Solved Windows XP Home SP3 won't boot, only boots in safe mode

Status
Not open for further replies.

darkmark

Posts: 9   +0
When I try to start windows, it shows the loading bar for a bit, and then it just freezes. Prior to this, my computer suddenly froze and I was forced to restart. I'm currently posting this from "Safe mode with networking" as it's the only way to use my computer. My guess is that a virus of some sort is preventing windows from starting. I tried the 4-step virus removal preliminary instructions, got a log from MBAM, but DDS would not finish scanning and would not close until I rebooted.

------------------------------------------------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.03.01

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Marcus :: MARC [administrator]

Protection: Disabled

12/2/2012 7:27:06 PM
mbam-log-2012-12-02 (19-27-06).txt

Scan type: Full scan (E:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 562622
Time elapsed: 2 hour(s), 6 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
E:\Program Files\Softnyx\Gunbound\gunbound.gme (Malware.Packer) -> Quarantined and deleted successfully.

(end)
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


OTLPE + Farbar Recovery Scan Tool

  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
    smiley.gif
  • Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
  • Insert the flash drive with FRST on it
  • Locate the flash drive and run FSRT
  • The tool will start to run.
FRST2.gif

  • When the tool opens click Yes to disclaimer.
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
    frst2.jpg

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
 
FRST log

----------------------------------------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-12-2012
Ran by SYSTEM at 03-12-2012 17:15:02
Running from E:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [OutpostMonitor] "E:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice [1259336 2009-07-24] (Agnitum Ltd.)
HKLM\...\Run: [OutpostFeedBack] "E:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:eek:s_startup [436552 2009-07-24] (Agnitum Ltd.)
HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
HKLM\...\Run: [NUSB3MON] "E:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM\...\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup [15512424 2012-09-23] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] E:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [1634112 2012-09-23] ()
HKU\Marcus\...\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-17] (Microsoft Corporation)
HKU\Marcus\...\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Marcus\...\RunOnce: [FlashPlayerUpdate] E:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe -update plugin [686792 2012-07-29] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [766536 2012-09-29] (Malwarebytes Corporation)
AppInit_DLLs: e:\progra~1\agnitum\outpos~1\wl_hook.dll
Startup: C:\Documents and Settings\Marcus\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Default User\Application Data\Dropbox\bin\Dropbox.exe (No File)

==================== Services (Whitelisted) ===================

2 acssrv; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [1312584 2009-07-24] (Agnitum Ltd.)
3 ASWFilt; \??\C:\WINDOWS\system32\Filt\ASWFilt.dll [33920 2009-07-23] (Agnitum Ltd.)
2 Eventlog; C:\Windows\System32\services.exe [108544 2008-04-13] (Microsoft Corporation)
2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [8704 2012-05-30] (Hi-Rez Studios)
2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [117920 2011-09-26] (Intel Corporation)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
4 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [43010392 2009-03-30] (Microsoft Corporation)
4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [47128 2009-07-22] (Microsoft Corporation)
2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService [192832 2011-09-19] (NVIDIA)
2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75136 2011-12-27] ()
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [366936 2009-03-30] (Microsoft Corporation)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

3 afw; C:\Windows\System32\DRIVERS\afw.sys [31128 2009-02-18] (Agnitum Ltd.)
3 afwcore; C:\Windows\System32\drivers\afwcore.sys [256792 2009-07-13] (Agnitum Ltd.)
3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2011-12-27] (DT Soft Ltd)
3 e1cexpress; C:\Windows\System32\DRIVERS\e1c5132.sys [193704 2011-07-20] (Intel Corporation)
2 fssfltr; C:\Windows\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2011-12-27] (LogMeIn, Inc.)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [73984 2011-10-25] (Renesas Electronics Corporation)
3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [165120 2011-10-25] (Renesas Electronics Corporation)
3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [124264 2012-07-03] (NVIDIA Corporation)
4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-30] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
3 EagleXNt; \??\E:\WINDOWS\system32\drivers\EagleXNt.sys [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
3 MBAMProtector; \??\E:\WINDOWS\system32\drivers\mbam.sys [x]
3 MBAMSwissArmy; \??\E:\WINDOWS\system32\drivers\mbamswissarmy.sys [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
0 qmapgt; C:\Windows\System32\drivers\oaxjinxf.sys [x]
1 SandBox; \??\E:\WINDOWS\system32\drivers\SandBox.sys [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 VSPerfDrv100; \??\e:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [x]
3 WDICA; [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-12-03 18:53 - 2012-12-03 18:53 - 00000841 ____A C:\Windows\WindowsUpdate.log
2012-12-03 18:44 - 2012-12-03 18:44 - 00004791 ____A C:\Windows\setupapi.log
2012-12-03 18:29 - 2012-12-03 18:32 - 127231689 ____A (Igor Pavlov) C:\Documents and Settings\Marcus\Desktop\OTLPENet.exe
2012-12-03 17:14 - 2012-12-03 17:14 - 00000000 ____D C:\FRST
2012-12-03 03:26 - 2012-12-03 03:26 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2012-12-03 00:12 - 2012-12-03 00:12 - 00688992 ____R (Swearware) C:\Documents and Settings\Marcus\Desktop\dds.com
2012-12-02 21:26 - 2012-12-02 21:26 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-02 21:26 - 2012-12-02 21:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-12-02 21:26 - 2012-12-02 21:26 - 00000000 ____D C:\Documents and Settings\Marcus\Application Data\Malwarebytes
2012-12-02 21:26 - 2012-12-02 21:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-12-02 21:26 - 2012-09-29 21:54 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-02 21:12 - 2012-12-02 21:13 - 00012674 ____A C:\Documents and Settings\Marcus\My Documents\cc_20121202_191240.reg
2012-12-02 21:01 - 2012-12-02 21:01 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2012-12-02 21:00 - 2012-12-02 23:34 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2012-12-02 21:00 - 2012-12-02 21:00 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-12-02 21:00 - 2012-01-25 17:40 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2012-12-02 21:00 - 2011-12-25 16:48 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini
2012-11-21 21:12 - 2012-09-23 09:28 - 05947392 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2012-11-21 21:12 - 2012-09-23 09:28 - 00888168 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco32.dll
2012-11-21 21:12 - 2012-07-03 10:25 - 00124264 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda32.sys
2012-11-21 21:12 - 2012-07-03 10:25 - 00028008 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap32.dll
2012-11-21 21:12 - 2012-07-03 02:37 - 00884072 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco3220103.dll
2012-11-21 11:05 - 2012-11-21 11:05 - 00000216 ____A C:\Documents and Settings\Marcus\Desktop\PlanetSide 2.url
2012-11-16 19:40 - 2012-11-16 19:40 - 00000000 ____D C:\Program Files\Graphing Calculator 3D
2012-11-16 19:40 - 2012-11-16 19:40 - 00000000 ____D C:\Documents and Settings\Marcus\My Documents\Graphing Calculator 3D
2012-11-16 19:40 - 2012-11-16 19:40 - 00000000 ____D C:\Documents and Settings\Marcus\Application Data\Runiter

==================== One Month Modified Files and Folders ========

2012-12-03 18:53 - 2011-12-25 22:13 - 00000178 __ASH C:\Documents and Settings\Marcus\ntuser.ini
2012-12-03 18:44 - 2012-12-03 18:44 - 00004791 ____A C:\Windows\setupapi.log
2012-12-03 18:32 - 2012-12-03 18:29 - 127231689 ____A (Igor Pavlov) C:\Documents and Settings\Marcus\Desktop\OTLPENet.exe
2012-12-03 17:14 - 2012-12-03 17:14 - 00000000 ____D C:\FRST
2012-12-03 08:58 - 2011-12-27 20:18 - 00000000 ____D C:\Program Files\steam
2012-12-03 03:26 - 2012-12-03 03:26 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2012-12-03 00:54 - 2011-12-25 16:49 - 00679960 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-03 00:50 - 2011-12-25 22:13 - 00000062 __ASH C:\Documents and Settings\Marcus\Local Settings\desktop.ini
2012-12-03 00:50 - 2011-12-25 22:12 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-12-03 00:50 - 2011-12-25 22:12 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-12-03 00:13 - 2012-10-26 22:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-12-03 00:12 - 2012-12-03 00:12 - 00688992 ____R (Swearware) C:\Documents and Settings\Marcus\Desktop\dds.com
2012-12-02 23:35 - 2011-12-25 16:41 - 00000000 ____D C:\Windows\java
2012-12-02 23:34 - 2012-12-02 21:00 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2012-12-02 21:26 - 2012-12-02 21:26 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-02 21:26 - 2012-12-02 21:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-12-02 21:26 - 2012-12-02 21:26 - 00000000 ____D C:\Documents and Settings\Marcus\Application Data\Malwarebytes
2012-12-02 21:26 - 2012-12-02 21:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-12-02 21:13 - 2012-12-02 21:12 - 00012674 ____A C:\Documents and Settings\Marcus\My Documents\cc_20121202_191240.reg
2012-12-02 21:01 - 2012-12-02 21:01 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2012-12-02 21:00 - 2012-12-02 21:00 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-12-02 20:53 - 2012-07-02 03:02 - 00000000 ____D C:\Documents and Settings\Marcus\Tracing
2012-12-02 11:16 - 2011-12-25 22:06 - 00000000 ____D C:\Windows\Registration
2012-12-02 11:06 - 2002-08-29 07:00 - 00013646 ____A C:\Windows\System32\wpa.dbl
2012-12-02 06:32 - 2011-12-26 04:57 - 00290160 ____A C:\Windows\System32\config\prcdrv.acl
2012-12-02 06:32 - 2011-12-26 04:56 - 00290090 ____A C:\Windows\System32\config\prc.acl
2012-11-29 20:58 - 2011-12-26 04:55 - 00000000 ____D C:\Windows\System32\Filt
2012-11-28 01:07 - 2012-07-30 21:44 - 00000000 ____D C:\Program Files\FtB Replays
2012-11-27 03:53 - 2012-08-27 00:45 - 00000000 ____D C:\Program Files\Toparia
2012-11-25 22:24 - 2012-01-08 01:19 - 00000284 ____A C:\Documents and Settings\Marcus\Desktop\ Mabinogi .lnk
2012-11-24 05:19 - 2012-08-24 19:17 - 00000000 ____D C:\Program Files\N Terraria
2012-11-24 04:47 - 2011-12-27 05:12 - 00000708 ____A C:\Windows\System32\config\afw_hm.conf
2012-11-24 04:47 - 2011-12-27 05:12 - 00000004 ____A C:\Windows\System32\config\afw_db.conf
2012-11-23 00:40 - 2011-12-25 22:47 - 01101788 ____A C:\Windows\System32\nvdrsdb1.bin
2012-11-23 00:40 - 2011-12-25 22:47 - 01101788 ____A C:\Windows\System32\nvdrsdb0.bin
2012-11-23 00:40 - 2011-12-25 22:47 - 00000001 ____A C:\Windows\System32\nvdrssel.bin
2012-11-21 21:17 - 2011-12-25 23:32 - 00000062 __ASH C:\Documents and Settings\UpdatusUser\Local Settings\desktop.ini
2012-11-21 21:16 - 2012-01-01 21:07 - 00000000 ___RD C:\Documents and Settings\Marcus\My Documents\Dropbox
2012-11-21 21:16 - 2012-01-01 21:05 - 00000000 ____D C:\Documents and Settings\Marcus\Application Data\Dropbox
2012-11-21 21:16 - 2011-12-25 22:12 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-21 21:15 - 2012-07-14 21:10 - 00197960 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1060284298-651377827-839522115-1004-0.dat
2012-11-21 21:15 - 2012-01-08 00:07 - 00161558 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2012-11-21 21:15 - 2011-12-26 04:56 - 18073088 ____A C:\Windows\System32\config\fsdb.sdb
2012-11-21 21:14 - 2011-12-25 22:46 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-11-21 21:13 - 2011-12-25 23:32 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini
2012-11-21 20:49 - 2012-01-08 06:56 - 00000000 ____D C:\Documents and Settings\Marcus\Application Data\Sony Online Entertainment
2012-11-21 20:48 - 2011-12-25 22:08 - 00000000 ____D C:\Windows\System32\DirectX
2012-11-21 11:05 - 2012-11-21 11:05 - 00000216 ____A C:\Documents and Settings\Marcus\Desktop\PlanetSide 2.url
2012-11-17 23:33 - 2012-01-11 00:23 - 00000204 ____A C:\Documents and Settings\All Users\Desktop\MapleStory.url
2012-11-17 23:29 - 2011-12-26 05:25 - 00000000 ____D C:\Nexon
2012-11-17 05:43 - 2011-12-26 05:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NexonUS
2012-11-16 19:40 - 2012-11-16 19:40 - 00000000 ____D C:\Program Files\Graphing Calculator 3D
2012-11-16 19:40 - 2012-11-16 19:40 - 00000000 ____D C:\Documents and Settings\Marcus\My Documents\Graphing Calculator 3D
2012-11-16 19:40 - 2012-11-16 19:40 - 00000000 ____D C:\Documents and Settings\Marcus\Application Data\Runiter
2012-11-13 06:28 - 2012-01-01 03:14 - 00000000 ____D C:\Documents and Settings\Marcus\My Documents\Visual Studio 2010
2012-11-12 18:40 - 2012-07-19 05:22 - 00000085 ____A C:\Accounts.txt
2012-11-08 04:38 - 2012-05-14 08:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2004-08-03 23:56] - [2008-04-13 19:12] - 0108544 ____A (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-12-02 11:14 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP283

RP: -> 2012-12-01 12:30 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP282

RP: -> 2012-11-30 12:09 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP281

RP: -> 2012-11-29 11:08 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP280

RP: -> 2012-11-28 11:01 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP279

RP: -> 2012-11-27 10:09 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP278

RP: -> 2012-11-26 10:08 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP277

RP: -> 2012-11-25 10:03 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP276

RP: -> 2012-11-24 08:25 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP275

RP: -> 2012-11-22 21:52 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP274

RP: -> 2012-11-21 20:48 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP273

RP: -> 2012-11-21 12:10 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP272

RP: -> 2012-11-20 06:44 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP271

RP: -> 2012-11-18 16:42 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP270

RP: -> 2012-11-17 15:42 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP269

RP: -> 2012-11-16 14:42 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP268

RP: -> 2012-11-15 13:42 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP267

RP: -> 2012-11-14 12:42 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP266

RP: -> 2012-11-13 11:44 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP265

RP: -> 2012-11-12 10:42 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP264

RP: -> 2012-11-11 10:41 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP263

RP: -> 2012-11-09 19:42 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP262

RP: -> 2012-11-08 18:42 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP261

RP: -> 2012-11-07 18:40 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP260

RP: -> 2012-11-06 18:05 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP259

RP: -> 2012-11-05 16:40 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP258

RP: -> 2012-11-04 15:40 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP257

RP: -> 2012-11-03 14:40 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP256

RP: -> 2012-11-02 13:40 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP255

RP: -> 2012-11-01 12:40 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP254

RP: -> 2012-10-31 11:40 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP253

RP: -> 2012-10-30 10:49 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP252

RP: -> 2012-10-29 09:18 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP251

RP: -> 2012-10-28 02:25 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP250

RP: -> 2012-10-26 16:40 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP249

RP: -> 2012-10-25 15:40 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP248

RP: -> 2012-10-24 14:40 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP247

RP: -> 2012-10-23 13:40 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP246

RP: -> 2012-10-22 12:40 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP245

RP: -> 2012-10-21 11:40 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP244

RP: -> 2012-10-20 10:40 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP243

RP: -> 2012-10-19 09:40 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP242

RP: -> 2012-10-18 08:40 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP241

RP: -> 2012-10-17 07:45 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP240

RP: -> 2012-10-16 06:41 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP239

RP: -> 2012-10-15 06:13 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP238

RP: -> 2012-10-14 03:58 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP237

RP: -> 2012-10-13 01:12 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP236

RP: -> 2012-10-12 00:55 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP235

RP: -> 2012-10-11 00:21 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP234

RP: -> 2012-10-10 01:13 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP233

RP: -> 2012-10-08 23:30 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP232

RP: -> 2012-10-08 13:12 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP231

RP: -> 2012-10-07 12:12 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP230

RP: -> 2012-10-06 11:28 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP229

RP: -> 2012-10-05 11:12 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP228

RP: -> 2012-10-04 10:13 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP227

RP: -> 2012-10-03 10:07 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP226

RP: -> 2012-10-01 08:07 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP225

RP: -> 2012-09-29 18:12 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP224

RP: -> 2012-09-28 17:12 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP223

RP: -> 2012-09-27 16:12 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP222

RP: -> 2012-09-26 15:12 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP221

RP: -> 2012-09-25 14:12 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP220

RP: -> 2012-09-24 13:12 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP219

RP: -> 2012-09-23 12:12 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP218

RP: -> 2012-09-22 12:12 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP217

RP: -> 2012-09-21 12:11 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP216

RP: -> 2012-09-20 11:35 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP215

RP: -> 2012-09-19 11:11 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP214

RP: -> 2012-09-18 10:11 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP213

RP: -> 2012-09-17 09:11 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP212

RP: -> 2012-09-16 08:34 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP211

RP: -> 2012-09-15 08:11 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP210

RP: -> 2012-09-13 19:11 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP209

RP: -> 2012-09-12 18:11 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP208

RP: -> 2012-09-11 17:11 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP207

RP: -> 2012-09-10 16:11 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP206

RP: -> 2012-09-09 15:11 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP205

RP: -> 2012-09-08 14:11 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP204

RP: -> 2012-09-07 13:42 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP203

RP: -> 2012-09-06 12:42 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP202

RP: -> 2012-09-05 12:21 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP201

RP: -> 2012-09-04 10:42 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP200

RP: -> 2012-09-03 09:42 - 028672 _restore{AC1E3707-1A5A-49BE-945F-58202ADB0091}\RP199


==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 3697.36 MB
Available physical RAM: 3429.63 MB
Total Pagefile: 3518.31 MB
Available Pagefile: 3457.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.54 MB

==================== Partitions =============================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:465.75 GB) (Free:296.45 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: () (Fixed) (Total:153.38 GB) (Free:89.36 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive e: () (Removable) (Total:3.79 GB) (Free:3.79 GB) FAT32
6 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 Online 153 GB 0 B

Partitions of Disk 0:
===============

The disk management services could not complete the operation.

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 153 GB 32 KB
=========================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 153 GB Healthy
=========================================================
==================== End Of Log ============================
 
Search.txt log

----------------------------------------------------------------------------------------------------
Farbar Recovery Scan Tool (x86) Version: 02-12-2012
Ran by SYSTEM at 2012-12-03 17:32:02
Running from E:\

================== Search: "services.exe" ===================

C:\WINDOWS\system32\services.exe
[2004-08-03 23:56] - [2008-04-13 19:12] - 0108544 ____A (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[2011-12-26 04:18] - [2009-02-06 06:06] - 0110592 ____A (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6

C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[2011-12-26 04:18] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315

C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[2011-12-26 04:18] - [2009-02-06 05:22] - 0110592 ____A (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd

C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[2011-12-26 04:18] - [2009-02-06 12:14] - 0110592 ____A (Microsoft Corporation) 37561f8d4160d62da86d24ae41fae8de

C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008-04-13 19:12] - [2008-04-13 19:12] - 0108544 ____N (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2011-12-26 04:29] - [2004-08-03 23:56] - 0108032 ____C (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4

=== End Of Search ===
 
Actually, we're a lot faster than Bleeping Computer. As you can see, you've gotten no help from there. If you would've been a bit more patient, for another 4-5 hours, would have been fine...now, please make sure to report to them you're receiving help here, and have them close that.

FRST Fixlist

Please download attached fixlist.txt below (at bottom of this reply), and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter OTLPE again.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


Once back in Normal Mode, do the following, please:

ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
 

Attachments

  • fixlist.txt
    191 bytes · Views: 11
Alright, I ran the farbar fix thing, and I can start windows normally now, yay! Here's the log it produced.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-12-2012
Ran by SYSTEM at 2012-12-04 11:21:09 Run:1
Running from E:\

==============================================

qmapgt service deleted successfully.
c:\windows\system32\services.exe moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe copied successfully to c:\windows\system32\services.exe

==== End of Fixlog ====

I was able to get into windows, but there was an error that occured at the welcome screen, with the buttons "cancel" "try again" and "continue". I clicked try again and was able to get in like normal. This is the error message:

Windows - No Disk

Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

I haven't gone on to the combofix part quite yet, will get to that soon.
 
Well, combofix never managed to get past the "Scanning for infected files and folders" part, even after trying all the trouble shooting options and letting it sit for a while. I decided to just move on to the TDSSKiller scan, it found some things, but I just clicked skip since there was no cure option. Log is below.

------------------------------------------------------------------------------------------------------------------------------------------

19:42:27.0125 4080 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:42:27.0750 4080 ============================================================
19:42:27.0750 4080 Current date / time: 2012/12/04 19:42:27.0750
19:42:27.0750 4080 SystemInfo:
19:42:27.0750 4080
19:42:27.0750 4080 OS Version: 5.1.2600 ServicePack: 3.0
19:42:27.0750 4080 Product type: Workstation
19:42:27.0750 4080 ComputerName: MARC
19:42:27.0750 4080 UserName: Marcus
19:42:27.0750 4080 Windows directory: E:\WINDOWS
19:42:27.0750 4080 System windows directory: E:\WINDOWS
19:42:27.0750 4080 Processor architecture: Intel x86
19:42:27.0750 4080 Number of processors: 4
19:42:27.0750 4080 Page size: 0x1000
19:42:27.0750 4080 Boot type: Normal boot
19:42:27.0750 4080 ============================================================
19:42:29.0187 4080 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:42:29.0203 4080 Drive \Device\Harddisk1\DR1 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:42:29.0203 4080 ============================================================
19:42:29.0203 4080 \Device\Harddisk0\DR0:
19:42:29.0203 4080 MBR partitions:
19:42:29.0203 4080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
19:42:29.0203 4080 \Device\Harddisk1\DR1:
19:42:29.0203 4080 MBR partitions:
19:42:29.0203 4080 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x132C0A77
19:42:29.0203 4080 ============================================================
19:42:29.0250 4080 E: <-> \Device\Harddisk0\DR0\Partition1
19:42:29.0265 4080 G: <-> \Device\Harddisk1\DR1\Partition1
19:42:29.0265 4080 ============================================================
19:42:29.0265 4080 Initialize success
19:42:29.0265 4080 ============================================================
19:44:08.0156 2356 ============================================================
19:44:08.0156 2356 Scan started
19:44:08.0156 2356 Mode: Manual; SigCheck; TDLFS;
19:44:08.0156 2356 ============================================================
19:44:08.0250 2356 ================ Scan system memory ========================
19:44:08.0250 2356 System memory - ok
19:44:08.0250 2356 ================ Scan services =============================
19:44:09.0281 2356 Abiosdsk - ok
19:44:09.0281 2356 abp480n5 - ok
19:44:09.0328 2356 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI E:\WINDOWS\system32\DRIVERS\ACPI.sys
19:44:11.0125 2356 ACPI - ok
19:44:11.0171 2356 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC E:\WINDOWS\system32\drivers\ACPIEC.sys
19:44:11.0265 2356 ACPIEC - ok
19:44:11.0468 2356 [ 62F39E86F2B4162640307FF72AAACA0B ] acssrv E:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
19:44:11.0531 2356 acssrv - ok
19:44:11.0531 2356 adpu160m - ok
19:44:11.0562 2356 [ 8BED39E3C35D6A489438B8141717A557 ] aec E:\WINDOWS\system32\drivers\aec.sys
19:44:11.0671 2356 aec - ok
19:44:11.0703 2356 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD E:\WINDOWS\System32\drivers\afd.sys
19:44:11.0781 2356 AFD - ok
19:44:11.0828 2356 [ F85E257CAE6133FCDA85332FA52B455E ] afw E:\WINDOWS\system32\DRIVERS\afw.sys
19:44:11.0859 2356 afw - ok
19:44:11.0890 2356 [ 31542AE5A02B8A76335293E96A1B86C1 ] afwcore E:\WINDOWS\system32\drivers\afwcore.sys
19:44:11.0921 2356 afwcore - ok
19:44:11.0921 2356 Aha154x - ok
19:44:11.0921 2356 aic78u2 - ok
19:44:11.0937 2356 aic78xx - ok
19:44:11.0968 2356 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter E:\WINDOWS\system32\alrsvc.dll
19:44:12.0062 2356 Alerter - ok
19:44:12.0078 2356 [ 8C515081584A38AA007909CD02020B3D ] ALG E:\WINDOWS\System32\alg.exe
19:44:12.0140 2356 ALG - ok
19:44:12.0140 2356 AliIde - ok
19:44:12.0171 2356 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt E:\WINDOWS\system32\drivers\Ambfilt.sys
19:44:12.0250 2356 Ambfilt - ok
19:44:12.0250 2356 amsint - ok
19:44:12.0250 2356 AppMgmt - ok
19:44:12.0265 2356 asc - ok
19:44:12.0265 2356 asc3350p - ok
19:44:12.0281 2356 asc3550 - ok
19:44:12.0640 2356 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:44:12.0656 2356 aspnet_state - ok
19:44:12.0687 2356 [ 587ABC3072780C25A25BDE1DFFEE88CF ] ASWFilt E:\WINDOWS\system32\Filt\ASWFilt.dll
19:44:12.0703 2356 ASWFilt - ok
19:44:12.0734 2356 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac E:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:44:12.0796 2356 AsyncMac - ok
19:44:12.0828 2356 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi E:\WINDOWS\system32\DRIVERS\atapi.sys
19:44:12.0890 2356 atapi - ok
19:44:12.0890 2356 Atdisk - ok
19:44:12.0906 2356 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc E:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:44:12.0953 2356 Atmarpc - ok
19:44:12.0984 2356 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv E:\WINDOWS\System32\audiosrv.dll
19:44:13.0062 2356 AudioSrv - ok
19:44:13.0078 2356 [ D9F724AA26C010A217C97606B160ED68 ] audstub E:\WINDOWS\system32\DRIVERS\audstub.sys
19:44:13.0156 2356 audstub - ok
19:44:13.0187 2356 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep E:\WINDOWS\system32\drivers\Beep.sys
19:44:13.0234 2356 Beep - ok
19:44:13.0265 2356 [ 574738F61FCA2935F5265DC4E5691314 ] BITS E:\WINDOWS\system32\qmgr.dll
19:44:13.0406 2356 BITS - ok
19:44:13.0437 2356 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser E:\WINDOWS\System32\browser.dll
19:44:13.0500 2356 Browser - ok
19:44:13.0640 2356 catchme - ok
19:44:13.0671 2356 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k E:\WINDOWS\system32\drivers\cbidf2k.sys
19:44:13.0750 2356 cbidf2k - ok
19:44:13.0750 2356 cd20xrnt - ok
19:44:13.0781 2356 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio E:\WINDOWS\system32\drivers\Cdaudio.sys
19:44:13.0859 2356 Cdaudio - ok
19:44:13.0875 2356 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs E:\WINDOWS\system32\drivers\Cdfs.sys
19:44:13.0937 2356 Cdfs - ok
19:44:13.0968 2356 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom E:\WINDOWS\system32\DRIVERS\cdrom.sys
19:44:14.0046 2356 Cdrom - ok
19:44:14.0046 2356 Changer - ok
19:44:14.0062 2356 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc E:\WINDOWS\system32\cisvc.exe
19:44:14.0109 2356 CiSvc - ok
19:44:14.0125 2356 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv E:\WINDOWS\system32\clipsrv.exe
19:44:14.0171 2356 ClipSrv - ok
19:44:14.0359 2356 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:44:14.0359 2356 clr_optimization_v2.0.50727_32 - ok
19:44:14.0406 2356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:44:14.0406 2356 clr_optimization_v4.0.30319_32 - ok
19:44:14.0406 2356 CmdIde - ok
19:44:14.0406 2356 COMSysApp - ok
19:44:14.0437 2356 Cpqarray - ok
19:44:14.0468 2356 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc E:\WINDOWS\System32\cryptsvc.dll
19:44:14.0546 2356 CryptSvc - ok
19:44:14.0546 2356 dac2w2k - ok
19:44:14.0546 2356 dac960nt - ok
19:44:14.0593 2356 [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch E:\WINDOWS\system32\rpcss.dll
19:44:14.0656 2356 DcomLaunch - ok
19:44:14.0703 2356 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp E:\WINDOWS\System32\dhcpcsvc.dll
19:44:14.0765 2356 Dhcp - ok
19:44:14.0796 2356 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk E:\WINDOWS\system32\DRIVERS\disk.sys
19:44:14.0859 2356 Disk - ok
19:44:14.0859 2356 dmadmin - ok
19:44:14.0890 2356 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot E:\WINDOWS\system32\drivers\dmboot.sys
19:44:14.0953 2356 dmboot - ok
19:44:14.0968 2356 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio E:\WINDOWS\system32\drivers\dmio.sys
19:44:15.0031 2356 dmio - ok
19:44:15.0046 2356 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload E:\WINDOWS\system32\drivers\dmload.sys
19:44:15.0109 2356 dmload - ok
19:44:15.0125 2356 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver E:\WINDOWS\System32\dmserver.dll
19:44:15.0171 2356 dmserver - ok
19:44:15.0187 2356 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic E:\WINDOWS\system32\drivers\DMusic.sys
19:44:15.0250 2356 DMusic - ok
19:44:15.0281 2356 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache E:\WINDOWS\System32\dnsrslvr.dll
19:44:15.0312 2356 Dnscache - ok
19:44:15.0359 2356 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc E:\WINDOWS\System32\dot3svc.dll
19:44:15.0406 2356 Dot3svc - ok
19:44:15.0421 2356 dpti2o - ok
19:44:15.0437 2356 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud E:\WINDOWS\system32\drivers\drmkaud.sys
19:44:15.0468 2356 drmkaud - ok
19:44:15.0500 2356 [ FB38473835476A6FB272215A1D972AF9 ] dtsoftbus01 E:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
19:44:15.0500 2356 dtsoftbus01 - ok
19:44:15.0546 2356 [ B39B12F23ADF316E4E32A611E730817D ] e1cexpress E:\WINDOWS\system32\DRIVERS\e1c5132.sys
19:44:15.0546 2356 e1cexpress - ok
19:44:15.0546 2356 EagleXNt - ok
19:44:15.0562 2356 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost E:\WINDOWS\System32\eapsvc.dll
19:44:15.0609 2356 EapHost - ok
19:44:15.0625 2356 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc E:\WINDOWS\System32\ersvc.dll
19:44:15.0687 2356 ERSvc - ok
19:44:15.0718 2356 [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] Eventlog E:\WINDOWS\system32\services.exe
19:44:15.0734 2356 Eventlog ( UnsignedFile.Multi.Generic ) - warning
19:44:15.0734 2356 Eventlog - detected UnsignedFile.Multi.Generic (1)
19:44:15.0765 2356 [ 19A799805B24990867B00C120D300C3A ] EventSystem E:\WINDOWS\system32\es.dll
19:44:15.0843 2356 EventSystem - ok
19:44:15.0859 2356 [ 38D332A6D56AF32635675F132548343E ] Fastfat E:\WINDOWS\system32\drivers\Fastfat.sys
19:44:15.0921 2356 Fastfat - ok
19:44:15.0953 2356 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility E:\WINDOWS\System32\shsvcs.dll
19:44:15.0984 2356 FastUserSwitchingCompatibility - ok
19:44:16.0000 2356 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc E:\WINDOWS\system32\drivers\Fdc.sys
19:44:16.0046 2356 Fdc - ok
19:44:16.0062 2356 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips E:\WINDOWS\system32\drivers\Fips.sys
19:44:16.0093 2356 Fips - ok
19:44:16.0109 2356 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk E:\WINDOWS\system32\drivers\Flpydisk.sys
19:44:16.0140 2356 Flpydisk - ok
19:44:16.0156 2356 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr E:\WINDOWS\system32\drivers\fltmgr.sys
19:44:16.0203 2356 FltMgr - ok
19:44:16.0250 2356 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:44:16.0265 2356 FontCache3.0.0.0 - ok
19:44:16.0281 2356 [ E0087225B137E57239FF40F8AE82059B ] fssfltr E:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:44:16.0296 2356 fssfltr - ok
19:44:16.0390 2356 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc E:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:44:16.0421 2356 fsssvc - ok
19:44:16.0437 2356 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec E:\WINDOWS\system32\drivers\Fs_Rec.sys
19:44:16.0515 2356 Fs_Rec - ok
19:44:16.0531 2356 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk E:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:44:16.0593 2356 Ftdisk - ok
19:44:16.0640 2356 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc E:\WINDOWS\system32\DRIVERS\msgpc.sys
19:44:16.0703 2356 Gpc - ok
19:44:16.0718 2356 [ 7929A161F9951D173CA9900FE7067391 ] hamachi E:\WINDOWS\system32\DRIVERS\hamachi.sys
19:44:16.0718 2356 hamachi - ok
19:44:16.0750 2356 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus E:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:44:16.0812 2356 HDAudBus - ok
19:44:16.0890 2356 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:44:16.0953 2356 helpsvc - ok
19:44:16.0953 2356 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ E:\WINDOWS\System32\hidserv.dll
19:44:17.0000 2356 HidServ - ok
19:44:17.0015 2356 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb E:\WINDOWS\system32\DRIVERS\hidusb.sys
19:44:17.0062 2356 hidusb - ok
19:44:17.0109 2356 [ A68E6B53BBA0F546821E1586DD4F1CDF ] HiPatchService E:\Program Files\Hi-Rez Studios\HiPatchService.exe
19:44:17.0140 2356 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
19:44:17.0140 2356 HiPatchService - detected UnsignedFile.Multi.Generic (1)
19:44:17.0156 2356 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc E:\WINDOWS\System32\kmsvc.dll
19:44:17.0218 2356 hkmsvc - ok
19:44:17.0218 2356 hpn - ok
19:44:17.0250 2356 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP E:\WINDOWS\system32\Drivers\HTTP.sys
19:44:17.0312 2356 HTTP - ok
19:44:17.0328 2356 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter E:\WINDOWS\System32\w3ssl.dll
19:44:17.0375 2356 HTTPFilter - ok
19:44:17.0375 2356 i2omgmt - ok
19:44:17.0390 2356 i2omp - ok
19:44:17.0406 2356 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt E:\WINDOWS\system32\drivers\i8042prt.sys
19:44:17.0453 2356 i8042prt - ok
19:44:17.0531 2356 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:44:17.0562 2356 idsvc - ok
19:44:17.0593 2356 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi E:\WINDOWS\system32\DRIVERS\imapi.sys
19:44:17.0687 2356 Imapi - ok
19:44:17.0718 2356 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService E:\WINDOWS\system32\imapi.exe
19:44:17.0781 2356 ImapiService - ok
19:44:17.0781 2356 ini910u - ok
19:44:17.0906 2356 [ 58DABDEF7A35F9E3AB1FABD2CBAF3D13 ] IntcAzAudAddService E:\WINDOWS\system32\drivers\RtkHDAud.sys
19:44:18.0015 2356 IntcAzAudAddService - ok
19:44:18.0078 2356 [ 16508B07D708B92D74DF6233CDC06E3C ] Intel(R) PROSet Monitoring Service E:\WINDOWS\system32\IProsetMonitor.exe
19:44:18.0093 2356 Intel(R) PROSet Monitoring Service - ok
19:44:18.0093 2356 IntelIde - ok
19:44:18.0109 2356 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm E:\WINDOWS\system32\DRIVERS\intelppm.sys
19:44:18.0156 2356 intelppm - ok
19:44:18.0171 2356 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw E:\WINDOWS\system32\drivers\ip6fw.sys
19:44:18.0218 2356 Ip6Fw - ok
19:44:18.0234 2356 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:44:18.0296 2356 IpFilterDriver - ok
19:44:18.0296 2356 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp E:\WINDOWS\system32\DRIVERS\ipinip.sys
19:44:18.0359 2356 IpInIp - ok
19:44:18.0375 2356 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat E:\WINDOWS\system32\DRIVERS\ipnat.sys
19:44:18.0437 2356 IpNat - ok
19:44:18.0453 2356 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec E:\WINDOWS\system32\DRIVERS\ipsec.sys
19:44:18.0515 2356 IPSec - ok
19:44:18.0531 2356 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM E:\WINDOWS\system32\DRIVERS\irenum.sys
19:44:18.0578 2356 IRENUM - ok
19:44:18.0593 2356 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp E:\WINDOWS\system32\DRIVERS\isapnp.sys
19:44:18.0640 2356 isapnp - ok
19:44:18.0734 2356 [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService E:\Program Files\Java\jre6\bin\jqs.exe
19:44:18.0734 2356 JavaQuickStarterService - ok
19:44:18.0750 2356 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass E:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:44:18.0796 2356 Kbdclass - ok
19:44:18.0812 2356 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid E:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:44:18.0859 2356 kbdhid - ok
19:44:18.0875 2356 [ 692BCF44383D056AED41B045A323D378 ] kmixer E:\WINDOWS\system32\drivers\kmixer.sys
19:44:18.0937 2356 kmixer - ok
19:44:18.0968 2356 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD E:\WINDOWS\system32\drivers\KSecDD.sys
19:44:19.0031 2356 KSecDD - ok
19:44:19.0031 2356 [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver E:\WINDOWS\System32\srvsvc.dll
19:44:19.0078 2356 lanmanserver - ok
19:44:19.0109 2356 [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] lanmanworkstation E:\WINDOWS\System32\wkssvc.dll
19:44:19.0156 2356 lanmanworkstation - ok
19:44:19.0156 2356 lbrtfdc - ok
19:44:19.0171 2356 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts E:\WINDOWS\System32\lmhsvc.dll
19:44:19.0218 2356 LmHosts - ok
19:44:19.0250 2356 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector E:\WINDOWS\system32\drivers\mbam.sys
19:44:19.0265 2356 MBAMProtector - ok
19:44:19.0296 2356 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:44:19.0312 2356 MBAMScheduler - ok
19:44:19.0359 2356 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:44:19.0375 2356 MBAMService - ok
19:44:19.0406 2356 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger E:\WINDOWS\System32\msgsvc.dll
19:44:19.0468 2356 Messenger - ok
19:44:19.0531 2356 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd E:\WINDOWS\system32\drivers\mnmdd.sys
19:44:19.0609 2356 mnmdd - ok
19:44:19.0609 2356 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc E:\WINDOWS\system32\mnmsrvc.exe
19:44:19.0671 2356 mnmsrvc - ok
19:44:19.0687 2356 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem E:\WINDOWS\system32\drivers\Modem.sys
19:44:19.0750 2356 Modem - ok
19:44:19.0781 2356 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt E:\WINDOWS\system32\drivers\Monfilt.sys
19:44:19.0843 2356 Monfilt - ok
19:44:19.0875 2356 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass E:\WINDOWS\system32\DRIVERS\mouclass.sys
19:44:19.0937 2356 Mouclass - ok
19:44:19.0984 2356 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid E:\WINDOWS\system32\DRIVERS\mouhid.sys
19:44:20.0062 2356 mouhid - ok
19:44:20.0078 2356 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr E:\WINDOWS\system32\drivers\MountMgr.sys
19:44:20.0140 2356 MountMgr - ok
19:44:20.0187 2356 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:44:20.0203 2356 MozillaMaintenance - ok
19:44:20.0203 2356 mraid35x - ok
19:44:20.0203 2356 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV E:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:44:20.0250 2356 MRxDAV - ok
19:44:20.0265 2356 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:44:20.0343 2356 MRxSmb - ok
19:44:20.0375 2356 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC E:\WINDOWS\system32\msdtc.exe
19:44:20.0406 2356 MSDTC - ok
19:44:20.0421 2356 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs E:\WINDOWS\system32\drivers\Msfs.sys
19:44:20.0484 2356 Msfs - ok
19:44:20.0484 2356 MSIServer - ok
19:44:20.0500 2356 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV E:\WINDOWS\system32\drivers\MSKSSRV.sys
19:44:20.0562 2356 MSKSSRV - ok
19:44:20.0578 2356 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK E:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:44:20.0640 2356 MSPCLOCK - ok
19:44:20.0656 2356 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM E:\WINDOWS\system32\drivers\MSPQM.sys
19:44:20.0718 2356 MSPQM - ok
19:44:20.0734 2356 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios E:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:44:20.0796 2356 mssmbios - ok
19:44:20.0859 2356 MSSQL$SQLEXPRESS - ok
19:44:20.0953 2356 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 e:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
19:44:20.0968 2356 MSSQLServerADHelper100 - ok
19:44:20.0984 2356 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup E:\WINDOWS\system32\drivers\Mup.sys
19:44:21.0031 2356 Mup - ok
19:44:21.0078 2356 [ 0102140028FAD045756796E1C685D695 ] napagent E:\WINDOWS\System32\qagentrt.dll
19:44:21.0125 2356 napagent - ok
19:44:21.0156 2356 [ 1DF7F42665C94B825322FAE71721130D ] NDIS E:\WINDOWS\system32\drivers\NDIS.sys
19:44:21.0218 2356 NDIS - ok
19:44:21.0234 2356 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi E:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:44:21.0281 2356 NdisTapi - ok
19:44:21.0328 2356 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio E:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:44:21.0390 2356 Ndisuio - ok
19:44:21.0390 2356 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan E:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:44:21.0437 2356 NdisWan - ok
19:44:21.0437 2356 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy E:\WINDOWS\system32\drivers\NDProxy.sys
19:44:21.0484 2356 NDProxy - ok
19:44:21.0500 2356 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS E:\WINDOWS\system32\DRIVERS\netbios.sys
19:44:21.0546 2356 NetBIOS - ok
19:44:21.0562 2356 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT E:\WINDOWS\system32\DRIVERS\netbt.sys
19:44:21.0625 2356 NetBT - ok
19:44:21.0640 2356 [ B857BA82860D7FF85AE29B095645563B ] NetDDE E:\WINDOWS\system32\netdde.exe
19:44:21.0703 2356 NetDDE - ok
19:44:21.0703 2356 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm E:\WINDOWS\system32\netdde.exe
19:44:21.0750 2356 NetDDEdsdm - ok
19:44:21.0765 2356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon E:\WINDOWS\system32\lsass.exe
19:44:21.0812 2356 Netlogon - ok
19:44:21.0812 2356 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman E:\WINDOWS\System32\netman.dll
19:44:21.0875 2356 Netman - ok
19:44:21.0906 2356 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:44:21.0921 2356 NetTcpPortSharing - ok
19:44:21.0937 2356 [ B4138E99236F0F57D4CF49BAE98A0746 ] Nla E:\WINDOWS\System32\mswsock.dll
19:44:22.0015 2356 Nla - ok
19:44:22.0031 2356 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs E:\WINDOWS\system32\drivers\Npfs.sys
19:44:22.0078 2356 Npfs - ok
19:44:22.0109 2356 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs E:\WINDOWS\system32\drivers\Ntfs.sys
19:44:22.0171 2356 Ntfs - ok
19:44:22.0203 2356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp E:\WINDOWS\system32\lsass.exe
19:44:22.0250 2356 NtLmSsp - ok
19:44:22.0265 2356 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc E:\WINDOWS\system32\ntmssvc.dll
19:44:22.0312 2356 NtmsSvc - ok
19:44:22.0421 2356 nTuneService - ok
19:44:22.0453 2356 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null E:\WINDOWS\system32\drivers\Null.sys
19:44:22.0531 2356 Null - ok
19:44:22.0546 2356 [ 5B6F045D767234B0D9A656433C2D876C ] nusb3hub E:\WINDOWS\system32\DRIVERS\nusb3hub.sys
19:44:22.0609 2356 nusb3hub - ok
19:44:22.0625 2356 [ 9810633ABF57FED080E6DB5730F9E3C5 ] nusb3xhc E:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
19:44:22.0656 2356 nusb3xhc - ok
19:44:22.0968 2356 [ 68B8C35782FFD20973524F748234B5A9 ] nv E:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:44:23.0531 2356 nv - ok
19:44:23.0562 2356 [ A211AB524324E84C2C805B52DFCDD544 ] NVHDA E:\WINDOWS\system32\drivers\nvhda32.sys
19:44:23.0562 2356 NVHDA - ok
19:44:23.0593 2356 [ 96C5900331BD17344F338D006888BAE5 ] nvoclock E:\WINDOWS\system32\DRIVERS\nvoclock.sys
19:44:23.0609 2356 nvoclock - ok
19:44:23.0640 2356 [ FFD30DAAF62D605069F6EB42D2E807C3 ] NVSvc E:\WINDOWS\system32\nvsvc32.exe
19:44:23.0640 2356 NVSvc - ok
19:44:23.0671 2356 [ 210EE09CB9C2655E55BD48D851369DC1 ] nvUpdatusService E:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:44:23.0734 2356 nvUpdatusService - ok
19:44:23.0812 2356 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:44:23.0875 2356 NwlnkFlt - ok
19:44:23.0875 2356 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:44:23.0937 2356 NwlnkFwd - ok
19:44:23.0953 2356 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport E:\WINDOWS\system32\drivers\Parport.sys
19:44:24.0000 2356 Parport - ok
19:44:24.0046 2356 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr E:\WINDOWS\system32\drivers\PartMgr.sys
19:44:24.0109 2356 PartMgr - ok
19:44:24.0125 2356 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm E:\WINDOWS\system32\drivers\ParVdm.sys
19:44:24.0187 2356 ParVdm - ok
19:44:24.0187 2356 [ A219903CCF74233761D92BEF471A07B1 ] PCI E:\WINDOWS\system32\DRIVERS\pci.sys
19:44:24.0234 2356 PCI - ok
19:44:24.0234 2356 PCIDump - ok
19:44:24.0234 2356 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde E:\WINDOWS\system32\DRIVERS\pciide.sys
19:44:24.0281 2356 PCIIde - ok
19:44:24.0296 2356 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia E:\WINDOWS\system32\drivers\Pcmcia.sys
19:44:24.0343 2356 Pcmcia - ok
19:44:24.0343 2356 PDCOMP - ok
19:44:24.0343 2356 PDFRAME - ok
19:44:24.0343 2356 PDRELI - ok
19:44:24.0359 2356 PDRFRAME - ok
19:44:24.0375 2356 perc2 - ok
19:44:24.0375 2356 perc2hib - ok
19:44:24.0531 2356 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart E:\ComboFix\pev.3XE
19:44:24.0562 2356 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning
19:44:24.0562 2356 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)
19:44:24.0562 2356 [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] PlugPlay E:\WINDOWS\system32\services.exe
19:44:24.0593 2356 PlugPlay ( UnsignedFile.Multi.Generic ) - warning
19:44:24.0593 2356 PlugPlay - detected UnsignedFile.Multi.Generic (1)
19:44:24.0625 2356 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA E:\WINDOWS\system32\PnkBstrA.exe
19:44:24.0625 2356 PnkBstrA - ok
19:44:24.0656 2356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent E:\WINDOWS\system32\lsass.exe
19:44:24.0687 2356 PolicyAgent - ok
19:44:24.0734 2356 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport E:\WINDOWS\system32\DRIVERS\raspptp.sys
19:44:24.0812 2356 PptpMiniport - ok
19:44:24.0812 2356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage E:\WINDOWS\system32\lsass.exe
19:44:24.0859 2356 ProtectedStorage - ok
19:44:24.0859 2356 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched E:\WINDOWS\system32\DRIVERS\psched.sys
19:44:24.0906 2356 PSched - ok
19:44:24.0937 2356 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink E:\WINDOWS\system32\DRIVERS\ptilink.sys
19:44:25.0000 2356 Ptilink - ok
19:44:25.0000 2356 ql1080 - ok
19:44:25.0000 2356 Ql10wnt - ok
19:44:25.0015 2356 ql12160 - ok
19:44:25.0015 2356 ql1240 - ok
19:44:25.0031 2356 ql1280 - ok
19:44:25.0046 2356 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd E:\WINDOWS\system32\DRIVERS\rasacd.sys
19:44:25.0093 2356 RasAcd - ok
19:44:25.0125 2356 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto E:\WINDOWS\System32\rasauto.dll
19:44:25.0171 2356 RasAuto - ok
19:44:25.0187 2356 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:44:25.0234 2356 Rasl2tp - ok
19:44:25.0250 2356 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan E:\WINDOWS\System32\rasmans.dll
19:44:25.0296 2356 RasMan - ok
19:44:25.0296 2356 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe E:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:44:25.0328 2356 RasPppoe - ok
19:44:25.0343 2356 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti E:\WINDOWS\system32\DRIVERS\raspti.sys
19:44:25.0406 2356 Raspti - ok
19:44:25.0421 2356 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss E:\WINDOWS\system32\DRIVERS\rdbss.sys
19:44:25.0453 2356 Rdbss - ok
19:44:25.0468 2356 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:44:25.0531 2356 RDPCDD - ok
19:44:25.0562 2356 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD E:\WINDOWS\system32\drivers\RDPWD.sys
19:44:25.0593 2356 RDPWD - ok
19:44:25.0609 2356 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr E:\WINDOWS\system32\sessmgr.exe
19:44:25.0656 2356 RDSessMgr - ok
19:44:25.0671 2356 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook E:\WINDOWS\system32\DRIVERS\redbook.sys
19:44:25.0734 2356 redbook - ok
19:44:25.0750 2356 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess E:\WINDOWS\System32\mprdim.dll
19:44:25.0812 2356 RemoteAccess - ok
19:44:25.0812 2356 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator E:\WINDOWS\system32\locator.exe
19:44:25.0859 2356 RpcLocator - ok
19:44:25.0890 2356 [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs E:\WINDOWS\system32\rpcss.dll
19:44:25.0937 2356 RpcSs - ok
19:44:25.0968 2356 [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103 E:\WINDOWS\system32\DRIVERS\RsFx0103.sys
19:44:25.0984 2356 RsFx0103 - ok
19:44:26.0015 2356 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP E:\WINDOWS\system32\rsvp.exe
19:44:26.0078 2356 RSVP - ok
19:44:26.0093 2356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs E:\WINDOWS\system32\lsass.exe
19:44:26.0125 2356 SamSs - ok
19:44:26.0140 2356 [ D5BC354BDFC380BB87156A35138014B5 ] SandBox E:\WINDOWS\system32\drivers\SandBox.sys
19:44:26.0156 2356 SandBox - ok
19:44:26.0187 2356 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr E:\WINDOWS\System32\SCardSvr.exe
19:44:26.0234 2356 SCardSvr - ok
19:44:26.0281 2356 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule E:\WINDOWS\system32\schedsvc.dll
19:44:26.0359 2356 Schedule - ok
19:44:26.0390 2356 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort E:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:44:26.0406 2356 SeaPort - ok
19:44:26.0421 2356 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv E:\WINDOWS\system32\DRIVERS\secdrv.sys
19:44:26.0468 2356 Secdrv - ok
19:44:26.0484 2356 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon E:\WINDOWS\System32\seclogon.dll
19:44:26.0546 2356 seclogon - ok
19:44:26.0562 2356 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS E:\WINDOWS\system32\sens.dll
19:44:26.0609 2356 SENS - ok
19:44:26.0625 2356 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial E:\WINDOWS\system32\drivers\Serial.sys
19:44:26.0671 2356 Serial - ok
19:44:26.0734 2356 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy E:\WINDOWS\system32\drivers\Sfloppy.sys
19:44:26.0796 2356 Sfloppy - ok
19:44:26.0843 2356 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess E:\WINDOWS\System32\ipnathlp.dll
19:44:26.0906 2356 SharedAccess - ok
19:44:26.0937 2356 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection E:\WINDOWS\System32\shsvcs.dll
19:44:26.0984 2356 ShellHWDetection - ok
19:44:26.0984 2356 Simbad - ok
19:44:26.0984 2356 Sparrow - ok
19:44:27.0015 2356 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter E:\WINDOWS\system32\drivers\splitter.sys
19:44:27.0078 2356 splitter - ok
19:44:27.0109 2356 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler E:\WINDOWS\system32\spoolsv.exe
19:44:27.0140 2356 Spooler - ok
19:44:27.0187 2356 [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$SQLEXPRESS e:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
19:44:27.0218 2356 SQLAgent$SQLEXPRESS - ok
19:44:27.0281 2356 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser e:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:44:27.0312 2356 SQLBrowser - ok
19:44:27.0328 2356 [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter e:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:44:27.0328 2356 SQLWriter - ok
19:44:27.0359 2356 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr E:\WINDOWS\system32\DRIVERS\sr.sys
19:44:27.0406 2356 sr - ok
19:44:27.0453 2356 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice E:\WINDOWS\system32\srsvc.dll
19:44:27.0515 2356 srservice - ok
19:44:27.0562 2356 [ 5252605079810904E31C332E241CD59B ] Srv E:\WINDOWS\system32\DRIVERS\srv.sys
19:44:27.0609 2356 Srv - ok
19:44:27.0640 2356 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV E:\WINDOWS\System32\ssdpsrv.dll
19:44:27.0687 2356 SSDPSRV - ok
19:44:27.0703 2356 Steam Client Service - ok
19:44:27.0718 2356 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc E:\WINDOWS\system32\wiaservc.dll
19:44:27.0812 2356 stisvc - ok
19:44:27.0843 2356 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum E:\WINDOWS\system32\DRIVERS\swenum.sys
19:44:27.0906 2356 swenum - ok
19:44:27.0921 2356 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi E:\WINDOWS\system32\drivers\swmidi.sys
19:44:28.0000 2356 swmidi - ok
19:44:28.0000 2356 SwPrv - ok
19:44:28.0000 2356 symc810 - ok
19:44:28.0015 2356 symc8xx - ok
19:44:28.0015 2356 sym_hi - ok
19:44:28.0031 2356 sym_u3 - ok
19:44:28.0078 2356 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio E:\WINDOWS\system32\drivers\sysaudio.sys
19:44:28.0125 2356 sysaudio - ok
19:44:28.0156 2356 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog E:\WINDOWS\system32\smlogsvc.exe
19:44:28.0203 2356 SysmonLog - ok
19:44:28.0234 2356 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv E:\WINDOWS\System32\tapisrv.dll
19:44:28.0281 2356 TapiSrv - ok
19:44:28.0343 2356 [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip E:\WINDOWS\system32\DRIVERS\tcpip.sys
19:44:28.0390 2356 Tcpip - ok
19:44:28.0437 2356 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE E:\WINDOWS\system32\drivers\TDPIPE.sys
19:44:28.0515 2356 TDPIPE - ok
19:44:28.0515 2356 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP E:\WINDOWS\system32\drivers\TDTCP.sys
19:44:28.0578 2356 TDTCP - ok
19:44:28.0593 2356 [ 88155247177638048422893737429D9E ] TermDD E:\WINDOWS\system32\DRIVERS\termdd.sys
19:44:28.0640 2356 TermDD - ok
19:44:28.0687 2356 [ FF3477C03BE7201C294C35F684B3479F ] TermService E:\WINDOWS\System32\termsrv.dll
19:44:28.0750 2356 TermService - ok
19:44:28.0750 2356 [ 1926899BF9FFE2602B63074971700412 ] Themes E:\WINDOWS\System32\shsvcs.dll
19:44:28.0796 2356 Themes - ok
19:44:28.0796 2356 TosIde - ok
19:44:28.0812 2356 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks E:\WINDOWS\system32\trkwks.dll
19:44:28.0875 2356 TrkWks - ok
19:44:28.0906 2356 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs E:\WINDOWS\system32\drivers\Udfs.sys
19:44:28.0968 2356 Udfs - ok
19:44:28.0968 2356 ultra - ok
19:44:28.0968 2356 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update E:\WINDOWS\system32\DRIVERS\update.sys
19:44:29.0031 2356 Update - ok
19:44:29.0031 2356 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost E:\WINDOWS\System32\upnphost.dll
19:44:29.0093 2356 upnphost - ok
19:44:29.0109 2356 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS E:\WINDOWS\System32\ups.exe
19:44:29.0156 2356 UPS - ok
19:44:29.0187 2356 [ E919708DB44ED8543A7C017953148330 ] usbaudio E:\WINDOWS\system32\drivers\usbaudio.sys
19:44:29.0250 2356 usbaudio - ok
19:44:29.0281 2356 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp E:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:44:29.0328 2356 usbccgp - ok
19:44:29.0343 2356 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci E:\WINDOWS\system32\DRIVERS\usbehci.sys
19:44:29.0406 2356 usbehci - ok
19:44:29.0437 2356 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub E:\WINDOWS\system32\DRIVERS\usbhub.sys
19:44:29.0500 2356 usbhub - ok
19:44:29.0500 2356 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:44:29.0546 2356 usbstor - ok
19:44:29.0562 2356 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave E:\WINDOWS\System32\drivers\vga.sys
19:44:29.0625 2356 VgaSave - ok
19:44:29.0625 2356 ViaIde - ok
19:44:29.0656 2356 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap E:\WINDOWS\system32\drivers\VolSnap.sys
19:44:29.0703 2356 VolSnap - ok
19:44:29.0812 2356 [ 5A2DDC5411A092BEDB1A07755E087784 ] VSPerfDrv100 e:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
19:44:29.0828 2356 VSPerfDrv100 ( UnsignedFile.Multi.Generic ) - warning
19:44:29.0828 2356 VSPerfDrv100 - detected UnsignedFile.Multi.Generic (1)
19:44:29.0859 2356 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS E:\WINDOWS\System32\vssvc.exe
19:44:29.0906 2356 VSS - ok
19:44:29.0937 2356 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time E:\WINDOWS\system32\w32time.dll
19:44:30.0000 2356 W32Time - ok
19:44:30.0015 2356 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp E:\WINDOWS\system32\DRIVERS\wanarp.sys
19:44:30.0078 2356 Wanarp - ok
19:44:30.0078 2356 WDICA - ok
19:44:30.0125 2356 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud E:\WINDOWS\system32\drivers\wdmaud.sys
19:44:30.0171 2356 wdmaud - ok
19:44:30.0171 2356 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient E:\WINDOWS\System32\webclnt.dll
19:44:30.0250 2356 WebClient - ok
19:44:30.0328 2356 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt E:\WINDOWS\system32\wbem\WMIsvc.dll
19:44:30.0390 2356 winmgmt - ok
19:44:30.0453 2356 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN E:\WINDOWS\system32\mspmsnsv.dll
19:44:30.0500 2356 WmdmPmSN - ok
19:44:30.0515 2356 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv E:\WINDOWS\system32\wbem\wmiapsrv.exe
19:44:30.0578 2356 WmiApSrv - ok
19:44:30.0656 2356 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:44:30.0687 2356 WPFFontCache_v0400 - ok
19:44:30.0687 2356 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL E:\WINDOWS\System32\drivers\ws2ifsl.sys
19:44:30.0750 2356 WS2IFSL - ok
19:44:30.0796 2356 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc E:\WINDOWS\system32\wscsvc.dll
19:44:30.0859 2356 wscsvc - ok
19:44:30.0875 2356 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv E:\WINDOWS\system32\wuauserv.dll
19:44:30.0968 2356 wuauserv - ok
19:44:31.0000 2356 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC E:\WINDOWS\System32\wzcsvc.dll
19:44:31.0046 2356 WZCSVC - ok
19:44:31.0078 2356 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov E:\WINDOWS\System32\xmlprov.dll
19:44:31.0125 2356 xmlprov - ok
19:44:31.0125 2356 ================ Scan global ===============================
19:44:31.0156 2356 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] E:\WINDOWS\system32\basesrv.dll
19:44:31.0187 2356 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] E:\WINDOWS\system32\winsrv.dll
19:44:31.0203 2356 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] E:\WINDOWS\system32\winsrv.dll
19:44:31.0203 2356 [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] E:\WINDOWS\system32\services.exe
19:44:31.0203 2356 [Global] - ok
19:44:31.0203 2356 ================ Scan MBR ==================================
19:44:31.0218 2356 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:44:31.0578 2356 \Device\Harddisk0\DR0 - ok
19:44:31.0578 2356 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:44:31.0703 2356 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
19:44:31.0703 2356 \Device\Harddisk1\DR1 - detected TDSS File System (1)
19:44:31.0703 2356 ================ Scan VBR ==================================
19:44:31.0703 2356 [ D12670782B9FD969E3EDC3096E4CCF3A ] \Device\Harddisk0\DR0\Partition1
19:44:31.0703 2356 \Device\Harddisk0\DR0\Partition1 - ok
19:44:31.0703 2356 [ 4A597511853CAB5308E2D0313E118DB7 ] \Device\Harddisk1\DR1\Partition1
19:44:31.0703 2356 \Device\Harddisk1\DR1\Partition1 - ok
19:44:31.0703 2356 ============================================================
19:44:31.0703 2356 Scan finished
19:44:31.0703 2356 ============================================================
19:44:31.0812 1416 Detected object count: 6
19:44:31.0812 1416 Actual detected object count: 6
19:47:41.0000 1416 Eventlog ( UnsignedFile.Multi.Generic ) - skipped by user
19:47:41.0000 1416 Eventlog ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:47:41.0000 1416 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
19:47:41.0000 1416 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:47:41.0015 1416 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user
19:47:41.0015 1416 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:47:41.0015 1416 PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user
19:47:41.0015 1416 PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:47:41.0015 1416 VSPerfDrv100 ( UnsignedFile.Multi.Generic ) - skipped by user
19:47:41.0015 1416 VSPerfDrv100 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:47:41.0015 1416 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
19:47:41.0015 1416 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip
19:49:19.0140 1576 Deinitialize success
 
Please re-run TDSSKiller as before, but this time, please delete the TDSS File System. Good job so far! :D

Kaspersky Virus Removal Tool

The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

  • Double-click the Setup file to install it on your computer.
  • Once it has installed, review and accept the agreement and press the Start button.
  • You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
    image1nz.png
  • On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
    image2pmb.png
  • On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
    image3vd.png
  • Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
  • Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
    image5mf.png
  • Then, choose Save. Also, in the Automatic Report tab, select Save:
    image4vy.png
  • Please post the reports in your next reply.
  • Once you exit, the tool should uninstall automatically.
 
Here's the first scan log:
-----------------------------------------------------------------------------------------------------------------------------
Status: Vulnerability (events: 8)
12/5/2012 10:00:42 AM Vulnerability vulnerability http://www.securelist.com/en/advisories/50949 E:\Program Files\Java\jre1.6.0_22\bin\java.exe Low
12/5/2012 10:00:57 AM Vulnerability vulnerability http://www.securelist.com/en/advisories/50949 E:\Program Files\Java\jre6\bin\java.exe Low
12/5/2012 10:15:47 AM Vulnerability vulnerability http://www.securelist.com/en/advisories/48347 E:\Program Files\Omnitool\python32.dll Low
12/5/2012 11:43:50 AM Vulnerability vulnerability http://www.securelist.com/en/advisories/51213 E:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll Low
12/5/2012 11:52:19 AM Vulnerability vulnerability http://www.securelist.com/en/advisories/50949 G:\Program Files\Java\jre6\bin\java.exe Low
12/5/2012 12:27:02 PM Vulnerability vulnerability http://www.securelist.com/en/advisories/51090 G:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe Low
12/5/2012 12:30:15 PM Vulnerability vulnerability http://www.securelist.com/en/advisories/46809 e:\Program Files\DAEMON Tools Lite\DTLite.exe Low
12/5/2012 12:32:00 PM Vulnerability vulnerability http://www.securelist.com/en/advisories/51213 e:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll Low
Status: Deleted (events: 4)
12/5/2012 6:58:22 PM Deleted Trojan program HEUR:packed.Win32.Black.f E:\Program Files\SCHTHACK PSOBB\antihack.dll//Armadillo High
12/5/2012 7:00:00 PM Deleted Trojan program Packed.Win32.TDSS.z E:\TDSSKiller_Quarantine\05.12.2012_09.06.31\tdlfs0000\tsk0004.dta High
12/5/2012 6:59:04 PM Deleted Trojan program Packed.Win32.TDSS.z E:\TDSSKiller_Quarantine\05.12.2012_09.06.31\tdlfs0000\tsk0003.dta High
12/5/2012 6:58:22 PM Deleted Trojan program HEUR:packed.Win32.Black.f E:\Program Files\SCHTHACK PSOBB\antihack.dll High

The second log is 292 mb, which is far too big to post here.
 
Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

  • Double-click the CCleaner shortcut on the desktop to start the program.
  • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
  • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
  • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
Security check log:

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET Online Scanner v3
Outpost Firewall Pro 2009
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java(TM) 6 Update 22
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 11.3.300.268
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive E:: 24% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

One thing, do you have any idea of what might have caused my computer to have boot-up problems?
 
This should explain a bit about TDL4, which is what your computer had that prevented it to boot: http://secureconnexion.wordpress.com/2012/09/19/new-tdl4-variant-affecting-government-isps-etc/


Your computer probably got initially infected by a Java exploit, because Java is out of date...

Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems



Personal Tips on Preventing Malware

See this page for more info about malware and prevention.


Any other questions before I mark this topic solved?
 
Alright, I've installed the latest Java and removed the old ones. Everything's been working perfectly so far, thanks for your help!
 
Status
Not open for further replies.
Back