Solved AVG detects smb.sys Trojan horse Hider.QPR

[5ublim3]

I have tried many of the different antivirus-malware programs you guys have listed to help others however even though it removed the other two infections it originally had this one keeps popping up whenever i restart. I have uninstalled avg now to try running some of the other software.

AVG 2012 Anti-Virus command line scanner
Copyright (c) 1992 - 2012 AVG Technologies
Program version 2012.0.2169, engine 2012.0.2411
Virus Database: Version 2411/4964 2012-04-28
C:\Boot\BCD Locked file. Not tested.
C:\Boot\BCD.LOG Locked file. Not tested.
C:\Documents and Settings\ Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\ProgramData\Desktop\ Locked file. Not tested.
C:\ProgramData\Documents\ Locked file. Not tested.
C:\ProgramData\Favorites\ Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\Users\Default\AppData\Local\History\ Locked file. Not tested.
C:\Users\Default\AppData\Local\Temporary Internet Files\ Locked file. Not tested.
C:\Users\Default\Cookies\ Locked file. Not tested.
C:\Users\Default\Documents\My Music\ Locked file. Not tested.
C:\Users\Default\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Default\Documents\My Videos\ Locked file. Not tested.
C:\Users\Default\NetHood\ Locked file. Not tested.
C:\Users\Default\PrintHood\ Locked file. Not tested.
C:\Users\Default\Recent\ Locked file. Not tested.
C:\Users\Default\Templates\ Locked file. Not tested.
C:\Users\Xavi\AppData\Local\History\ Locked file. Not tested.
C:\Users\Xavi\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Users\Xavi\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested.
C:\Users\Xavi\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested.
C:\Users\Xavi\Documents\My Music\ Locked file. Not tested.
C:\Users\Xavi\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Xavi\Documents\My Videos\ Locked file. Not tested.
C:\Users\Xavi\NetHood\ Locked file. Not tested.
C:\Users\Xavi\NTUSER.DAT Locked file. Not tested.
C:\Users\Xavi\ntuser.dat.LOG1 Locked file. Not tested.
C:\Users\Xavi\ntuser.dat.LOG2 Locked file. Not tested.
C:\Users\Xavi\PrintHood\ Locked file. Not tested.
C:\Users\Xavi\Templates\ Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\COMPONENTS Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\COMPONENTS.LOG1 Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\COMPONENTS.LOG2 Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\DEFAULT Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\DEFAULT.LOG1 Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\DEFAULT.LOG2 Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\RegBack\COMPONENTS Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\RegBack\DEFAULT Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\RegBack\SAM Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\RegBack\SECURITY Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\RegBack\SOFTWARE Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\RegBack\SYSTEM Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\SAM Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\SAM.LOG1 Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\SAM.LOG2 Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\SECURITY Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\SECURITY.LOG1 Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\SECURITY.LOG2 Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\SOFTWARE Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\SOFTWARE.LOG1 Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\SOFTWARE.LOG2 Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\SYSTEM Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\SYSTEM.LOG1 Locked file. Not tested.
C:\Windows\$NtUninstallKB28406$\SYSTEM.LOG2 Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Locked file. Not tested.
C:\Windows\System32\catroot2\edb.log Locked file. Not tested.
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.
C:\Windows\System32\drivers\smb.sys Trojan horse Hider.QPR
------------------------------------------------------------
Test started: 28.4.2012 18:59:01
Duration of test: 30 minute(s) 39 second(s)
------------------------------------------------------------
Objects scanned : 1548614
Found infections : 1
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------

 

[5ublim3]

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.29.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Xavi :: XAVI-PC [administrator]
Protection: Disabled
4/29/2012 2:27:22 PM
mbam-log-2012-04-29 (14-27-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187376
Time elapsed: 3 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[5ublim3]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-29 14:35:51
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0085
Running: k12rdfp7.exe; Driver: C:\Users\Xavi\AppData\Local\Temp\kxldipod.sys

---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Xavi at 14:36:57 on 2012-04-29
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3032.1809 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{22C08851-91BF-4C13-B29F-02B840FACF95} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2011-6-11 81920]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-14 136176]
S2 symantecantibotfilter;Cbidf2k;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 253088]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2011-6-16 84832]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-14 136176]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2008-2-13 618112]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-29 19:09:02 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 19:09:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-29 18:49:02 -------- d-----w- C:\dell
2012-04-29 15:02:22 -------- d-----w- c:\users\xavi\appdata\local\temp
2012-04-29 15:01:37 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-29 14:13:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-29 12:49:05 -------- d-----w- C:\jgh15176j
2012-04-28 19:45:17 98816 ----a-w- c:\windows\sed.exe
2012-04-28 19:45:17 518144 ----a-w- c:\windows\SWREG.exe
2012-04-28 19:45:17 256000 ----a-w- c:\windows\PEV.exe
2012-04-28 19:45:17 208896 ----a-w- c:\windows\MBR.exe
2012-04-28 19:37:20 -------- d-----w- C:\jgh
2012-04-28 16:09:47 -------- d-----w- c:\users\xavi\appdata\roaming\Malwarebytes
2012-04-28 16:09:42 -------- d-----w- c:\programdata\Malwarebytes
2012-04-21 19:38:44 0 ----a-w- c:\windows\invcol.tmp
2012-04-21 19:18:34 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-04-20 10:59:44 -------- d-----w- c:\program files\World of Warcraft Beta
2012-04-20 10:58:19 -------- d-----w- c:\programdata\Battle.net
2012-04-11 05:51:02 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-04-09 21:03:16 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-09 20:59:41 -------- d-----w- c:\program files\SlySoft
2012-04-09 20:53:12 -------- d-----w- c:\program files\DVD Shrink
2012-04-06 03:20:06 -------- d-----w- c:\users\xavi\appdata\roaming\Doblon
2012-04-06 03:19:42 -------- d-----w- c:\program files\common files\Doblon
2012-04-06 03:19:41 -------- d-----w- c:\program files\common files\cdrdao
2012-03-31 02:13:27 -------- d-----w- c:\program files\Doblon
.
==================== Find3M ====================
.
2012-04-14 01:48:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-09 14:12:36 121208 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2012-03-06 06:39:00 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-06 06:39:00 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-14 15:45:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47:57 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16:25 2044416 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 14:37:15.18 ===============

 

[5ublim3]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/11/2011 12:55:04 PM
System Uptime: 4/29/2012 2:01:14 PM (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | Microprocessor | 2167/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 42.953 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
AC3Filter (remove only)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.0)
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Content Transfer
Dell Resource CD
Dell Touchpad
DivX Setup
DVD Shrink 3.2
EPSON NX410 Series Printer Uninstall
FrostWire 4.21.8
FrostWire 5.3.2
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
iTunes
Java Auto Updater
Java(TM) 6 Update 29
LightScribe System Software 1.10.16.1
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
Power CD+G Burner
PowerDVD
QuickTime
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Skype™ 5.5
TI Connect 1.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
Ventrilo Client
WinRAR 4.01 (32-bit)
World of Warcraft
World of Warcraft Beta
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
4/29/2012 7:47:39 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
4/29/2012 7:47:39 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
4/29/2012 7:47:39 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
4/29/2012 7:47:39 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The YahooAUService service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Wmp54gssvc service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Usbsermptxp service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Usbatapi2000 service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Umpusbxp service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Tsmapip service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Tfsncofs service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Symidsco service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Statusagent4 service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Sleepy service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Si3132 service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Sfusvc service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The RR2Mjpeg service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Qconsvc service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The PhilCam8116_XP service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Oracleservicesecinst service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Odserv service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The NETw3x32 service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The MTDVC2 service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Mcvsrte service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Mcontrol service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Mafwboot service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Iaimfp3 service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Hsxhwazl service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The GoBack2K service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Fd16_700 service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The F700ius service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Elnkupdateservice service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The DumaNT service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Dsncservice service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Defwatch service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Cicsclient service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Ccalib8 service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Cbidf2k service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Btwdndis service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Atixsaudio service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Aswrdr service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The ASMMAP service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Ami0nt service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7023] - The {e2b953a6-195a-44f9-9ba3-3d5f4e32bb55} service terminated with the following error: The specified module could not be found.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/29/2012 2:03:15 PM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/29/2012 12:07:27 AM, Error: Service Control Manager [7034] - The Marvell Yukon Service service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 10:00:48 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/28/2012 1:58:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC ElbyCDIO NetBIOS netbt nsiproxy PSched RasAcd rdbss spldr sptd tdx Wanarpv6
4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 1:58:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:57:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/28/2012 1:57:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/28/2012 1:57:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/28/2012 1:57:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/28/2012 1:57:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/28/2012 1:57:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/28/2012 1:57:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/28/2012 1:56:35 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
4/24/2012 9:45:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 ElbyCDIO spldr sptd Wanarpv6
4/24/2012 9:44:45 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
4/24/2012 9:43:32 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
4/24/2012 9:38:27 PM, Error: Service Control Manager [7023] - The Mcontrol service terminated with the following error: Access is denied.
4/24/2012 9:38:03 PM, Error: Service Control Manager [7023] - The Dsncservice service terminated with the following error: Access is denied.
4/24/2012 9:21:49 PM, Error: Service Control Manager [7023] - The Tfsncofs service terminated with the following error: Access is denied.
4/24/2012 9:20:49 PM, Error: Service Control Manager [7023] - The Wmp54gssvc service terminated with the following error: Access is denied.
4/23/2012 9:56:07 AM, Error: Service Control Manager [7023] - The DumaNT service terminated with the following error: Access is denied.
4/23/2012 9:52:34 AM, Error: Service Control Manager [7030] - The NetworkLog service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/23/2012 9:51:08 AM, Error: Service Control Manager [7023] - The Symidsco service terminated with the following error: Access is denied.
4/23/2012 9:40:07 AM, Error: Service Control Manager [7023] - The Mcvsrte service terminated with the following error: Access is denied.
4/23/2012 9:39:07 AM, Error: Service Control Manager [7023] - The Usbsermptxp service terminated with the following error: Access is denied.
4/23/2012 9:36:07 AM, Error: Service Control Manager [7023] - The Statusagent4 service terminated with the following error: Access is denied.
4/23/2012 9:35:08 AM, Error: Service Control Manager [7023] - The Cicsclient service terminated with the following error: Access is denied.
4/23/2012 5:06:54 PM, Error: Service Control Manager [7023] - The RR2Mjpeg service terminated with the following error: Access is denied.
4/23/2012 5:04:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
4/23/2012 4:50:37 PM, Error: Service Control Manager [7023] - The Ami0nt service terminated with the following error: Access is denied.
4/23/2012 4:49:37 PM, Error: Service Control Manager [7023] - The Sleepy service terminated with the following error: Access is denied.
4/23/2012 4:36:07 PM, Error: Service Control Manager [7023] - The NETw3x32 service terminated with the following error: Access is denied.
4/23/2012 4:21:06 PM, Error: Service Control Manager [7023] - The ASMMAP service terminated with the following error: Access is denied.
4/23/2012 4:06:06 PM, Error: Service Control Manager [7023] - The Aswrdr service terminated with the following error: Access is denied.
4/23/2012 3:51:06 PM, Error: Service Control Manager [7023] - The Cbidf2k service terminated with the following error: Access is denied.
4/23/2012 3:36:07 PM, Error: Service Control Manager [7023] - The Hsxhwazl service terminated with the following error: Access is denied.
4/23/2012 3:21:07 PM, Error: Service Control Manager [7023] - The Umpusbxp service terminated with the following error: Access is denied.
4/23/2012 3:06:07 PM, Error: Service Control Manager [7023] - The Btwdndis service terminated with the following error: Access is denied.
4/23/2012 2:51:07 PM, Error: Service Control Manager [7023] - The MTDVC2 service terminated with the following error: Access is denied.
4/23/2012 2:36:07 PM, Error: Service Control Manager [7023] - The Sfusvc service terminated with the following error: Access is denied.
4/23/2012 2:21:07 PM, Error: Service Control Manager [7023] - The {e2b953a6-195a-44f9-9ba3-3d5f4e32bb55} service terminated with the following error: Access is denied.
4/23/2012 2:06:07 PM, Error: Service Control Manager [7023] - The Odserv service terminated with the following error: Access is denied.
4/23/2012 12:51:07 PM, Error: Service Control Manager [7023] - The PhilCam8116_XP service terminated with the following error: Access is denied.
4/23/2012 12:36:07 PM, Error: Service Control Manager [7023] - The GoBack2K service terminated with the following error: Access is denied.
4/23/2012 12:21:07 PM, Error: Service Control Manager [7023] - The Mafwboot service terminated with the following error: Access is denied.
4/23/2012 12:06:07 PM, Error: Service Control Manager [7023] - The Fd16_700 service terminated with the following error: Access is denied.
4/23/2012 11:51:07 AM, Error: Service Control Manager [7023] - The Si3132 service terminated with the following error: Access is denied.
4/23/2012 11:36:07 AM, Error: Service Control Manager [7023] - The Iaimfp3 service terminated with the following error: Access is denied.
4/23/2012 11:21:07 AM, Error: Service Control Manager [7023] - The Defwatch service terminated with the following error: Access is denied.
4/23/2012 11:06:07 AM, Error: Service Control Manager [7023] - The Usbatapi2000 service terminated with the following error: Access is denied.
4/23/2012 10:51:07 AM, Error: Service Control Manager [7023] - The Oracleservicesecinst service terminated with the following error: Access is denied.
4/23/2012 10:36:07 AM, Error: Service Control Manager [7023] - The Tsmapip service terminated with the following error: Access is denied.
4/23/2012 10:21:07 AM, Error: Service Control Manager [7023] - The Elnkupdateservice service terminated with the following error: Access is denied.
4/23/2012 10:06:08 AM, Error: Service Control Manager [7023] - The F700ius service terminated with the following error: Access is denied.
4/23/2012 1:51:07 PM, Error: Service Control Manager [7023] - The Atixsaudio service terminated with the following error: Access is denied.
4/23/2012 1:36:07 PM, Error: Service Control Manager [7023] - The Qconsvc service terminated with the following error: Access is denied.
4/23/2012 1:21:07 PM, Error: Service Control Manager [7023] - The YahooAUService service terminated with the following error: Access is denied.
4/23/2012 1:06:07 PM, Error: Service Control Manager [7023] - The Ccalib8 service terminated with the following error: Access is denied.
.
==== End Of File ===========================

 

[Broni]

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===========================================================================

Download Bootkit Remover to your desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[5ublim3]

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com
Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`03700000
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Controlled by rootkit!
Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]

Done;
Press any key to quit...

 

[Broni]

What about aswMBR?

 

[5ublim3]

how do I post that its a .dat file and opens as a nero file..

 

[5ublim3]

Nevermind I found it sorry.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-29 14:50:03
-----------------------------
14:50:03.250 OS Version: Windows 6.0.6002 Service Pack 2
14:50:03.250 Number of processors: 2 586 0xF0D
14:50:03.250 ComputerName: XAVI-PC UserName: Xavi
14:50:04.701 Initialize success
14:54:39.171 AVAST engine defs: 12042900
14:54:43.321 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:54:43.336 Disk 0 Vendor: FUJITSU_ 0085 Size: 152627MB BusType: 3
14:54:43.367 Disk 0 MBR read successfully
14:54:43.367 Disk 0 MBR scan
14:54:43.383 Disk 0 Windows VISTA default MBR code
14:54:43.383 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
14:54:43.399 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152571 MB offset 112640
14:54:43.414 Disk 0 scanning sectors +312578048
14:54:43.539 Disk 0 scanning C:\Windows\system32\drivers
14:55:00.918 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Aluroot-C [Rtk]
14:55:05.957 Disk 0 trace - called modules:
14:55:06.004 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:55:06.020 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87265940]
14:55:06.020 3 CLASSPNP.SYS[8a9a28b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85346028]
14:55:07.814 AVAST engine scan C:\Windows
14:55:15.208 AVAST engine scan C:\Windows\system32
14:59:27.886 AVAST engine scan C:\Windows\system32\drivers
14:59:41.458 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Aluroot-C [Rtk]
14:59:47.558 AVAST engine scan C:\Users\Xavi
15:06:49.923 AVAST engine scan C:\ProgramData
15:07:57.100 Scan finished successfully
15:08:59.896 Disk 0 MBR has been saved successfully to "C:\Users\Xavi\Desktop\MBR.dat"
15:08:59.910 The log file has been saved successfully to "C:\Users\Xavi\Desktop\aswMBR.txt"

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[5ublim3]

15:59:27.0033 1756 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
15:59:27.0517 1756 ============================================================
15:59:27.0517 1756 Current date / time: 2012/04/29 15:59:27.0517
15:59:27.0517 1756 SystemInfo:
15:59:27.0517 1756
15:59:27.0517 1756 OS Version: 6.0.6002 ServicePack: 2.0
15:59:27.0517 1756 Product type: Workstation
15:59:27.0517 1756 ComputerName: XAVI-PC
15:59:27.0517 1756 UserName: Xavi
15:59:27.0517 1756 Windows directory: C:\Windows
15:59:27.0517 1756 System windows directory: C:\Windows
15:59:27.0517 1756 Processor architecture: Intel x86
15:59:27.0517 1756 Number of processors: 2
15:59:27.0517 1756 Page size: 0x1000
15:59:27.0517 1756 Boot type: Normal boot
15:59:27.0517 1756 ============================================================
15:59:27.0954 1756 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:59:27.0954 1756 ============================================================
15:59:27.0954 1756 \Device\Harddisk0\DR0:
15:59:27.0954 1756 MBR partitions:
15:59:27.0954 1756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x129FD800
15:59:27.0954 1756 ============================================================
15:59:27.0986 1756 C: <-> \Device\Harddisk0\DR0\Partition0
15:59:27.0986 1756 ============================================================
15:59:27.0986 1756 Initialize success
15:59:27.0986 1756 ============================================================
15:59:32.0776 2068 ============================================================
15:59:32.0776 2068 Scan started
15:59:32.0776 2068 Mode: Manual;
15:59:32.0776 2068 ============================================================
15:59:33.0275 2068 aavmker4 - ok
15:59:33.0337 2068 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:59:33.0337 2068 ACPI - ok
15:59:33.0431 2068 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:59:33.0431 2068 AdobeARMservice - ok
15:59:33.0540 2068 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:59:33.0540 2068 AdobeFlashPlayerUpdateSvc - ok
15:59:33.0634 2068 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:59:33.0649 2068 adp94xx - ok
15:59:33.0681 2068 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:59:33.0696 2068 adpahci - ok
15:59:33.0727 2068 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:59:33.0727 2068 adpu160m - ok
15:59:33.0743 2068 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:59:33.0759 2068 adpu320 - ok
15:59:33.0790 2068 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:59:33.0805 2068 AeLookupSvc - ok
15:59:33.0899 2068 AESTFilters (087b04ca45e2f059a55709b0b8f95ea9) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
15:59:33.0899 2068 AESTFilters - ok
15:59:33.0961 2068 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:59:33.0961 2068 AFD - ok
15:59:34.0008 2068 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:59:34.0008 2068 agp440 - ok
15:59:34.0024 2068 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:59:34.0024 2068 aic78xx - ok
15:59:34.0071 2068 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:59:34.0071 2068 ALG - ok
15:59:34.0086 2068 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:59:34.0102 2068 aliide - ok
15:59:34.0149 2068 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:59:34.0149 2068 amdagp - ok
15:59:34.0180 2068 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:59:34.0180 2068 amdide - ok
15:59:34.0211 2068 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:59:34.0211 2068 AmdK7 - ok
15:59:34.0227 2068 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:59:34.0227 2068 AmdK8 - ok
15:59:34.0289 2068 AnyDVD (1b1d306ef7518274835cc765a3902be9) C:\Windows\system32\Drivers\AnyDVD.sys
15:59:34.0289 2068 AnyDVD - ok
15:59:34.0336 2068 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\Windows\system32\DRIVERS\Apfiltr.sys
15:59:34.0351 2068 ApfiltrService - ok
15:59:34.0398 2068 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:59:34.0398 2068 Appinfo - ok
15:59:34.0492 2068 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:59:34.0507 2068 Apple Mobile Device - ok
15:59:34.0554 2068 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:59:34.0554 2068 arc - ok
15:59:34.0601 2068 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:59:34.0617 2068 arcsas - ok
15:59:34.0679 2068 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
15:59:34.0679 2068 ASPI - ok
15:59:34.0726 2068 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:59:34.0726 2068 AsyncMac - ok
15:59:34.0757 2068 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:59:34.0757 2068 atapi - ok
15:59:34.0788 2068 atitunep - ok
15:59:34.0851 2068 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:59:34.0866 2068 AudioEndpointBuilder - ok
15:59:34.0866 2068 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:59:34.0866 2068 Audiosrv - ok
15:59:34.0882 2068 awhost32 - ok
15:59:35.0007 2068 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:59:35.0053 2068 BCM43XX - ok
15:59:35.0085 2068 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:59:35.0085 2068 Beep - ok
15:59:35.0163 2068 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
15:59:35.0163 2068 BFE - ok
15:59:35.0241 2068 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
15:59:35.0272 2068 BITS - ok
15:59:35.0287 2068 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:59:35.0287 2068 blbdrive - ok
15:59:35.0677 2068 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:59:35.0677 2068 Bonjour Service - ok
15:59:35.0724 2068 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:59:35.0724 2068 bowser - ok
15:59:35.0771 2068 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:59:35.0771 2068 BrFiltLo - ok
15:59:35.0787 2068 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:59:35.0787 2068 BrFiltUp - ok
15:59:35.0818 2068 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:59:35.0818 2068 Browser - ok
15:59:35.0849 2068 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:59:35.0849 2068 Brserid - ok
15:59:35.0865 2068 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:59:35.0865 2068 BrSerWdm - ok
15:59:35.0880 2068 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:59:35.0880 2068 BrUsbMdm - ok
15:59:35.0911 2068 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:59:35.0911 2068 BrUsbSer - ok
15:59:35.0958 2068 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:59:35.0958 2068 BTHMODEM - ok
15:59:35.0974 2068 CAMFLT - ok
15:59:36.0021 2068 catchme - ok
15:59:36.0052 2068 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:59:36.0052 2068 cdfs - ok
15:59:36.0114 2068 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:59:36.0114 2068 cdrom - ok
15:59:36.0130 2068 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:59:36.0130 2068 CertPropSvc - ok
15:59:36.0145 2068 cics.region2 - ok
15:59:36.0177 2068 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:59:36.0177 2068 circlass - ok
15:59:36.0223 2068 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:59:36.0223 2068 CLFS - ok
15:59:36.0286 2068 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:59:36.0286 2068 clr_optimization_v2.0.50727_32 - ok
15:59:36.0364 2068 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:59:36.0364 2068 clr_optimization_v4.0.30319_32 - ok
15:59:36.0411 2068 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:59:36.0411 2068 CmBatt - ok
15:59:36.0442 2068 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:59:36.0442 2068 cmdide - ok
15:59:36.0473 2068 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:59:36.0473 2068 Compbatt - ok
15:59:36.0473 2068 COMSysApp - ok
15:59:36.0520 2068 cpudrv - ok
15:59:36.0520 2068 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:59:36.0520 2068 crcdisk - ok
15:59:36.0551 2068 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:59:36.0551 2068 Crusoe - ok
15:59:36.0598 2068 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
15:59:36.0598 2068 CryptSvc - ok
15:59:36.0598 2068 ctaud2k - ok
15:59:36.0676 2068 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:59:36.0676 2068 DcomLaunch - ok
15:59:36.0723 2068 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:59:36.0723 2068 DfsC - ok
15:59:36.0879 2068 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
15:59:36.0925 2068 DFSR - ok
15:59:37.0097 2068 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
15:59:37.0113 2068 Dhcp - ok
15:59:37.0159 2068 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:59:37.0159 2068 disk - ok
15:59:37.0159 2068 diskperf - ok
15:59:37.0191 2068 DniVad - ok
15:59:37.0222 2068 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
15:59:37.0222 2068 Dnscache - ok
15:59:37.0253 2068 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
15:59:37.0269 2068 dot3svc - ok
15:59:37.0284 2068 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:59:37.0300 2068 DPS - ok
15:59:37.0331 2068 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:59:37.0331 2068 drmkaud - ok
15:59:37.0393 2068 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:59:37.0409 2068 DXGKrnl - ok
15:59:37.0456 2068 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:59:37.0456 2068 E1G60 - ok
15:59:37.0456 2068 EACSvrMngr - ok
15:59:37.0487 2068 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:59:37.0487 2068 EapHost - ok
15:59:37.0534 2068 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:59:37.0534 2068 Ecache - ok
15:59:37.0581 2068 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
15:59:37.0596 2068 ehRecvr - ok
15:59:37.0627 2068 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
15:59:37.0627 2068 ehSched - ok
15:59:37.0627 2068 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
15:59:37.0627 2068 ehstart - ok
15:59:37.0674 2068 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
15:59:37.0690 2068 ElbyCDIO - ok
15:59:37.0752 2068 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:59:37.0768 2068 elxstor - ok
15:59:37.0846 2068 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
15:59:37.0877 2068 EMDMgmt - ok
15:59:37.0877 2068 epsonbidirectionalservice - ok
15:59:37.0908 2068 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:59:37.0908 2068 ErrDev - ok
15:59:37.0971 2068 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
15:59:37.0971 2068 EventSystem - ok
15:59:38.0033 2068 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:59:38.0033 2068 exfat - ok
15:59:38.0080 2068 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:59:38.0080 2068 fastfat - ok
15:59:38.0127 2068 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:59:38.0127 2068 fdc - ok
15:59:38.0158 2068 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:59:38.0158 2068 fdPHost - ok
15:59:38.0173 2068 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:59:38.0173 2068 FDResPub - ok
15:59:38.0173 2068 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:59:38.0173 2068 FileInfo - ok
15:59:38.0189 2068 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:59:38.0189 2068 Filetrace - ok
15:59:38.0220 2068 firelm01 - ok
15:59:38.0251 2068 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:59:38.0251 2068 flpydisk - ok
15:59:38.0298 2068 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:59:38.0298 2068 FltMgr - ok
15:59:38.0407 2068 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
15:59:38.0423 2068 FontCache - ok
15:59:38.0470 2068 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:59:38.0470 2068 FontCache3.0.0.0 - ok
15:59:38.0501 2068 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
15:59:38.0501 2068 Fs_Rec - ok
15:59:38.0532 2068 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:59:38.0532 2068 gagp30kx - ok
15:59:38.0548 2068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:59:38.0548 2068 GEARAspiWDM - ok
15:59:38.0595 2068 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
15:59:38.0626 2068 gpsvc - ok
15:59:38.0719 2068 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:59:38.0719 2068 gupdate - ok
15:59:38.0735 2068 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:59:38.0735 2068 gupdatem - ok
15:59:38.0797 2068 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:59:38.0813 2068 HdAudAddService - ok
15:59:38.0891 2068 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:59:38.0907 2068 HDAudBus - ok
15:59:38.0938 2068 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:59:38.0938 2068 HidBth - ok
15:59:38.0969 2068 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:59:38.0969 2068 HidIr - ok
15:59:39.0000 2068 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
15:59:39.0000 2068 hidserv - ok
15:59:39.0031 2068 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:59:39.0031 2068 HidUsb - ok
15:59:39.0078 2068 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:59:39.0078 2068 hkmsvc - ok
15:59:39.0109 2068 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:59:39.0109 2068 HpCISSs - ok
15:59:39.0187 2068 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:59:39.0203 2068 HTTP - ok
15:59:39.0234 2068 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:59:39.0234 2068 i2omp - ok
15:59:39.0281 2068 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:59:39.0281 2068 i8042prt - ok
15:59:39.0343 2068 iaStor (4b80b97cbf0782b3bb3057f88d42c367) C:\Windows\system32\DRIVERS\iaStor.sys
15:59:39.0343 2068 iaStor - ok
15:59:39.0390 2068 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:59:39.0406 2068 iaStorV - ok
15:59:39.0515 2068 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:59:39.0546 2068 idsvc - ok
15:59:40.0108 2068 igfx (aa1636107c0c05a881bfbce41142c70f) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:59:40.0295 2068 igfx - ok
15:59:40.0467 2068 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:59:40.0467 2068 iirsp - ok
15:59:40.0529 2068 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
15:59:40.0560 2068 IKEEXT - ok
15:59:40.0560 2068 imapiservice - ok
15:59:40.0591 2068 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:59:40.0591 2068 intelide - ok
15:59:40.0607 2068 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:59:40.0607 2068 intelppm - ok
15:59:40.0638 2068 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:59:40.0638 2068 IPBusEnum - ok
15:59:40.0669 2068 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:59:40.0669 2068 IpFilterDriver - ok
15:59:40.0732 2068 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
15:59:40.0732 2068 iphlpsvc - ok
15:59:40.0747 2068 IpInIp - ok
15:59:40.0779 2068 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:59:40.0779 2068 IPMIDRV - ok
15:59:40.0794 2068 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:59:40.0794 2068 IPNAT - ok
15:59:40.0919 2068 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
15:59:40.0919 2068 iPod Service - ok
15:59:40.0935 2068 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:59:40.0935 2068 IRENUM - ok
15:59:40.0981 2068 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:59:40.0981 2068 isapnp - ok
15:59:41.0044 2068 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:59:41.0059 2068 iScsiPrt - ok
15:59:41.0091 2068 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:59:41.0091 2068 iteatapi - ok
15:59:41.0106 2068 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:59:41.0106 2068 iteraid - ok
15:59:41.0122 2068 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:59:41.0122 2068 kbdclass - ok
15:59:41.0153 2068 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
15:59:41.0153 2068 kbdhid - ok
15:59:41.0169 2068 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:59:41.0169 2068 KeyIso - ok
15:59:41.0184 2068 konfig - ok
15:59:41.0215 2068 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:59:41.0247 2068 KSecDD - ok
15:59:41.0293 2068 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:59:41.0293 2068 KtmRm - ok
15:59:41.0340 2068 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
15:59:41.0340 2068 LanmanServer - ok
15:59:41.0371 2068 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
15:59:41.0387 2068 LanmanWorkstation - ok
15:59:41.0403 2068 lbtserv - ok
15:59:41.0403 2068 LHidUsbK - ok
15:59:41.0496 2068 LightScribeService (75ac54b996f7c8e17594ebc32b6614bd) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:59:41.0496 2068 LightScribeService - ok
15:59:41.0527 2068 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:59:41.0527 2068 lltdio - ok
15:59:41.0559 2068 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:59:41.0574 2068 lltdsvc - ok
15:59:41.0590 2068 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:59:41.0590 2068 lmhosts - ok
15:59:41.0621 2068 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:59:41.0621 2068 LSI_FC - ok
15:59:41.0668 2068 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:59:41.0683 2068 LSI_SAS - ok
15:59:41.0699 2068 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:59:41.0699 2068 LSI_SCSI - ok
15:59:41.0730 2068 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:59:41.0730 2068 luafv - ok
15:59:41.0730 2068 lxby_device - ok
15:59:41.0730 2068 lxcd_device - ok
15:59:41.0746 2068 MaxtorFrontPanel1 - ok
15:59:41.0761 2068 mcrdsvc - ok
15:59:41.0808 2068 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2svc.dll
15:59:41.0808 2068 Mcx2Svc - ok
15:59:41.0855 2068 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:59:41.0855 2068 megasas - ok
15:59:41.0902 2068 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:59:41.0917 2068 MegaSR - ok
15:59:41.0917 2068 mgabgexe - ok
15:59:41.0949 2068 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:59:41.0949 2068 MMCSS - ok
15:59:41.0949 2068 mnsframework - ok
15:59:41.0964 2068 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:59:41.0964 2068 Modem - ok
15:59:41.0980 2068 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:59:41.0980 2068 monitor - ok
15:59:42.0027 2068 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:59:42.0027 2068 mouclass - ok
15:59:42.0027 2068 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:59:42.0027 2068 mouhid - ok
15:59:42.0042 2068 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:59:42.0042 2068 MountMgr - ok
15:59:42.0105 2068 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:59:42.0105 2068 mpio - ok
15:59:42.0136 2068 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:59:42.0136 2068 mpsdrv - ok
15:59:42.0198 2068 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
15:59:42.0198 2068 MpsSvc - ok
15:59:42.0229 2068 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:59:42.0229 2068 Mraid35x - ok
15:59:42.0245 2068 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:59:42.0261 2068 MRxDAV - ok
15:59:42.0276 2068 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:59:42.0276 2068 mrxsmb - ok
15:59:42.0323 2068 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:59:42.0339 2068 mrxsmb10 - ok
15:59:42.0339 2068 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:59:42.0354 2068 mrxsmb20 - ok
15:59:42.0385 2068 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
15:59:42.0385 2068 msahci - ok
15:59:42.0432 2068 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:59:42.0432 2068 msdsm - ok
15:59:42.0510 2068 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:59:42.0510 2068 MSDTC - ok
15:59:42.0557 2068 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:59:42.0557 2068 Msfs - ok
15:59:42.0573 2068 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:59:42.0573 2068 msisadrv - ok
15:59:42.0619 2068 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:59:42.0619 2068 MSiSCSI - ok
15:59:42.0619 2068 msiserver - ok
15:59:42.0666 2068 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:59:42.0666 2068 MSKSSRV - ok
15:59:42.0697 2068 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:59:42.0697 2068 MSPCLOCK - ok
15:59:42.0713 2068 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:59:42.0713 2068 MSPQM - ok
15:59:42.0760 2068 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:59:42.0760 2068 MsRPC - ok
15:59:42.0791 2068 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:59:42.0791 2068 mssmbios - ok
15:59:42.0807 2068 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:59:42.0807 2068 MSTEE - ok
15:59:42.0822 2068 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:59:42.0822 2068 Mup - ok
15:59:42.0869 2068 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
15:59:42.0885 2068 napagent - ok
15:59:42.0931 2068 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:59:42.0931 2068 NativeWifiP - ok
15:59:42.0994 2068 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:59:43.0009 2068 NDIS - ok
15:59:43.0041 2068 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:59:43.0041 2068 NdisTapi - ok
15:59:43.0041 2068 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:59:43.0041 2068 Ndisuio - ok
15:59:43.0056 2068 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:59:43.0072 2068 NdisWan - ok
15:59:43.0072 2068 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:59:43.0087 2068 NDProxy - ok
15:59:43.0243 2068 Nero BackItUp Scheduler 3 (6d4028d458eaaa1782099750790dc8c9) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
15:59:43.0243 2068 Nero BackItUp Scheduler 3 - ok
15:59:43.0259 2068 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:59:43.0259 2068 NetBIOS - ok
15:59:43.0290 2068 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:59:43.0306 2068 netbt - ok
15:59:43.0337 2068 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:59:43.0337 2068 Netlogon - ok
15:59:43.0384 2068 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:59:43.0399 2068 Netman - ok
15:59:43.0415 2068 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:59:43.0431 2068 netprofm - ok
15:59:43.0493 2068 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:59:43.0493 2068 NetTcpPortSharing - ok
15:59:43.0540 2068 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:59:43.0540 2068 nfrd960 - ok
15:59:43.0587 2068 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:59:43.0602 2068 NlaSvc - ok
15:59:43.0727 2068 NMIndexingService (d36107465e716cf2335a25c54b6d11c2) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
15:59:43.0758 2068 NMIndexingService - ok
15:59:43.0789 2068 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:59:43.0789 2068 Npfs - ok
15:59:43.0821 2068 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:59:43.0821 2068 nsi - ok
15:59:43.0852 2068 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:59:43.0852 2068 nsiproxy - ok
15:59:43.0945 2068 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:59:43.0961 2068 Ntfs - ok
15:59:43.0992 2068 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:59:43.0992 2068 ntrigdigi - ok
15:59:43.0992 2068 ntrtscan - ok
15:59:44.0023 2068 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:59:44.0023 2068 Null - ok
15:59:44.0055 2068 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:59:44.0070 2068 nvraid - ok
15:59:44.0086 2068 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:59:44.0086 2068 nvstor - ok
15:59:44.0117 2068 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:59:44.0117 2068 nv_agp - ok
15:59:44.0117 2068 NwlnkFlt - ok
15:59:44.0133 2068 NwlnkFwd - ok
15:59:44.0179 2068 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
15:59:44.0179 2068 ohci1394 - ok
15:59:44.0289 2068 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:59:44.0289 2068 ose - ok
15:59:44.0367 2068 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:59:44.0382 2068 p2pimsvc - ok
15:59:44.0382 2068 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:59:44.0398 2068 p2psvc - ok
15:59:44.0476 2068 PAC207 (4a410c7aea51123519c20d43a20bce96) C:\Windows\system32\DRIVERS\PFC027.SYS
15:59:44.0491 2068 PAC207 - ok
15:59:44.0538 2068 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:59:44.0538 2068 Parport - ok
15:59:44.0569 2068 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:59:44.0569 2068 partmgr - ok
15:59:44.0585 2068 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:59:44.0585 2068 Parvdm - ok
15:59:44.0616 2068 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:59:44.0632 2068 PcaSvc - ok
15:59:44.0663 2068 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:59:44.0663 2068 pci - ok
15:59:44.0694 2068 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
15:59:44.0710 2068 pciide - ok
15:59:44.0725 2068 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:59:44.0741 2068 pcmcia - ok
15:59:44.0757 2068 pctavsvc - ok
15:59:44.0757 2068 pdlnebas - ok
15:59:44.0850 2068 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:59:44.0866 2068 PEAUTH - ok
15:59:44.0991 2068 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:59:45.0037 2068 pla - ok
15:59:45.0396 2068 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
15:59:45.0412 2068 PlugPlay - ok
15:59:45.0474 2068 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:59:45.0474 2068 PNRPAutoReg - ok
15:59:45.0490 2068 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:59:45.0490 2068 PNRPsvc - ok
15:59:45.0552 2068 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
15:59:45.0552 2068 PolicyAgent - ok
15:59:45.0599 2068 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:59:45.0615 2068 PptpMiniport - ok
15:59:45.0630 2068 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:59:45.0630 2068 Processor - ok
15:59:45.0677 2068 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
15:59:45.0693 2068 ProfSvc - ok
15:59:45.0724 2068 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:59:45.0724 2068 ProtectedStorage - ok
15:59:45.0755 2068 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:59:45.0755 2068 PSched - ok
15:59:45.0771 2068 qkbfiltr - ok
15:59:45.0771 2068 ql10wnt - ok
15:59:45.0771 2068 ql1240 - ok
15:59:45.0895 2068 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:59:45.0927 2068 ql2300 - ok
15:59:45.0958 2068 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:59:45.0958 2068 ql40xx - ok
15:59:46.0020 2068 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:59:46.0020 2068 QWAVE - ok
15:59:46.0051 2068 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:59:46.0051 2068 QWAVEdrv - ok
15:59:46.0067 2068 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:59:46.0067 2068 RasAcd - ok
15:59:46.0114 2068 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:59:46.0114 2068 RasAuto - ok
15:59:46.0129 2068 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:59:46.0145 2068 Rasl2tp - ok
15:59:46.0176 2068 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
15:59:46.0192 2068 RasMan - ok
15:59:46.0207 2068 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:59:46.0223 2068 RasPppoe - ok
15:59:46.0223 2068 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:59:46.0239 2068 RasSstp - ok
15:59:46.0270 2068 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:59:46.0285 2068 rdbss - ok
15:59:46.0301 2068 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:59:46.0301 2068 RDPCDD - ok
15:59:46.0363 2068 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:59:46.0363 2068 rdpdr - ok
15:59:46.0363 2068 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:59:46.0363 2068 RDPENCDD - ok
15:59:46.0410 2068 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
15:59:46.0426 2068 RDPWD - ok
15:59:46.0457 2068 relational - ok
15:59:46.0488 2068 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:59:46.0488 2068 RemoteAccess - ok
15:59:46.0894 2068 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
15:59:46.0894 2068 RemoteRegistry - ok
15:59:46.0941 2068 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
15:59:46.0941 2068 RimUsb - ok
15:59:46.0972 2068 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:59:46.0972 2068 RpcLocator - ok
15:59:47.0221 2068 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:59:47.0237 2068 RpcSs - ok
15:59:47.0362 2068 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:59:47.0362 2068 rspndr - ok
15:59:47.0362 2068 rsvchost - ok
15:59:47.0424 2068 RTSTOR (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS
15:59:47.0424 2068 RTSTOR - ok
15:59:47.0455 2068 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:59:47.0455 2068 SamSs - ok
15:59:47.0487 2068 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:59:47.0487 2068 sbp2port - ok
15:59:47.0533 2068 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
15:59:47.0533 2068 SCardSvr - ok
15:59:48.0157 2068 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
15:59:48.0173 2068 Schedule - ok
15:59:48.0204 2068 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:59:48.0204 2068 SCPolicySvc - ok
15:59:48.0501 2068 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:59:48.0516 2068 SDRSVC - ok
15:59:48.0547 2068 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:59:48.0547 2068 secdrv - ok
15:59:48.0579 2068 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:59:48.0579 2068 seclogon - ok
15:59:48.0594 2068 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
15:59:48.0594 2068 SENS - ok
15:59:48.0610 2068 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:59:48.0610 2068 Serenum - ok
15:59:48.0641 2068 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:59:48.0641 2068 Serial - ok
15:59:48.0688 2068 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:59:48.0688 2068 sermouse - ok
15:59:48.0688 2068 server - ok
15:59:48.0735 2068 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:59:48.0750 2068 SessionEnv - ok
15:59:48.0766 2068 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:59:48.0766 2068 sffdisk - ok
15:59:48.0797 2068 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:59:48.0797 2068 sffp_mmc - ok
15:59:48.0828 2068 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:59:48.0828 2068 sffp_sd - ok
15:59:48.0844 2068 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:59:48.0844 2068 sfloppy - ok
15:59:48.0844 2068 sfrem01 - ok
15:59:48.0891 2068 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:59:48.0891 2068 SharedAccess - ok
15:59:48.0937 2068 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
15:59:48.0937 2068 ShellHWDetection - ok
15:59:48.0969 2068 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:59:48.0969 2068 sisagp - ok
15:59:48.0969 2068 siskp - ok
15:59:49.0000 2068 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:59:49.0000 2068 SiSRaid2 - ok
15:59:49.0015 2068 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:59:49.0031 2068 SiSRaid4 - ok
15:59:49.0561 2068 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
15:59:49.0593 2068 slsvc - ok
15:59:49.0967 2068 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
15:59:49.0983 2068 SLUINotify - ok
15:59:50.0014 2068 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:59:50.0014 2068 SNMPTRAP - ok
15:59:50.0029 2068 sonicatheaterinstallerservice - ok
15:59:50.0076 2068 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:59:50.0076 2068 spldr - ok
15:59:50.0139 2068 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
15:59:50.0154 2068 Spooler - ok
15:59:50.0404 2068 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys

 

[5ublim3]

15:59:50.0451 2068 sptd - ok
15:59:50.0841 2068 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:59:50.0856 2068 srv - ok
15:59:51.0137 2068 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:59:51.0137 2068 srv2 - ok
15:59:51.0199 2068 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:59:51.0199 2068 srvnet - ok
15:59:51.0246 2068 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:59:51.0262 2068 SSDPSRV - ok
15:59:51.0293 2068 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:59:51.0309 2068 SstpSvc - ok
15:59:51.0948 2068 STacSV (cb2449150a5ea17caa0b94363d9440cc) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
15:59:51.0948 2068 STacSV - ok
15:59:52.0042 2068 STHDA (14a9ad287fda70a06463e09c4328c1f2) C:\Windows\system32\DRIVERS\stwrt.sys
15:59:52.0057 2068 STHDA - ok
15:59:52.0151 2068 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
15:59:52.0182 2068 stisvc - ok
15:59:52.0213 2068 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:59:52.0213 2068 swenum - ok
15:59:52.0323 2068 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
15:59:52.0354 2068 swprv - ok
15:59:52.0354 2068 symantecantibotfilter - ok
15:59:52.0369 2068 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:59:52.0385 2068 Symc8xx - ok
15:59:52.0432 2068 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:59:52.0447 2068 Sym_hi - ok
15:59:52.0463 2068 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:59:52.0463 2068 Sym_u3 - ok
15:59:52.0541 2068 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
15:59:52.0572 2068 SysMain - ok
15:59:52.0603 2068 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:59:52.0603 2068 TabletInputService - ok
15:59:52.0650 2068 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
15:59:52.0666 2068 TapiSrv - ok
15:59:52.0681 2068 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:59:52.0681 2068 TBS - ok
15:59:53.0243 2068 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:59:53.0259 2068 Tcpip - ok
15:59:53.0274 2068 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:59:53.0274 2068 Tcpip6 - ok
15:59:53.0305 2068 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:59:53.0305 2068 tcpipreg - ok
15:59:53.0352 2068 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:59:53.0368 2068 TDPIPE - ok
15:59:53.0383 2068 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:59:53.0383 2068 TDTCP - ok
15:59:53.0415 2068 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:59:53.0415 2068 tdx - ok
15:59:53.0461 2068 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:59:53.0461 2068 TermDD - ok
15:59:53.0851 2068 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
15:59:53.0883 2068 TermService - ok
15:59:53.0929 2068 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
15:59:53.0929 2068 Themes - ok
15:59:54.0007 2068 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:59:54.0007 2068 THREADORDER - ok
15:59:54.0085 2068 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\Windows\system32\drivers\tiehdusb.sys
15:59:54.0085 2068 TIEHDUSB - ok
15:59:54.0085 2068 tmtdi - ok
15:59:54.0132 2068 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:59:54.0132 2068 TrkWks - ok
15:59:54.0210 2068 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
15:59:54.0210 2068 TrustedInstaller - ok
15:59:54.0273 2068 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:59:54.0273 2068 tssecsrv - ok
15:59:54.0304 2068 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:59:54.0319 2068 tunmp - ok
15:59:54.0335 2068 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:59:54.0335 2068 tunnel - ok
15:59:54.0351 2068 TVALG - ok
15:59:54.0382 2068 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:59:54.0382 2068 uagp35 - ok
15:59:54.0429 2068 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:59:54.0444 2068 udfs - ok
15:59:54.0475 2068 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:59:54.0475 2068 UI0Detect - ok
15:59:54.0507 2068 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:59:54.0507 2068 uliagpkx - ok
15:59:54.0553 2068 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:59:54.0569 2068 uliahci - ok
15:59:54.0585 2068 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:59:54.0585 2068 UlSata - ok
15:59:54.0616 2068 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:59:54.0631 2068 ulsata2 - ok
15:59:54.0647 2068 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:59:54.0647 2068 umbus - ok
15:59:54.0694 2068 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:59:54.0694 2068 upnphost - ok
15:59:54.0709 2068 USA49W2KP - ok
15:59:54.0741 2068 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
15:59:54.0741 2068 USBAAPL - ok
15:59:54.0787 2068 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:59:54.0787 2068 usbccgp - ok
15:59:54.0834 2068 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:59:54.0834 2068 usbcir - ok
15:59:54.0897 2068 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:59:54.0897 2068 usbehci - ok
15:59:54.0943 2068 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:59:54.0959 2068 usbhub - ok
15:59:54.0990 2068 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:59:54.0990 2068 usbohci - ok
15:59:55.0021 2068 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:59:55.0021 2068 usbprint - ok
15:59:55.0053 2068 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:59:55.0068 2068 USBSTOR - ok
15:59:55.0084 2068 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:59:55.0084 2068 usbuhci - ok
15:59:55.0115 2068 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
15:59:55.0131 2068 UxSms - ok
15:59:55.0131 2068 VAIOMediaPlatform-VideoServer-UPnP - ok
15:59:55.0162 2068 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
15:59:55.0177 2068 vds - ok
15:59:55.0224 2068 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:59:55.0224 2068 vga - ok
15:59:55.0255 2068 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:59:55.0255 2068 VgaSave - ok
15:59:55.0271 2068 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:59:55.0271 2068 viaagp - ok
15:59:55.0302 2068 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:59:55.0302 2068 ViaC7 - ok
15:59:55.0318 2068 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:59:55.0318 2068 viaide - ok
15:59:55.0333 2068 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:59:55.0333 2068 volmgr - ok
15:59:55.0380 2068 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:59:55.0396 2068 volmgrx - ok
15:59:55.0443 2068 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:59:55.0443 2068 volsnap - ok
15:59:55.0505 2068 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:59:55.0505 2068 vsmraid - ok
15:59:55.0599 2068 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
15:59:55.0614 2068 VSS - ok
15:59:55.0645 2068 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
15:59:55.0645 2068 W32Time - ok
15:59:55.0661 2068 w810mdfl - ok
15:59:55.0708 2068 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:59:55.0708 2068 WacomPen - ok
15:59:55.0755 2068 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:59:55.0755 2068 Wanarp - ok
15:59:55.0755 2068 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:59:55.0755 2068 Wanarpv6 - ok
15:59:55.0817 2068 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
15:59:55.0833 2068 wcncsvc - ok
15:59:55.0864 2068 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:59:55.0864 2068 WcsPlugInService - ok
15:59:55.0895 2068 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:59:55.0895 2068 Wd - ok
15:59:55.0957 2068 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:59:55.0957 2068 Wdf01000 - ok
15:59:55.0989 2068 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:59:55.0989 2068 WdiServiceHost - ok
15:59:55.0989 2068 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:59:55.0989 2068 WdiSystemHost - ok
15:59:56.0035 2068 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
15:59:56.0051 2068 WebClient - ok
15:59:56.0098 2068 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
15:59:56.0113 2068 Wecsvc - ok
15:59:56.0129 2068 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:59:56.0145 2068 wercplsupport - ok
15:59:56.0176 2068 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
15:59:56.0191 2068 WerSvc - ok
15:59:56.0269 2068 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:59:56.0285 2068 WinDefend - ok
15:59:56.0285 2068 WinHttpAutoProxySvc - ok
15:59:56.0363 2068 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
15:59:56.0379 2068 Winmgmt - ok
15:59:56.0488 2068 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
15:59:56.0519 2068 WinRM - ok
15:59:56.0535 2068 WISTechVIDCAP - ok
15:59:56.0597 2068 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
15:59:56.0613 2068 Wlansvc - ok
15:59:56.0675 2068 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:59:56.0675 2068 WmiAcpi - ok
15:59:56.0753 2068 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
15:59:56.0753 2068 wmiApSrv - ok
15:59:56.0878 2068 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:59:56.0909 2068 WMPNetworkSvc - ok
15:59:56.0940 2068 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
15:59:56.0956 2068 WPCSvc - ok
15:59:57.0003 2068 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
15:59:57.0003 2068 WPDBusEnum - ok
15:59:57.0065 2068 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:59:57.0065 2068 WpdUsb - ok
15:59:57.0221 2068 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:59:57.0252 2068 WPFFontCache_v0400 - ok
15:59:57.0283 2068 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:59:57.0283 2068 ws2ifsl - ok
15:59:57.0299 2068 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
15:59:57.0299 2068 wscsvc - ok
15:59:57.0315 2068 WSearch - ok
15:59:57.0455 2068 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
15:59:57.0502 2068 wuauserv - ok
15:59:57.0689 2068 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:59:57.0689 2068 WUDFRd - ok
15:59:57.0736 2068 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:59:57.0736 2068 wudfsvc - ok
15:59:57.0751 2068 yksvc - ok
15:59:57.0814 2068 yukonwlh (1a51df1a5c658d534ed980d18f7982de) C:\Windows\system32\DRIVERS\yk60x86.sys
15:59:57.0829 2068 yukonwlh - ok
15:59:57.0845 2068 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:59:57.0923 2068 \Device\Harddisk0\DR0 - ok
15:59:57.0923 2068 Boot (0x1200) (b4101a08d1612db421125664fc994eb7) \Device\Harddisk0\DR0\Partition0
15:59:57.0923 2068 \Device\Harddisk0\DR0\Partition0 - ok
15:59:57.0923 2068 ============================================================
15:59:57.0923 2068 Scan finished
15:59:57.0923 2068 ============================================================
15:59:57.0939 3508 Detected object count: 0
15:59:57.0939 3508 Actual detected object count: 0

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[5ublim3]

ComboFix 12-04-29.02 - Xavi 04/29/2012 16:26:51.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3032.1862 [GMT -5:00]
Running from: c:\users\Xavi\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 21:31 . 2012-04-29 21:31 -------- d-----w- c:\users\Xavi\AppData\Local\temp
2012-04-29 21:31 . 2012-04-29 21:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-29 19:09 . 2012-04-29 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-29 19:09 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 18:49 . 2012-04-29 18:49 -------- d-----w- C:\dell
2012-04-29 14:13 . 2012-04-29 18:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-28 19:37 . 2012-04-28 19:40 -------- d-----w- C:\jgh
2012-04-28 16:09 . 2012-04-28 16:09 -------- d-----w- c:\users\Xavi\AppData\Roaming\Malwarebytes
2012-04-28 16:09 . 2012-04-28 16:20 -------- d-----w- c:\programdata\Malwarebytes
2012-04-21 19:38 . 2012-04-21 19:38 0 ----a-w- c:\windows\invcol.tmp
2012-04-21 19:18 . 2011-12-06 20:55 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-04-20 10:59 . 2012-04-21 20:46 -------- d-----w- c:\program files\World of Warcraft Beta
2012-04-20 10:58 . 2012-04-20 10:58 -------- d-----w- c:\programdata\Battle.net
2012-04-11 05:51 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-09 21:03 . 2012-04-14 01:48 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-09 21:03 . 2012-04-09 21:03 -------- d-----w- c:\programdata\SlySoft
2012-04-09 20:59 . 2012-04-09 20:59 -------- d-----w- c:\program files\SlySoft
2012-04-09 20:53 . 2012-04-09 22:08 -------- d-----w- c:\programdata\DVD Shrink
2012-04-09 20:53 . 2012-04-09 20:53 -------- d-----w- c:\program files\DVD Shrink
2012-04-06 03:20 . 2012-04-06 03:20 -------- d-----w- c:\users\Xavi\AppData\Roaming\Doblon
2012-04-06 03:19 . 2012-04-06 03:19 -------- d-----w- c:\program files\Common Files\Doblon
2012-04-06 03:19 . 2012-04-06 03:19 -------- d-----w- c:\program files\Common Files\cdrdao
2012-03-31 02:13 . 2012-04-06 03:19 -------- d-----w- c:\program files\Doblon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 01:48 . 2011-06-11 21:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-09 14:12 . 2012-03-09 14:12 121208 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2012-02-14 15:45 . 2012-03-14 01:10 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 01:10 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 01:10 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 01:10 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 01:10 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16 . 2012-03-14 01:10 2044416 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-20 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-02 200704]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-11-19 483420]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-11 323584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2520783751-165864320-3817540785-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-11-18 81920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 14683384
*NewlyCreated* - ASWMBR
*NewlyCreated* - KXLDIPOD
*Deregistered* - 14683384
*Deregistered* - aswMBR
*Deregistered* - kxldipod
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
CAMFLT
diskperf
DniVad
mgabgexe
firelm01
LHidUsbK
ntrtscan
w810mdfl
konfig
epsonbidirectionalservice
tmtdi
ctaud2k
atitunep
imapiservice
ql1240
cics.region2
lbtserv
mcrdsvc
VAIOMediaPlatform-VideoServer-UPnP
siskp
ultra66
ESMCR
deventagent
Wbutton
alertmanager
pdlnebas
aavmker4
MaxtorFrontPanel1
USA49W2KP
EACSvrMngr
symantecantibotfilter
mnsframework
rsvchost
lxby_device
sonicatheaterinstallerservice
relational
server
lxcd_device
sfrem01
ql10wnt
pctavsvc
WISTechVIDCAP
qkbfiltr
TVALG
awhost32
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-09-20 02:46 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 01:48]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-15 03:57]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-15 03:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-29 16:31
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-04-29 16:33:10
ComboFix-quarantined-files.txt 2012-04-29 21:33
ComboFix2.txt 2012-04-29 13:04
.
Pre-Run: 44,485,496,832 bytes free
Post-Run: 44,589,121,536 bytes free
.
- - End Of File - - AE6F0F1D9C019F36D7FEF65333F64A19

 

[Broni]

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
smb.sys
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[5ublim3]

OTL logfile created on: 4/29/2012 4:53:10 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Xavi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 62.45% Memory free
6.13 Gb Paging File | 5.06 Gb Available in Paging File | 82.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 41.46 Gb Free Space | 27.82% Space Free | Partition Type: NTFS

Computer Name: XAVI-PC | User Name: Xavi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/29 16:52:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Xavi\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/21 13:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/11/19 18:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/18 20:19:28 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/11/18 20:19:28 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008/11/17 19:22:44 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
PRC - [2008/08/01 23:12:24 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/06/30 10:36:44 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/23 14:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/03/21 20:32:04 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/12/10 19:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
PRC - [2007/10/25 17:23:36 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/03/21 13:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 13:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2007/08/14 15:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mwsarcpkt.dll -- (WISTechVIDCAP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\swwd.dll -- (w810mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SetupSys.dll -- (VAIOMediaPlatform-VideoServer-UPnP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aswrdr.dll -- (USA49W2KP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxcf_device.dll -- (TVALG)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Pnp680r.dll -- (tmtdi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracle_load_balancer_60_server-forms6ip14.dll -- (symantecantibotfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hpt3xx.dll -- (sonicatheaterinstallerservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winmgmt.dll -- (siskp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\flashcom.dll -- (sfrem01)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NwSapAgent.dll -- (server)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\isdrv122.dll -- (rsvchost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\id2scaps.dll -- (relational)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ngdbserv.dll -- (ql1240)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nwlnkipx.dll -- (ql10wnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\odclientservice.dll -- (qkbfiltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmap.dll -- (pdlnebas)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SetupNT.dll -- (pctavsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qkbfiltr.dll -- (ntrtscan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\W55U01.dll -- (mnsframework)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tandpl.dll -- (mgabgexe)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eventclientmultiplexer.dll -- (mcrdsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slabser.dll -- (MaxtorFrontPanel1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iAimFP6.dll -- (lxcd_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nwlnknb.dll -- (lxby_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ood2000.dll -- (LHidUsbK)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AVerBDA.dll -- (lbtserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\F700ius.dll -- (konfig)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SiS300i.dll -- (imapiservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dsNcAdpt.dll -- (firelm01)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tosrfsnd.dll -- (epsonbidirectionalservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CA561.dll -- (EACSvrMngr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\streamip.dll -- (DniVad)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vrfwsvc.dll -- (diskperf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rapapp.dll -- (ctaud2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\xmlprov.dll -- (cics.region2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ESMCR.dll -- (CAMFLT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Tb2RCAssist.dll -- (awhost32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PEVSystemStart.dll -- (atitunep)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cwafadmincontroller.dll -- (aavmker4)
SRV - [2012/04/13 20:48:09 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/11/18 20:19:28 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/11/17 19:22:44 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Xavi\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/09 09:12:36 | 000,121,208 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/07/31 00:00:46 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/11/18 20:19:28 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/07/24 18:42:48 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/02/13 17:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2002/07/17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2520783751-165864320-3817540785-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2520783751-165864320-3817540785-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2520783751-165864320-3817540785-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2520783751-165864320-3817540785-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2520783751-165864320-3817540785-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...b8ee9c60b8c&lang=en&ds=AVG&pr=pr&d=2012-04-28 13:12:33&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2520783751-165864320-3817540785-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2520783751-165864320-3817540785-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/04/29 07:58:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2520783751-165864320-3817540785-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2520783751-165864320-3817540785-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx (CamImage Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22C08851-91BF-4C13-B29F-02B840FACF95}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: CAMFLT - %systemroot%\system32\ESMCR.dll File not found
NetSvcs: diskperf - %systemroot%\system32\vrfwsvc.dll File not found
NetSvcs: DniVad - %systemroot%\system32\streamip.dll File not found
NetSvcs: mgabgexe - %systemroot%\system32\tandpl.dll File not found
NetSvcs: firelm01 - %systemroot%\system32\dsNcAdpt.dll File not found
NetSvcs: LHidUsbK - %systemroot%\system32\ood2000.dll File not found
NetSvcs: ntrtscan - %systemroot%\system32\qkbfiltr.dll File not found
NetSvcs: w810mdfl - %systemroot%\system32\swwd.dll File not found
NetSvcs: konfig - %systemroot%\system32\F700ius.dll File not found
NetSvcs: epsonbidirectionalservice - %systemroot%\system32\tosrfsnd.dll File not found
NetSvcs: tmtdi - %systemroot%\system32\Pnp680r.dll File not found
NetSvcs: ctaud2k - %systemroot%\system32\rapapp.dll File not found
NetSvcs: atitunep - %systemroot%\system32\PEVSystemStart.dll File not found
NetSvcs: imapiservice - %systemroot%\system32\SiS300i.dll File not found
NetSvcs: ql1240 - %systemroot%\system32\ngdbserv.dll File not found
NetSvcs: cics.region2 - %systemroot%\system32\xmlprov.dll File not found
NetSvcs: lbtserv - %systemroot%\system32\AVerBDA.dll File not found
NetSvcs: mcrdsvc - %systemroot%\system32\eventclientmultiplexer.dll File not found
NetSvcs: VAIOMediaPlatform-VideoServer-UPnP - %systemroot%\system32\SetupSys.dll File not found
NetSvcs: siskp - %systemroot%\system32\winmgmt.dll File not found
NetSvcs: ultra66 - File not found
NetSvcs: ESMCR - File not found
NetSvcs: deventagent - File not found
NetSvcs: Wbutton - File not found
NetSvcs: alertmanager - File not found
NetSvcs: pdlnebas - %systemroot%\system32\nmap.dll File not found
NetSvcs: aavmker4 - %systemroot%\system32\cwafadmincontroller.dll File not found
NetSvcs: MaxtorFrontPanel1 - %systemroot%\system32\slabser.dll File not found
NetSvcs: USA49W2KP - %systemroot%\system32\aswrdr.dll File not found
NetSvcs: EACSvrMngr - %systemroot%\system32\CA561.dll File not found
NetSvcs: symantecantibotfilter - %systemroot%\system32\oracle_load_balancer_60_server-forms6ip14.dll File not found
NetSvcs: mnsframework - %systemroot%\system32\W55U01.dll File not found
NetSvcs: rsvchost - %systemroot%\system32\isdrv122.dll File not found
NetSvcs: lxby_device - %systemroot%\system32\nwlnknb.dll File not found
NetSvcs: sonicatheaterinstallerservice - %systemroot%\system32\hpt3xx.dll File not found
NetSvcs: relational - %systemroot%\system32\id2scaps.dll File not found
NetSvcs: server - %systemroot%\system32\NwSapAgent.dll File not found
NetSvcs: lxcd_device - %systemroot%\system32\iAimFP6.dll File not found
NetSvcs: sfrem01 - %systemroot%\system32\flashcom.dll File not found
NetSvcs: ql10wnt - %systemroot%\system32\nwlnkipx.dll File not found
NetSvcs: pctavsvc - %systemroot%\system32\SetupNT.dll File not found
NetSvcs: WISTechVIDCAP - %systemroot%\system32\mwsarcpkt.dll File not found
NetSvcs: qkbfiltr - %systemroot%\system32\odclientservice.dll File not found
NetSvcs: TVALG - %systemroot%\system32\lxcf_device.dll File not found
NetSvcs: awhost32 - %systemroot%\system32\Tb2RCAssist.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/29 16:52:23 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Xavi\Desktop\OTL.exe
[2012/04/29 16:33:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/29 16:33:11 | 000,000,000 | ---D | C] -- C:\Users\Xavi\AppData\Local\temp
[2012/04/29 16:32:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/29 16:24:04 | 004,479,463 | R--- | C] (Swearware) -- C:\Users\Xavi\Desktop\ComboFix.exe
[2012/04/29 14:49:54 | 000,000,000 | ---D | C] -- C:\Users\Xavi\Desktop\bootkit_remover
[2012/04/29 14:48:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Xavi\Desktop\aswMBR.exe
[2012/04/29 14:11:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Xavi\Desktop\dds.scr
[2012/04/29 14:09:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/29 14:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/29 13:58:41 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/04/29 13:49:02 | 000,000,000 | ---D | C] -- C:\dell
[2012/04/29 09:13:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/29 07:49:05 | 000,000,000 | ---D | C] -- C:\jgh15176j
[2012/04/28 14:45:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/28 14:45:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/28 14:45:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/28 14:38:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/28 14:37:20 | 000,000,000 | ---D | C] -- C:\jgh
[2012/04/28 14:37:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/28 11:09:47 | 000,000,000 | ---D | C] -- C:\Users\Xavi\AppData\Roaming\Malwarebytes
[2012/04/28 11:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/28 10:47:37 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Xavi\Desktop\tdsskiller.exe
[2012/04/28 10:34:11 | 012,903,272 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Xavi\Desktop\SUPERAntiSpywarePro.exe
[2012/04/28 10:33:06 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Xavi\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/21 14:18:34 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2012/04/20 05:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Beta
[2012/04/20 05:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Beta
[2012/04/20 05:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/04/09 16:09:03 | 000,000,000 | ---D | C] -- C:\Users\Xavi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/04/09 16:04:30 | 000,000,000 | ---D | C] -- C:\Users\Xavi\Documents\AnyDVDHD
[2012/04/09 16:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2012/04/09 15:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2012/04/09 15:54:19 | 000,000,000 | ---D | C] -- C:\Users\Xavi\Desktop\Movies
[2012/04/09 15:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2012/04/09 15:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2012/04/05 22:20:07 | 000,000,000 | ---D | C] -- C:\Users\Xavi\Documents\Ripped karaoke
[2012/04/05 22:20:06 | 000,000,000 | ---D | C] -- C:\Users\Xavi\AppData\Roaming\Doblon
[2012/04/05 22:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doblon
[2012/04/05 22:19:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\cdrdao
[2012/04/05 22:17:35 | 000,000,000 | ---D | C] -- C:\Users\Xavi\Desktop\Karaoke Songs
[2012/03/30 21:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Doblon
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/29 16:52:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Xavi\Desktop\OTL.exe
[2012/04/29 16:48:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/29 16:44:01 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/29 16:44:01 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/29 16:37:31 | 000,007,728 | ---- | M] () -- C:\Users\Xavi\AppData\Local\d3d9caps.dat
[2012/04/29 16:37:26 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/29 16:37:25 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 16:37:25 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 16:37:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/29 16:37:12 | 3179,663,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/29 16:25:01 | 004,479,463 | R--- | M] (Swearware) -- C:\Users\Xavi\Desktop\ComboFix.exe
[2012/04/29 16:13:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/29 15:08:59 | 000,000,512 | ---- | M] () -- C:\Users\Xavi\Desktop\MBR.dat
[2012/04/29 14:49:18 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Xavi\Desktop\aswMBR.exe
[2012/04/29 14:11:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Xavi\Desktop\dds.scr
[2012/04/29 14:10:49 | 000,302,592 | ---- | M] () -- C:\Users\Xavi\Desktop\k12rdfp7.exe
[2012/04/29 14:09:04 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/29 07:58:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/28 10:47:47 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Xavi\Desktop\tdsskiller.exe
[2012/04/28 10:35:42 | 012,903,272 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Xavi\Desktop\SUPERAntiSpywarePro.exe
[2012/04/28 10:33:50 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Xavi\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/21 15:13:05 | 000,012,852 | ---- | M] () -- C:\Windows\System32\results.xml
[2012/04/21 14:49:19 | 000,000,749 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/04/21 14:38:53 | 000,029,300 | ---- | M] () -- C:\Windows\System32\DellSystem.xml
[2012/04/20 12:46:51 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/04/20 06:00:37 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft Beta.lnk
[2012/04/15 20:04:43 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/09 16:03:00 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012/04/09 16:02:17 | 000,241,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/09 15:53:13 | 000,000,792 | ---- | M] () -- C:\Users\Xavi\Desktop\DVD Shrink 3.2.lnk
[2012/04/05 22:19:43 | 000,001,008 | ---- | M] () -- C:\Users\Xavi\Desktop\Power CD+G Burner.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/29 15:08:59 | 000,000,512 | ---- | C] () -- C:\Users\Xavi\Desktop\MBR.dat
[2012/04/29 14:10:49 | 000,302,592 | ---- | C] () -- C:\Users\Xavi\Desktop\k12rdfp7.exe
[2012/04/29 14:09:04 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/28 14:45:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/28 14:45:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/28 14:45:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/28 14:45:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/28 14:45:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/28 14:30:56 | 3179,663,360 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/21 15:13:05 | 000,012,852 | ---- | C] () -- C:\Windows\System32\results.xml
[2012/04/21 14:38:50 | 000,029,300 | ---- | C] () -- C:\Windows\System32\DellSystem.xml
[2012/04/20 05:59:44 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft Beta.lnk
[2012/04/09 16:03:19 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/09 16:03:00 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/04/09 15:53:13 | 000,000,792 | ---- | C] () -- C:\Users\Xavi\Desktop\DVD Shrink 3.2.lnk
[2012/04/05 22:19:43 | 000,001,008 | ---- | C] () -- C:\Users\Xavi\Desktop\Power CD+G Burner.lnk
[2012/02/13 21:34:38 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/10/13 11:59:42 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/10/13 11:59:40 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/10/13 11:59:40 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/10/13 11:31:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/10/13 11:30:24 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/07/31 17:12:49 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/07/28 20:29:24 | 000,000,068 | ---- | C] () -- C:\Windows\UpTiDev.INI
[2011/06/23 23:00:59 | 000,097,496 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/15 09:20:52 | 000,105,240 | ---- | C] () -- C:\Windows\System32\RSTCoin.dll
[2011/06/13 02:19:57 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/06/13 02:19:57 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/06/12 17:20:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/12 17:19:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/12 17:18:53 | 000,066,560 | ---- | C] () -- C:\Windows\System32\drivers\smb.sys
[2011/06/11 19:30:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/06/11 16:25:04 | 000,008,192 | ---- | C] () -- C:\Users\Xavi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/11 15:43:37 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2011/06/11 11:01:23 | 000,007,728 | ---- | C] () -- C:\Users\Xavi\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/04/05 22:20:06 | 000,000,000 | ---D | M] -- C:\Users\Xavi\AppData\Roaming\Doblon
[2011/07/31 12:44:37 | 000,000,000 | ---D | M] -- C:\Users\Xavi\AppData\Roaming\FileZilla
[2012/01/02 01:57:17 | 000,000,000 | ---D | M] -- C:\Users\Xavi\AppData\Roaming\FrostWire
[2011/06/11 15:41:00 | 000,000,000 | ---D | M] -- C:\Users\Xavi\AppData\Roaming\TMP
[2012/04/29 16:36:37 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/06/11 13:50:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/04/29 16:37:12 | 3179,663,360 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/30 23:26:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/07/30 23:26:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/04/29 16:37:11 | 3493,470,208 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/06/12 17:37:21 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/11/03 21:32:46 | 000,000,286 | -HS- | M] () -- C:\Users\Xavi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/04/29 14:49:18 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Xavi\Desktop\aswMBR.exe
[2012/04/29 16:25:01 | 004,479,463 | R--- | M] (Swearware) -- C:\Users\Xavi\Desktop\ComboFix.exe
[2012/04/29 14:10:49 | 000,302,592 | ---- | M] () -- C:\Users\Xavi\Desktop\k12rdfp7.exe
[2012/04/28 10:33:50 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Xavi\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/29 16:52:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Xavi\Desktop\OTL.exe
[2012/04/28 10:35:42 | 012,903,272 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Xavi\Desktop\SUPERAntiSpywarePro.exe
[2012/04/28 10:47:47 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Xavi\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/04/29 16:48:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/29 16:37:26 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/29 16:13:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/29 16:37:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/04/29 16:36:37 | 000,032,526 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/06/11 11:01:36 | 000,000,402 | -HS- | M] () -- C:\Users\Xavi\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/04/09 16:03:00 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-11 08:10:34

< MD5 for: SMB.SYS >
[2008/01/20 21:25:00 | 000,066,560 | ---- | M] (Microsoft Corporation) MD5=031E6BCD53C9B2B9ACE111EAFEC347B6 -- C:\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6001.18000_none_5f6a9133f7f64138\smb.sys
[2009/04/10 21:45:24 | 000,066,560 | ---- | M] () MD5=638F8C9A536F9973D4C65D525B2C7582 -- C:\Windows\System32\drivers\smb.sys
[2009/04/10 23:45:22 | 000,066,560 | ---- | M] (Microsoft Corporation) MD5=7B75299A4D201D6A6533603D6914AB04 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys
< End of report >

 

[5ublim3]

OTL Extras logfile created on: 4/29/2012 4:53:10 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Xavi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 62.45% Memory free
6.13 Gb Paging File | 5.06 Gb Available in Paging File | 82.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 41.46 Gb Free Space | 27.82% Space Free | Partition Type: NTFS

Computer Name: XAVI-PC | User Name: Xavi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2520783751-165864320-3817540785-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07E99E82-BA57-4332-9541-1808E75D4844}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{105895D8-ACB2-49A1-A2E9-598FD97C463C}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{2E11ED7A-BEF8-43C7-BD16-D65CE9574254}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{30E0B255-8013-4402-BB90-EA12CF070B85}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{33CCA586-DD2C-47BD-A5BE-2269E5586C33}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{5223EB33-D3F6-4505-B067-E7E5A8772925}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{5A12EB2D-A313-4A36-AB65-DEB40DABFC6F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{612B5793-091C-43EC-B227-60A7A7FCBD47}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{67CFA184-09A4-4F5C-9248-B95F071B0CBE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7D677A4B-445F-4C37-B617-D8DBC31F7501}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{7FED0D91-2DEF-407E-A07E-72A6BD7F09B1}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{95695A5A-DCEE-4D80-8C23-37C0C6C08A7A}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{97A0CCAE-4A0B-4211-9D0D-5EFBAA37FBEF}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9857307F-807E-4733-8424-7067482B45D6}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{9984AFAB-0934-4316-A43D-CBE6917AE97A}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{9A50B6A8-D681-4337-9C0F-026BEF570D85}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{B544D43F-FB3E-4857-B5B1-B39E18F1C29F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
"{BE0E8075-CD55-46B7-A63A-B060FCE08B31}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{C2B0B622-F932-4CE8-9D3B-400F77D34C28}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
"{C90E3ED1-6B41-46B4-A04B-D3B2B9514E78}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{CB694CB6-FD2C-4A34-BE31-D80FD9A83BBA}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{D95E791C-4AA0-4C09-93C1-F69581C40161}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{E7458AEC-6765-47BC-BFEE-FBF77576C518}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E97E7088-F411-4E32-95EE-1565B8F089D1}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{F0EDF9DC-3DA8-481D-AA5C-A00A16B51297}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{0BC248E0-EC23-4A00-B5E6-30B2964B85F4}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{231FA9B0-AE33-40AF-AEEB-F11BE9D6A5D0}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{71ACDDB2-F363-4207-B0D7-15B528A75F0E}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{819394C4-E285-4273-9037-D9BF85678D4E}C:\program files\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"TCP Query User{9F0311D2-0F08-444B-8088-04FB869AE28E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{EB2145F5-240A-464F-B064-6CDFC82ABA3F}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{21E24C0F-7CAD-4FBD-A176-0FCCB43B3255}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3F2494A7-9CE0-491A-BF9C-B412AD22851E}C:\program files\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"UDP Query User{42EA6FDC-0145-4F71-99FB-F1BF44934970}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{44380911-8DDA-47B4-A44F-D26C8776C96A}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{DEF7721F-7CFC-4258-B60C-ABC52495B272}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{F098691A-5BD4-45E6-8196-29452541473B}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523DF39E-DF7D-488F-8022-783946571033}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{BC21E1FA-BD9C-4351-8EA3-4EC377B1E439}_is1" = Power CD+G Burner
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AnyDVD" = AnyDVD
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
"FrostWire" = FrostWire 4.21.8
"FrostWire 5" = FrostWire 5.3.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2012 12:59:33 AM | Computer Name = Xavi-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2012 8:47:39 AM | Computer Name = Xavi-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2012 8:59:38 AM | Computer Name = Xavi-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2012 9:09:09 AM | Computer Name = Xavi-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2012 9:12:18 AM | Computer Name = Xavi-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2012 10:01:59 AM | Computer Name = Xavi-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2012 10:02:00 AM | Computer Name = Xavi-PC | Source = System Restore | ID = 8205
Description =

Error - 4/29/2012 2:40:11 PM | Computer Name = Xavi-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2012 3:03:15 PM | Computer Name = Xavi-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2012 5:39:02 PM | Computer Name = Xavi-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 7/4/2011 9:15:50 PM | Computer Name = Xavi-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/5/2011 10:14:15 AM | Computer Name = Xavi-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 00225F563E10 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/10/2011 12:52:13 PM | Computer Name = Xavi-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00225F563E10. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 7/13/2011 11:24:51 AM | Computer Name = Xavi-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/13/2011 11:24:51 AM | Computer Name = Xavi-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/13/2011 7:40:35 PM | Computer Name = Xavi-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:21:33 PM on 7/13/2011 was unexpected.

Error - 7/13/2011 7:41:55 PM | Computer Name = Xavi-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/13/2011 7:41:55 PM | Computer Name = Xavi-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/13/2011 7:41:55 PM | Computer Name = Xavi-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/13/2011 7:41:55 PM | Computer Name = Xavi-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

 

[Broni]

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

FCopy::
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys | C:\Windows\System32\drivers\smb.sys

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[5ublim3]

ComboFix 12-04-29.02 - Xavi 04/29/2012 17:22:48.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3032.1931 [GMT -5:00]
Running from: c:\users\Xavi\Desktop\ComboFix.exe
Command switches used :: c:\users\Xavi\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys --> c:\windows\System32\drivers\smb.sys
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 22:26 . 2012-04-29 22:27 -------- d-----w- c:\users\Xavi\AppData\Local\temp
2012-04-29 22:26 . 2012-04-29 22:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-29 19:09 . 2012-04-29 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-29 19:09 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 18:49 . 2012-04-29 18:49 -------- d-----w- C:\dell
2012-04-29 14:13 . 2012-04-29 18:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-28 19:37 . 2012-04-28 19:40 -------- d-----w- C:\jgh
2012-04-28 16:09 . 2012-04-28 16:09 -------- d-----w- c:\users\Xavi\AppData\Roaming\Malwarebytes
2012-04-28 16:09 . 2012-04-28 16:20 -------- d-----w- c:\programdata\Malwarebytes
2012-04-21 19:38 . 2012-04-21 19:38 0 ----a-w- c:\windows\invcol.tmp
2012-04-21 19:18 . 2011-12-06 20:55 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-04-20 10:59 . 2012-04-21 20:46 -------- d-----w- c:\program files\World of Warcraft Beta
2012-04-20 10:58 . 2012-04-20 10:58 -------- d-----w- c:\programdata\Battle.net
2012-04-11 05:51 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-09 21:03 . 2012-04-14 01:48 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-09 21:03 . 2012-04-09 21:03 -------- d-----w- c:\programdata\SlySoft
2012-04-09 20:59 . 2012-04-09 20:59 -------- d-----w- c:\program files\SlySoft
2012-04-09 20:53 . 2012-04-09 22:08 -------- d-----w- c:\programdata\DVD Shrink
2012-04-09 20:53 . 2012-04-09 20:53 -------- d-----w- c:\program files\DVD Shrink
2012-04-06 03:20 . 2012-04-06 03:20 -------- d-----w- c:\users\Xavi\AppData\Roaming\Doblon
2012-04-06 03:19 . 2012-04-06 03:19 -------- d-----w- c:\program files\Common Files\Doblon
2012-04-06 03:19 . 2012-04-06 03:19 -------- d-----w- c:\program files\Common Files\cdrdao
2012-03-31 02:13 . 2012-04-06 03:19 -------- d-----w- c:\program files\Doblon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 01:48 . 2011-06-11 21:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-09 14:12 . 2012-03-09 14:12 121208 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2012-02-14 15:45 . 2012-03-14 01:10 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 01:10 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 01:10 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 01:10 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 01:10 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16 . 2012-03-14 01:10 2044416 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-20 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-02 200704]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-11-19 483420]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-11 323584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2520783751-165864320-3817540785-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-11-18 81920]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
CAMFLT
diskperf
DniVad
mgabgexe
firelm01
LHidUsbK
ntrtscan
w810mdfl
konfig
epsonbidirectionalservice
tmtdi
ctaud2k
atitunep
imapiservice
ql1240
cics.region2
lbtserv
mcrdsvc
VAIOMediaPlatform-VideoServer-UPnP
siskp
ultra66
ESMCR
deventagent
Wbutton
alertmanager
pdlnebas
aavmker4
MaxtorFrontPanel1
USA49W2KP
EACSvrMngr
symantecantibotfilter
mnsframework
rsvchost
lxby_device
sonicatheaterinstallerservice
relational
server
lxcd_device
sfrem01
ql10wnt
pctavsvc
WISTechVIDCAP
qkbfiltr
TVALG
awhost32
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-09-20 02:46 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 01:48]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-15 03:57]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-15 03:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-29 17:27
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-04-29 17:28:31
ComboFix-quarantined-files.txt 2012-04-29 22:28
ComboFix2.txt 2012-04-29 13:04
.
Pre-Run: 47,967,690,752 bytes free
Post-Run: 47,951,056,896 bytes free
.
- - End Of File - - 1F880462F9CA2EBD8376500D1D5F280E

 

[Broni]

Good.
Post new aswMBR log.

 

[5ublim3]

I have to go to work tonight, I will try to post this before I leave but if not I'll get it up tommorrow morning about 8 am Central time. I appreciate all your help and hopefully we can continue this tomorrow if you can. Thanks!!!

 

[Broni]

No problem

 

[5ublim3]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-29 17:40:40
-----------------------------
17:40:40.267 OS Version: Windows 6.0.6002 Service Pack 2
17:40:40.267 Number of processors: 2 586 0xF0D
17:40:40.267 ComputerName: XAVI-PC UserName: Xavi
17:40:41.562 Initialize success
17:51:16.967 AVAST engine defs: 12042901
17:58:27.949 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:58:27.949 Disk 0 Vendor: FUJITSU_ 0085 Size: 152627MB BusType: 3
17:58:28.012 Disk 0 MBR read successfully
17:58:28.012 Disk 0 MBR scan
17:58:28.027 Disk 0 Windows VISTA default MBR code
17:58:28.027 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
17:58:28.043 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152571 MB offset 112640
17:58:28.043 Disk 0 scanning sectors +312578048
17:58:28.136 Disk 0 scanning C:\Windows\system32\drivers
17:58:41.606 Service scanning
17:59:12.608 Modules scanning
17:59:49.988 Disk 0 trace - called modules:
17:59:50.051 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:59:50.051 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8725c4e0]
17:59:50.066 3 CLASSPNP.SYS[8a9ab8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85385028]
17:59:50.987 AVAST engine scan C:\Windows
17:59:54.543 AVAST engine scan C:\Windows\system32
18:04:24.494 AVAST engine scan C:\Windows\system32\drivers
18:05:02.887 AVAST engine scan C:\Users\Xavi
18:11:04.581 AVAST engine scan C:\ProgramData
18:11:44.252 Scan finished successfully
18:12:08.338 Disk 0 MBR has been saved successfully to "C:\Users\Xavi\Desktop\MBR.dat"
18:12:08.338 The log file has been saved successfully to "C:\Users\Xavi\Desktop\aswMBR1.txt"

 

[Broni]

Good

Reinstall AVG and let me know if it did quit complaining.

 

[5ublim3]

All looks great thank you so much!