORDER - ok
    15:59:54.0085 2068 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\Windows\system32\drivers\tiehdusb.sys
    15:59:54.0085 2068 TIEHDUSB - ok
    15:59:54.0085 2068 tmtdi - ok
    15:59:54.0132 2068 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
    15:59:54.0132 2068 TrkWks - ok
    15:59:54.0210 2068 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
    15:59:54.0210 2068 TrustedInstaller - ok
    15:59:54.0273 2068 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    15:59:54.0273 2068 tssecsrv - ok
    15:59:54.0304 2068 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    15:59:54.0319 2068 tunmp - ok
    15:59:54.0335 2068 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    15:59:54.0335 2068 tunnel - ok
    15:59:54.0351 2068 TVALG - ok
    15:59:54.0382 2068 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    15:59:54.0382 2068 uagp35 - ok
    15:59:54.0429 2068 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    15:59:54.0444 2068 udfs - ok
    15:59:54.0475 2068 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
    15:59:54.0475 2068 UI0Detect - ok
    15:59:54.0507 2068 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    15:59:54.0507 2068 uliagpkx - ok
    15:59:54.0553 2068 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    15:59:54.0569 2068 uliahci - ok
    15:59:54.0585 2068 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    15:59:54.0585 2068 UlSata - ok
    15:59:54.0616 2068 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    15:59:54.0631 2068 ulsata2 - ok
    15:59:54.0647 2068 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    15:59:54.0647 2068 umbus - ok
    15:59:54.0694 2068 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
    15:59:54.0694 2068 upnphost - ok
    15:59:54.0709 2068 USA49W2KP - ok
    15:59:54.0741 2068 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    15:59:54.0741 2068 USBAAPL - ok
    15:59:54.0787 2068 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    15:59:54.0787 2068 usbccgp - ok
    15:59:54.0834 2068 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    15:59:54.0834 2068 usbcir - ok
    15:59:54.0897 2068 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    15:59:54.0897 2068 usbehci - ok
    15:59:54.0943 2068 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    15:59:54.0959 2068 usbhub - ok
    15:59:54.0990 2068 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    15:59:54.0990 2068 usbohci - ok
    15:59:55.0021 2068 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    15:59:55.0021 2068 usbprint - ok
    15:59:55.0053 2068 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    15:59:55.0068 2068 USBSTOR - ok
    15:59:55.0084 2068 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    15:59:55.0084 2068 usbuhci - ok
    15:59:55.0115 2068 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
    15:59:55.0131 2068 UxSms - ok
    15:59:55.0131 2068 VAIOMediaPlatform-VideoServer-UPnP - ok
    15:59:55.0162 2068 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
    15:59:55.0177 2068 vds - ok
    15:59:55.0224 2068 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    15:59:55.0224 2068 vga - ok
    15:59:55.0255 2068 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    15:59:55.0255 2068 VgaSave - ok
    15:59:55.0271 2068 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    15:59:55.0271 2068 viaagp - ok
    15:59:55.0302 2068 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    15:59:55.0302 2068 ViaC7 - ok
    15:59:55.0318 2068 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    15:59:55.0318 2068 viaide - ok
    15:59:55.0333 2068 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    15:59:55.0333 2068 volmgr - ok
    15:59:55.0380 2068 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    15:59:55.0396 2068 volmgrx - ok
    15:59:55.0443 2068 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    15:59:55.0443 2068 volsnap - ok
    15:59:55.0505 2068 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    15:59:55.0505 2068 vsmraid - ok
    15:59:55.0599 2068 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
    15:59:55.0614 2068 VSS - ok
    15:59:55.0645 2068 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
    15:59:55.0645 2068 W32Time - ok
    15:59:55.0661 2068 w810mdfl - ok
    15:59:55.0708 2068 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    15:59:55.0708 2068 WacomPen - ok
    15:59:55.0755 2068 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    15:59:55.0755 2068 Wanarp - ok
    15:59:55.0755 2068 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    15:59:55.0755 2068 Wanarpv6 - ok
    15:59:55.0817 2068 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
    15:59:55.0833 2068 wcncsvc - ok
    15:59:55.0864 2068 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
    15:59:55.0864 2068 WcsPlugInService - ok
    15:59:55.0895 2068 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    15:59:55.0895 2068 Wd - ok
    15:59:55.0957 2068 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    15:59:55.0957 2068 Wdf01000 - ok
    15:59:55.0989 2068 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    15:59:55.0989 2068 WdiServiceHost - ok
    15:59:55.0989 2068 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    15:59:55.0989 2068 WdiSystemHost - ok
    15:59:56.0035 2068 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
    15:59:56.0051 2068 WebClient - ok
    15:59:56.0098 2068 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
    15:59:56.0113 2068 Wecsvc - ok
    15:59:56.0129 2068 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
    15:59:56.0145 2068 wercplsupport - ok
    15:59:56.0176 2068 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
    15:59:56.0191 2068 WerSvc - ok
    15:59:56.0269 2068 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
    15:59:56.0285 2068 WinDefend - ok
    15:59:56.0285 2068 WinHttpAutoProxySvc - ok
    15:59:56.0363 2068 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
    15:59:56.0379 2068 Winmgmt - ok
    15:59:56.0488 2068 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
    15:59:56.0519 2068 WinRM - ok
    15:59:56.0535 2068 WISTechVIDCAP - ok
    15:59:56.0597 2068 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
    15:59:56.0613 2068 Wlansvc - ok
    15:59:56.0675 2068 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    15:59:56.0675 2068 WmiAcpi - ok
    15:59:56.0753 2068 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
    15:59:56.0753 2068 wmiApSrv - ok
    15:59:56.0878 2068 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
    15:59:56.0909 2068 WMPNetworkSvc - ok
    15:59:56.0940 2068 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
    15:59:56.0956 2068 WPCSvc - ok
    15:59:57.0003 2068 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
    15:59:57.0003 2068 WPDBusEnum - ok
    15:59:57.0065 2068 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    15:59:57.0065 2068 WpdUsb - ok
    15:59:57.0221 2068 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    15:59:57.0252 2068 WPFFontCache_v0400 - ok
    15:59:57.0283 2068 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    15:59:57.0283 2068 ws2ifsl - ok
    15:59:57.0299 2068 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
    15:59:57.0299 2068 wscsvc - ok
    15:59:57.0315 2068 WSearch - ok
    15:59:57.0455 2068 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
    15:59:57.0502 2068 wuauserv - ok
    15:59:57.0689 2068 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:59:57.0689 2068 WUDFRd - ok
    15:59:57.0736 2068 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
    15:59:57.0736 2068 wudfsvc - ok
    15:59:57.0751 2068 yksvc - ok
    15:59:57.0814 2068 yukonwlh (1a51df1a5c658d534ed980d18f7982de) C:\Windows\system32\DRIVERS\yk60x86.sys
    15:59:57.0829 2068 yukonwlh - ok
    15:59:57.0845 2068 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    15:59:57.0923 2068 \Device\Harddisk0\DR0 - ok
    15:59:57.0923 2068 Boot (0x1200) (b4101a08d1612db421125664fc994eb7) \Device\Harddisk0\DR0\Partition0
    15:59:57.0923 2068 \Device\Harddisk0\DR0\Partition0 - ok
    15:59:57.0923 2068 ============================================================
    15:59:57.0923 2068 Scan finished
    15:59:57.0923 2068 ============================================================
    15:59:57.0939 3508 Detected object count: 0
    15:59:57.0939 3508 Actual detected object count: 0
     
  14. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  15. 5ublim3

    5ublim3 TS Rookie Topic Starter Posts: 21

    ComboFix 12-04-29.02 - Xavi 04/29/2012 16:26:51.4.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3032.1862 [GMT -5:00]
    Running from: c:\users\Xavi\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-29 21:31 . 2012-04-29 21:31 -------- d-----w- c:\users\Xavi\AppData\Local\temp
    2012-04-29 21:31 . 2012-04-29 21:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-29 19:09 . 2012-04-29 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-29 19:09 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-29 18:49 . 2012-04-29 18:49 -------- d-----w- C:\dell
    2012-04-29 14:13 . 2012-04-29 18:38 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-04-28 19:37 . 2012-04-28 19:40 -------- d-----w- C:\jgh
    2012-04-28 16:09 . 2012-04-28 16:09 -------- d-----w- c:\users\Xavi\AppData\Roaming\Malwarebytes
    2012-04-28 16:09 . 2012-04-28 16:20 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-21 19:38 . 2012-04-21 19:38 0 ----a-w- c:\windows\invcol.tmp
    2012-04-21 19:18 . 2011-12-06 20:55 53248 ----a-w- c:\windows\system32\CSVer.dll
    2012-04-20 10:59 . 2012-04-21 20:46 -------- d-----w- c:\program files\World of Warcraft Beta
    2012-04-20 10:58 . 2012-04-20 10:58 -------- d-----w- c:\programdata\Battle.net
    2012-04-11 05:51 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-04-09 21:03 . 2012-04-14 01:48 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-09 21:03 . 2012-04-09 21:03 -------- d-----w- c:\programdata\SlySoft
    2012-04-09 20:59 . 2012-04-09 20:59 -------- d-----w- c:\program files\SlySoft
    2012-04-09 20:53 . 2012-04-09 22:08 -------- d-----w- c:\programdata\DVD Shrink
    2012-04-09 20:53 . 2012-04-09 20:53 -------- d-----w- c:\program files\DVD Shrink
    2012-04-06 03:20 . 2012-04-06 03:20 -------- d-----w- c:\users\Xavi\AppData\Roaming\Doblon
    2012-04-06 03:19 . 2012-04-06 03:19 -------- d-----w- c:\program files\Common Files\Doblon
    2012-04-06 03:19 . 2012-04-06 03:19 -------- d-----w- c:\program files\Common Files\cdrdao
    2012-03-31 02:13 . 2012-04-06 03:19 -------- d-----w- c:\program files\Doblon
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-14 01:48 . 2011-06-11 21:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-09 14:12 . 2012-03-09 14:12 121208 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
    2012-02-14 15:45 . 2012-03-14 01:10 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-02-14 15:45 . 2012-03-14 01:10 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-02-13 14:12 . 2012-03-14 01:10 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-02-13 13:47 . 2012-03-14 01:10 683008 ----a-w- c:\windows\system32\d2d1.dll
    2012-02-13 13:44 . 2012-03-14 01:10 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2012-02-02 15:16 . 2012-03-14 01:10 2044416 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-20 455968]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-02 200704]
    "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-11-19 483420]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
    "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-11 323584]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2520783751-165864320-3817540785-1000]
    "EnableNotificationsRef"=dword:00000001
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-11-18 81920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 14683384
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - KXLDIPOD
    *Deregistered* - 14683384
    *Deregistered* - aswMBR
    *Deregistered* - kxldipod
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    CAMFLT
    diskperf
    DniVad
    mgabgexe
    firelm01
    LHidUsbK
    ntrtscan
    w810mdfl
    konfig
    epsonbidirectionalservice
    tmtdi
    ctaud2k
    atitunep
    imapiservice
    ql1240
    cics.region2
    lbtserv
    mcrdsvc
    VAIOMediaPlatform-VideoServer-UPnP
    siskp
    ultra66
    ESMCR
    deventagent
    Wbutton
    alertmanager
    pdlnebas
    aavmker4
    MaxtorFrontPanel1
    USA49W2KP
    EACSvrMngr
    symantecantibotfilter
    mnsframework
    rsvchost
    lxby_device
    sonicatheaterinstallerservice
    relational
    server
    lxcd_device
    sfrem01
    ql10wnt
    pctavsvc
    WISTechVIDCAP
    qkbfiltr
    TVALG
    awhost32
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-09-20 02:46 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 01:48]
    .
    2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-15 03:57]
    .
    2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-15 03:57]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-29 16:31
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2012-04-29 16:33:10
    ComboFix-quarantined-files.txt 2012-04-29 21:33
    ComboFix2.txt 2012-04-29 13:04
    .
    Pre-Run: 44,485,496,832 bytes free
    Post-Run: 44,589,121,536 bytes free
    .
    - - End Of File - - AE6F0F1D9C019F36D7FEF65333F64A19
     
  16. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    smb.sys
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  17. 5ublim3

    5ublim3 TS Rookie Topic Starter Posts: 21

    OTL logfile created on: 4/29/2012 4:53:10 PM - Run 1
    OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Xavi\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.96 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 62.45% Memory free
    6.13 Gb Paging File | 5.06 Gb Available in Paging File | 82.51% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 149.00 Gb Total Space | 41.46 Gb Free Space | 27.82% Space Free | Partition Type: NTFS

    Computer Name: XAVI-PC | User Name: Xavi | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/29 16:52:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Xavi\Desktop\OTL.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/03/21 13:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2009/11/19 18:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
    PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/11/18 20:19:28 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2008/11/18 20:19:28 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
    PRC - [2008/11/17 19:22:44 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
    PRC - [2008/08/01 23:12:24 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2008/06/30 10:36:44 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2008/05/23 14:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2008/03/21 20:32:04 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2007/12/10 19:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
    PRC - [2007/10/25 17:23:36 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2011/03/21 13:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/03/21 13:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2007/08/14 15:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
    MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mwsarcpkt.dll -- (WISTechVIDCAP)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\swwd.dll -- (w810mdfl)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SetupSys.dll -- (VAIOMediaPlatform-VideoServer-UPnP)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aswrdr.dll -- (USA49W2KP)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxcf_device.dll -- (TVALG)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Pnp680r.dll -- (tmtdi)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracle_load_balancer_60_server-forms6ip14.dll -- (symantecantibotfilter)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hpt3xx.dll -- (sonicatheaterinstallerservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winmgmt.dll -- (siskp)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\flashcom.dll -- (sfrem01)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NwSapAgent.dll -- (server)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\isdrv122.dll -- (rsvchost)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\id2scaps.dll -- (relational)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ngdbserv.dll -- (ql1240)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nwlnkipx.dll -- (ql10wnt)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\odclientservice.dll -- (qkbfiltr)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmap.dll -- (pdlnebas)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SetupNT.dll -- (pctavsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qkbfiltr.dll -- (ntrtscan)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\W55U01.dll -- (mnsframework)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tandpl.dll -- (mgabgexe)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eventclientmultiplexer.dll -- (mcrdsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slabser.dll -- (MaxtorFrontPanel1)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iAimFP6.dll -- (lxcd_device)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nwlnknb.dll -- (lxby_device)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ood2000.dll -- (LHidUsbK)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AVerBDA.dll -- (lbtserv)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\F700ius.dll -- (konfig)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SiS300i.dll -- (imapiservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dsNcAdpt.dll -- (firelm01)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tosrfsnd.dll -- (epsonbidirectionalservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CA561.dll -- (EACSvrMngr)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\streamip.dll -- (DniVad)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vrfwsvc.dll -- (diskperf)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rapapp.dll -- (ctaud2k)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\xmlprov.dll -- (cics.region2)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ESMCR.dll -- (CAMFLT)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Tb2RCAssist.dll -- (awhost32)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PEVSystemStart.dll -- (atitunep)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cwafadmincontroller.dll -- (aavmker4)
    SRV - [2012/04/13 20:48:09 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2008/11/18 20:19:28 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
    SRV - [2008/11/17 19:22:44 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Xavi\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/03/09 09:12:36 | 000,121,208 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
    DRV - [2011/07/31 00:00:46 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2008/11/18 20:19:28 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2008/07/24 18:42:48 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2008/02/13 17:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
    DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
    DRV - [2002/07/17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2520783751-165864320-3817540785-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-2520783751-165864320-3817540785-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2520783751-165864320-3817540785-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-2520783751-165864320-3817540785-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2520783751-165864320-3817540785-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...b8ee9c60b8c&lang=en&ds=AVG&pr=pr&d=2012-04-28 13:12:33&v=11.0.0.9&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-2520783751-165864320-3817540785-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2520783751-165864320-3817540785-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



    O1 HOSTS File: ([2012/04/29 07:58:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2520783751-165864320-3817540785-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2520783751-165864320-3817540785-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx (CamImage Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22C08851-91BF-4C13-B29F-02B840FACF95}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: CAMFLT - %systemroot%\system32\ESMCR.dll File not found
    NetSvcs: diskperf - %systemroot%\system32\vrfwsvc.dll File not found
    NetSvcs: DniVad - %systemroot%\system32\streamip.dll File not found
    NetSvcs: mgabgexe - %systemroot%\system32\tandpl.dll File not found
    NetSvcs: firelm01 - %systemroot%\system32\dsNcAdpt.dll File not found
    NetSvcs: LHidUsbK - %systemroot%\system32\ood2000.dll File not found
    NetSvcs: ntrtscan - %systemroot%\system32\qkbfiltr.dll File not found
    NetSvcs: w810mdfl - %systemroot%\system32\swwd.dll File not found
    NetSvcs: konfig - %systemroot%\system32\F700ius.dll File not found
    NetSvcs: epsonbidirectionalservice - %systemroot%\system32\tosrfsnd.dll File not found
    NetSvcs: tmtdi - %systemroot%\system32\Pnp680r.dll File not found
    NetSvcs: ctaud2k - %systemroot%\system32\rapapp.dll File not found
    NetSvcs: atitunep - %systemroot%\system32\PEVSystemStart.dll File not found
    NetSvcs: imapiservice - %systemroot%\system32\SiS300i.dll File not found
    NetSvcs: ql1240 - %systemroot%\system32\ngdbserv.dll File not found
    NetSvcs: cics.region2 - %systemroot%\system32\xmlprov.dll File not found
    NetSvcs: lbtserv - %systemroot%\system32\AVerBDA.dll File not found
    NetSvcs: mcrdsvc - %systemroot%\system32\eventclientmultiplexer.dll File not found
    NetSvcs: VAIOMediaPlatform-VideoServer-UPnP - %systemroot%\system32\SetupSys.dll File not found
    NetSvcs: siskp - %systemroot%\system32\winmgmt.dll File not found
    NetSvcs: ultra66 - File not found
    NetSvcs: ESMCR - File not found
    NetSvcs: deventagent - File not found
    NetSvcs: Wbutton - File not found
    NetSvcs: alertmanager - File not found
    NetSvcs: pdlnebas - %systemroot%\system32\nmap.dll File not found
    NetSvcs: aavmker4 - %systemroot%\system32\cwafadmincontroller.dll File not found
    NetSvcs: MaxtorFrontPanel1 - %systemroot%\system32\slabser.dll File not found
    NetSvcs: USA49W2KP - %systemroot%\system32\aswrdr.dll File not found
    NetSvcs: EACSvrMngr - %systemroot%\system32\CA561.dll File not found
    NetSvcs: symantecantibotfilter - %systemroot%\system32\oracle_load_balancer_60_server-forms6ip14.dll File not found
    NetSvcs: mnsframework - %systemroot%\system32\W55U01.dll File not found
    NetSvcs: rsvchost - %systemroot%\system32\isdrv122.dll File not found
    NetSvcs: lxby_device - %systemroot%\system32\nwlnknb.dll File not found
    NetSvcs: sonicatheaterinstallerservice - %systemroot%\system32\hpt3xx.dll File not found
    NetSvcs: relational - %systemroot%\system32\id2scaps.dll File not found
    NetSvcs: server - %systemroot%\system32\NwSapAgent.dll File not found
    NetSvcs: lxcd_device - %systemroot%\system32\iAimFP6.dll File not found
    NetSvcs: sfrem01 - %systemroot%\system32\flashcom.dll File not found
    NetSvcs: ql10wnt - %systemroot%\system32\nwlnkipx.dll File not found
    NetSvcs: pctavsvc - %systemroot%\system32\SetupNT.dll File not found
    NetSvcs: WISTechVIDCAP - %systemroot%\system32\mwsarcpkt.dll File not found
    NetSvcs: qkbfiltr - %systemroot%\system32\odclientservice.dll File not found
    NetSvcs: TVALG - %systemroot%\system32\lxcf_device.dll File not found
    NetSvcs: awhost32 - %systemroot%\system32\Tb2RCAssist.dll File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/29 16:52:23 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Xavi\Desktop\OTL.exe
    [2012/04/29 16:33:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/04/29 16:33:11 | 000,000,000 | ---D | C] -- C:\Users\Xavi\AppData\Local\temp
    [2012/04/29 16:32:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/04/29 16:24:04 | 004,479,463 | R--- | C] (Swearware) -- C:\Users\Xavi\Desktop\ComboFix.exe
    [2012/04/29 14:49:54 | 000,000,000 | ---D | C] -- C:\Users\Xavi\Desktop\bootkit_remover
    [2012/04/29 14:48:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Xavi\Desktop\aswMBR.exe
    [2012/04/29 14:11:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Xavi\Desktop\dds.scr
    [2012/04/29 14:09:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/04/29 14:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/04/29 13:58:41 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/04/29 13:49:02 | 000,000,000 | ---D | C] -- C:\dell
    [2012/04/29 09:13:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/04/29 07:49:05 | 000,000,000 | ---D | C] -- C:\jgh15176j
    [2012/04/28 14:45:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/04/28 14:45:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/04/28 14:45:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/04/28 14:38:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/04/28 14:37:20 | 000,000,000 | ---D | C] -- C:\jgh
    [2012/04/28 14:37:06 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/28 11:09:47 | 000,000,000 | ---D | C] -- C:\Users\Xavi\AppData\Roaming\Malwarebytes
    [2012/04/28 11:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/04/28 10:47:37 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Xavi\Desktop\tdsskiller.exe
    [2012/04/28 10:34:11 | 012,903,272 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Xavi\Desktop\SUPERAntiSpywarePro.exe
    [2012/04/28 10:33:06 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Xavi\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/04/21 14:18:34 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
    [2012/04/20 05:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Beta
    [2012/04/20 05:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Beta
    [2012/04/20 05:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
    [2012/04/09 16:09:03 | 000,000,000 | ---D | C] -- C:\Users\Xavi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    [2012/04/09 16:04:30 | 000,000,000 | ---D | C] -- C:\Users\Xavi\Documents\AnyDVDHD
    [2012/04/09 16:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
    [2012/04/09 15:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
    [2012/04/09 15:54:19 | 000,000,000 | ---D | C] -- C:\Users\Xavi\Desktop\Movies
    [2012/04/09 15:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
    [2012/04/09 15:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
    [2012/04/05 22:20:07 | 000,000,000 | ---D | C] -- C:\Users\Xavi\Documents\Ripped karaoke
    [2012/04/05 22:20:06 | 000,000,000 | ---D | C] -- C:\Users\Xavi\AppData\Roaming\Doblon
    [2012/04/05 22:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doblon
    [2012/04/05 22:19:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\cdrdao
    [2012/04/05 22:17:35 | 000,000,000 | ---D | C] -- C:\Users\Xavi\Desktop\Karaoke Songs
    [2012/03/30 21:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Doblon
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/04/29 16:52:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Xavi\Desktop\OTL.exe
    [2012/04/29 16:48:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/29 16:44:01 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/04/29 16:44:01 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/04/29 16:37:31 | 000,007,728 | ---- | M] () -- C:\Users\Xavi\AppData\Local\d3d9caps.dat
    [2012/04/29 16:37:26 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/29 16:37:25 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/29 16:37:25 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/29 16:37:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/04/29 16:37:12 | 3179,663,360 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/29 16:25:01 | 004,479,463 | R--- | M] (Swearware) -- C:\Users\Xavi\Desktop\ComboFix.exe
    [2012/04/29 16:13:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/29 15:08:59 | 000,000,512 | ---- | M] () -- C:\Users\Xavi\Desktop\MBR.dat
    [2012/04/29 14:49:18 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Xavi\Desktop\aswMBR.exe
    [2012/04/29 14:11:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Xavi\Desktop\dds.scr
    [2012/04/29 14:10:49 | 000,302,592 | ---- | M] () -- C:\Users\Xavi\Desktop\k12rdfp7.exe
    [2012/04/29 14:09:04 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/29 07:58:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/04/28 10:47:47 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Xavi\Desktop\tdsskiller.exe
    [2012/04/28 10:35:42 | 012,903,272 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Xavi\Desktop\SUPERAntiSpywarePro.exe
    [2012/04/28 10:33:50 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Xavi\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/04/21 15:13:05 | 000,012,852 | ---- | M] () -- C:\Windows\System32\results.xml
    [2012/04/21 14:49:19 | 000,000,749 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
    [2012/04/21 14:38:53 | 000,029,300 | ---- | M] () -- C:\Windows\System32\DellSystem.xml
    [2012/04/20 12:46:51 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
    [2012/04/20 06:00:37 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft Beta.lnk
    [2012/04/15 20:04:43 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/04/09 16:03:00 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
    [2012/04/09 16:02:17 | 000,241,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/04/09 15:53:13 | 000,000,792 | ---- | M] () -- C:\Users\Xavi\Desktop\DVD Shrink 3.2.lnk
    [2012/04/05 22:19:43 | 000,001,008 | ---- | M] () -- C:\Users\Xavi\Desktop\Power CD+G Burner.lnk
    [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/04/29 15:08:59 | 000,000,512 | ---- | C] () -- C:\Users\Xavi\Desktop\MBR.dat
    [2012/04/29 14:10:49 | 000,302,592 | ---- | C] () -- C:\Users\Xavi\Desktop\k12rdfp7.exe
    [2012/04/29 14:09:04 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/28 14:45:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/28 14:45:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/04/28 14:45:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/04/28 14:45:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/04/28 14:45:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/04/28 14:30:56 | 3179,663,360 | -HS- | C] () -- C:\hiberfil.sys
    [2012/04/21 15:13:05 | 000,012,852 | ---- | C] () -- C:\Windows\System32\results.xml
    [2012/04/21 14:38:50 | 000,029,300 | ---- | C] () -- C:\Windows\System32\DellSystem.xml
    [2012/04/20 05:59:44 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft Beta.lnk
    [2012/04/09 16:03:19 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/09 16:03:00 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2012/04/09 15:53:13 | 000,000,792 | ---- | C] () -- C:\Users\Xavi\Desktop\DVD Shrink 3.2.lnk
    [2012/04/05 22:19:43 | 000,001,008 | ---- | C] () -- C:\Users\Xavi\Desktop\Power CD+G Burner.lnk
    [2012/02/13 21:34:38 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2011/10/13 11:59:42 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2011/10/13 11:59:40 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2011/10/13 11:59:40 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
    [2011/10/13 11:31:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2011/10/13 11:30:24 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
    [2011/07/31 17:12:49 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2011/07/28 20:29:24 | 000,000,068 | ---- | C] () -- C:\Windows\UpTiDev.INI
    [2011/06/23 23:00:59 | 000,097,496 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2011/06/15 09:20:52 | 000,105,240 | ---- | C] () -- C:\Windows\System32\RSTCoin.dll
    [2011/06/13 02:19:57 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2011/06/13 02:19:57 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2011/06/12 17:20:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/06/12 17:19:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011/06/12 17:18:53 | 000,066,560 | ---- | C] () -- C:\Windows\System32\drivers\smb.sys
    [2011/06/11 19:30:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2011/06/11 16:25:04 | 000,008,192 | ---- | C] () -- C:\Users\Xavi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/11 15:43:37 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
    [2011/06/11 11:01:23 | 000,007,728 | ---- | C] () -- C:\Users\Xavi\AppData\Local\d3d9caps.dat

    ========== LOP Check ==========

    [2012/04/05 22:20:06 | 000,000,000 | ---D | M] -- C:\Users\Xavi\AppData\Roaming\Doblon
    [2011/07/31 12:44:37 | 000,000,000 | ---D | M] -- C:\Users\Xavi\AppData\Roaming\FileZilla
    [2012/01/02 01:57:17 | 000,000,000 | ---D | M] -- C:\Users\Xavi\AppData\Roaming\FrostWire
    [2011/06/11 15:41:00 | 000,000,000 | ---D | M] -- C:\Users\Xavi\AppData\Roaming\TMP
    [2012/04/29 16:36:37 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2011/06/11 13:50:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2012/04/29 16:37:12 | 3179,663,360 | -HS- | M] () -- C:\hiberfil.sys
    [2011/07/30 23:26:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/07/30 23:26:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/04/29 16:37:11 | 3493,470,208 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2011/06/12 17:37:21 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/11/03 21:32:46 | 000,000,286 | -HS- | M] () -- C:\Users\Xavi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/04/29 14:49:18 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Xavi\Desktop\aswMBR.exe
    [2012/04/29 16:25:01 | 004,479,463 | R--- | M] (Swearware) -- C:\Users\Xavi\Desktop\ComboFix.exe
    [2012/04/29 14:10:49 | 000,302,592 | ---- | M] () -- C:\Users\Xavi\Desktop\k12rdfp7.exe
    [2012/04/28 10:33:50 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Xavi\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/04/29 16:52:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Xavi\Desktop\OTL.exe
    [2012/04/28 10:35:42 | 012,903,272 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Xavi\Desktop\SUPERAntiSpywarePro.exe
    [2012/04/28 10:47:47 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Xavi\Desktop\tdsskiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/04/29 16:48:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/29 16:37:26 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/29 16:13:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/29 16:37:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/04/29 16:36:37 | 000,032,526 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/06/11 11:01:36 | 000,000,402 | -HS- | M] () -- C:\Users\Xavi\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/04/09 16:03:00 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-11 08:10:34

    < MD5 for: SMB.SYS >
    [2008/01/20 21:25:00 | 000,066,560 | ---- | M] (Microsoft Corporation) MD5=031E6BCD53C9B2B9ACE111EAFEC347B6 -- C:\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6001.18000_none_5f6a9133f7f64138\smb.sys
    [2009/04/10 21:45:24 | 000,066,560 | ---- | M] () MD5=638F8C9A536F9973D4C65D525B2C7582 -- C:\Windows\System32\drivers\smb.sys
    [2009/04/10 23:45:22 | 000,066,560 | ---- | M] (Microsoft Corporation) MD5=7B75299A4D201D6A6533603D6914AB04 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys
    < End of report >
     
  18. 5ublim3

    5ublim3 TS Rookie Topic Starter Posts: 21

    OTL Extras logfile created on: 4/29/2012 4:53:10 PM - Run 1
    OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Xavi\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.96 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 62.45% Memory free
    6.13 Gb Paging File | 5.06 Gb Available in Paging File | 82.51% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 149.00 Gb Total Space | 41.46 Gb Free Space | 27.82% Space Free | Partition Type: NTFS

    Computer Name: XAVI-PC | User Name: Xavi | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2520783751-165864320-3817540785-1000]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07E99E82-BA57-4332-9541-1808E75D4844}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{105895D8-ACB2-49A1-A2E9-598FD97C463C}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{2E11ED7A-BEF8-43C7-BD16-D65CE9574254}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{30E0B255-8013-4402-BB90-EA12CF070B85}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{33CCA586-DD2C-47BD-A5BE-2269E5586C33}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
    "{5223EB33-D3F6-4505-B067-E7E5A8772925}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{5A12EB2D-A313-4A36-AB65-DEB40DABFC6F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "{612B5793-091C-43EC-B227-60A7A7FCBD47}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{67CFA184-09A4-4F5C-9248-B95F071B0CBE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{7D677A4B-445F-4C37-B617-D8DBC31F7501}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{7FED0D91-2DEF-407E-A07E-72A6BD7F09B1}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
    "{95695A5A-DCEE-4D80-8C23-37C0C6C08A7A}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
    "{97A0CCAE-4A0B-4211-9D0D-5EFBAA37FBEF}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{9857307F-807E-4733-8424-7067482B45D6}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
    "{9984AFAB-0934-4316-A43D-CBE6917AE97A}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
    "{9A50B6A8-D681-4337-9C0F-026BEF570D85}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
    "{B544D43F-FB3E-4857-B5B1-B39E18F1C29F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
    "{BE0E8075-CD55-46B7-A63A-B060FCE08B31}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
    "{C2B0B622-F932-4CE8-9D3B-400F77D34C28}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
    "{C90E3ED1-6B41-46B4-A04B-D3B2B9514E78}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{CB694CB6-FD2C-4A34-BE31-D80FD9A83BBA}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
    "{D95E791C-4AA0-4C09-93C1-F69581C40161}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
    "{E7458AEC-6765-47BC-BFEE-FBF77576C518}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{E97E7088-F411-4E32-95EE-1565B8F089D1}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
    "{F0EDF9DC-3DA8-481D-AA5C-A00A16B51297}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "TCP Query User{0BC248E0-EC23-4A00-B5E6-30B2964B85F4}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
    "TCP Query User{231FA9B0-AE33-40AF-AEEB-F11BE9D6A5D0}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
    "TCP Query User{71ACDDB2-F363-4207-B0D7-15B528A75F0E}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
    "TCP Query User{819394C4-E285-4273-9037-D9BF85678D4E}C:\program files\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
    "TCP Query User{9F0311D2-0F08-444B-8088-04FB869AE28E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{EB2145F5-240A-464F-B064-6CDFC82ABA3F}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
    "UDP Query User{21E24C0F-7CAD-4FBD-A176-0FCCB43B3255}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{3F2494A7-9CE0-491A-BF9C-B412AD22851E}C:\program files\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
    "UDP Query User{42EA6FDC-0145-4F71-99FB-F1BF44934970}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
    "UDP Query User{44380911-8DDA-47B4-A44F-D26C8776C96A}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
    "UDP Query User{DEF7721F-7CFC-4258-B60C-ABC52495B272}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
    "UDP Query User{F098691A-5BD4-45E6-8196-29452541473B}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{523DF39E-DF7D-488F-8022-783946571033}" = Nero 8 Essentials
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{BC21E1FA-BD9C-4351-8EA3-4EC377B1E439}_is1" = Power CD+G Burner
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "AC3Filter" = AC3Filter (remove only)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "AnyDVD" = AnyDVD
    "DivX Setup.divx.com" = DivX Setup
    "DVD Shrink_is1" = DVD Shrink 3.2
    "EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
    "FrostWire" = FrostWire 4.21.8
    "FrostWire 5" = FrostWire 5.3.2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "WinRAR archiver" = WinRAR 4.01 (32-bit)
    "World of Warcraft" = World of Warcraft
    "World of Warcraft Beta" = World of Warcraft Beta
    "Xvid_is1" = Xvid 1.2.2 final uninstall

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/29/2012 12:59:33 AM | Computer Name = Xavi-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/29/2012 8:47:39 AM | Computer Name = Xavi-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/29/2012 8:59:38 AM | Computer Name = Xavi-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/29/2012 9:09:09 AM | Computer Name = Xavi-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/29/2012 9:12:18 AM | Computer Name = Xavi-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/29/2012 10:01:59 AM | Computer Name = Xavi-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/29/2012 10:02:00 AM | Computer Name = Xavi-PC | Source = System Restore | ID = 8205
    Description =

    Error - 4/29/2012 2:40:11 PM | Computer Name = Xavi-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/29/2012 3:03:15 PM | Computer Name = Xavi-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/29/2012 5:39:02 PM | Computer Name = Xavi-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 7/4/2011 9:15:50 PM | Computer Name = Xavi-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 7/5/2011 10:14:15 AM | Computer Name = Xavi-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.4 for the Network Card with network
    address 00225F563E10 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 7/10/2011 12:52:13 PM | Computer Name = Xavi-PC | Source = Dhcp | ID = 1001
    Description = Your computer was not assigned an address from the network (by the
    DHCP Server) for the Network Card with network address 00225F563E10. The following
    error occurred: %%1223. Your computer will continue to try and obtain an address
    on its own from the network address (DHCP) server.

    Error - 7/13/2011 11:24:51 AM | Computer Name = Xavi-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 7/13/2011 11:24:51 AM | Computer Name = Xavi-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 7/13/2011 7:40:35 PM | Computer Name = Xavi-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 12:21:33 PM on 7/13/2011 was unexpected.

    Error - 7/13/2011 7:41:55 PM | Computer Name = Xavi-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 7/13/2011 7:41:55 PM | Computer Name = Xavi-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 7/13/2011 7:41:55 PM | Computer Name = Xavi-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 7/13/2011 7:41:55 PM | Computer Name = Xavi-PC | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys | C:\Windows\System32\drivers\smb.sys
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  20. 5ublim3

    5ublim3 TS Rookie Topic Starter Posts: 21

    ComboFix 12-04-29.02 - Xavi 04/29/2012 17:22:48.5.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3032.1931 [GMT -5:00]
    Running from: c:\users\Xavi\Desktop\ComboFix.exe
    Command switches used :: c:\users\Xavi\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys --> c:\windows\System32\drivers\smb.sys
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-29 22:26 . 2012-04-29 22:27 -------- d-----w- c:\users\Xavi\AppData\Local\temp
    2012-04-29 22:26 . 2012-04-29 22:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-29 19:09 . 2012-04-29 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-29 19:09 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-29 18:49 . 2012-04-29 18:49 -------- d-----w- C:\dell
    2012-04-29 14:13 . 2012-04-29 18:38 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-04-28 19:37 . 2012-04-28 19:40 -------- d-----w- C:\jgh
    2012-04-28 16:09 . 2012-04-28 16:09 -------- d-----w- c:\users\Xavi\AppData\Roaming\Malwarebytes
    2012-04-28 16:09 . 2012-04-28 16:20 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-21 19:38 . 2012-04-21 19:38 0 ----a-w- c:\windows\invcol.tmp
    2012-04-21 19:18 . 2011-12-06 20:55 53248 ----a-w- c:\windows\system32\CSVer.dll
    2012-04-20 10:59 . 2012-04-21 20:46 -------- d-----w- c:\program files\World of Warcraft Beta
    2012-04-20 10:58 . 2012-04-20 10:58 -------- d-----w- c:\programdata\Battle.net
    2012-04-11 05:51 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-04-09 21:03 . 2012-04-14 01:48 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-09 21:03 . 2012-04-09 21:03 -------- d-----w- c:\programdata\SlySoft
    2012-04-09 20:59 . 2012-04-09 20:59 -------- d-----w- c:\program files\SlySoft
    2012-04-09 20:53 . 2012-04-09 22:08 -------- d-----w- c:\programdata\DVD Shrink
    2012-04-09 20:53 . 2012-04-09 20:53 -------- d-----w- c:\program files\DVD Shrink
    2012-04-06 03:20 . 2012-04-06 03:20 -------- d-----w- c:\users\Xavi\AppData\Roaming\Doblon
    2012-04-06 03:19 . 2012-04-06 03:19 -------- d-----w- c:\program files\Common Files\Doblon
    2012-04-06 03:19 . 2012-04-06 03:19 -------- d-----w- c:\program files\Common Files\cdrdao
    2012-03-31 02:13 . 2012-04-06 03:19 -------- d-----w- c:\program files\Doblon
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-14 01:48 . 2011-06-11 21:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-09 14:12 . 2012-03-09 14:12 121208 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
    2012-02-14 15:45 . 2012-03-14 01:10 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-02-14 15:45 . 2012-03-14 01:10 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-02-13 14:12 . 2012-03-14 01:10 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-02-13 13:47 . 2012-03-14 01:10 683008 ----a-w- c:\windows\system32\d2d1.dll
    2012-02-13 13:44 . 2012-03-14 01:10 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2012-02-02 15:16 . 2012-03-14 01:10 2044416 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-20 455968]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-02 200704]
    "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-11-19 483420]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
    "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-11 323584]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2520783751-165864320-3817540785-1000]
    "EnableNotificationsRef"=dword:00000001
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-11-18 81920]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    CAMFLT
    diskperf
    DniVad
    mgabgexe
    firelm01
    LHidUsbK
    ntrtscan
    w810mdfl
    konfig
    epsonbidirectionalservice
    tmtdi
    ctaud2k
    atitunep
    imapiservice
    ql1240
    cics.region2
    lbtserv
    mcrdsvc
    VAIOMediaPlatform-VideoServer-UPnP
    siskp
    ultra66
    ESMCR
    deventagent
    Wbutton
    alertmanager
    pdlnebas
    aavmker4
    MaxtorFrontPanel1
    USA49W2KP
    EACSvrMngr
    symantecantibotfilter
    mnsframework
    rsvchost
    lxby_device
    sonicatheaterinstallerservice
    relational
    server
    lxcd_device
    sfrem01
    ql10wnt
    pctavsvc
    WISTechVIDCAP
    qkbfiltr
    TVALG
    awhost32
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-09-20 02:46 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 01:48]
    .
    2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-15 03:57]
    .
    2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-15 03:57]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-29 17:27
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2012-04-29 17:28:31
    ComboFix-quarantined-files.txt 2012-04-29 22:28
    ComboFix2.txt 2012-04-29 13:04
    .
    Pre-Run: 47,967,690,752 bytes free
    Post-Run: 47,951,056,896 bytes free
    .
    - - End Of File - - 1F880462F9CA2EBD8376500D1D5F280E
     
  21. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Good.
    Post new aswMBR log.
     
  22. 5ublim3

    5ublim3 TS Rookie Topic Starter Posts: 21

    I have to go to work tonight, I will try to post this before I leave but if not I'll get it up tommorrow morning about 8 am Central time. I appreciate all your help and hopefully we can continue this tomorrow if you can. Thanks!!!
     
  23. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    No problem :)
     
  24. 5ublim3

    5ublim3 TS Rookie Topic Starter Posts: 21

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-29 17:40:40
    -----------------------------
    17:40:40.267 OS Version: Windows 6.0.6002 Service Pack 2
    17:40:40.267 Number of processors: 2 586 0xF0D
    17:40:40.267 ComputerName: XAVI-PC UserName: Xavi
    17:40:41.562 Initialize success
    17:51:16.967 AVAST engine defs: 12042901
    17:58:27.949 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    17:58:27.949 Disk 0 Vendor: FUJITSU_ 0085 Size: 152627MB BusType: 3
    17:58:28.012 Disk 0 MBR read successfully
    17:58:28.012 Disk 0 MBR scan
    17:58:28.027 Disk 0 Windows VISTA default MBR code
    17:58:28.027 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
    17:58:28.043 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152571 MB offset 112640
    17:58:28.043 Disk 0 scanning sectors +312578048
    17:58:28.136 Disk 0 scanning C:\Windows\system32\drivers
    17:58:41.606 Service scanning
    17:59:12.608 Modules scanning
    17:59:49.988 Disk 0 trace - called modules:
    17:59:50.051 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    17:59:50.051 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8725c4e0]
    17:59:50.066 3 CLASSPNP.SYS[8a9ab8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85385028]
    17:59:50.987 AVAST engine scan C:\Windows
    17:59:54.543 AVAST engine scan C:\Windows\system32
    18:04:24.494 AVAST engine scan C:\Windows\system32\drivers
    18:05:02.887 AVAST engine scan C:\Users\Xavi
    18:11:04.581 AVAST engine scan C:\ProgramData
    18:11:44.252 Scan finished successfully
    18:12:08.338 Disk 0 MBR has been saved successfully to "C:\Users\Xavi\Desktop\MBR.dat"
    18:12:08.338 The log file has been saved successfully to "C:\Users\Xavi\Desktop\aswMBR1.txt"
     
  25. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Good :)

    Reinstall AVG and let me know if it did quit complaining.
     
  26. 5ublim3

    5ublim3 TS Rookie Topic Starter Posts: 21

    All looks great thank you so much!
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.