[Closed] Possible infection/computer refused to startup

By zuuzuu
Mar 20, 2013
Topic Status:
Not open for further replies.
  1. My brother told me that his computer would not start up this morning. It's actually started up now so I'm not sure if it just came on eventually or he managed to set it back to a previous restore. I'd appreciate it if someone could please help me with this to confirm it's not an infection. He just got a new job that requires him to use his computer, so all of his personal information is here for any possible hacker to see if the computer is currently infected. He also wouldn't be able to get his job done if it's a virus causing the faulty load-ups. Thanks!

    I'm going to follow the 4-step Preliminary Instructions. I will post them when they are completed.
  2. zuuzuu

    zuuzuu Newcomer, in training Topic Starter

    Here is the MalwareBytes log

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.03.20.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Administrator :: HP29169229266 [administrator]

    1/4/1980 12:36:11 AM
    mbam-log-1980-01-04 (00-36-11).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 198782
    Time elapsed: 6 minute(s), 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Documents and Settings\Administrator\Local Settings\Temp\gos439.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.

    (end)
  3. zuuzuu

    zuuzuu Newcomer, in training Topic Starter

    Here is DDS

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
    Run by Administrator at 0:48:27 on 1980-01-04
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.630 [GMT -6:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Internet Security *Enabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Documents and Settings\Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
    C:\Program Files\PDF Complete\pdfsty.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\WINDOWS\SMINST\Scheduler.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Bamboo Dock\BambooCore.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\Google\Drive\googledrivesync.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Google\Drive\googledrivesync.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.hp.com
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: GetSavin 5.0: {74011C48-5DBF-4065-9CDC-353F10C9BC3D} - c:\documents and settings\administrator\local settings\application data\getsavin\ie\getsavin_1363111201.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\administrator\application data\defaulttab\defaulttab\DefaultTabBHO.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [PTHOSTTR] c:\program files\hpq\hp protecttools security manager\PTHOSTTR.EXE /Start
    mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
    mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
    mRun: [Recguard] c:\windows\sminst\Recguard.exe
    mRun: [Reminder] c:\windows\creator\Remind_XP.exe
    mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDriveAutoRun = dword:16
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Free YouTube Download - c:\program files\common files\dvdvideosoft\plugins\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - c:\program files\common files\dvdvideosoft\plugins\freeytmp3downloader.htm
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1294667170437
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.172\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\y8rnjkuy.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?q={searchTerms}&s_it=adknowledgeaol-ff&s_qt=sb&tb_uuid=20130312140407004&tb_oid=12-03-2013&tb_mrud=13-03-2013
    FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?mtmhp=hyplogusaolp00000023
    FF - prefs.js: keyword.URL -
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\tabletplugins\npwacom.dll
    FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - ExtSQL: 2012-02-03 14:34; getsavin@jetpack; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\y8rnjkuy.default\extensions\getsavin@jetpack
    FF - ExtSQL: 2012-04-20 11:33; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\y8rnjkuy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2012-04-20 11:55; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
    FF - ExtSQL: 2012-05-26 18:10; uss-button@uploadscreenshot.com; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\y8rnjkuy.default\extensions\uss-button@uploadscreenshot.com.xpi
    FF - ExtSQL: 2012-11-26 20:02; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - ExtSQL: 2013-01-30 19:56; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\common files\dvdvideosoft\plugins\ff
    FF - ExtSQL: 2013-02-01 03:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - ExtSQL: 2013-03-12 14:07; addon@defaulttab.com; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\y8rnjkuy.default\extensions\addon@defaulttab.com.xpi
    FF - ExtSQL: 1969-12-31 18:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\y8rnjkuy.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8rCBQose&loc=IB_TB&I=26&search=
    FF - user.js: extensions.incredibar_i.id - e02019e70000000000000019bb59d86f
    FF - user.js: extensions.incredibar_i.instlDay - 15461
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:57:53
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6R8rCBQose
    FF - user.js: extensions.incredibar_i.upn2n - 92824286769050342
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10643
    FF - user.js: extensions.incredibar_i.ppd - 453
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-5-15 24408]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-20 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-20 361032]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-20 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-20 44808]
    R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\administrator\application data\defaulttab\defaulttab\DTUpdate.exe [2013-3-12 107520]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-2 398184]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-2 682344]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2011-1-6 476160]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-1-31 3289208]
    R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2012-6-18 5554552]
    R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2012-6-18 451960]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-2 21104]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2012-6-18 10752]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2013-03-17 06:48:53 -------- d-----w- c:\program files\CCleaner
    2013-03-16 08:28:29 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
    2013-03-16 08:28:29 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
    2013-03-13 05:12:33 -------- d-----w- c:\documents and settings\administrator\application data\com.adobe.downloadassistant.AdobeDownloadAssistant
    2013-03-13 04:48:24 -------- d-----w- c:\documents and settings\administrator\application data\OpenOffice.org
    2013-03-12 19:06:11 -------- d-----w- c:\documents and settings\administrator\application data\DefaultTab
    2013-03-12 19:05:26 -------- d-----w- c:\documents and settings\administrator\local settings\application data\getsavin
    2013-03-12 19:05:07 -------- d-----w- c:\program files\common files\Software Update Utility
    2013-02-15 22:04:52 208448 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2013-02-01 23:19:33 -------- d-----w- c:\program files\surgeon
    2013-02-01 09:02:41 -------- d-----w- c:\windows\system32\XPSViewer
    2013-02-01 09:02:11 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2013-02-01 09:01:52 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2013-02-01 09:01:52 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2013-02-01 09:01:52 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2013-02-01 09:01:52 117760 ------w- c:\windows\system32\prntvpt.dll
    2013-02-01 09:01:51 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2013-02-01 09:01:51 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
    2013-02-01 09:01:51 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2013-02-01 09:01:51 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
    2013-02-01 09:01:51 -------- d-----w- C:\6b1fa9f1df1ce269e10a278f
    2013-01-31 02:01:17 -------- d-----w- c:\documents and settings\administrator\application data\DVDVideoSoftIEHelpers
    2013-01-31 01:55:39 -------- d-----w- c:\program files\common files\DVDVideoSoft
    2013-01-31 01:55:39 -------- d-----w- c:\documents and settings\administrator\application data\DVDVideoSoft
    2013-01-31 01:55:38 -------- d-----w- c:\program files\DVDVideoSoft
    2013-01-09 01:36:49 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache
    2012-12-09 23:03:33 -------- d-----w- c:\program files\Hero Editor
    2012-12-09 23:03:30 249856 ------w- c:\windows\Setup1.exe
    2012-12-09 23:03:28 73216 ----a-w- c:\windows\ST6UNST.EXE
    2012-11-27 01:59:14 -------- d-----r- c:\program files\Skype
    2012-11-27 01:53:59 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2012-11-27 01:53:59 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
    2012-11-04 17:32:19 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-11-02 02:02:42 375296 ------w- c:\windows\system32\dllcache\dpnet.dll
    2012-10-07 05:22:26 -------- d-----w- c:\documents and settings\all users\application data\Nexon
    2012-10-02 18:04:21 58368 ------w- c:\windows\system32\dllcache\synceng.dll
    2012-10-02 12:25:25 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-02 12:25:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-20 23:10:03 -------- d-----w- C:\Romsandemulators
    2012-08-20 22:49:19 -------- d-----w- C:\Westwood
    2012-08-20 22:32:09 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
    2012-08-20 22:32:09 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
    2012-08-03 06:35:56 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-08-03 06:35:56 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-08-03 06:35:39 -------- d-----w- C:\Nexon
    2012-08-03 06:35:39 -------- d-----w- c:\documents and settings\all users\application data\NexonUS
    2012-08-03 06:35:38 -------- d-----w- c:\documents and settings\all users\application data\PMB Files
    2012-08-02 14:27:33 -------- d-----w- c:\documents and settings\administrator\local settings\application data\PMB Files
    2012-08-02 14:26:54 -------- d-----w- c:\program files\Pando Networks
    2012-08-02 14:12:17 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
    2012-08-02 14:12:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-07-06 13:58:51 78336 ------w- c:\windows\system32\dllcache\browser.dll
    2012-06-21 02:56:12 -------- d-----w- c:\windows\system32\Adobe
    2012-06-19 04:00:23 -------- d-----w- c:\documents and settings\administrator\application data\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
    2012-06-19 04:00:07 -------- d-----w- c:\documents and settings\administrator\application data\Wacom
    2012-06-19 03:59:59 -------- d-----w- c:\documents and settings\all users\application data\Wacom
    2012-06-19 03:59:37 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adobe
    2012-06-19 03:59:25 -------- d-----w- c:\program files\Bamboo Dock
    2012-06-19 03:57:04 -------- d-----w- c:\documents and settings\administrator\application data\WTablet
    2012-06-19 03:57:02 1107832 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
    2012-06-19 03:56:54 -------- d-----w- c:\program files\TabletPlugins
    2012-06-19 03:56:51 10752 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
    2012-06-19 03:56:36 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
    2012-06-19 03:56:28 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
    2012-06-19 03:56:25 1369464 ----a-w- c:\windows\system32\Pen_Tablet.dll
    2012-06-19 03:56:25 1156472 ----a-w- c:\windows\system32\Wintab32.dll
    2012-06-19 03:56:25 1152888 ----a-w- c:\windows\system32\WacomMT.dll
    2012-06-19 03:56:21 -------- d-----w- c:\program files\Tablet
    2012-06-16 07:05:01 38160 ----a-w- c:\windows\system32\LMRTREND.dll
    2012-06-16 07:05:01 140800 ----a-w- c:\windows\system32\tm20dec.ax
    2012-06-16 07:05:00 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
    2012-06-16 07:04:54 63488 ----a-w- c:\windows\system32\unam4ie.exe
    2012-06-16 07:04:52 5672 ----a-w- c:\windows\system32\quartz.vxd
    2012-06-16 07:04:52 11776 ----a-w- c:\windows\system32\mciqtz.drv
    2012-06-16 07:04:52 10240 ----a-w- c:\windows\system32\vidx16.dll
    2012-06-16 07:04:51 194320 ----a-w- c:\windows\system32\qcut.dll
    2012-06-16 07:04:50 4608 ----a-w- c:\windows\system32\w95inf32.dll
    2012-06-16 07:04:50 2272 ----a-w- c:\windows\system32\w95inf16.dll
    2012-06-16 06:56:01 -------- d-----w- c:\program files\directx
    2012-06-16 06:29:27 -------- d-----w- c:\program files\Eidos Interactive
    2012-06-16 04:50:09 967 ----a-w- c:\windows\ScUnin.pif
    2012-06-16 04:50:09 94208 ----a-w- c:\windows\ScUnin.exe
    2012-06-16 04:49:44 -------- d-----w- c:\program files\Starcraft
    2012-06-16 04:39:24 -------- d-----w- c:\program files\Warcraft II BNE
    2012-06-16 04:31:31 86528 ----a-w- c:\windows\bnetunin.exe
    2012-06-13 23:40:22 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Deployment
    2012-06-13 23:23:58 440760 ----a-w- C:\setup.exe
    2012-06-13 23:23:58 -------- d-----w- C:\Application Files
    2012-06-13 08:37:18 -------- d-----w- C:\ZomPirate's RotMG DPS Calculator v(1.0)
    2012-06-13 04:04:53 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll
    2012-06-12 08:24:39 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Identities
    2012-06-12 00:47:14 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Google
    2012-06-10 07:15:46 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Sun
    2012-06-10 07:02:10 -------- d-----w- c:\program files\Oracle
    2012-06-10 07:01:54 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-05-15 23:20:49 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2012-05-02 19:40:30 -------- d-----w- c:\windows\pss
    2012-04-26 04:25:14 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-04-21 21:52:44 -------- d-----w- c:\program files\iPod
    2012-04-21 21:52:37 -------- d-----w- c:\program files\iTunes
    2012-04-21 08:29:32 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple Computer
    2012-04-21 08:29:14 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-04-21 08:29:14 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-04-21 08:28:20 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2012-04-21 08:28:04 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple
    2012-04-21 08:27:51 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-04-21 08:27:51 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2012-04-20 18:58:39 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-20 18:58:39 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-20 17:55:00 -------- d-----w- c:\windows\SxsCaPendDel
    2012-04-20 17:54:24 -------- d--h--w- c:\windows\system32\GroupPolicy
    2012-04-20 16:56:16 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-04-20 16:55:07 41224 ----a-w- c:\windows\avastSS.scr
    2012-04-20 16:54:35 -------- d-----w- c:\program files\AVAST Software
    2012-04-20 16:54:35 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2012-04-20 16:45:24 21840 ----a-w- c:\windows\system32\SIntfNT.dll
    2012-04-20 16:45:24 17212 ----a-w- c:\windows\system32\SIntf32.dll
    2012-04-20 16:45:24 12067 ----a-w- c:\windows\system32\SIntf16.dll
    2012-04-20 16:40:03 94208 ----a-w- c:\windows\DIIUnin.exe
    2012-04-20 16:40:03 2829 ----a-w- c:\windows\DIIUnin.pif
    2012-04-20 16:36:09 -------- d-----w- c:\program files\Diablo II
    2012-04-20 16:31:10 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla
    2012-04-20 16:25:20 105472 ------w- c:\windows\system32\dllcache\mup.sys
    2012-04-20 16:16:54 -------- d-----w- c:\windows\system32\appmgmt
    2012-04-20 16:07:26 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
    2012-04-20 16:07:24 3072 ------w- c:\windows\system32\iacenc.dll
    2012-04-20 16:07:24 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
    2012-04-20 16:06:32 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
    2012-04-20 14:58:36 -------- d-----w- c:\windows\i386
    2012-04-20 13:03:23 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-04-20 13:03:23 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-02-29 14:10:16 148480 ------w- c:\windows\system32\dllcache\imagehlp.dll
    2011-11-18 12:35:08 60416 ------w- c:\windows\system32\dllcache\packager.exe
    2011-11-03 15:28:36 386048 ------w- c:\windows\system32\dllcache\qdvd.dll
    2011-10-18 11:13:22 186880 ------w- c:\windows\system32\dllcache\encdec.dll
    2011-10-14 14:47:29 23040 ------w- c:\windows\system32\dllcache\mciseq.dll
    2011-10-14 14:47:29 176128 ------w- c:\windows\system32\dllcache\winmm.dll
    2011-09-28 07:06:50 601088 ------w- c:\windows\system32\dllcache\crypt32.dll
    2011-09-26 18:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 18:41:20 220160 ------w- c:\windows\system32\dllcache\oleacc.dll
    2011-09-26 18:41:14 20480 ------w- c:\windows\system32\dllcache\oleaccrc.dll
    2011-04-19 09:47:04 670032 ----a-w- c:\program files\common files\microsoft shared\vc\msdia90.dll
    2011-02-20 05:03:12 421200 ----a-w- c:\windows\system32\msvcp100.dll
    2011-02-19 06:40:50 773968 ----a-w- c:\windows\system32\msvcr100.dll
    2011-02-09 13:53:52 270848 ------w- c:\windows\system32\dllcache\sbe.dll
    2011-02-02 07:58:35 2067456 ------w- c:\windows\system32\dllcache\lhmstscx.dll
    2011-01-27 11:57:06 677888 ------w- c:\windows\system32\dllcache\lhmstsc.exe
    2011-01-21 14:44:37 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll
    2011-01-10 14:19:21 -------- d-----w- c:\windows\DRIVERS
    2011-01-10 14:17:12 266240 ----a-w- c:\windows\system32\ShellvRTF64.dll
    2011-01-10 14:17:12 122880 ----a-w- c:\windows\system32\ShellvRTF.dll
    2011-01-10 14:17:03 -------- d-----w- c:\windows\SMINST
    2011-01-10 14:17:03 -------- d-----w- c:\windows\CREATOR
    2011-01-10 14:16:52 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iKernel.dll
    2011-01-10 14:16:52 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\ctor.dll
    2011-01-10 14:16:52 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe
    2011-01-10 14:16:52 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iscript.dll
    2011-01-10 14:16:52 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iuser.dll
    2011-01-10 14:16:46 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iGdi.dll
    2011-01-10 14:16:45 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\setup.dll
    2011-01-10 14:09:28 -------- d-sh--w- C:\System Recovery
    2011-01-10 13:54:00 -------- d-----w- c:\program files\OpenOffice.org 3
    2011-01-10 13:53:37 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-10 13:53:37 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2011-01-10 13:33:04 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-01-10 13:32:31 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-01-10 13:31:42 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
    2011-01-10 13:31:42 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
    2011-01-10 13:31:42 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-01-10 13:31:08 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-01-10 13:29:01 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-10 13:25:43 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
    2011-01-10 13:15:10 -------- d-----w- c:\windows\system32\scripting
    2011-01-10 13:15:09 -------- d-----w- c:\windows\system32\en
    2011-01-10 13:15:09 -------- d-----w- c:\windows\system32\bits
    2011-01-10 13:15:09 -------- d-----w- c:\windows\l2schemas
    2011-01-10 13:12:29 -------- d-----w- c:\windows\network diagnostic
    2011-01-10 13:04:42 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
    2011-01-07 22:06:16 -------- d-----w- c:\windows\ie8updates
    2011-01-07 22:06:11 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2011-01-07 22:06:11 630272 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2011-01-07 22:06:11 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-01-07 22:06:11 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2011-01-07 22:06:11 2004992 ------w- c:\windows\system32\dllcache\iertutil.dll
    2011-01-07 22:06:11 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2011-01-07 22:06:11 11111424 ------w- c:\windows\system32\dllcache\ieframe.dll
    2011-01-07 22:05:12 -------- dc-h--w- c:\windows\ie8
    2011-01-07 21:58:35 -------- d-----w- c:\windows\ServicePackFiles
    2011-01-07 21:54:17 421888 ----a-w- c:\windows\Nero PhotoShow.scr
    2011-01-07 21:54:17 -------- d-----w- c:\documents and settings\administrator\application data\Simple Star
    2011-01-07 21:54:17 -------- d-----w- C:\Demo Album
    2011-01-07 21:52:25 24064 ------w- c:\windows\system32\msxml3a.dll
    2011-01-07 12:09:52 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
    2011-01-07 12:03:47 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-01-07 12:03:47 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2011-01-07 12:03:44 357888 ------w- c:\windows\system32\dllcache\srv.sys
    2011-01-07 12:03:37 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-01-07 12:03:37 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-01-07 12:03:36 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2011-01-07 12:03:29 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2011-01-07 12:03:28 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
    2011-01-07 12:02:53 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
    2011-01-07 12:02:33 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-01-07 12:02:07 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-01-07 12:00:58 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2011-01-07 11:59:39 337920 ------w- c:\windows\system32\dllcache\netapi32.dll
    2011-01-07 11:58:42 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-01-07 11:58:41 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2011-01-07 11:25:55 -------- d-----w- c:\windows\system32\PreInstall
    2011-01-07 11:25:47 -------- d--h--w- c:\windows\$hf_mig$
    .
    ==================== Find3M ====================
    .
    2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
    2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
    2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
    2013-01-26 03:55:44 552448 ------w- c:\windows\system32\oleaut32.dll
    2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
    2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-01 16:50:06 601088 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-14 09:22:41 345600 ----a-w- c:\windows\system32\localspl.dll
    2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-14 14:47:29 23040 ----a-w- c:\windows\system32\mciseq.dll
    2011-10-14 14:47:29 176128 ----a-w- c:\windows\system32\winmm.dll
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-02-17 13:18:03 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-02 15:17:02 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-15 16:17:24 143422 ----a-w- c:\windows\system32\l3codecx.ax
    2010-06-14 14:31:20 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-04-16 15:36:56 406016 ----a-w- c:\windows\system32\usp10.dll
    2010-04-05 19:54:04 384512 ----a-w- c:\windows\system32\mp4sdmod.dll
    2010-03-30 08:52:26 262416 ----a-w- c:\windows\system32\mpg4ds32.ax
    2010-03-18 23:47:22 17760 ----a-w- c:\windows\system32\aspnet_counters.dll
    2010-03-18 20:16:28 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
    2010-03-18 20:16:28 70472 ----a-w- c:\windows\system32\dxva2.dll
    2010-03-18 20:16:28 486216 ----a-w- c:\windows\system32\evr.dll
    2010-03-18 17:09:00 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-03-18 17:09:00 49488 ----a-w- c:\windows\system32\netfxperf.dll
    2010-03-18 17:09:00 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-03-05 14:37:40 65536 ----a-w- c:\windows\system32\asycfilt.dll
    2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2010-01-29 14:43:39 307260 ----a-w- c:\windows\system32\l3codeca.acm
    2010-01-13 14:01:25 86016 ----a-w- c:\windows\system32\cabview.dll
    2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
    2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
    2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
    2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
    2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
    2009-11-21 15:51:04 471552 ----a-w- c:\windows\apppatch\aclayers.dll
    2009-11-12 03:06:20 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2009-11-06 06:17:22 297808 ----a-w- c:\windows\system32\mscoree.dll
    2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
    2009-10-15 16:28:26 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
    .
    ============= FINISH: 0:49:17.82 ===============
  4. zuuzuu

    zuuzuu Newcomer, in training Topic Starter

    Here is Attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/6/2011 2:55:09 PM
    System Uptime: 1/4/1980 12:02:09 AM (0 hours ago)
    .
    Motherboard: Hewlett-Packard | | 09F8h
    Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | XU1 PROCESSOR | 3189/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 55 GiB total, 31.162 GiB free.
    D: is FIXED (NTFS) - 20 GiB total, 13.493 GiB free.
    E: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom NetXtreme Gigabit Ethernet
    Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_3011103C&REV_01\4&4878531&0&00E1
    Manufacturer: Broadcom
    Name: Broadcom NetXtreme Gigabit Ethernet
    PNP Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_3011103C&REV_01\4&4878531&0&00E1
    Service: b57w2k
    .
    Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
    Description: PS/2 Compatible Mouse
    Device ID: ACPI\PNP0F13\4&EDE93E0&0
    Manufacturer: Microsoft
    Name: PS/2 Compatible Mouse
    PNP Device ID: ACPI\PNP0F13\4&EDE93E0&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP305: 1/30/2013 9:02:07 PM - System Checkpoint
    RP306: 1/31/2013 3:00:14 AM - Software Distribution Service 3.0
    RP307: 2/1/2013 3:00:18 AM - Software Distribution Service 3.0
    RP308: 2/2/2013 3:00:16 AM - Software Distribution Service 3.0
    RP309: 2/3/2013 3:15:19 AM - System Checkpoint
    RP310: 2/4/2013 3:35:54 AM - System Checkpoint
    RP311: 2/5/2013 4:25:43 AM - System Checkpoint
    RP312: 2/6/2013 5:09:48 AM - System Checkpoint
    RP313: 2/7/2013 6:09:48 AM - System Checkpoint
    RP314: 2/8/2013 6:12:48 AM - System Checkpoint
    RP315: 2/9/2013 7:07:37 AM - System Checkpoint
    RP316: 2/10/2013 7:12:53 AM - System Checkpoint
    RP317: 2/11/2013 9:00:57 AM - System Checkpoint
    RP318: 2/12/2013 9:21:38 AM - System Checkpoint
    RP319: 2/13/2013 3:00:22 AM - Software Distribution Service 3.0
    RP320: 2/14/2013 3:00:20 AM - Software Distribution Service 3.0
    RP321: 2/15/2013 3:12:18 AM - System Checkpoint
    RP322: 2/16/2013 8:22:38 AM - System Checkpoint
    RP323: 2/17/2013 8:41:12 AM - System Checkpoint
    RP324: 2/18/2013 3:00:19 PM - System Checkpoint
    RP325: 2/20/2013 12:24:26 AM - System Checkpoint
    RP326: 2/21/2013 12:49:10 AM - System Checkpoint
    RP327: 2/24/2013 2:29:35 PM - System Checkpoint
    RP328: 2/25/2013 2:29:54 PM - System Checkpoint
    RP329: 2/26/2013 6:35:18 PM - System Checkpoint
    RP330: 2/27/2013 9:05:37 PM - System Checkpoint
    RP331: 1/4/1980 5:55:57 PM - System Checkpoint
    RP332: 1/6/1980 12:22:53 AM - System Checkpoint
    RP333: 3/2/2013 7:23:35 PM - System Checkpoint
    RP334: 3/3/2013 7:25:21 PM - System Checkpoint
    RP335: 3/4/2013 8:25:21 PM - System Checkpoint
    RP336: 3/7/2013 2:45:49 PM - System Checkpoint
    RP337: 3/8/2013 11:23:12 PM - System Checkpoint
    RP338: 3/10/2013 2:27:14 AM - System Checkpoint
    RP339: 3/11/2013 1:25:11 PM - System Checkpoint
    RP340: 3/12/2013 8:17:24 PM - System Checkpoint
    RP341: 3/12/2013 9:51:51 PM - Installed OpenOffice.org 3.4.1
    RP342: 3/13/2013 12:15:01 AM - Removed Adobe Download Assistant
    RP343: 3/14/2013 3:00:14 AM - Software Distribution Service 3.0
    RP344: 3/16/2013 5:16:55 PM - System Checkpoint
    RP345: 3/17/2013 3:00:17 AM - Software Distribution Service 3.0
    RP346: 3/19/2013 1:16:52 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.02)
    Adobe Shockwave Player 11.6
    AOL Toolbar
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Bamboo
    Bamboo Dock
    Battle.net
    Broadcom Management Programs
    CCleaner
    Command & Conquer Red Alert 2
    DefaultTab
    Diablo II
    Download Updater (AOL Inc.)
    Free Studio version 2013
    GetSavin
    Google Chrome
    Google Drive
    Google Update Helper
    Hero Editor V1.04
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    HP Backup and Recovery Manager
    HP BIOS Configuration for ProtectTools 2.00 A17
    HP Help and Support 4.0
    HP ProtectTools Security Manager 2.00 B3
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    J2SE Runtime Environment 5.0
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 20
    JavaFX 2.1.0
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2742597)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 19.0.2 (x86 en-US)
    Mozilla Maintenance Service
    Nexon Game Manager
    OpenOffice.org 3.4.1
    Pando Media Booster
    PDF Complete
    RealmOfTheMadGod Essential
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB2809289)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Skype Click to Call
    Skype™ 6.1
    Software Setup
    Starcraft
    swMSM
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    WebTablet FB Plugin
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Westwood Shared Internet Components
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows XP Service Pack 3
    WinRAR 4.11 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/8/2013 7:28:46 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    1/5/2013 12:02:13 AM, error: Service Control Manager [7034] - The Skype Updater service terminated unexpectedly. It has done this 1 time(s).
    1/5/2013 12:01:51 AM, error: Service Control Manager [7034] - The PC Angel service terminated unexpectedly. It has done this 1 time(s).
    1/5/2013 12:01:50 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Skype Updater service to connect.
    1/5/2013 12:01:50 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
    1/5/2013 12:01:50 AM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/16/2013 8:49:36 AM, error: Service Control Manager [7034] - The Wacom Consumer Touch Service service terminated unexpectedly. It has done this 1 time(s).
    1/16/2013 8:49:33 AM, error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
    1/16/2013 8:49:22 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/16/2013 8:49:19 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    1/16/2013 8:49:17 AM, error: Service Control Manager [7034] - The TabletServicePen service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  6. zuuzuu

    zuuzuu Newcomer, in training Topic Starter

    When attempting to run Combofix I got a message that said:

    "This machine does not have the 'Microsoft Recovery console' installed. Alternately, an existing installation of the recovery console may be present but requires updating. Without it, Combofix shall not attempt the fixing of some serious issues.

    Click 'Yes' to have Combofix download/install it."

    What should I do next? Attempt to download it, or just let Combofix run without it?
  7. zuuzuu

    zuuzuu Newcomer, in training Topic Starter

    Just a quick update - the computer seems to be getting worse although running. At first when loading up the computer would re-size itself (icons, browser windows, etc) to huge proportions. Now everything looks compressed to the point that while writing this some of the letters appear to be invisible. I'm not sure if this is important to note but I just wanted to throw it out there.
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Sorry for delay. Did not get notified for this.

    Go ahead with recovery console.
  9. zuuzuu

    zuuzuu Newcomer, in training Topic Starter

    I believe Combofix ran with no issues. It scanned, restarted my system and said wait for it to produce a log but none ever came. What should I do?
  10. zuuzuu

    zuuzuu Newcomer, in training Topic Starter

    I went searching through files in an attempt to find a possible hidden Combofix log, and instead I accidentally caused Combofix to run again (lol). However, this time it managed to produce a log.

    ComboFix 13-03-23.01 - Administrator 01/05/1980 12:21:01.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.257 [GMT -6:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\_ctypes.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\_elementtree.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\_hashlib.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\_socket.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\_ssl.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\pyexpat.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\pysqlite2._sqlite.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\python27.dll
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\pythoncom27.dll
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\PyWinTypes27.dll
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\select.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\unicodedata.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32api.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32com.shell.shell.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32crypt.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32event.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32file.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32inet.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32pdh.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32process.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32profile.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32security.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\win32ts.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\windows._cacheinvalidation.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wx._controls_.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wx._core_.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wx._gdi_.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wx._html2.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wx._misc_.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wx._windows_.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wx._wizard.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wxbase294u_net_vc90.dll
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wxbase294u_vc90.dll
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wxmsw294u_adv_vc90.dll
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wxmsw294u_core_vc90.dll
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wxmsw294u_html_vc90.dll
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI35082\wxmsw294u_webview_vc90.dll
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\_ctypes.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\_elementtree.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\_hashlib.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\_socket.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\_ssl.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\pyexpat.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\pysqlite2._sqlite.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\python27.dll
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\pythoncom27.dll
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\PyWinTypes27.dll
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\select.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\unicodedata.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32api.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32com.shell.shell.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32crypt.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32event.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32file.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32inet.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32pdh.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32process.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32profile.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32security.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\win32ts.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\windows._cacheinvalidation.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wx._controls_.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wx._core_.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wx._gdi_.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wx._html2.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wx._misc_.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wx._windows_.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wx._wizard.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wxbase294u_net_vc90.dll
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wxbase294u_vc90.dll
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wxmsw294u_adv_vc90.dll
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wxmsw294u_core_vc90.dll
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wxmsw294u_html_vc90.dll
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI35082\wxmsw294u_webview_vc90.dll
    C:\Read Me.txt
    c:\windows\wininit.ini
    .
    ---- Previous Run -------
    .
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\_ctypes.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\_elementtree.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\_hashlib.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\_socket.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\_ssl.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\pyexpat.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\pysqlite2._sqlite.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\python27.dll
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\pythoncom27.dll
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\PyWinTypes27.dll
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\select.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\unicodedata.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32api.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32com.shell.shell.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32crypt.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32event.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32file.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32inet.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32pdh.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32process.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32profile.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32security.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\win32ts.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\windows._cacheinvalidation.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wx._controls_.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wx._core_.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wx._gdi_.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wx._html2.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wx._misc_.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wx._windows_.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wx._wizard.pyd
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wxbase294u_net_vc90.dll
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wxbase294u_vc90.dll
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wxmsw294u_adv_vc90.dll
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wxmsw294u_core_vc90.dll
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wxmsw294u_html_vc90.dll
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\_MEI21642\wxmsw294u_webview_vc90.dll
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\addon.ico
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabStart64.exe
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabWrap64.dll
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DT.ico
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\searchhere.ico
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
    c:\documents and settings\Administrator\Local Settings\Application Data\getsavin\ie\geTSavin_1363111201.dll
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\_ctypes.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\_elementtree.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\_hashlib.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\_socket.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\_ssl.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\pyexpat.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\pysqlite2._sqlite.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\python27.dll
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\pythoncom27.dll
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\PyWinTypes27.dll
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\select.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\unicodedata.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32api.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32com.shell.shell.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32crypt.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32event.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32file.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32inet.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32pdh.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32process.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32profile.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32security.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\win32ts.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\windows._cacheinvalidation.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wx._controls_.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wx._core_.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wx._gdi_.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wx._html2.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wx._misc_.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wx._windows_.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wx._wizard.pyd
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wxbase294u_net_vc90.dll
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wxbase294u_vc90.dll
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wxmsw294u_adv_vc90.dll
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wxmsw294u_core_vc90.dll
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wxmsw294u_html_vc90.dll
    c:\documents and settings\Administrator\Local Settings\Temp\_MEI21642\wxmsw294u_webview_vc90.dll
    C:\setup.exe
    c:\windows\system\winspool.drv
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    D:\Autorun.inf
    .
    -- Previous Run --
    .
    Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\msgsvc.dll
    .
    Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\msgsvc.dll
    .
    Infected copy of c:\windows\system32\mqbkup.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\mqbkup.exe
    .
    Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\msgsvc.dll
    .
    Infected copy of c:\windows\system32\mqbkup.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\mqbkup.exe
    .
    Infected copy of c:\windows\system32\mqsvc.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\mqsvc.exe
    .
    Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\msgsvc.dll
    .
    Infected copy of c:\windows\system32\mqbkup.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\mqbkup.exe
    .
    Infected copy of c:\windows\system32\mqsvc.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\mqsvc.exe
    .
    Infected copy of c:\windows\system32\mqtgsvc.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\mqtgsvc.exe
    .
    --------
    .
    Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\msgsvc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_DefaultTabUpdate
    -------\Legacy_DefaultTabUpdate
    -------\Service_DefaultTabUpdate
    -------\Service_DefaultTabUpdate
    .
    .
    ((((((((((((((((((((((((( Files Created from 1979-12-05 to 1980-01-05 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-01 09:01 . 2013-02-01 09:02 -------- d-----w- C:\6b1fa9f1df1ce269e10a278f
    2012-08-20 23:10 . 2012-08-20 22:34 -------- d-----w- C:\Romsandemulators
    2012-08-20 22:49 . 2012-08-20 22:49 -------- d-----w- C:\Westwood
    2012-08-03 06:35 . 2012-10-07 05:39 -------- d-----w- C:\Nexon
    2012-06-13 23:23 . 2012-06-02 04:33 -------- d-----w- C:\Application Files
    2012-06-13 08:37 . 2012-06-13 08:37 -------- d-----w- C:\ZomPirate's RotMG DPS Calculator v(1.0)
    2012-05-01 20:57 . 2012-05-01 20:57 450 ----a-w- C:\user.js
    2011-01-10 14:09 . 2011-01-10 14:14 -------- d-sh--w- C:\System Recovery
    2011-01-07 21:54 . 2011-01-07 21:54 -------- d-----w- C:\Demo Album
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-14 14:31 . 2004-08-04 07:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2009-11-21 15:51 . 2004-08-04 07:56 471552 ----a-w- c:\windows\apppatch\aclayers.dll
    2008-04-14 00:12 . 2004-08-04 07:56 150528 -c--a-w- c:\windows\pchealth\UploadLB\Binaries\uploadm.exe
    2008-04-14 00:12 . 2004-08-04 07:56 169984 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
    2008-04-14 00:12 . 2004-08-04 07:56 18432 -c--a-w- c:\windows\pchealth\helpctr\binaries\hscupd.exe
    2008-04-14 00:12 . 2004-08-04 07:56 769024 -c--a-w- c:\windows\pchealth\helpctr\binaries\helpctr.exe
    2008-04-14 00:12 . 2004-08-04 07:56 279040 -c--a-w- c:\windows\help\tshoot.dll
    2008-04-14 00:12 . 2004-08-04 07:56 726078 ----a-w- c:\windows\srchasst\srchui.dll
    2008-04-14 00:12 . 2004-08-04 07:56 33280 -c--a-w- c:\windows\help\sstub.dll
    2008-04-14 00:12 . 2004-08-04 07:56 58434 ----a-w- c:\windows\srchasst\srchctls.dll
    2008-04-14 00:12 . 2004-08-04 07:56 34816 -c--a-w- c:\windows\help\sniffpol.dll
    2008-04-14 00:12 . 2004-08-04 07:56 38400 ----a-w- c:\windows\pchealth\helpctr\binaries\pchsvc.dll
    2008-04-14 00:12 . 2004-08-04 07:56 102912 ----a-w- c:\windows\pchealth\helpctr\binaries\pchshell.dll
    2008-04-14 00:11 . 2004-08-04 07:56 376832 ----a-w- c:\windows\pchealth\helpctr\binaries\msinfo.dll
    2008-04-14 00:11 . 2004-08-04 07:56 3166208 -c--a-w- c:\windows\srchasst\msgr3en.dll
    2008-04-14 00:11 . 2008-04-14 00:11 39424 ------w- c:\windows\apppatch\acadproc.dll
    2008-04-14 00:11 . 2004-08-04 07:56 245248 ----a-w- c:\windows\apppatch\acspecfc.dll
    2008-04-14 00:11 . 2004-08-04 07:56 1852928 ----a-w- c:\windows\apppatch\acgenral.dll
    2008-04-14 00:11 . 2004-08-04 07:56 141312 ----a-w- c:\windows\apppatch\aclua.dll
    2008-04-14 00:11 . 2004-08-04 07:56 116224 ----a-w- c:\windows\apppatch\acxtrnal.dll
    2004-08-04 15:00 . 2004-08-04 15:00 3374640 -c--a-w- c:\windows\help\Tours\mmTour\tour.exe
    2002-11-25 16:02 . 2011-01-06 20:35 45056 -c--a-w- c:\windows\security\templates\SecureUP.exe
    2001-08-18 05:36 . 2001-08-18 05:36 35328 -c--a-w- c:\windows\pchealth\helpctr\binaries\notiflag.exe
    2001-08-18 05:36 . 2001-08-18 05:36 99840 -c--a-w- c:\windows\pchealth\helpctr\binaries\HelpHost.exe
    2001-08-18 05:36 . 2001-08-18 05:36 21504 -c--a-w- c:\windows\pchealth\helpctr\binaries\brpinfo.dll
    2001-08-18 05:36 . 2001-08-18 05:36 152576 -c--a-w- c:\windows\help\bnts.dll
    2001-08-18 05:34 . 2001-08-18 05:34 6656 ----a-w- c:\windows\pchealth\helpctr\binaries\HCAppRes.dll
    2013-03-08 01:57 . 2013-03-08 01:57 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
    2013-01-28 21:54 281760 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2013-03-07 21:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2013-03-07 21:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2013-03-07 21:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2013-03-07 21:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
    "GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-03-07 19357112]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
    "RTHDCPL"="RTHDCPL.EXE" [2005-03-08 13924864]
    "PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-10-04 86016]
    "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2005-03-07 276480]
    "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
    "Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
    "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2012-12-11 646744]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\SMINST\\Scheduler.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Starcraft\\StarCraft.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Westwood\\RA2\\game.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "56433:TCP"= 56433:TCP:pando Media Booster
    "56433:UDP"= 56433:UDP:pando Media Booster
    .
    R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [5/15/2012 5:20 PM 24408]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/20/2012 10:56 AM 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/20/2012 10:56 AM 361032]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/20/2012 10:56 AM 21256]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/2/2012 6:25 AM 398184]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/2/2012 6:25 AM 682344]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [1/6/2011 2:35 PM 476160]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [1/31/2013 10:38 AM 3289208]
    R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [6/18/2012 9:56 PM 5554552]
    R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [6/18/2012 9:57 PM 451960]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/2/2012 6:25 AM 21104]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [6/18/2012 9:56 PM 10752]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-03-17 06:20 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 00:15]
    .
    2013-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
    .
    1980-01-05 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-05 23:50]
    .
    1980-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-03-17 05:47]
    .
    2013-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-03-17 05:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.hp.com
    IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
    IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?q={searchTerms}&s_it=adknowledgeaol-ff&s_qt=sb&tb_uuid=20130312140407004&tb_oid=12-03-2013&tb_mrud=13-03-2013
    FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?mtmhp=hyplogusaolp00000023
    FF - prefs.js: keyword.URL -
    FF - ExtSQL: 2012-02-03 14:34; getsavin@jetpack; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\extensions\getsavin@jetpack
    FF - ExtSQL: 2012-04-20 11:33; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2012-04-20 11:55; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
    FF - ExtSQL: 2012-05-26 18:10; uss-button@uploadscreenshot.com; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\extensions\uss-button@uploadscreenshot.com.xpi
    FF - ExtSQL: 2012-11-26 20:02; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - ExtSQL: 2013-01-30 19:56; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
    FF - ExtSQL: 2013-02-01 03:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - ExtSQL: 2013-03-12 14:07; addon@defaulttab.com; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\extensions\addon@defaulttab.com.xpi
    FF - ExtSQL: 1969-12-31 18:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8rCBQose&loc=IB_TB&I=26&search=
    FF - user.js: extensions.incredibar_i.id - e02019e70000000000000019bb59d86f
    FF - user.js: extensions.incredibar_i.instlDay - 15461
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:57
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6R8rCBQose
    FF - user.js: extensions.incredibar_i.upn2n - 92824286769050342
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10643
    FF - user.js: extensions.incredibar_i.ppd - 453
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-DefaultTab - c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 1980-01-05 12:33
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
    "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1729661835-2752105153-558919806-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,b5,9a,ab,fa,7d,ca,4e,85,62,69,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,b5,9a,ab,fa,7d,ca,4e,85,62,69,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2136)
    c:\windows\system32\WININET.dll
    c:\program files\Google\Drive\googledrivesync32.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\jscript.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Java\jre7\bin\jqs.exe
    c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    c:\program files\Tablet\Pen\Pen_TouchUser.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files\Tablet\Pen\Pen_TabletUser.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    .
    **************************************************************************
    .
    Completion time: 1980-01-05 12:38:42 - machine was rebooted
    ComboFix-quarantined-files.txt 1980-01-05 18:38
    .
    Pre-Run: 34,780,811,264 bytes free
    Post-Run: 34,714,136,576 bytes free
    .
    - - End Of File - - A227DC381C716AEA4AB127F2B159B517
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.
    .

    RogueKiller Scan

    • Download RogueKiller from the following link and save it on your desktop:
      TechSpot
      Official Site (alternative)
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.


    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    Sometimes these logs can be very large, in that case please attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
     
  12. zuuzuu

    zuuzuu Newcomer, in training Topic Starter

    ADWCLEANER log:

    # AdwCleaner v2.115 - Logfile created 01/06/1980 at 10:07:37
    # Updated 17/03/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Administrator - HP29169229266
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\extensions\addon@defaulttab.com.xpi
    File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\searchplugins\MyStart Search.xml
    File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\searchplugins\search-here.xml
    File Deleted : C:\END
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\user.js
    Folder Deleted : C:\Documents and Settings\Administrator\Application Data\DefaultTab
    Folder Deleted : C:\Documents and Settings\Administrator\Application Data\dvdvideosoftiehelpers
    Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\getsavin
    Folder Deleted : C:\Program Files\Common Files\Software Update Utility

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Default Tab
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\Software\Default Tab
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v19.0.2 (en-US)

    File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\prefs.js

    C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y8rnjkuy.default\user.js ... Deleted !

    Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;e[...]
    Deleted : user_pref("aol_toolbar.cookie.homepage", "");
    Deleted : user_pref("aol_toolbar.cookie.search", "");
    Deleted : user_pref("aol_toolbar.curtain.congrats", "curtain");
    Deleted : user_pref("aol_toolbar.default.homepage.check", false);
    Deleted : user_pref("aol_toolbar.default.homepage.protection", true);
    Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000023");
    Deleted : user_pref("aol_toolbar.default.search.check", false);
    Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search");
    Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_i[...]
    Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
    Deleted : user_pref("aol_toolbar.guid", "{294B31D3-624E-65A7-7CDC-9D1F66DD2EFC}");
    Deleted : user_pref("aol_toolbar.homepageprotection.enabled", true);
    Deleted : user_pref("aol_toolbar.install.distroid", "aol");
    Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}");
    Deleted : user_pref("aol_toolbar.install.homepage.label", "AOL.com");
    Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9333");
    Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
    Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000023");
    Deleted : user_pref("aol_toolbar.install.ncid", "");
    Deleted : user_pref("aol_toolbar.metrics.activestampdate", "19");
    Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "2");
    Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2013");
    Deleted : user_pref("aol_toolbar.metrics.log", false);
    Deleted : user_pref("aol_toolbar.metrics.originalDate", "12");
    Deleted : user_pref("aol_toolbar.metrics.originalHours", "5");
    Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
    Deleted : user_pref("aol_toolbar.metrics.originalMonth", "3");
    Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
    Deleted : user_pref("aol_toolbar.metrics.originalYear", "2013");
    Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
    Deleted : user_pref("aol_toolbar.remote.publish.xml", "316022784573");
    Deleted : user_pref("aol_toolbar.reset.flag", "3");
    Deleted : user_pref("aol_toolbar.reset.style", "A");
    Deleted : user_pref("aol_toolbar.resetprompt.daily.num", "1");
    Deleted : user_pref("aol_toolbar.resetprompt.daily.timestamp", "Wed Mar 13 2013 16:24:07 GMT-0500 (Central Day[...]
    Deleted : user_pref("aol_toolbar.resetprompt.display.limit", "8");
    Deleted : user_pref("aol_toolbar.rtw.active", false);
    Deleted : user_pref("aol_toolbar.search.button", true);
    Deleted : user_pref("aol_toolbar.search.cid", "13-03-2013");
    Deleted : user_pref("aol_toolbar.search.instd", "20130312140407004");
    Deleted : user_pref("aol_toolbar.search.oid", "12-03-2013");
    Deleted : user_pref("aol_toolbar.search.placement", "right");
    Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
    Deleted : user_pref("aol_toolbar.search.savehistory", false);
    Deleted : user_pref("aol_toolbar.search.searchtype", "web");
    Deleted : user_pref("aol_toolbar.search.source", "adknowledgeaol-ff");
    Deleted : user_pref("aol_toolbar.searchengine.label", "AOL Search");
    Deleted : user_pref("aol_toolbar.searchprotection.enabled", true);
    Deleted : user_pref("aol_toolbar.skin.custom", false);
    Deleted : user_pref("aol_toolbar.surf.date", "2676");
    Deleted : user_pref("aol_toolbar.surf.lastDate", "19");
    Deleted : user_pref("aol_toolbar.surf.lastMonth", "2");
    Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
    Deleted : user_pref("aol_toolbar.surf.month", "3626");
    Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
    Deleted : user_pref("aol_toolbar.surf.total", "3633");
    Deleted : user_pref("aol_toolbar.surf.week", "2918");
    Deleted : user_pref("aol_toolbar.surf.year", "3626");
    Deleted : user_pref("aol_toolbar.ticker.active", false);
    Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
    Deleted : user_pref("aol_toolbar.weather.degc", "28");
    Deleted : user_pref("aol_toolbar.weather.degf", "82");
    Deleted : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/30.png");
    Deleted : user_pref("aol_toolbar.weather.locationid", "USFL0228");
    Deleted : user_pref("aol_toolbar.weather.metric", true);
    Deleted : user_pref("aol_toolbar.weather.tooltip", "Jacksonville , FL : Partly Cloudy");
    Deleted : user_pref("aol_toolbar.weather.update", "316022784613");
    Deleted : user_pref("aol_toolbar.winamp.volume", "");
    Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=adk[...]
    Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
    Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
    Deleted : user_pref("extensions.incredibar_i.did", "10643");
    Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
    Deleted : user_pref("extensions.incredibar_i.id", "e02019e70000000000000019bb59d86f");
    Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
    Deleted : user_pref("extensions.incredibar_i.instlDay", "15461");
    Deleted : user_pref("extensions.incredibar_i.instlRef", "");
    Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
    Deleted : user_pref("extensions.incredibar_i.newTab", false);
    Deleted : user_pref("extensions.incredibar_i.ppd", "453");
    Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
    Deleted : user_pref("extensions.incredibar_i.productid", "26");
    Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
    Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
    Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
    Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8rCBQose&loc=IB[...]
    Deleted : user_pref("extensions.incredibar_i.upn2", "6R8rCBQose");
    Deleted : user_pref("extensions.incredibar_i.upn2n", "92824286769050342");
    Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
    Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:57:53");
    Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

    -\\ Google Chrome v25.0.1364.172

    File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [10249 octets] - [06/01/1980 10:07:37]

    ########## EOF - C:\AdwCleaner[S1].txt - [10310 octets] ##########
  13. zuuzuu

    zuuzuu Newcomer, in training Topic Starter

    JRT log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.7.3 (03.23.2013:1)
    OS: Microsoft Windows XP x86
    Ran by Administrator on Sun 01/06/1980 at 10:16:01.23
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\y8rnjkuy.default\extensions\getsavin@jetpack
    Successfully deleted: [Folder] C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\y8rnjkuy.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
    Successfully deleted the following from C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\y8rnjkuy.default\prefs.js

    user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;ebay_46278;wikipedia_46497;yahoo_mail_46508;netflix_46519;radio_46530;share_
    user_pref("aol_toolbar.curtain.congrats", "curtain");
    user_pref("aol_toolbar.firsttime.showwindow", false);
    user_pref("aol_toolbar.guid", "{DA4CE219-73E1-3484-F8E4-DB3218315DD2}");
    user_pref("aol_toolbar.homepageprotection.enabled", true);
    user_pref("aol_toolbar.install.distroid", "aol");
    user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9333");
    user_pref("aol_toolbar.install.lid", "hyplognew00000010");
    user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000023");
    user_pref("aol_toolbar.install.ncid", "");
    user_pref("aol_toolbar.metrics.activestampdate", "6");
    user_pref("aol_toolbar.metrics.activestampmonth", "0");
    user_pref("aol_toolbar.metrics.activestampyear", "1980");
    user_pref("aol_toolbar.metrics.log", false);
    user_pref("aol_toolbar.metrics.originalDate", "24");
    user_pref("aol_toolbar.metrics.originalHours", "5");
    user_pref("aol_toolbar.metrics.originalMinutes", "0");
    user_pref("aol_toolbar.metrics.originalMonth", "3");
    user_pref("aol_toolbar.metrics.originalSeconds", "0");
    user_pref("aol_toolbar.metrics.originalYear", "2013");
    user_pref("aol_toolbar.relatednews.enabled", false);
    user_pref("aol_toolbar.remote.publish.xml", "316023152412");
    user_pref("aol_toolbar.rtw.active", false);
    user_pref("aol_toolbar.search.button", true);
    user_pref("aol_toolbar.search.cid", "24-03-2013");
    user_pref("aol_toolbar.search.instd", "20130312140407004");
    user_pref("aol_toolbar.search.oid", "24-03-2013");
    user_pref("aol_toolbar.search.placement", "right");
    user_pref("aol_toolbar.search.populateoncomplete", false);
    user_pref("aol_toolbar.search.savehistory", false);
    user_pref("aol_toolbar.search.searchtype", "web");
    user_pref("aol_toolbar.search.source", "adknowledgeaol-ff");
    user_pref("aol_toolbar.searchprotection.enabled", true);
    user_pref("aol_toolbar.skin.custom", false);
    user_pref("aol_toolbar.surf.date", "6");
    user_pref("aol_toolbar.surf.lastDate", "6");
    user_pref("aol_toolbar.surf.lastMonth", "0");
    user_pref("aol_toolbar.surf.lastYear", "1980");
    user_pref("aol_toolbar.surf.month", "6");
    user_pref("aol_toolbar.surf.prevMonth", "0");
    user_pref("aol_toolbar.surf.total", "6");
    user_pref("aol_toolbar.surf.week", "6");
    user_pref("aol_toolbar.surf.year", "6");
    user_pref("aol_toolbar.ticker.active", false);
    user_pref("aol_toolbar.upgrade.showwindow", false);
    user_pref("aol_toolbar.weather.degc", "7");
    user_pref("aol_toolbar.weather.degf", "44");
    user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/34.png");
    user_pref("aol_toolbar.weather.locationid", "USNY0996");
    user_pref("aol_toolbar.weather.metric", true);
    user_pref("aol_toolbar.weather.tooltip", "New York , NY : Mostly Sunny");
    user_pref("aol_toolbar.weather.update", "316023156153");
    user_pref("browser.newtabpage.blocked", "{\"uhrhSQECNoKMOujqtYIXdA==\":1,\"n9VfjC+uuMhHw3hUZsfvXg==\":1,\"wgSFhS28nVLITTuTS9xmzw==\":1,\"S22U0beSeFxAI8rUao4siw==\":1,\"lphV8YD
    user_pref("extensions.defaulttab.lastUsed", 1363116098);
    Emptied folder: C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\y8rnjkuy.default\minidumps [6 files]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 01/06/1980 at 10:24:58.59
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  14. zuuzuu

    zuuzuu Newcomer, in training Topic Starter

    RogueKiller 1 log:

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Administrator [Admin rights]
    Mode : Scan -- Date : 01/06/1980 10:31:50
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG HD080HJ +++++
    --- User ---
    [MBR] a32c2e8bb236ee5969c341a8680341fe
    [BSP] 98d9bf641bb608ca1554a0ae67f99fba : MBR Code unknown
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 55999 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 114688035 | Size: 20285 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_01061980_02d1031.txt >>
    RKreport[1]_S_01061980_02d1031.txt
  15. zuuzuu

    zuuzuu Newcomer, in training Topic Starter

    RogueKiller 2 log:

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Administrator [Admin rights]
    Mode : Remove -- Date : 01/06/1980 10:32:26
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG HD080HJ +++++
    --- User ---
    [MBR] a32c2e8bb236ee5969c341a8680341fe
    [BSP] 98d9bf641bb608ca1554a0ae67f99fba : MBR Code unknown
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 55999 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 114688035 | Size: 20285 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_01061980_02d1032.txt >>
    RKreport[1]_S_01061980_02d1031.txt ; RKreport[2]_D_01061980_02d1032.txt
  16. zuuzuu

    zuuzuu Newcomer, in training Topic Starter

    RogueKiller 3 log:

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Administrator [Admin rights]
    Mode : Shortcuts HJfix -- Date : 01/06/1980 10:33:13
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 0 / Fail 0
    Quick launch: Success 0 / Fail 0
    Programs: Success 4 / Fail 0
    Start menu: Success 0 / Fail 0
    User folder: Success 78 / Fail 0
    My documents: Success 2 / Fail 2
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 0 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 119 / Fail 0
    Backup: [NOT FOUND]

    Drives:
    [C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
    [D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
    [E:] \Device\CdRom0 -- 0x5 --> Skipped

    Finished : << RKreport[3]_SC_01061980_02d1033.txt >>
    RKreport[1]_S_01061980_02d1031.txt ; RKreport[2]_D_01061980_02d1032.txt ; RKreport[3]_SC_01061980_02d1033.txt
  17. zuuzuu

    zuuzuu Newcomer, in training Topic Starter

    Two notes concerning TDSS. First, several threats were detected but I saw no option to cure. I skipped them and continued as you wrote to do. Also in the Change Parameters section under Objects To Scan there was something called Loaded Modules that was unchecked by default and so I left it unchecked. I'm not sure if this is important or not but I wanted to let you know. Here is the log I found:

    10:41:34.0531 1840 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    10:41:34.0968 1840 ============================================================
    10:41:34.0968 1840 Current date / time: 1980/01/06 10:41:34.0968
    10:41:34.0968 1840 SystemInfo:
    10:41:34.0968 1840
    10:41:34.0968 1840 OS Version: 5.1.2600 ServicePack: 3.0
    10:41:34.0968 1840 Product type: Workstation
    10:41:34.0968 1840 ComputerName: HP29169229266
    10:41:34.0968 1840 UserName: Administrator
    10:41:34.0968 1840 Windows directory: C:\WINDOWS
    10:41:34.0968 1840 System windows directory: C:\WINDOWS
    10:41:34.0968 1840 Processor architecture: Intel x86
    10:41:34.0968 1840 Number of processors: 2
    10:41:34.0968 1840 Page size: 0x1000
    10:41:34.0968 1840 Boot type: Normal boot
    10:41:34.0968 1840 ============================================================
    10:41:36.0218 1840 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    10:41:36.0218 1840 ============================================================
    10:41:36.0218 1840 \Device\Harddisk0\DR0:
    10:41:36.0218 1840 MBR partitions:
    10:41:36.0218 1840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6D5FFE4
    10:41:36.0218 1840 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6D60023, BlocksNum 0x279E99A
    10:41:36.0218 1840 ============================================================
    10:41:36.0250 1840 C: <-> \Device\Harddisk0\DR0\Partition1
    10:41:36.0281 1840 D: <-> \Device\Harddisk0\DR0\Partition2
    10:41:36.0281 1840 ============================================================
    10:41:36.0281 1840 Initialize success
    10:41:36.0281 1840 ============================================================
    10:42:11.0968 1648 ============================================================
    10:42:11.0968 1648 Scan started
    10:42:11.0968 1648 Mode: Manual; SigCheck; TDLFS;
    10:42:11.0968 1648 ============================================================
    10:42:12.0250 1648 ================ Scan system memory ========================
    10:42:12.0265 1648 System memory - ok
    10:42:12.0265 1648 ================ Scan services =============================
    10:42:12.0421 1648 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
    10:42:13.0265 1648 Aavmker4 - ok
    10:42:13.0265 1648 Abiosdsk - ok
    10:42:13.0281 1648 abp480n5 - ok
    10:42:13.0296 1648 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
    10:42:14.0406 1648 ac97intc - ok
    10:42:14.0453 1648 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    10:42:14.0671 1648 ACPI - ok
    10:42:14.0671 1648 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    10:42:14.0812 1648 ACPIEC - ok
    10:42:14.0875 1648 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    10:42:14.0906 1648 AdobeFlashPlayerUpdateSvc - ok
    10:42:14.0937 1648 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    10:42:15.0078 1648 adpu160m - ok
    10:42:15.0093 1648 [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
    10:42:15.0109 1648 adpu320 ( UnsignedFile.Multi.Generic ) - warning
    10:42:15.0109 1648 adpu320 - detected UnsignedFile.Multi.Generic (1)
    10:42:15.0125 1648 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    10:42:15.0265 1648 aec - ok
    10:42:15.0312 1648 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    10:42:15.0359 1648 AFD - ok
    10:42:15.0359 1648 Aha154x - ok
    10:42:15.0375 1648 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    10:42:15.0515 1648 aic78u2 - ok
    10:42:15.0531 1648 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    10:42:15.0671 1648 aic78xx - ok
    10:42:15.0718 1648 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    10:42:15.0859 1648 Alerter - ok
    10:42:15.0875 1648 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    10:42:16.0015 1648 ALG - ok
    10:42:16.0015 1648 AliIde - ok
    10:42:16.0015 1648 amsint - ok
    10:42:16.0156 1648 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    10:42:16.0171 1648 Apple Mobile Device - ok
    10:42:16.0203 1648 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    10:42:16.0343 1648 AppMgmt - ok
    10:42:16.0343 1648 asc - ok
    10:42:16.0359 1648 asc3350p - ok
    10:42:16.0359 1648 asc3550 - ok
    10:42:16.0468 1648 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    10:42:16.0500 1648 aspnet_state - ok
    10:42:16.0531 1648 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
    10:42:16.0890 1648 aswFsBlk - ok
    10:42:16.0937 1648 [ 81E695913FEFD4E23360A69C0F151797 ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
    10:42:17.0296 1648 aswKbd - ok
    10:42:17.0312 1648 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
    10:42:17.0671 1648 aswMon2 - ok
    10:42:17.0687 1648 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
    10:42:18.0046 1648 AswRdr - ok
    10:42:18.0078 1648 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
    10:42:18.0453 1648 aswSnx - ok
    10:42:18.0484 1648 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
    10:42:18.0843 1648 aswSP - ok
    10:42:18.0875 1648 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
    10:42:19.0234 1648 aswTdi - ok
    10:42:19.0265 1648 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    10:42:19.0406 1648 AsyncMac - ok
    10:42:19.0421 1648 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    10:42:19.0546 1648 atapi - ok
    10:42:19.0562 1648 Atdisk - ok
    10:42:19.0578 1648 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    10:42:19.0718 1648 Atmarpc - ok
    10:42:19.0765 1648 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    10:42:19.0906 1648 AudioSrv - ok
    10:42:19.0906 1648 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    10:42:20.0031 1648 audstub - ok
    10:42:20.0093 1648 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    10:42:20.0468 1648 avast! Antivirus - ok
    10:42:20.0468 1648 avast! Firewall - ok
    10:42:20.0484 1648 [ 48BF91CFFBCDD12A710207F2A08FEC4D ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    10:42:20.0531 1648 b57w2k - ok
    10:42:20.0562 1648 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    10:42:20.0750 1648 Beep - ok
    10:42:20.0796 1648 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    10:42:21.0000 1648 BITS - ok
    10:42:21.0031 1648 [ 7F72473390FEEE312A66AF045C8EF0F6 ] Blfp C:\WINDOWS\system32\DRIVERS\baspxp32.sys
    10:42:21.0078 1648 Blfp - ok
    10:42:21.0109 1648 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    10:42:21.0171 1648 Browser - ok
    10:42:21.0171 1648 catchme - ok
    10:42:21.0187 1648 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    10:42:21.0343 1648 cbidf2k - ok
    10:42:21.0343 1648 cd20xrnt - ok
    10:42:21.0343 1648 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    10:42:21.0484 1648 Cdaudio - ok
    10:42:21.0515 1648 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    10:42:21.0640 1648 Cdfs - ok
    10:42:21.0656 1648 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    10:42:21.0796 1648 Cdrom - ok
    10:42:21.0812 1648 Changer - ok
    10:42:21.0828 1648 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    10:42:21.0984 1648 CiSvc - ok
    10:42:22.0000 1648 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    10:42:22.0140 1648 ClipSrv - ok
    10:42:22.0203 1648 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    10:42:22.0234 1648 clr_optimization_v2.0.50727_32 - ok
    10:42:22.0265 1648 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    10:42:22.0406 1648 clr_optimization_v4.0.30319_32 - ok
    10:42:22.0406 1648 CmdIde - ok
    10:42:22.0421 1648 COMSysApp - ok
    10:42:22.0421 1648 Cpqarray - ok
    10:42:22.0468 1648 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    10:42:22.0640 1648 CryptSvc - ok
    10:42:22.0640 1648 dac2w2k - ok
    10:42:22.0656 1648 dac960nt - ok
    10:42:22.0687 1648 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    10:42:22.0796 1648 DcomLaunch - ok
    10:42:22.0828 1648 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    10:42:22.0953 1648 Dhcp - ok
    10:42:22.0984 1648 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    10:42:23.0125 1648 Disk - ok
    10:42:23.0125 1648 dmadmin - ok
    10:42:23.0156 1648 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    10:42:23.0343 1648 dmboot - ok
    10:42:23.0343 1648 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    10:42:23.0484 1648 dmio - ok
    10:42:23.0500 1648 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    10:42:23.0640 1648 dmload - ok
    10:42:23.0656 1648 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    10:42:23.0781 1648 dmserver - ok
    10:42:23.0796 1648 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    10:42:23.0937 1648 DMusic - ok
    10:42:23.0968 1648 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    10:42:24.0046 1648 Dnscache - ok
    10:42:24.0093 1648 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    10:42:24.0218 1648 Dot3svc - ok
    10:42:24.0250 1648 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    10:42:24.0390 1648 dpti2o - ok
    10:42:24.0390 1648 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    10:42:24.0531 1648 drmkaud - ok
    10:42:24.0546 1648 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
    10:42:24.0703 1648 E100B - ok
    10:42:24.0718 1648 EagleXNt - ok
    10:42:24.0750 1648 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    10:42:24.0906 1648 EapHost - ok
    10:42:24.0937 1648 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    10:42:25.0093 1648 ERSvc - ok
    10:42:25.0140 1648 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    10:42:25.0218 1648 Eventlog - ok
    10:42:25.0234 1648 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    10:42:25.0281 1648 EventSystem - ok
    10:42:25.0296 1648 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    10:42:25.0468 1648 Fastfat - ok
    10:42:25.0500 1648 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    10:42:25.0546 1648 FastUserSwitchingCompatibility - ok
    10:42:25.0562 1648 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    10:42:25.0687 1648 Fdc - ok
    10:42:25.0718 1648 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    10:42:25.0843 1648 Fips - ok
    10:42:25.0875 1648 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    10:42:26.0015 1648 Flpydisk - ok
    10:42:26.0031 1648 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    10:42:26.0171 1648 FltMgr - ok
    10:42:26.0234 1648 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    10:42:26.0250 1648 FontCache3.0.0.0 - ok
    10:42:26.0265 1648 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    10:42:26.0390 1648 Fs_Rec - ok
    10:42:26.0406 1648 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    10:42:26.0546 1648 Ftdisk - ok
    10:42:26.0578 1648 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    10:42:26.0593 1648 GEARAspiWDM - ok
    10:42:26.0625 1648 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    10:42:26.0781 1648 Gpc - ok
    10:42:26.0859 1648 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    10:42:26.0890 1648 gupdate - ok
    10:42:26.0890 1648 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    10:42:26.0921 1648 gupdatem - ok
    10:42:26.0953 1648 [ 2A013E7530BEAB6E569FAA83F517E836 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
    10:42:27.0015 1648 HdAudAddService - ok
    10:42:27.0031 1648 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    10:42:27.0203 1648 HDAudBus - ok
    10:42:27.0281 1648 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    10:42:27.0406 1648 helpsvc - ok
    10:42:27.0421 1648 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    10:42:27.0562 1648 HidServ - ok
    10:42:27.0593 1648 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    10:42:27.0718 1648 HidUsb - ok
    10:42:27.0750 1648 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    10:42:27.0890 1648 hkmsvc - ok
    10:42:27.0890 1648 hpn - ok
    10:42:27.0921 1648 [ 85DD9EDBB1A035BA9B0E9FCC70624990 ] hpqwmi C:\Program Files\HPQ\Shared\hpqwmi.exe
    10:42:27.0953 1648 hpqwmi ( UnsignedFile.Multi.Generic ) - warning
    10:42:27.0953 1648 hpqwmi - detected UnsignedFile.Multi.Generic (1)
    10:42:27.0984 1648 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    10:42:28.0046 1648 HTTP - ok
    10:42:28.0062 1648 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    10:42:28.0234 1648 HTTPFilter - ok
    10:42:28.0234 1648 i2omgmt - ok
    10:42:28.0234 1648 i2omp - ok
    10:42:28.0265 1648 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    10:42:28.0406 1648 i8042prt - ok
    10:42:28.0437 1648 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
    10:42:28.0593 1648 i81x - ok
    10:42:28.0625 1648 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
    10:42:28.0781 1648 iAimFP0 - ok
    10:42:28.0796 1648 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
    10:42:28.0937 1648 iAimFP1 - ok
    10:42:28.0953 1648 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
    10:42:29.0093 1648 iAimFP2 - ok
    10:42:29.0125 1648 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
    10:42:29.0281 1648 iAimFP3 - ok
    10:42:29.0296 1648 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
    10:42:29.0453 1648 iAimFP4 - ok
    10:42:29.0453 1648 [ 0308AEF61941E4AF478FA1A0F83812F5 ] iAimFP5 C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
    10:42:29.0578 1648 iAimFP5 - ok
    10:42:29.0593 1648 [ 714038A8AA5DE08E12062202CD7EAEB5 ] iAimFP6 C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
    10:42:29.0718 1648 iAimFP6 - ok
    10:42:29.0734 1648 [ 7BB3AA595E4507A788DE1CDC63F4C8C4 ] iAimFP7 C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
    10:42:29.0859 1648 iAimFP7 - ok
    10:42:29.0875 1648 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
    10:42:30.0000 1648 iAimTV0 - ok
    10:42:30.0015 1648 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
    10:42:30.0125 1648 iAimTV1 - ok
    10:42:30.0140 1648 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
    10:42:30.0250 1648 iAimTV3 - ok
    10:42:30.0265 1648 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
    10:42:30.0390 1648 iAimTV4 - ok
    10:42:30.0390 1648 [ 791CC45DE6E50445BE72E8AD6401FF45 ] iAimTV5 C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
    10:42:30.0515 1648 iAimTV5 - ok
    10:42:30.0531 1648 [ 352FA0E98BC461CE1CE5D41F64DB558D ] iAimTV6 C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
    10:42:30.0640 1648 iAimTV6 - ok
    10:42:30.0703 1648 [ 0294A30B302CA71A2C26E582DDA93486 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    10:42:30.0750 1648 ialm - ok
    10:42:30.0828 1648 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    10:42:30.0859 1648 idsvc - ok
    10:42:30.0890 1648 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    10:42:31.0031 1648 Imapi - ok
    10:42:31.0062 1648 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    10:42:31.0203 1648 ImapiService - ok
    10:42:31.0218 1648 ini910u - ok
    10:42:31.0328 1648 [ 38E36FD56F8CB7E8B9802531365856A4 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    10:42:31.0453 1648 IntcAzAudAddService - ok
    10:42:31.0468 1648 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    10:42:31.0640 1648 IntelIde - ok
    10:42:31.0656 1648 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    10:42:31.0796 1648 intelppm - ok
    10:42:31.0828 1648 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    10:42:31.0968 1648 Ip6Fw - ok
    10:42:31.0984 1648 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    10:42:32.0109 1648 IpFilterDriver - ok
    10:42:32.0125 1648 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    10:42:32.0265 1648 IpInIp - ok
    10:42:32.0281 1648 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    10:42:32.0421 1648 IpNat - ok
    10:42:32.0484 1648 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    10:42:32.0515 1648 iPod Service - ok
    10:42:32.0546 1648 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    10:42:32.0671 1648 IPSec - ok
    10:42:32.0687 1648 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    10:42:32.0812 1648 IRENUM - ok
    10:42:32.0843 1648 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    10:42:32.0968 1648 isapnp - ok
    10:42:33.0062 1648 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    10:42:33.0078 1648 JavaQuickStarterService - ok
    10:42:33.0093 1648 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    10:42:33.0218 1648 Kbdclass - ok
    10:42:33.0234 1648 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    10:42:33.0359 1648 kbdhid - ok
    10:42:33.0375 1648 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    10:42:33.0515 1648 kmixer - ok
    10:42:33.0515 1648 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    10:42:33.0578 1648 KSecDD - ok
    10:42:33.0593 1648 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    10:42:33.0656 1648 lanmanserver - ok
    10:42:33.0687 1648 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    10:42:33.0734 1648 lanmanworkstation - ok
    10:42:33.0734 1648 lbrtfdc - ok
    10:42:33.0765 1648 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    10:42:33.0890 1648 LmHosts - ok
    10:42:33.0937 1648 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    10:42:35.0406 1648 MBAMProtector ( UnsignedFile.Multi.Generic ) - warning
    10:42:35.0406 1648 MBAMProtector - detected UnsignedFile.Multi.Generic (1)
    10:42:35.0453 1648 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    10:42:36.0593 1648 MBAMScheduler ( UnsignedFile.Multi.Generic ) - warning
    10:42:36.0593 1648 MBAMScheduler - detected UnsignedFile.Multi.Generic (1)
    10:42:36.0625 1648 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    10:42:37.0765 1648 MBAMService ( UnsignedFile.Multi.Generic ) - warning
    10:42:37.0765 1648 MBAMService - detected UnsignedFile.Multi.Generic (1)
    10:42:37.0812 1648 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    10:42:38.0000 1648 Messenger - ok
    10:42:38.0031 1648 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    10:42:38.0156 1648 mnmdd - ok
    10:42:38.0187 1648 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    10:42:38.0328 1648 mnmsrvc - ok
    10:42:38.0343 1648 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    10:42:38.0484 1648 Modem - ok
    10:42:38.0531 1648 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    10:42:38.0640 1648 Mouclass - ok
    10:42:38.0671 1648 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    10:42:38.0812 1648 mouhid - ok
    10:42:38.0843 1648 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    10:42:38.0984 1648 MountMgr - ok
    10:42:39.0031 1648 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    10:42:39.0046 1648 MozillaMaintenance - ok
    10:42:39.0062 1648 mraid35x - ok
    10:42:39.0062 1648 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    10:42:39.0203 1648 MRxDAV - ok
    10:42:39.0250 1648 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    10:42:39.0312 1648 MRxSmb - ok
    10:42:39.0359 1648 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    10:42:39.0500 1648 MSDTC - ok
    10:42:39.0515 1648 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    10:42:39.0625 1648 Msfs - ok
    10:42:39.0640 1648 MSIServer - ok
    10:42:39.0656 1648 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    10:42:39.0781 1648 MSKSSRV - ok
    10:42:39.0796 1648 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    10:42:39.0921 1648 MSPCLOCK - ok
    10:42:39.0937 1648 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    10:42:40.0062 1648 MSPQM - ok
    10:42:40.0078 1648 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    10:42:40.0203 1648 mssmbios - ok
    10:42:40.0234 1648 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    10:42:40.0250 1648 Mup - ok
    10:42:40.0312 1648 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    10:42:40.0453 1648 napagent - ok
    10:42:40.0484 1648 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    10:42:40.0609 1648 NDIS - ok
    10:42:40.0640 1648 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    10:42:40.0671 1648 NdisTapi - ok
    10:42:40.0687 1648 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    10:42:40.0812 1648 Ndisuio - ok
    10:42:40.0828 1648 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    10:42:40.0953 1648 NdisWan - ok
    10:42:40.0968 1648 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    10:42:41.0015 1648 NDProxy - ok
    10:42:41.0015 1648 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    10:42:41.0140 1648 NetBIOS - ok
    10:42:41.0171 1648 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    10:42:41.0312 1648 NetBT - ok
    10:42:41.0343 1648 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    10:42:41.0484 1648 NetDDE - ok
    10:42:41.0484 1648 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    10:42:41.0609 1648 NetDDEdsdm - ok
    10:42:41.0640 1648 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    10:42:41.0765 1648 Netlogon - ok
    10:42:41.0796 1648 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    10:42:41.0921 1648 Netman - ok
    10:42:41.0968 1648 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    10:42:41.0984 1648 NetTcpPortSharing - ok
    10:42:42.0015 1648 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    10:42:42.0078 1648 Nla - ok
    10:42:42.0093 1648 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    10:42:42.0234 1648 Npfs - ok
    10:42:42.0265 1648 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    10:42:42.0406 1648 Ntfs - ok
    10:42:42.0421 1648 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    10:42:42.0562 1648 NtLmSsp - ok
    10:42:42.0593 1648 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    10:42:42.0781 1648 NtmsSvc - ok
    10:42:42.0796 1648 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    10:42:42.0953 1648 Null - ok
    10:42:42.0968 1648 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    10:42:43.0125 1648 NwlnkFlt - ok
    10:42:43.0125 1648 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    10:42:43.0296 1648 NwlnkFwd - ok
    10:42:43.0312 1648 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
    10:42:43.0453 1648 P3 - ok
    10:42:43.0484 1648 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    10:42:43.0609 1648 Parport - ok
    10:42:43.0625 1648 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    10:42:43.0750 1648 PartMgr - ok
    10:42:43.0765 1648 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    10:42:43.0906 1648 ParVdm - ok
    10:42:43.0968 1648 [ 2A42DDAEAAE7743C55A3FA68A7AD9538 ] PCA C:\WINDOWS\SMINST\PCAngel.exe
    10:42:44.0000 1648 PCA ( UnsignedFile.Multi.Generic ) - warning
    10:42:44.0000 1648 PCA - detected UnsignedFile.Multi.Generic (1)
    10:42:44.0000 1648 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    10:42:44.0140 1648 PCI - ok
    10:42:44.0140 1648 PCIDump - ok
    10:42:44.0140 1648 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    10:42:44.0281 1648 PCIIde - ok
    10:42:44.0312 1648 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    10:42:44.0437 1648 Pcmcia - ok
    10:42:44.0453 1648 PDCOMP - ok
    10:42:44.0484 1648 pdfcDispatcher - ok
    10:42:44.0484 1648 PDFRAME - ok
    10:42:44.0500 1648 PDRELI - ok
    10:42:44.0500 1648 PDRFRAME - ok
    10:42:44.0515 1648 perc2 - ok
    10:42:44.0515 1648 perc2hib - ok
    10:42:44.0546 1648 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    10:42:44.0609 1648 PlugPlay - ok
    10:42:44.0609 1648 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    10:42:44.0750 1648 PolicyAgent - ok
    10:42:44.0781 1648 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    10:42:44.0921 1648 PptpMiniport - ok
    10:42:44.0937 1648 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    10:42:45.0078 1648 ProtectedStorage - ok
    10:42:45.0078 1648 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    10:42:45.0203 1648 PSched - ok
    10:42:45.0203 1648 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    10:42:45.0343 1648 Ptilink - ok
    10:42:45.0359 1648 ql1080 - ok
    10:42:45.0359 1648 Ql10wnt - ok
    10:42:45.0359 1648 ql12160 - ok
    10:42:45.0375 1648 ql1240 - ok
    10:42:45.0375 1648 ql1280 - ok
    10:42:45.0390 1648 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    10:42:45.0531 1648 RasAcd - ok
    10:42:45.0562 1648 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    10:42:45.0703 1648 RasAuto - ok
    10:42:45.0703 1648 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    10:42:45.0828 1648 Rasl2tp - ok
    10:42:45.0859 1648 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    10:42:46.0000 1648 RasMan - ok
    10:42:46.0000 1648 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    10:42:46.0140 1648 RasPppoe - ok
    10:42:46.0140 1648 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    10:42:46.0296 1648 Raspti - ok
    10:42:46.0328 1648 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    10:42:46.0453 1648 Rdbss - ok
    10:42:46.0468 1648 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    10:42:46.0609 1648 RDPCDD - ok
    10:42:46.0640 1648 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    10:42:46.0765 1648 rdpdr - ok
    10:42:46.0796 1648 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    10:42:46.0843 1648 RDPWD - ok
    10:42:46.0890 1648 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    10:42:47.0031 1648 RDSessMgr - ok
    10:42:47.0046 1648 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    10:42:47.0171 1648 redbook - ok
    10:42:47.0203 1648 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    10:42:47.0328 1648 RemoteAccess - ok
    10:42:47.0390 1648 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    10:42:47.0531 1648 RemoteRegistry - ok
    10:42:47.0562 1648 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    10:42:47.0703 1648 RpcLocator - ok
    10:42:47.0734 1648 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
    10:42:47.0828 1648 RpcSs - ok
    10:42:47.0859 1648 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    10:42:48.0015 1648 RSVP - ok
    10:42:48.0031 1648 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    10:42:48.0187 1648 SamSs - ok
    10:42:48.0203 1648 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    10:42:48.0390 1648 SCardSvr - ok
    10:42:48.0406 1648 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    10:42:48.0546 1648 Schedule - ok
    10:42:48.0593 1648 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    10:42:48.0718 1648 Secdrv - ok
    10:42:48.0718 1648 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    10:42:48.0859 1648 seclogon - ok
    10:42:48.0875 1648 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    10:42:49.0015 1648 SENS - ok
    10:42:49.0031 1648 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    10:42:49.0156 1648 serenum - ok
    10:42:49.0156 1648 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    10:42:49.0281 1648 Serial - ok
    10:42:49.0312 1648 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    10:42:49.0453 1648 Sfloppy - ok
    10:42:49.0500 1648 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    10:42:49.0656 1648 SharedAccess - ok
    10:42:49.0671 1648 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    10:42:49.0718 1648 ShellHWDetection - ok
    10:42:49.0734 1648 Simbad - ok
    10:42:49.0937 1648 [ 23E3C83DFF7B09A97B01A85ED8A44478 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    10:42:50.0093 1648 Skype C2C Service - ok
    10:42:50.0140 1648 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    10:42:50.0171 1648 SkypeUpdate - ok
    10:42:50.0218 1648 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    10:42:50.0390 1648 SONYPVU1 - ok
    10:42:50.0406 1648 Sparrow - ok
    10:42:50.0437 1648 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    10:42:50.0609 1648 splitter - ok
    10:42:50.0640 1648 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    10:42:50.0687 1648 Spooler - ok
    10:42:50.0703 1648 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    10:42:50.0843 1648 sr - ok
    10:42:50.0859 1648 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    10:42:51.0000 1648 srservice - ok
    10:42:51.0046 1648 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    10:42:51.0109 1648 Srv - ok
    10:42:51.0140 1648 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    10:42:51.0281 1648 SSDPSRV - ok
    10:42:51.0328 1648 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    10:42:51.0484 1648 stisvc - ok
    10:42:51.0515 1648 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    10:42:51.0640 1648 swenum - ok
    10:42:51.0671 1648 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    10:42:51.0796 1648 swmidi - ok
    10:42:51.0812 1648 SwPrv - ok
    10:42:51.0828 1648 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
    10:42:51.0953 1648 symc810 - ok
    10:42:51.0968 1648 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    10:42:52.0125 1648 symc8xx - ok
    10:42:52.0125 1648 [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi C:\WINDOWS\system32\DRIVERS\symmpi.sys
    10:42:52.0140 1648 Symmpi ( UnsignedFile.Multi.Generic ) - warning
    10:42:52.0140 1648 Symmpi - detected UnsignedFile.Multi.Generic (1)
    10:42:52.0140 1648 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    10:42:52.0281 1648 sym_hi - ok
    10:42:52.0296 1648 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    10:42:52.0437 1648 sym_u3 - ok
    10:42:52.0453 1648 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    10:42:52.0578 1648 sysaudio - ok
    10:42:52.0593 1648 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    10:42:52.0750 1648 SysmonLog - ok
    10:42:52.0953 1648 [ 1FF41723B6CF6EF0D2456691B75131BB ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    10:42:53.0187 1648 TabletServicePen - ok
    10:42:53.0234 1648 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    10:42:53.0421 1648 TapiSrv - ok
    10:42:53.0468 1648 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    10:42:53.0546 1648 Tcpip - ok
    10:42:53.0578 1648 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    10:42:53.0718 1648 TDPIPE - ok
    10:42:53.0734 1648 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    10:42:53.0859 1648 TDTCP - ok
    10:42:53.0875 1648 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    10:42:54.0015 1648 TermDD - ok
    10:42:54.0031 1648 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    10:42:54.0187 1648 TermService - ok
    10:42:54.0218 1648 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    10:42:54.0250 1648 Themes - ok
    10:42:54.0265 1648 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    10:42:54.0406 1648 TlntSvr - ok
    10:42:54.0421 1648 TosIde - ok
    10:42:54.0468 1648 [ C17EA46C3326A951DC3B8E883D661E0C ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    10:42:54.0500 1648 TouchServicePen - ok
    10:42:54.0515 1648 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    10:42:54.0656 1648 TrkWks - ok
    10:42:54.0687 1648 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    10:42:54.0828 1648 Udfs - ok
    10:42:54.0828 1648 ultra - ok
    10:42:54.0859 1648 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    10:42:55.0015 1648 upnphost - ok
    10:42:55.0031 1648 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    10:42:55.0156 1648 UPS - ok
    10:42:55.0187 1648 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
    10:42:55.0250 1648 USBAAPL - ok
    10:42:55.0265 1648 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    10:42:55.0406 1648 usbaudio - ok
    10:42:55.0421 1648 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    10:42:55.0546 1648 usbccgp - ok
    10:42:55.0578 1648 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    10:42:55.0703 1648 usbehci - ok
    10:42:55.0718 1648 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    10:42:55.0875 1648 usbhub - ok
    10:42:55.0906 1648 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    10:42:56.0046 1648 usbprint - ok
    10:42:56.0062 1648 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    10:42:56.0187 1648 USBSTOR - ok
    10:42:56.0203 1648 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    10:42:56.0328 1648 usbuhci - ok
    10:42:56.0343 1648 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    10:42:56.0468 1648 VgaSave - ok
    10:42:56.0484 1648 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
    10:42:56.0625 1648 ViaIde - ok
    10:42:56.0640 1648 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    10:42:56.0781 1648 VolSnap - ok
    10:42:56.0828 1648 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    10:42:56.0953 1648 VSS - ok
    10:42:56.0984 1648 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    10:42:57.0125 1648 W32Time - ok
    10:42:57.0156 1648 [ C3B03ED7B06657A3355F620BC02ACFB6 ] wacmoumonitor C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
    10:42:57.0187 1648 wacmoumonitor - ok
    10:42:57.0203 1648 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
    10:42:57.0218 1648 wacommousefilter - ok
    10:42:57.0265 1648 [ 846B58EA44BF8C92E4B59F4E2252C4C0 ] wacomvhid C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
    10:42:57.0281 1648 wacomvhid - ok
    10:42:57.0281 1648 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    10:42:57.0421 1648 Wanarp - ok
    10:42:57.0421 1648 WDICA - ok
    10:42:57.0453 1648 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    10:42:57.0562 1648 wdmaud - ok
    10:42:57.0593 1648 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    10:42:57.0765 1648 WebClient - ok
    10:42:57.0812 1648 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    10:42:57.0984 1648 winmgmt - ok
    10:42:58.0031 1648 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
    10:42:58.0171 1648 WmdmPmSN - ok
    10:42:58.0218 1648 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    10:42:58.0296 1648 Wmi - ok
    10:42:58.0312 1648 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    10:42:58.0437 1648 WmiAcpi - ok
    10:42:58.0468 1648 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    10:42:58.0609 1648 WmiApSrv - ok
    10:42:58.0656 1648 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    10:42:58.0703 1648 WPFFontCache_v0400 - ok
    10:42:58.0718 1648 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    10:42:58.0875 1648 WS2IFSL - ok
    10:42:58.0906 1648 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    10:42:59.0046 1648 wscsvc - ok
    10:42:59.0078 1648 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    10:42:59.0218 1648 wuauserv - ok
    10:42:59.0250 1648 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    10:42:59.0390 1648 WZCSVC - ok
    10:42:59.0406 1648 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    10:42:59.0546 1648 xmlprov - ok
    10:42:59.0546 1648 ================ Scan global ===============================
    10:42:59.0578 1648 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    10:42:59.0625 1648 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    10:42:59.0640 1648 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    10:42:59.0671 1648 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    10:42:59.0687 1648 [Global] - ok
    10:42:59.0687 1648 ================ Scan MBR ==================================
    10:42:59.0703 1648 [ 4F02A8D4048A138C450ED7F867EB0144 ] \Device\Harddisk0\DR0
    10:43:00.0031 1648 \Device\Harddisk0\DR0 - ok
    10:43:00.0031 1648 ================ Scan VBR ==================================
    10:43:00.0062 1648 [ 0CEDA5F288856D3F4824E045029D5669 ] \Device\Harddisk0\DR0\Partition1
    10:43:00.0062 1648 \Device\Harddisk0\DR0\Partition1 - ok
    10:43:00.0062 1648 [ 35BC752B029F8A29933E0CF0619A0A30 ] \Device\Harddisk0\DR0\Partition2
    10:43:00.0062 1648 \Device\Harddisk0\DR0\Partition2 - ok
    10:43:00.0062 1648 ============================================================
    10:43:00.0062 1648 Scan finished
    10:43:00.0062 1648 ============================================================
    10:43:00.0171 3900 Detected object count: 7
    10:43:00.0171 3900 Actual detected object count: 7
    10:43:51.0718 3900 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
    10:43:51.0718 3900 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    10:43:51.0718 3900 hpqwmi ( UnsignedFile.Multi.Generic ) - skipped by user
    10:43:51.0718 3900 hpqwmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
    10:43:51.0734 3900 MBAMProtector ( UnsignedFile.Multi.Generic ) - skipped by user
    10:43:51.0734 3900 MBAMProtector ( UnsignedFile.Multi.Generic ) - User select action: Skip
    10:43:51.0734 3900 MBAMScheduler ( UnsignedFile.Multi.Generic ) - skipped by user
    10:43:51.0734 3900 MBAMScheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
    10:43:51.0734 3900 MBAMService ( UnsignedFile.Multi.Generic ) - skipped by user
    10:43:51.0734 3900 MBAMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    10:43:51.0734 3900 PCA ( UnsignedFile.Multi.Generic ) - skipped by user
    10:43:51.0734 3900 PCA ( UnsignedFile.Multi.Generic ) - User select action: Skip
    10:43:51.0734 3900 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user
    10:43:51.0734 3900 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip
    10:44:28.0875 2124 Deinitialize success
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Excellent work...time to finish up with a scan for remnants...

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.