Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS & Google keeps redirecting


  • This topic is locked This topic is locked
12 replies to this topic

#1 hogie0101

hogie0101

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 29 March 2012 - 11:48 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by WinXP at 22:38:50 on 2012-03-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.668 [GMT -7:00]
.
AV: The Shield Deluxe 2009 Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\umonit.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\STOPzilla!\STOPzilla.exe
c:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
mRun: [UMonit] c:\windows\system32\umonit.exe

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:35 AM

Posted 29 March 2012 - 11:55 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 hogie0101

hogie0101
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 30 March 2012 - 07:29 PM

Gringo,

Here ya go and it is still redirecting google searches
thanks





ComboFix 12-03-30.06 - WinXP 03/30/2012 17:07:25.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.967 [GMT -7:00]
Running from: c:\documents and settings\WinXP\Desktop\ComboFix.exe
AV: The Shield Deluxe 2009 Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\rf7c17l7.vbt
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
.
.
2012-03-31 00:15 . 2012-03-31 00:15 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-28 02:26 . 2010-08-17 13:17 58880 -c--a-w- c:\windows\system32\dllcache\spoolsv.exe
2012-03-28 02:26 . 2010-08-17 13:17 58880 ----a-w- c:\windows\system32\spoolsv.exe
2012-03-22 03:29 . 2012-03-22 03:30 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-03-18 06:06 . 2012-03-18 06:06 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 06:06 . 2012-03-18 06:06 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-16 03:52 . 2012-03-16 03:52 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-03-10 01:49 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-03-10 01:49 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-10 01:47 . 2012-03-22 04:15 -------- d-----w- c:\documents and settings\WinXP\Application Data\ElevatedDiagnostics
2012-03-10 01:35 . 2012-03-10 01:35 -------- d-----w- C:\found.000
2012-03-08 23:24 . 2012-03-08 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-03-08 23:24 . 2012-03-08 23:24 -------- d-----w- c:\program files\HitmanPro
2012-03-02 04:43 . 2012-03-02 05:58 -------- d-----w- C:\WAR2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 02:10 . 2011-06-08 00:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 14:56 . 2011-03-17 07:46 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-02-03 09:22 . 1980-01-01 00:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2006-03-22 18:44 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-18 06:06 . 2011-12-04 16:40 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-03-06 01:08 . 2009-06-15 03:30 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-22_05.25.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-31 00:15 . 2012-03-31 00:15 16384 c:\windows\Temp\Perflib_Perfdata_1d0.dat
+ 1980-01-01 00:00 . 2012-03-31 00:19 87074 c:\windows\system32\perfc009.dat
- 1980-01-01 00:00 . 2012-03-22 05:28 87074 c:\windows\system32\perfc009.dat
- 2010-02-25 03:12 . 2012-03-21 01:18 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-02-25 03:12 . 2012-03-30 04:57 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-03-23 04:20 . 2012-03-30 04:57 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-02-25 03:12 . 2012-03-21 01:18 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 1980-01-01 00:00 . 2012-03-31 00:19 502990 c:\windows\system32\perfh009.dat
- 1980-01-01 00:00 . 2012-03-22 05:28 502990 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"UMonit"="c:\windows\system32\umonit.exe" [2004-09-07 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Malwarebytes' Anti-Malware.lnk - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2011-4-27 981680]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-17 01:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ------w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56068:TCP"= 56068:TCP:*:Disabled:Pando Media Booster
"56068:UDP"= 56068:UDP:*:Disabled:Pando Media Booster
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [9/26/2011 12:21 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [8/16/2011 5:48 PM 59080]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/27/2011 8:33 PM 652360]
R3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [4/20/2006 4:58 PM 6016]
R3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [3/22/2006 12:20 PM 38528]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/27/2011 8:33 PM 20464]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/30/2012 5:15 PM 40776]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [9/26/2011 12:21 PM 61328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [9/6/2011 8:39 PM 245760]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [3/21/2012 8:29 PM 24064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [12/31/1979 5:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S3 ZD1211BU(Atheros);Atheros ZD1211B IEEE 802.11 Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [4/11/2008 8:52 PM 722432]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]
.
2012-03-31 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-07 08:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - hxxp://ds1.downloadtech.net/cn1060/pcpowerscan.cab
FF - ProfilePath - c:\documents and settings\WinXP\Application Data\Mozilla\Firefox\Profiles\ex2ixncs.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.enabled - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-30 17:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?05e3&Pid_8?????VID808????Pa??C?USB\RO8???UB?0???????????????????????????wPa??????????tq??l??????|p??|????m??|C??w????????Pa??B$?|???w???w*?,?Pa?????????????????????????????????w????????????tq??????T???????????tq?????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2464)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\pctspk.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\STOPzilla!\STOPzilla.exe
.
**************************************************************************
.
Completion time: 2012-03-30 17:23:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-31 00:23
ComboFix2.txt 2012-03-23 03:54
ComboFix3.txt 2012-03-22 05:59
ComboFix4.txt 2012-03-22 05:31
.
Pre-Run: 123,503,190,016 bytes free
Post-Run: 123,496,259,584 bytes free
.
- - End Of File - - AFE1D6AD09E8DDD5BB426DBD235CD832

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:35 AM

Posted 30 March 2012 - 08:07 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 hogie0101

hogie0101
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 31 March 2012 - 10:55 PM

Here ya go!

18:31:12.0812 2408 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
18:31:13.0312 2408 ============================================================
18:31:13.0312 2408 Current date / time: 2012/03/31 18:31:13.0312
18:31:13.0312 2408 SystemInfo:
18:31:13.0312 2408
18:31:13.0312 2408 OS Version: 5.1.2600 ServicePack: 3.0
18:31:13.0312 2408 Product type: Workstation
18:31:13.0312 2408 ComputerName: MPC
18:31:13.0312 2408 UserName: WinXP
18:31:13.0312 2408 Windows directory: C:\WINDOWS
18:31:13.0312 2408 System windows directory: C:\WINDOWS
18:31:13.0312 2408 Processor architecture: Intel x86
18:31:13.0312 2408 Number of processors: 2
18:31:13.0312 2408 Page size: 0x1000
18:31:13.0312 2408 Boot type: Normal boot
18:31:13.0312 2408 ============================================================
18:31:14.0734 2408 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:31:14.0750 2408 \Device\Harddisk0\DR0:
18:31:14.0765 2408 MBR used
18:31:14.0765 2408 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3EC1, BlocksNum 0x12A14C00
18:31:14.0781 2408 Initialize success
18:31:14.0781 2408 ============================================================
18:31:20.0687 3556 ============================================================
18:31:20.0687 3556 Scan started
18:31:20.0687 3556 Mode: Manual; SigCheck; TDLFS;
18:31:20.0687 3556 ============================================================
18:31:20.0921 3556 Abiosdsk - ok
18:31:20.0937 3556 abp480n5 - ok
18:31:20.0984 3556 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:31:21.0250 3556 ACPI - ok
18:31:21.0296 3556 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:31:21.0437 3556 ACPIEC - ok
18:31:21.0453 3556 adpu160m - ok
18:31:21.0468 3556 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:31:21.0609 3556 aec - ok
18:31:21.0640 3556 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:31:21.0687 3556 AFD - ok
18:31:21.0687 3556 Aha154x - ok
18:31:21.0703 3556 aic78u2 - ok
18:31:21.0703 3556 aic78xx - ok
18:31:21.0734 3556 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:31:21.0875 3556 Alerter - ok
18:31:21.0890 3556 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:31:21.0968 3556 ALG - ok
18:31:21.0984 3556 AliIde - ok
18:31:21.0984 3556 amsint - ok
18:31:22.0078 3556 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:31:22.0093 3556 Apple Mobile Device - ok
18:31:22.0125 3556 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:31:22.0203 3556 AppMgmt - ok
18:31:22.0218 3556 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:31:22.0343 3556 Arp1394 - ok
18:31:22.0375 3556 ASAPIW2K (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\Drivers\ASAPIW2K.sys
18:31:22.0375 3556 ASAPIW2K ( UnsignedFile.Multi.Generic ) - warning
18:31:22.0375 3556 ASAPIW2K - detected UnsignedFile.Multi.Generic (1)
18:31:22.0390 3556 asc - ok
18:31:22.0390 3556 asc3350p - ok
18:31:22.0406 3556 asc3550 - ok
18:31:22.0515 3556 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:31:22.0531 3556 aspnet_state - ok
18:31:22.0546 3556 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:31:22.0703 3556 AsyncMac - ok
18:31:22.0718 3556 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:31:22.0859 3556 atapi - ok
18:31:22.0859 3556 Atdisk - ok
18:31:22.0906 3556 Ati HotKey Poller (1bd87fec00508dcfc23af4727ba14333) C:\WINDOWS\system32\Ati2evxx.exe
18:31:22.0968 3556 Ati HotKey Poller - ok
18:31:23.0203 3556 ati2mtag (caadf7aa3abc6afcb3d02b129de9863a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:31:23.0375 3556 ati2mtag - ok
18:31:23.0453 3556 AtiHdmiService (7e13f3f0f4c4c337a6949a18d1d23089) C:\WINDOWS\system32\drivers\AtiHdmi.sys
18:31:23.0500 3556 AtiHdmiService - ok
18:31:23.0515 3556 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:31:23.0656 3556 Atmarpc - ok
18:31:23.0687 3556 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:31:23.0843 3556 AudioSrv - ok
18:31:23.0875 3556 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:31:24.0031 3556 audstub - ok
18:31:24.0062 3556 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:31:24.0218 3556 Beep - ok
18:31:24.0265 3556 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:31:24.0437 3556 BITS - ok
18:31:24.0546 3556 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:31:24.0562 3556 Bonjour Service - ok
18:31:24.0593 3556 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:31:24.0750 3556 Browser - ok
18:31:24.0781 3556 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
18:31:24.0812 3556 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
18:31:24.0812 3556 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
18:31:24.0828 3556 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:31:25.0000 3556 cbidf2k - ok
18:31:25.0000 3556 cd20xrnt - ok
18:31:25.0031 3556 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:31:25.0171 3556 Cdaudio - ok
18:31:25.0281 3556 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:31:25.0406 3556 Cdfs - ok
18:31:25.0421 3556 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:31:25.0562 3556 Cdrom - ok
18:31:25.0593 3556 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
18:31:25.0734 3556 Changer - ok
18:31:25.0750 3556 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:31:25.0890 3556 CiSvc - ok
18:31:25.0921 3556 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:31:26.0062 3556 ClipSrv - ok
18:31:26.0156 3556 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:31:26.0171 3556 clr_optimization_v2.0.50727_32 - ok
18:31:26.0218 3556 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:31:26.0234 3556 clr_optimization_v4.0.30319_32 - ok
18:31:26.0250 3556 CmdIde - ok
18:31:26.0250 3556 COMSysApp - ok
18:31:26.0265 3556 Cpqarray - ok
18:31:26.0296 3556 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:31:26.0437 3556 CryptSvc - ok
18:31:26.0453 3556 dac2w2k - ok
18:31:26.0468 3556 dac960nt - ok
18:31:26.0500 3556 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:31:26.0531 3556 DcomLaunch - ok
18:31:26.0562 3556 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:31:26.0718 3556 Dhcp - ok
18:31:26.0734 3556 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:31:26.0875 3556 Disk - ok
18:31:26.0875 3556 dmadmin - ok
18:31:26.0921 3556 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:31:27.0093 3556 dmboot - ok
18:31:27.0125 3556 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:31:27.0281 3556 dmio - ok
18:31:27.0296 3556 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:31:27.0437 3556 dmload - ok
18:31:27.0468 3556 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:31:27.0609 3556 dmserver - ok
18:31:27.0640 3556 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:31:27.0781 3556 DMusic - ok
18:31:27.0796 3556 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:31:27.0828 3556 Dnscache - ok
18:31:27.0859 3556 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:31:28.0000 3556 Dot3svc - ok
18:31:28.0078 3556 dpti2o - ok
18:31:28.0093 3556 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:31:28.0250 3556 drmkaud - ok
18:31:28.0296 3556 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
18:31:28.0328 3556 e1express - ok
18:31:28.0359 3556 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:31:28.0484 3556 EapHost - ok
18:31:28.0515 3556 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:31:28.0656 3556 ERSvc - ok
18:31:28.0703 3556 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:31:28.0718 3556 Eventlog - ok
18:31:28.0750 3556 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:31:28.0781 3556 EventSystem - ok
18:31:28.0828 3556 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:31:28.0953 3556 Fastfat - ok
18:31:28.0984 3556 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:31:29.0000 3556 FastUserSwitchingCompatibility - ok
18:31:29.0031 3556 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:31:29.0187 3556 Fdc - ok
18:31:29.0234 3556 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:31:29.0359 3556 Fips - ok
18:31:29.0375 3556 fixustor (b60a320d5c8dca4df6da537fc844474b) C:\WINDOWS\system32\drivers\fixustor.sys
18:31:29.0390 3556 fixustor ( UnsignedFile.Multi.Generic ) - warning
18:31:29.0390 3556 fixustor - detected UnsignedFile.Multi.Generic (1)
18:31:29.0421 3556 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:31:29.0562 3556 Flpydisk - ok
18:31:29.0609 3556 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:31:29.0734 3556 FltMgr - ok
18:31:29.0812 3556 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:31:29.0828 3556 FontCache3.0.0.0 - ok
18:31:29.0843 3556 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:31:29.0968 3556 Fs_Rec - ok
18:31:30.0000 3556 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:31:30.0140 3556 Ftdisk - ok
18:31:30.0171 3556 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:31:30.0187 3556 GEARAspiWDM - ok
18:31:30.0281 3556 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:31:30.0406 3556 Gpc - ok
18:31:30.0453 3556 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:31:30.0593 3556 HDAudBus - ok
18:31:30.0640 3556 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:31:30.0781 3556 helpsvc - ok
18:31:30.0796 3556 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:31:30.0921 3556 HidServ - ok
18:31:30.0921 3556 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:31:31.0062 3556 HidUsb - ok
18:31:31.0109 3556 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:31:31.0234 3556 hkmsvc - ok
18:31:31.0250 3556 hpn - ok
18:31:31.0296 3556 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:31:31.0312 3556 HTTP - ok
18:31:31.0343 3556 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:31:31.0468 3556 HTTPFilter - ok
18:31:31.0500 3556 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:31:31.0625 3556 i2omgmt - ok
18:31:31.0625 3556 i2omp - ok
18:31:31.0656 3556 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:31:31.0796 3556 i8042prt - ok
18:31:31.0828 3556 IAMTXP (9bc0487aa1c631e9362af2f624a85bf9) C:\WINDOWS\system32\DRIVERS\IAMTXP.sys
18:31:31.0859 3556 IAMTXP - ok
18:31:31.0937 3556 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:31:32.0000 3556 idsvc - ok
18:31:32.0015 3556 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:31:32.0156 3556 Imapi - ok
18:31:32.0187 3556 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:31:32.0343 3556 ImapiService - ok
18:31:32.0359 3556 ini910u - ok
18:31:32.0375 3556 IntelIde - ok
18:31:32.0406 3556 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:31:32.0531 3556 intelppm - ok
18:31:32.0625 3556 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
18:31:32.0625 3556 IntuitUpdateService - ok
18:31:32.0656 3556 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
18:31:32.0671 3556 IntuitUpdateServiceV4 - ok
18:31:32.0734 3556 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:31:32.0875 3556 Ip6Fw - ok
18:31:32.0921 3556 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:31:33.0062 3556 IpFilterDriver - ok
18:31:33.0078 3556 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:31:33.0218 3556 IpInIp - ok
18:31:33.0250 3556 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:31:33.0421 3556 IpNat - ok
18:31:33.0468 3556 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
18:31:33.0484 3556 iPod Service - ok
18:31:33.0515 3556 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:31:33.0656 3556 IPSec - ok
18:31:33.0671 3556 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:31:33.0734 3556 IRENUM - ok
18:31:33.0765 3556 is3srv (447e6a7c3e7e1cd550a8af889a8209e9) C:\WINDOWS\system32\drivers\is3srv.sys
18:31:33.0765 3556 is3srv - ok
18:31:33.0796 3556 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:31:33.0937 3556 isapnp - ok
18:31:34.0031 3556 JavaQuickStarterService (39133291cb607bdd87cfc565a4a1e7a5) C:\Program Files\Java\jre6\bin\jqs.exe
18:31:34.0046 3556 JavaQuickStarterService - ok
18:31:34.0078 3556 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:31:34.0218 3556 Kbdclass - ok
18:31:34.0250 3556 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:31:34.0375 3556 kbdhid - ok
18:31:34.0406 3556 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:31:34.0546 3556 kmixer - ok
18:31:34.0562 3556 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:31:34.0593 3556 KSecDD - ok
18:31:34.0625 3556 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:31:34.0640 3556 lanmanserver - ok
18:31:34.0750 3556 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:31:34.0781 3556 lanmanworkstation - ok
18:31:34.0828 3556 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
18:31:34.0968 3556 lbrtfdc - ok
18:31:35.0000 3556 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:31:35.0140 3556 LmHosts - ok
18:31:35.0187 3556 ltmodem5 (006df4dac09517adcc3fb329f50ff156) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
18:31:35.0218 3556 ltmodem5 - ok
18:31:35.0250 3556 MarvinBus (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
18:31:35.0265 3556 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
18:31:35.0265 3556 MarvinBus - detected UnsignedFile.Multi.Generic (1)
18:31:35.0281 3556 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
18:31:35.0296 3556 mbamchameleon ( UnsignedFile.Multi.Generic ) - warning
18:31:35.0296 3556 mbamchameleon - detected UnsignedFile.Multi.Generic (1)
18:31:35.0312 3556 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
18:31:35.0328 3556 MBAMProtector - ok
18:31:35.0421 3556 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:31:35.0437 3556 MBAMService - ok
18:31:35.0484 3556 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:31:35.0625 3556 Messenger - ok
18:31:35.0656 3556 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:31:35.0781 3556 mnmdd - ok
18:31:35.0796 3556 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:31:35.0921 3556 mnmsrvc - ok
18:31:35.0953 3556 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:31:36.0093 3556 Modem - ok
18:31:36.0109 3556 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:31:36.0250 3556 Mouclass - ok
18:31:36.0281 3556 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:31:36.0406 3556 mouhid - ok
18:31:36.0421 3556 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:31:36.0578 3556 MountMgr - ok
18:31:36.0593 3556 mraid35x - ok
18:31:36.0609 3556 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:31:36.0750 3556 MRxDAV - ok
18:31:36.0828 3556 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:31:36.0859 3556 MRxSmb - ok
18:31:36.0953 3556 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:31:37.0093 3556 MSDTC - ok
18:31:37.0125 3556 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:31:37.0265 3556 Msfs - ok
18:31:37.0281 3556 MSIServer - ok
18:31:37.0312 3556 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:31:37.0437 3556 MSKSSRV - ok
18:31:37.0453 3556 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:31:37.0578 3556 MSPCLOCK - ok
18:31:37.0609 3556 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:31:37.0765 3556 MSPQM - ok
18:31:37.0796 3556 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:31:37.0921 3556 mssmbios - ok
18:31:37.0953 3556 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:31:37.0968 3556 Mup - ok
18:31:38.0000 3556 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:31:38.0140 3556 napagent - ok
18:31:38.0156 3556 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:31:38.0281 3556 NDIS - ok
18:31:38.0328 3556 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:31:38.0343 3556 NdisTapi - ok
18:31:38.0375 3556 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:31:38.0515 3556 Ndisuio - ok
18:31:38.0515 3556 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:31:38.0656 3556 NdisWan - ok
18:31:38.0687 3556 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:31:38.0703 3556 NDProxy - ok
18:31:38.0734 3556 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:31:38.0859 3556 NetBIOS - ok
18:31:38.0890 3556 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:31:39.0031 3556 NetBT - ok
18:31:39.0062 3556 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:31:39.0187 3556 NetDDE - ok
18:31:39.0187 3556 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:31:39.0312 3556 NetDDEdsdm - ok
18:31:39.0343 3556 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:31:39.0468 3556 Netlogon - ok
18:31:39.0500 3556 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:31:39.0640 3556 Netman - ok
18:31:39.0718 3556 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:31:39.0734 3556 NetTcpPortSharing - ok
18:31:39.0828 3556 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:31:39.0937 3556 NIC1394 - ok
18:31:39.0984 3556 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:31:40.0015 3556 Nla - ok
18:31:40.0062 3556 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:31:40.0203 3556 Npfs - ok
18:31:40.0250 3556 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:31:40.0390 3556 Ntfs - ok
18:31:40.0390 3556 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:31:40.0515 3556 NtLmSsp - ok
18:31:40.0562 3556 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:31:40.0703 3556 NtmsSvc - ok
18:31:40.0734 3556 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:31:40.0875 3556 Null - ok
18:31:40.0984 3556 nv (c7993894984c271e49381cc649cdf8bd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:31:41.0093 3556 nv - ok
18:31:41.0140 3556 NVSvc (e4276284b9c54c4ece7e4e2b810a9dee) C:\WINDOWS\system32\nvsvc32.exe
18:31:41.0156 3556 NVSvc - ok
18:31:41.0171 3556 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:31:41.0296 3556 NwlnkFlt - ok
18:31:41.0312 3556 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:31:41.0453 3556 NwlnkFwd - ok
18:31:41.0484 3556 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:31:41.0593 3556 ohci1394 - ok
18:31:41.0609 3556 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:31:41.0734 3556 Parport - ok
18:31:41.0750 3556 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:31:41.0875 3556 PartMgr - ok
18:31:41.0906 3556 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:31:42.0031 3556 ParVdm - ok
18:31:42.0046 3556 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:31:42.0187 3556 PCI - ok
18:31:42.0187 3556 PCIDump - ok
18:31:42.0203 3556 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:31:42.0343 3556 PCIIde - ok
18:31:42.0375 3556 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
18:31:42.0390 3556 PCLEPCI ( UnsignedFile.Multi.Generic ) - warning
18:31:42.0390 3556 PCLEPCI - detected UnsignedFile.Multi.Generic (1)
18:31:42.0406 3556 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:31:42.0531 3556 Pcmcia - ok
18:31:42.0562 3556 Pctspk (0275215d01c3985e682a661b8826f371) C:\WINDOWS\system32\pctspk.exe
18:31:42.0703 3556 Pctspk - ok
18:31:42.0718 3556 PDCOMP - ok
18:31:42.0718 3556 PDFRAME - ok
18:31:42.0734 3556 PDRELI - ok
18:31:42.0734 3556 PDRFRAME - ok
18:31:42.0750 3556 perc2 - ok
18:31:42.0765 3556 perc2hib - ok
18:31:42.0812 3556 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:31:42.0828 3556 PlugPlay - ok
18:31:42.0906 3556 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:31:43.0062 3556 PolicyAgent - ok
18:31:43.0093 3556 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:31:43.0234 3556 PptpMiniport - ok
18:31:43.0234 3556 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:31:43.0359 3556 ProtectedStorage - ok
18:31:43.0375 3556 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:31:43.0500 3556 PSched - ok
18:31:43.0515 3556 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:31:43.0640 3556 Ptilink - ok
18:31:43.0671 3556 Ptserlp (ace8fe0e920cb8fba057c024ead33f84) C:\WINDOWS\system32\DRIVERS\ptserlp.sys
18:31:43.0812 3556 Ptserlp - ok
18:31:43.0828 3556 ql1080 - ok
18:31:43.0828 3556 Ql10wnt - ok
18:31:43.0843 3556 ql12160 - ok
18:31:43.0843 3556 ql1240 - ok
18:31:43.0859 3556 ql1280 - ok
18:31:43.0875 3556 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:31:44.0031 3556 RasAcd - ok
18:31:44.0078 3556 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:31:44.0203 3556 RasAuto - ok
18:31:44.0234 3556 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:31:44.0375 3556 Rasl2tp - ok
18:31:44.0406 3556 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:31:44.0531 3556 RasMan - ok
18:31:44.0546 3556 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:31:44.0671 3556 RasPppoe - ok
18:31:44.0703 3556 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:31:44.0828 3556 Raspti - ok
18:31:44.0859 3556 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:31:45.0000 3556 Rdbss - ok
18:31:45.0031 3556 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:31:45.0156 3556 RDPCDD - ok
18:31:45.0187 3556 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:31:45.0328 3556 rdpdr - ok
18:31:45.0359 3556 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:31:45.0390 3556 RDPWD - ok
18:31:45.0437 3556 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:31:45.0562 3556 RDSessMgr - ok
18:31:45.0578 3556 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:31:45.0718 3556 redbook - ok
18:31:45.0750 3556 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:31:45.0890 3556 RemoteAccess - ok
18:31:45.0984 3556 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:31:46.0109 3556 RemoteRegistry - ok
18:31:46.0125 3556 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:31:46.0281 3556 RpcLocator - ok
18:31:46.0328 3556 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:31:46.0343 3556 RpcSs - ok
18:31:46.0359 3556 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:31:46.0500 3556 RSVP - ok
18:31:46.0531 3556 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:31:46.0656 3556 SamSs - ok
18:31:46.0703 3556 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
18:31:46.0828 3556 sbp2port - ok
18:31:46.0859 3556 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:31:47.0031 3556 SCardSvr - ok
18:31:47.0078 3556 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:31:47.0218 3556 Schedule - ok
18:31:47.0234 3556 Secdrv - ok
18:31:47.0265 3556 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:31:47.0390 3556 seclogon - ok
18:31:47.0421 3556 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:31:47.0562 3556 SENS - ok
18:31:47.0593 3556 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:31:47.0734 3556 serenum - ok
18:31:47.0765 3556 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:31:47.0906 3556 Serial - ok
18:31:47.0937 3556 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:31:48.0109 3556 Sfloppy - ok
18:31:48.0140 3556 sfng32 (cecdd7cb5db385775790d30fa10f0507) C:\WINDOWS\system32\drivers\sfng32.sys
18:31:48.0156 3556 sfng32 - ok
18:31:48.0187 3556 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:31:48.0343 3556 SharedAccess - ok
18:31:48.0375 3556 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:31:48.0390 3556 ShellHWDetection - ok
18:31:48.0406 3556 Simbad - ok
18:31:48.0421 3556 slabbus (444186c720885429a2354095c1938143) C:\WINDOWS\system32\DRIVERS\slabbus.sys
18:31:48.0453 3556 slabbus - ok
18:31:48.0453 3556 slabser (ed71f8c82ef11c0da1c57be021a2fdc9) C:\WINDOWS\system32\DRIVERS\slabser.sys
18:31:48.0468 3556 slabser - ok
18:31:48.0484 3556 Sparrow - ok
18:31:48.0515 3556 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:31:48.0656 3556 splitter - ok
18:31:48.0750 3556 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:31:48.0765 3556 Spooler - ok
18:31:48.0812 3556 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:31:48.0890 3556 sr - ok
18:31:48.0890 3556 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:31:48.0968 3556 srservice - ok
18:31:49.0000 3556 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:31:49.0031 3556 Srv - ok
18:31:49.0093 3556 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:31:49.0171 3556 SSDPSRV - ok
18:31:49.0250 3556 STHDA (e459a674c2fccfbc69bfd86800791a5d) C:\WINDOWS\system32\drivers\sthda.sys
18:31:49.0312 3556 STHDA - ok
18:31:49.0359 3556 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:31:49.0515 3556 stisvc - ok
18:31:49.0546 3556 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:31:49.0687 3556 swenum - ok
18:31:49.0718 3556 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:31:49.0859 3556 swmidi - ok
18:31:49.0875 3556 SwPrv - ok
18:31:49.0890 3556 symc810 - ok
18:31:49.0890 3556 symc8xx - ok
18:31:49.0906 3556 sym_hi - ok
18:31:49.0921 3556 sym_u3 - ok
18:31:49.0937 3556 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:31:50.0093 3556 sysaudio - ok
18:31:50.0125 3556 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:31:50.0265 3556 SysmonLog - ok
18:31:50.0296 3556 szkg5 (447e6a7c3e7e1cd550a8af889a8209e9) C:\WINDOWS\system32\DRIVERS\szkg.sys
18:31:50.0296 3556 szkg5 - ok
18:31:50.0312 3556 szkgfs (2b8581dc75d6d043e273eb0244632bcb) C:\WINDOWS\system32\drivers\szkgfs.sys
18:31:50.0328 3556 szkgfs - ok
18:31:50.0390 3556 szserver (8fc7106e7fc5800c66eac6602a8cd4cd) c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
18:31:50.0390 3556 szserver - ok
18:31:50.0437 3556 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:31:50.0593 3556 TapiSrv - ok
18:31:50.0625 3556 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:31:50.0656 3556 Tcpip - ok
18:31:50.0765 3556 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:31:50.0875 3556 TDPIPE - ok
18:31:50.0906 3556 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:31:51.0031 3556 TDTCP - ok
18:31:51.0062 3556 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:31:51.0234 3556 TermDD - ok
18:31:51.0265 3556 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:31:51.0406 3556 TermService - ok
18:31:51.0437 3556 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:31:51.0453 3556 Themes - ok
18:31:51.0500 3556 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:31:51.0578 3556 TlntSvr - ok
18:31:51.0593 3556 TosIde - ok
18:31:51.0640 3556 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:31:51.0796 3556 TrkWks - ok
18:31:51.0828 3556 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:31:51.0968 3556 Udfs - ok
18:31:51.0984 3556 ultra - ok
18:31:52.0015 3556 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:31:52.0187 3556 Update - ok
18:31:52.0218 3556 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:31:52.0296 3556 upnphost - ok
18:31:52.0312 3556 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:31:52.0453 3556 UPS - ok
18:31:52.0500 3556 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:31:52.0500 3556 USBAAPL - ok
18:31:52.0531 3556 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:31:52.0671 3556 usbccgp - ok
18:31:52.0703 3556 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:31:52.0843 3556 usbehci - ok
18:31:52.0859 3556 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:31:53.0000 3556 usbhub - ok
18:31:53.0046 3556 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:31:53.0203 3556 usbprint - ok
18:31:53.0234 3556 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:31:53.0375 3556 usbscan - ok
18:31:53.0468 3556 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:31:53.0609 3556 USBSTOR - ok
18:31:53.0640 3556 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:31:53.0796 3556 usbuhci - ok
18:31:53.0812 3556 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:31:53.0953 3556 VgaSave - ok
18:31:53.0968 3556 ViaIde - ok
18:31:54.0015 3556 Vmodem (b289d19df6103352d3c4b13c0ed79331) C:\WINDOWS\system32\DRIVERS\vmodem.sys
18:31:54.0156 3556 Vmodem - ok
18:31:54.0171 3556 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:31:54.0296 3556 VolSnap - ok
18:31:54.0328 3556 Vpctcom (4a4448332075c5a909df123c21616b2a) C:\WINDOWS\system32\DRIVERS\vpctcom.sys
18:31:54.0468 3556 Vpctcom - ok
18:31:54.0515 3556 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:31:54.0578 3556 VSS - ok
18:31:54.0593 3556 Vvoice (120e61aac05f00c867a32de493dab9b4) C:\WINDOWS\system32\DRIVERS\vvoice.sys
18:31:54.0765 3556 Vvoice - ok
18:31:54.0796 3556 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:31:54.0921 3556 W32Time - ok
18:31:54.0968 3556 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:31:55.0093 3556 Wanarp - ok
18:31:55.0093 3556 WDICA - ok
18:31:55.0140 3556 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:31:55.0281 3556 wdmaud - ok
18:31:55.0312 3556 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:31:55.0453 3556 WebClient - ok
18:31:55.0515 3556 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:31:55.0625 3556 winmgmt - ok
18:31:55.0703 3556 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
18:31:55.0796 3556 WinRM - ok
18:31:55.0875 3556 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:31:55.0890 3556 WmdmPmSN - ok
18:31:55.0953 3556 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:31:56.0000 3556 Wmi - ok
18:31:56.0015 3556 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:31:56.0156 3556 WmiApSrv - ok
18:31:56.0265 3556 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:31:56.0312 3556 WMPNetworkSvc - ok
18:31:56.0328 3556 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:31:56.0343 3556 WpdUsb - ok
18:31:56.0484 3556 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:31:56.0515 3556 WPFFontCache_v0400 - ok
18:31:56.0578 3556 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:31:56.0703 3556 WS2IFSL - ok
18:31:56.0734 3556 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:31:56.0890 3556 wscsvc - ok
18:31:56.0906 3556 WSearch - ok
18:31:56.0937 3556 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:31:57.0093 3556 wuauserv - ok
18:31:57.0109 3556 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:31:57.0140 3556 WudfPf - ok
18:31:57.0171 3556 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:31:57.0203 3556 WudfRd - ok
18:31:57.0234 3556 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:31:57.0265 3556 WudfSvc - ok
18:31:57.0296 3556 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:31:57.0437 3556 WZCSVC - ok
18:31:57.0468 3556 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:31:57.0593 3556 xmlprov - ok
18:31:57.0640 3556 ZD1211BU(Atheros) (b8f451c48e8c5580c3b4521a17a52149) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
18:31:57.0703 3556 ZD1211BU(Atheros) - ok
18:31:57.0765 3556 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
18:31:57.0781 3556 ZDPSp50 ( UnsignedFile.Multi.Generic ) - warning
18:31:57.0781 3556 ZDPSp50 - detected UnsignedFile.Multi.Generic (1)
18:31:57.0812 3556 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:31:58.0000 3556 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:31:58.0000 3556 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:31:58.0015 3556 Boot (0x1200) (1109ced4652aca1316752438036752da) \Device\Harddisk0\DR0\Partition0
18:31:58.0015 3556 \Device\Harddisk0\DR0\Partition0 - ok
18:31:58.0015 3556 ============================================================
18:31:58.0015 3556 Scan finished
18:31:58.0015 3556 ============================================================
18:31:58.0125 2936 Detected object count: 8
18:31:58.0125 2936 Actual detected object count: 8
18:32:18.0781 2936 ASAPIW2K ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:18.0781 2936 ASAPIW2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:18.0781 2936 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:18.0781 2936 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:18.0781 2936 fixustor ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:18.0781 2936 fixustor ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:18.0781 2936 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:18.0781 2936 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:18.0781 2936 mbamchameleon ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:18.0781 2936 mbamchameleon ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:18.0781 2936 PCLEPCI ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:18.0781 2936 PCLEPCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:18.0796 2936 ZDPSp50 ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:18.0796 2936 ZDPSp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:18.0796 2936 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:32:18.0796 2936 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


and then aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-31 18:35:26
-----------------------------
18:35:26.265 OS Version: Windows 5.1.2600 Service Pack 3
18:35:26.265 Number of processors: 2 586 0x602
18:35:26.265 ComputerName: MPC UserName:
18:35:26.640 Initialize success
18:38:06.437 AVAST engine defs: 12033101
18:38:09.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
18:38:09.218 Disk 0 Vendor: WDC_WD1600JS-00MHB0 02.01C03 Size: 152627MB BusType: 3
18:38:09.234 Disk 0 MBR read successfully
18:38:09.250 Disk 0 MBR scan
18:38:09.265 Disk 0 Windows XP default MBR code
18:38:09.281 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 16065
18:38:09.281 Disk 0 scanning sectors +312576705
18:38:09.343 Disk 0 scanning C:\WINDOWS\system32\drivers
18:38:19.515 Service scanning
18:38:34.953 Modules scanning
18:38:38.593 Disk 0 trace - called modules:
18:38:38.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:38:38.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a510ab8]
18:38:38.656 3 CLASSPNP.SYS[ba138fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8a5589e8]
18:38:38.656 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a557d98]
18:38:39.625 AVAST engine scan C:\
20:54:12.890 Scan finished successfully
20:55:16.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\WinXP\Desktop\MBR.dat"
20:55:16.171 The log file has been saved successfully to "C:\Documents and Settings\WinXP\Desktop\aswMBR.txt"


thanks

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:35 AM

Posted 31 March 2012 - 11:19 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 hogie0101

hogie0101
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 01 April 2012 - 03:57 PM

fixTDSS said no infection was found

here is the new TDSSkiller report

13:54:46.0296 1112 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
13:54:46.0953 1112 ============================================================
13:54:46.0953 1112 Current date / time: 2012/04/01 13:54:46.0953
13:54:46.0953 1112 SystemInfo:
13:54:46.0953 1112
13:54:46.0953 1112 OS Version: 5.1.2600 ServicePack: 3.0
13:54:46.0953 1112 Product type: Workstation
13:54:46.0953 1112 ComputerName: MPC
13:54:46.0953 1112 UserName: WinXP
13:54:46.0953 1112 Windows directory: C:\WINDOWS
13:54:46.0953 1112 System windows directory: C:\WINDOWS
13:54:46.0953 1112 Processor architecture: Intel x86
13:54:46.0953 1112 Number of processors: 2
13:54:46.0953 1112 Page size: 0x1000
13:54:46.0953 1112 Boot type: Normal boot
13:54:46.0953 1112 ============================================================
13:54:48.0562 1112 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:54:48.0609 1112 \Device\Harddisk0\DR0:
13:54:48.0609 1112 MBR used
13:54:48.0609 1112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3EC1, BlocksNum 0x12A14C00
13:54:48.0640 1112 Initialize success
13:54:48.0640 1112 ============================================================
13:55:05.0093 3300 ============================================================
13:55:05.0093 3300 Scan started
13:55:05.0093 3300 Mode: Manual;
13:55:05.0093 3300 ============================================================
13:55:05.0281 3300 Scan interrupted by user!
13:55:05.0281 3300 Scan interrupted by user!
13:55:05.0281 3300 Scan interrupted by user!
13:55:05.0281 3300 ============================================================
13:55:05.0281 3300 Scan finished
13:55:05.0281 3300 ============================================================
13:55:05.0281 2292 Detected object count: 0
13:55:05.0281 2292 Actual detected object count: 0
13:55:10.0796 1364 ============================================================
13:55:10.0796 1364 Scan started
13:55:10.0796 1364 Mode: Manual; SigCheck; TDLFS;
13:55:10.0796 1364 ============================================================
13:55:11.0046 1364 Abiosdsk - ok
13:55:11.0062 1364 abp480n5 - ok
13:55:11.0109 1364 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:55:11.0984 1364 ACPI - ok
13:55:12.0093 1364 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:55:12.0250 1364 ACPIEC - ok
13:55:12.0281 1364 adpu160m - ok
13:55:12.0312 1364 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:55:12.0500 1364 aec - ok
13:55:12.0531 1364 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:55:12.0578 1364 AFD - ok
13:55:12.0578 1364 Aha154x - ok
13:55:12.0593 1364 aic78u2 - ok
13:55:12.0593 1364 aic78xx - ok
13:55:12.0625 1364 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:55:12.0796 1364 Alerter - ok
13:55:12.0812 1364 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:55:12.0890 1364 ALG - ok
13:55:12.0890 1364 AliIde - ok
13:55:12.0906 1364 amsint - ok
13:55:13.0000 1364 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:55:13.0015 1364 Apple Mobile Device - ok
13:55:13.0031 1364 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
13:55:13.0125 1364 AppMgmt - ok
13:55:13.0171 1364 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:55:13.0296 1364 Arp1394 - ok
13:55:13.0343 1364 ASAPIW2K (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\Drivers\ASAPIW2K.sys
13:55:13.0343 1364 ASAPIW2K ( UnsignedFile.Multi.Generic ) - warning
13:55:13.0343 1364 ASAPIW2K - detected UnsignedFile.Multi.Generic (1)
13:55:13.0359 1364 asc - ok
13:55:13.0359 1364 asc3350p - ok
13:55:13.0375 1364 asc3550 - ok
13:55:13.0468 1364 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:55:13.0484 1364 aspnet_state - ok
13:55:13.0515 1364 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:55:13.0656 1364 AsyncMac - ok
13:55:13.0765 1364 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:55:13.0890 1364 atapi - ok
13:55:13.0906 1364 Atdisk - ok
13:55:13.0937 1364 Ati HotKey Poller (1bd87fec00508dcfc23af4727ba14333) C:\WINDOWS\system32\Ati2evxx.exe
13:55:14.0031 1364 Ati HotKey Poller - ok
13:55:14.0203 1364 ati2mtag (caadf7aa3abc6afcb3d02b129de9863a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:55:14.0375 1364 ati2mtag - ok
13:55:14.0437 1364 AtiHdmiService (7e13f3f0f4c4c337a6949a18d1d23089) C:\WINDOWS\system32\drivers\AtiHdmi.sys
13:55:14.0515 1364 AtiHdmiService - ok
13:55:14.0546 1364 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:55:14.0703 1364 Atmarpc - ok
13:55:14.0734 1364 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:55:14.0875 1364 AudioSrv - ok
13:55:14.0906 1364 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:55:15.0046 1364 audstub - ok
13:55:15.0062 1364 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:55:15.0203 1364 Beep - ok
13:55:15.0265 1364 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:55:15.0421 1364 BITS - ok
13:55:15.0531 1364 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:55:15.0562 1364 Bonjour Service - ok
13:55:15.0593 1364 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:55:15.0750 1364 Browser - ok
13:55:15.0796 1364 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
13:55:15.0828 1364 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
13:55:15.0828 1364 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
13:55:15.0937 1364 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:55:16.0078 1364 cbidf2k - ok
13:55:16.0093 1364 cd20xrnt - ok
13:55:16.0109 1364 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:55:16.0265 1364 Cdaudio - ok
13:55:16.0296 1364 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:55:16.0453 1364 Cdfs - ok
13:55:16.0500 1364 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:55:16.0640 1364 Cdrom - ok
13:55:16.0687 1364 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
13:55:16.0843 1364 Changer - ok
13:55:16.0859 1364 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:55:17.0015 1364 CiSvc - ok
13:55:17.0031 1364 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:55:17.0171 1364 ClipSrv - ok
13:55:17.0281 1364 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:55:17.0296 1364 clr_optimization_v2.0.50727_32 - ok
13:55:17.0359 1364 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:55:17.0375 1364 clr_optimization_v4.0.30319_32 - ok
13:55:17.0390 1364 CmdIde - ok
13:55:17.0390 1364 COMSysApp - ok
13:55:17.0406 1364 Cpqarray - ok
13:55:17.0453 1364 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:55:17.0593 1364 CryptSvc - ok
13:55:17.0609 1364 dac2w2k - ok
13:55:17.0625 1364 dac960nt - ok
13:55:17.0671 1364 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:55:17.0718 1364 DcomLaunch - ok
13:55:17.0765 1364 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:55:17.0921 1364 Dhcp - ok
13:55:17.0953 1364 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:55:18.0093 1364 Disk - ok
13:55:18.0109 1364 dmadmin - ok
13:55:18.0156 1364 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:55:18.0312 1364 dmboot - ok
13:55:18.0406 1364 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:55:18.0562 1364 dmio - ok
13:55:18.0562 1364 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:55:18.0687 1364 dmload - ok
13:55:18.0718 1364 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:55:18.0890 1364 dmserver - ok
13:55:18.0953 1364 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:55:19.0093 1364 DMusic - ok
13:55:19.0109 1364 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:55:19.0171 1364 Dnscache - ok
13:55:19.0203 1364 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:55:19.0343 1364 Dot3svc - ok
13:55:19.0343 1364 dpti2o - ok
13:55:19.0375 1364 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:55:19.0515 1364 drmkaud - ok
13:55:19.0546 1364 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
13:55:19.0609 1364 e1express - ok
13:55:19.0640 1364 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:55:19.0781 1364 EapHost - ok
13:55:19.0828 1364 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:55:19.0968 1364 ERSvc - ok
13:55:20.0015 1364 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:55:20.0046 1364 Eventlog - ok
13:55:20.0078 1364 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:55:20.0109 1364 EventSystem - ok
13:55:20.0203 1364 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:55:20.0328 1364 Fastfat - ok
13:55:20.0375 1364 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:55:20.0421 1364 FastUserSwitchingCompatibility - ok
13:55:20.0453 1364 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:55:20.0593 1364 Fdc - ok
13:55:20.0640 1364 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:55:20.0781 1364 Fips - ok
13:55:20.0796 1364 fixustor (b60a320d5c8dca4df6da537fc844474b) C:\WINDOWS\system32\drivers\fixustor.sys
13:55:20.0812 1364 fixustor ( UnsignedFile.Multi.Generic ) - warning
13:55:20.0812 1364 fixustor - detected UnsignedFile.Multi.Generic (1)
13:55:20.0843 1364 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:55:20.0968 1364 Flpydisk - ok
13:55:21.0015 1364 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:55:21.0156 1364 FltMgr - ok
13:55:21.0250 1364 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:55:21.0250 1364 FontCache3.0.0.0 - ok
13:55:21.0265 1364 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:55:21.0390 1364 Fs_Rec - ok
13:55:21.0421 1364 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:55:21.0562 1364 Ftdisk - ok
13:55:21.0593 1364 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:55:21.0609 1364 GEARAspiWDM - ok
13:55:21.0640 1364 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:55:21.0781 1364 Gpc - ok
13:55:21.0812 1364 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:55:21.0937 1364 HDAudBus - ok
13:55:22.0000 1364 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:55:22.0140 1364 helpsvc - ok
13:55:22.0234 1364 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:55:22.0375 1364 HidServ - ok
13:55:22.0406 1364 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:55:22.0531 1364 HidUsb - ok
13:55:22.0562 1364 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:55:22.0718 1364 hkmsvc - ok
13:55:22.0718 1364 hpn - ok
13:55:22.0765 1364 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:55:22.0796 1364 HTTP - ok
13:55:22.0859 1364 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:55:22.0968 1364 HTTPFilter - ok
13:55:23.0000 1364 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:55:23.0140 1364 i2omgmt - ok
13:55:23.0156 1364 i2omp - ok
13:55:23.0203 1364 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:55:23.0343 1364 i8042prt - ok
13:55:23.0359 1364 IAMTXP (9bc0487aa1c631e9362af2f624a85bf9) C:\WINDOWS\system32\DRIVERS\IAMTXP.sys
13:55:23.0390 1364 IAMTXP - ok
13:55:23.0515 1364 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:55:23.0546 1364 idsvc - ok
13:55:23.0546 1364 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:55:23.0687 1364 Imapi - ok
13:55:23.0718 1364 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:55:23.0859 1364 ImapiService - ok
13:55:23.0875 1364 ini910u - ok
13:55:23.0890 1364 IntelIde - ok
13:55:23.0921 1364 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:55:24.0046 1364 intelppm - ok
13:55:24.0156 1364 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
13:55:24.0156 1364 IntuitUpdateService - ok
13:55:24.0218 1364 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
13:55:24.0218 1364 IntuitUpdateServiceV4 - ok
13:55:24.0296 1364 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:55:24.0437 1364 Ip6Fw - ok
13:55:24.0484 1364 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:55:24.0609 1364 IpFilterDriver - ok
13:55:24.0640 1364 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:55:24.0781 1364 IpInIp - ok
13:55:24.0812 1364 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:55:24.0953 1364 IpNat - ok
13:55:25.0015 1364 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
13:55:25.0031 1364 iPod Service - ok
13:55:25.0078 1364 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:55:25.0234 1364 IPSec - ok
13:55:25.0250 1364 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:55:25.0328 1364 IRENUM - ok
13:55:25.0359 1364 is3srv (447e6a7c3e7e1cd550a8af889a8209e9) C:\WINDOWS\system32\drivers\is3srv.sys
13:55:25.0375 1364 is3srv - ok
13:55:25.0406 1364 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:55:25.0546 1364 isapnp - ok
13:55:25.0640 1364 JavaQuickStarterService (39133291cb607bdd87cfc565a4a1e7a5) C:\Program Files\Java\jre6\bin\jqs.exe
13:55:25.0640 1364 JavaQuickStarterService - ok
13:55:25.0687 1364 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:55:25.0828 1364 Kbdclass - ok
13:55:25.0843 1364 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:55:25.0968 1364 kbdhid - ok
13:55:26.0015 1364 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:55:26.0156 1364 kmixer - ok
13:55:26.0171 1364 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:55:26.0218 1364 KSecDD - ok
13:55:26.0312 1364 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:55:26.0359 1364 lanmanserver - ok
13:55:26.0406 1364 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:55:26.0437 1364 lanmanworkstation - ok
13:55:26.0500 1364 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
13:55:26.0625 1364 lbrtfdc - ok
13:55:26.0671 1364 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:55:26.0812 1364 LmHosts - ok
13:55:26.0875 1364 ltmodem5 (006df4dac09517adcc3fb329f50ff156) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
13:55:26.0953 1364 ltmodem5 - ok
13:55:27.0000 1364 MarvinBus (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
13:55:27.0015 1364 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
13:55:27.0015 1364 MarvinBus - detected UnsignedFile.Multi.Generic (1)
13:55:27.0031 1364 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
13:55:27.0031 1364 mbamchameleon ( UnsignedFile.Multi.Generic ) - warning
13:55:27.0031 1364 mbamchameleon - detected UnsignedFile.Multi.Generic (1)
13:55:27.0078 1364 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
13:55:27.0093 1364 MBAMProtector - ok
13:55:27.0171 1364 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:55:27.0203 1364 MBAMService - ok
13:55:27.0250 1364 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:55:27.0390 1364 Messenger - ok
13:55:27.0421 1364 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:55:27.0562 1364 mnmdd - ok
13:55:27.0578 1364 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:55:27.0718 1364 mnmsrvc - ok
13:55:27.0765 1364 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:55:27.0906 1364 Modem - ok
13:55:27.0968 1364 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:55:28.0125 1364 Mouclass - ok
13:55:28.0187 1364 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:55:28.0328 1364 mouhid - ok
13:55:28.0328 1364 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:55:28.0468 1364 MountMgr - ok
13:55:28.0484 1364 mraid35x - ok
13:55:28.0500 1364 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:55:28.0640 1364 MRxDAV - ok
13:55:28.0718 1364 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:55:28.0781 1364 MRxSmb - ok
13:55:28.0828 1364 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:55:28.0968 1364 MSDTC - ok
13:55:29.0015 1364 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:55:29.0156 1364 Msfs - ok
13:55:29.0156 1364 MSIServer - ok
13:55:29.0203 1364 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:55:29.0328 1364 MSKSSRV - ok
13:55:29.0359 1364 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:55:29.0484 1364 MSPCLOCK - ok
13:55:29.0515 1364 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:55:29.0656 1364 MSPQM - ok
13:55:29.0687 1364 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:55:29.0812 1364 mssmbios - ok
13:55:29.0843 1364 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:55:29.0859 1364 Mup - ok
13:55:29.0906 1364 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:55:30.0046 1364 napagent - ok
13:55:30.0062 1364 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:55:30.0187 1364 NDIS - ok
13:55:30.0218 1364 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:55:30.0250 1364 NdisTapi - ok
13:55:30.0281 1364 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:55:30.0421 1364 Ndisuio - ok
13:55:30.0484 1364 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:55:30.0640 1364 NdisWan - ok
13:55:30.0687 1364 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:55:30.0734 1364 NDProxy - ok
13:55:30.0750 1364 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:55:30.0875 1364 NetBIOS - ok
13:55:30.0906 1364 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:55:31.0046 1364 NetBT - ok
13:55:31.0093 1364 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:55:31.0234 1364 NetDDE - ok
13:55:31.0234 1364 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:55:31.0359 1364 NetDDEdsdm - ok
13:55:31.0390 1364 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:55:31.0531 1364 Netlogon - ok
13:55:31.0593 1364 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:55:31.0734 1364 Netman - ok
13:55:31.0828 1364 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:55:31.0843 1364 NetTcpPortSharing - ok
13:55:31.0875 1364 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:55:32.0000 1364 NIC1394 - ok
13:55:32.0031 1364 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:55:32.0078 1364 Nla - ok
13:55:32.0109 1364 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:55:32.0250 1364 Npfs - ok
13:55:32.0281 1364 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:55:32.0468 1364 Ntfs - ok
13:55:32.0484 1364 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:55:32.0609 1364 NtLmSsp - ok
13:55:32.0656 1364 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:55:32.0812 1364 NtmsSvc - ok
13:55:32.0875 1364 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:55:33.0000 1364 Null - ok
13:55:33.0125 1364 nv (c7993894984c271e49381cc649cdf8bd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:55:33.0312 1364 nv - ok
13:55:33.0359 1364 NVSvc (e4276284b9c54c4ece7e4e2b810a9dee) C:\WINDOWS\system32\nvsvc32.exe
13:55:33.0375 1364 NVSvc - ok
13:55:33.0390 1364 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:55:33.0515 1364 NwlnkFlt - ok
13:55:33.0546 1364 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:55:33.0671 1364 NwlnkFwd - ok
13:55:33.0703 1364 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:55:33.0843 1364 ohci1394 - ok
13:55:33.0859 1364 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:55:34.0000 1364 Parport - ok
13:55:34.0000 1364 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:55:34.0125 1364 PartMgr - ok
13:55:34.0156 1364 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:55:34.0281 1364 ParVdm - ok
13:55:34.0312 1364 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:55:34.0437 1364 PCI - ok
13:55:34.0468 1364 PCIDump - ok
13:55:34.0500 1364 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:55:34.0625 1364 PCIIde - ok
13:55:34.0656 1364 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
13:55:34.0656 1364 PCLEPCI ( UnsignedFile.Multi.Generic ) - warning
13:55:34.0656 1364 PCLEPCI - detected UnsignedFile.Multi.Generic (1)
13:55:34.0687 1364 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:55:34.0812 1364 Pcmcia - ok
13:55:34.0859 1364 Pctspk (0275215d01c3985e682a661b8826f371) C:\WINDOWS\system32\pctspk.exe
13:55:35.0000 1364 Pctspk - ok
13:55:35.0000 1364 PDCOMP - ok
13:55:35.0015 1364 PDFRAME - ok
13:55:35.0031 1364 PDRELI - ok
13:55:35.0031 1364 PDRFRAME - ok
13:55:35.0046 1364 perc2 - ok
13:55:35.0046 1364 perc2hib - ok
13:55:35.0093 1364 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:55:35.0109 1364 PlugPlay - ok
13:55:35.0125 1364 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:55:35.0250 1364 PolicyAgent - ok
13:55:35.0281 1364 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:55:35.0421 1364 PptpMiniport - ok
13:55:35.0437 1364 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:55:35.0562 1364 ProtectedStorage - ok
13:55:35.0578 1364 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:55:35.0703 1364 PSched - ok
13:55:35.0718 1364 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:55:35.0859 1364 Ptilink - ok
13:55:35.0953 1364 Ptserlp (ace8fe0e920cb8fba057c024ead33f84) C:\WINDOWS\system32\DRIVERS\ptserlp.sys
13:55:36.0093 1364 Ptserlp - ok
13:55:36.0109 1364 ql1080 - ok
13:55:36.0125 1364 Ql10wnt - ok
13:55:36.0140 1364 ql12160 - ok
13:55:36.0140 1364 ql1240 - ok
13:55:36.0171 1364 ql1280 - ok
13:55:36.0203 1364 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:55:36.0328 1364 RasAcd - ok
13:55:36.0375 1364 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:55:36.0500 1364 RasAuto - ok
13:55:36.0515 1364 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:55:36.0671 1364 Rasl2tp - ok
13:55:36.0734 1364 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:55:36.0859 1364 RasMan - ok
13:55:36.0890 1364 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:55:37.0015 1364 RasPppoe - ok
13:55:37.0031 1364 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:55:37.0156 1364 Raspti - ok
13:55:37.0203 1364 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:55:37.0328 1364 Rdbss - ok
13:55:37.0343 1364 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:55:37.0453 1364 RDPCDD - ok
13:55:37.0484 1364 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:55:37.0609 1364 rdpdr - ok
13:55:37.0671 1364 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:55:37.0703 1364 RDPWD - ok
13:55:37.0734 1364 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:55:37.0875 1364 RDSessMgr - ok
13:55:37.0906 1364 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:55:38.0046 1364 redbook - ok
13:55:38.0062 1364 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:55:38.0218 1364 RemoteAccess - ok
13:55:38.0250 1364 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
13:55:38.0375 1364 RemoteRegistry - ok
13:55:38.0390 1364 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:55:38.0531 1364 RpcLocator - ok
13:55:38.0578 1364 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
13:55:38.0625 1364 RpcSs - ok
13:55:38.0671 1364 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:55:38.0796 1364 RSVP - ok
13:55:38.0875 1364 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:55:39.0000 1364 SamSs - ok
13:55:39.0031 1364 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
13:55:39.0171 1364 sbp2port - ok
13:55:39.0203 1364 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:55:39.0359 1364 SCardSvr - ok
13:55:39.0421 1364 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:55:39.0562 1364 Schedule - ok
13:55:39.0578 1364 Secdrv - ok
13:55:39.0593 1364 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:55:39.0718 1364 seclogon - ok
13:55:39.0750 1364 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:55:39.0890 1364 SENS - ok
13:55:39.0921 1364 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:55:40.0078 1364 serenum - ok
13:55:40.0109 1364 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:55:40.0265 1364 Serial - ok
13:55:40.0312 1364 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:55:40.0437 1364 Sfloppy - ok
13:55:40.0468 1364 sfng32 (cecdd7cb5db385775790d30fa10f0507) C:\WINDOWS\system32\drivers\sfng32.sys
13:55:40.0500 1364 sfng32 - ok
13:55:40.0531 1364 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:55:40.0671 1364 SharedAccess - ok
13:55:40.0703 1364 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:55:40.0718 1364 ShellHWDetection - ok
13:55:40.0734 1364 Simbad - ok
13:55:40.0750 1364 slabbus (444186c720885429a2354095c1938143) C:\WINDOWS\system32\DRIVERS\slabbus.sys
13:55:40.0781 1364 slabbus - ok
13:55:40.0812 1364 slabser (ed71f8c82ef11c0da1c57be021a2fdc9) C:\WINDOWS\system32\DRIVERS\slabser.sys
13:55:40.0859 1364 slabser - ok
13:55:40.0890 1364 Sparrow - ok
13:55:40.0921 1364 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:55:41.0078 1364 splitter - ok
13:55:41.0140 1364 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:55:41.0171 1364 Spooler - ok
13:55:41.0265 1364 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:55:41.0343 1364 sr - ok
13:55:41.0390 1364 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:55:41.0468 1364 srservice - ok
13:55:41.0500 1364 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:55:41.0562 1364 Srv - ok
13:55:41.0593 1364 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:55:41.0687 1364 SSDPSRV - ok
13:55:41.0765 1364 STHDA (e459a674c2fccfbc69bfd86800791a5d) C:\WINDOWS\system32\drivers\sthda.sys
13:55:41.0828 1364 STHDA - ok
13:55:41.0859 1364 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:55:42.0015 1364 stisvc - ok
13:55:42.0046 1364 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:55:42.0203 1364 swenum - ok
13:55:42.0250 1364 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:55:42.0390 1364 swmidi - ok
13:55:42.0421 1364 SwPrv - ok
13:55:42.0437 1364 symc810 - ok
13:55:42.0453 1364 symc8xx - ok
13:55:42.0453 1364 sym_hi - ok
13:55:42.0468 1364 sym_u3 - ok
13:55:42.0484 1364 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:55:42.0609 1364 sysaudio - ok
13:55:42.0625 1364 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:55:42.0781 1364 SysmonLog - ok
13:55:42.0828 1364 szkg5 (447e6a7c3e7e1cd550a8af889a8209e9) C:\WINDOWS\system32\DRIVERS\szkg.sys
13:55:42.0843 1364 szkg5 - ok
13:55:42.0906 1364 szkgfs (2b8581dc75d6d043e273eb0244632bcb) C:\WINDOWS\system32\drivers\szkgfs.sys
13:55:42.0906 1364 szkgfs - ok
13:55:42.0984 1364 szserver (8fc7106e7fc5800c66eac6602a8cd4cd) c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
13:55:42.0984 1364 szserver - ok
13:55:43.0031 1364 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:55:43.0171 1364 TapiSrv - ok
13:55:43.0218 1364 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:55:43.0234 1364 Tcpip - ok
13:55:43.0296 1364 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:55:43.0421 1364 TDPIPE - ok
13:55:43.0437 1364 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:55:43.0593 1364 TDTCP - ok
13:55:43.0625 1364 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:55:43.0765 1364 TermDD - ok
13:55:43.0796 1364 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:55:43.0953 1364 TermService - ok
13:55:43.0984 1364 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:55:44.0000 1364 Themes - ok
13:55:44.0046 1364 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
13:55:44.0125 1364 TlntSvr - ok
13:55:44.0156 1364 TosIde - ok
13:55:44.0234 1364 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:55:44.0375 1364 TrkWks - ok
13:55:44.0421 1364 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:55:44.0578 1364 Udfs - ok
13:55:44.0609 1364 ultra - ok
13:55:44.0656 1364 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:55:44.0828 1364 Update - ok
13:55:44.0875 1364 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:55:44.0937 1364 upnphost - ok
13:55:44.0968 1364 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:55:45.0109 1364 UPS - ok
13:55:45.0140 1364 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:55:45.0171 1364 USBAAPL - ok
13:55:45.0187 1364 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:55:45.0328 1364 usbccgp - ok
13:55:45.0359 1364 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:55:45.0500 1364 usbehci - ok
13:55:45.0531 1364 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:55:45.0687 1364 usbhub - ok
13:55:45.0734 1364 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:55:45.0875 1364 usbprint - ok
13:55:45.0921 1364 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:55:46.0062 1364 usbscan - ok
13:55:46.0109 1364 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:55:46.0250 1364 USBSTOR - ok
13:55:46.0281 1364 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:55:46.0421 1364 usbuhci - ok
13:55:46.0453 1364 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:55:46.0593 1364 VgaSave - ok
13:55:46.0625 1364 ViaIde - ok
13:55:46.0671 1364 Vmodem (b289d19df6103352d3c4b13c0ed79331) C:\WINDOWS\system32\DRIVERS\vmodem.sys
13:55:46.0843 1364 Vmodem - ok
13:55:46.0875 1364 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:55:47.0015 1364 VolSnap - ok
13:55:47.0046 1364 Vpctcom (4a4448332075c5a909df123c21616b2a) C:\WINDOWS\system32\DRIVERS\vpctcom.sys
13:55:47.0203 1364 Vpctcom - ok
13:55:47.0265 1364 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:55:47.0359 1364 VSS - ok
13:55:47.0375 1364 Vvoice (120e61aac05f00c867a32de493dab9b4) C:\WINDOWS\system32\DRIVERS\vvoice.sys
13:55:47.0500 1364 Vvoice - ok
13:55:47.0546 1364 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:55:47.0687 1364 W32Time - ok
13:55:47.0718 1364 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:55:47.0875 1364 Wanarp - ok
13:55:47.0890 1364 WDICA - ok
13:55:47.0937 1364 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:55:48.0093 1364 wdmaud - ok
13:55:48.0125 1364 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:55:48.0265 1364 WebClient - ok
13:55:48.0312 1364 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:55:48.0437 1364 winmgmt - ok
13:55:48.0515 1364 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
13:55:48.0625 1364 WinRM - ok
13:55:48.0718 1364 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
13:55:48.0750 1364 WmdmPmSN - ok
13:55:48.0796 1364 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
13:55:48.0828 1364 Wmi - ok
13:55:48.0890 1364 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:55:49.0046 1364 WmiApSrv - ok
13:55:49.0156 1364 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:55:49.0218 1364 WMPNetworkSvc - ok
13:55:49.0281 1364 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:55:49.0312 1364 WpdUsb - ok
13:55:49.0437 1364 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:55:49.0484 1364 WPFFontCache_v0400 - ok
13:55:49.0515 1364 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:55:49.0640 1364 WS2IFSL - ok
13:55:49.0687 1364 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:55:49.0812 1364 wscsvc - ok
13:55:49.0828 1364 WSearch - ok
13:55:49.0859 1364 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:55:50.0031 1364 wuauserv - ok
13:55:50.0125 1364 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:55:50.0156 1364 WudfPf - ok
13:55:50.0187 1364 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:55:50.0218 1364 WudfRd - ok
13:55:50.0296 1364 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:55:50.0328 1364 WudfSvc - ok
13:55:50.0359 1364 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:55:50.0500 1364 WZCSVC - ok
13:55:50.0531 1364 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:55:50.0656 1364 xmlprov - ok
13:55:50.0703 1364 ZD1211BU(Atheros) (b8f451c48e8c5580c3b4521a17a52149) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
13:55:50.0812 1364 ZD1211BU(Atheros) - ok
13:55:50.0859 1364 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
13:55:50.0875 1364 ZDPSp50 ( UnsignedFile.Multi.Generic ) - warning
13:55:50.0875 1364 ZDPSp50 - detected UnsignedFile.Multi.Generic (1)
13:55:50.0890 1364 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:55:51.0078 1364 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:55:51.0078 1364 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:55:51.0078 1364 Boot (0x1200) (1109ced4652aca1316752438036752da) \Device\Harddisk0\DR0\Partition0
13:55:51.0078 1364 \Device\Harddisk0\DR0\Partition0 - ok
13:55:51.0078 1364 ============================================================
13:55:51.0078 1364 Scan finished
13:55:51.0078 1364 ============================================================
13:55:51.0187 0204 Detected object count: 8
13:55:51.0187 0204 Actual detected object count: 8
13:55:56.0390 0204 ASAPIW2K ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:56.0390 0204 ASAPIW2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:56.0390 0204 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:56.0390 0204 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:56.0390 0204 fixustor ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:56.0390 0204 fixustor ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:56.0390 0204 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:56.0390 0204 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:56.0406 0204 mbamchameleon ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:56.0406 0204 mbamchameleon ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:56.0406 0204 PCLEPCI ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:56.0406 0204 PCLEPCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:56.0406 0204 ZDPSp50 ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:56.0406 0204 ZDPSp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:56.0406 0204 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:55:56.0406 0204 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:35 AM

Posted 01 April 2012 - 05:12 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 hogie0101

hogie0101
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 01 April 2012 - 10:12 PM

Gringo,

the redirect i'm getting is to happili and a few others, hope that helps.

thanks
here is the OTL below


OTL logfile created on: 4/1/2012 8:04:15 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\WinXP\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.68% Memory free
6.73 Gb Paging File | 5.83 Gb Available in Paging File | 86.61% Paging File free
Paging file location(s): C:\pagefile.sys 5000 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 114.74 Gb Free Space | 76.99% Space Free | Partition Type: NTFS

Computer Name: MPC | User Name: WinXP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\WinXP\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - c:\Program Files\STOPzilla!\STOPzilla.exe (iS3, Inc.)
PRC - c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\umonit.exe (General)
PRC - C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d7fbfc6836ce7e53486ddb79b598ca8d\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\01e360ed3a3cb2b0a3c47c7f3eb09e58\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (szserver) -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (Pctspk) -- C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.)


========== Driver Services (SafeList) ==========

DRV - (Winsock - Google Desktop Search Backup Before Last Install) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) -- File not found
DRV - (WDICA) -- File not found
DRV - (Secdrv) -- system32\DRIVERS\secdrv.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys ()
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (szkg5) -- C:\WINDOWS\system32\drivers\SZKG.sys (iS3 Inc.)
DRV - (is3srv) -- C:\WINDOWS\system32\drivers\is3srv.sys (iS3 Inc.)
DRV - (szkgfs) -- C:\WINDOWS\system32\drivers\SZKGFS.sys (iS3, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (Changer) -- C:\WINDOWS\System32\drivers\Changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (ZD1211BU(Atheros)) Atheros ZD1211B IEEE 802.11 Wireless LAN Driver (USB)(Atheros) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)
DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (IAMTXP) Driver for Intel® -- C:\WINDOWS\system32\drivers\IAMTXP.sys (Intel Corporation)
DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)
DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (slabser) -- C:\WINDOWS\system32\drivers\slabser.sys (MCCI)
DRV - (slabbus) CP210x USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\slabbus.sys (MCCI)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (fixustor) -- C:\WINDOWS\system32\drivers\fixustor.sys (Genesys Logic)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (Vpctcom) -- C:\WINDOWS\system32\drivers\vpctcom.sys (PCtel, Inc.)
DRV - (Vvoice) -- C:\WINDOWS\system32\drivers\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- C:\WINDOWS\system32\drivers\vmodem.sys (PCTEL, INC.)
DRV - (Ptserlp) -- C:\WINDOWS\system32\drivers\ptserlp.sys (PCTEL, INC.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1399513951-2088295395-3643288949-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1399513951-2088295395-3643288949-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1399513951-2088295395-3643288949-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1399513951-2088295395-3643288949-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1399513951-2088295395-3643288949-1005\..\SearchScopes,DefaultScope = {7F82C203-1290-42A1-8869-F02F0D5AFB03}
IE - HKU\S-1-5-21-1399513951-2088295395-3643288949-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1399513951-2088295395-3643288949-1005\..\SearchScopes\{2E8C34E1-EE53-455F-9516-E5FCFD9F2151}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1399513951-2088295395-3643288949-1005\..\SearchScopes\{749D3884-F852-4580-8C20-5B9DEB911594}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1399513951-2088295395-3643288949-1005\..\SearchScopes\{7F82C203-1290-42A1-8869-F02F0D5AFB03}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1399513951-2088295395-3643288949-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1399513951-2088295395-3643288949-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1399513951-2088295395-3643288949-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "STOPzilla"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..keyword.enabled: false
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\WinXP\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 23:06:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/11 22:54:07 | 000,000,000 | ---D | M]

[2009/03/11 22:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WinXP\Application Data\Mozilla\Extensions
[2012/03/15 20:42:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WinXP\Application Data\Mozilla\Firefox\Profiles\ex2ixncs.default\extensions
[2012/02/03 21:25:37 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\WinXP\Application Data\Mozilla\Firefox\Profiles\ex2ixncs.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/05/23 15:21:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\WinXP\Application Data\Mozilla\Firefox\Profiles\ex2ixncs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/01 23:03:01 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\WinXP\Application Data\Mozilla\Firefox\Profiles\ex2ixncs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/12/04 09:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WinXP\Application Data\Mozilla\Firefox\Profiles\ex2ixncs.default\extensions\nostmp
[2009/05/26 23:39:52 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\WinXP\Application Data\Mozilla\Firefox\Profiles\ex2ixncs.default\searchplugins\cc-wiki-en.xml
[2008/07/17 23:04:42 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\WinXP\Application Data\Mozilla\Firefox\Profiles\ex2ixncs.default\searchplugins\search.xml
[2011/12/07 07:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WINXP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EX2IXNCS.DEFAULT\EXTENSIONS\YJUQREFKBN@YJUQREFKBN.ORG.XPI
[2012/03/17 23:06:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/03/05 18:08:04 | 000,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2009/09/14 21:43:23 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2012/01/09 08:04:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/09 08:04:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/30 17:15:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-1399513951-2088295395-3643288949-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\\PSDrvCheck.exe ()
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe (General)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Malwarebytes' Anti-Malware.lnk = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1399513951-2088295395-3643288949-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1399513951-2088295395-3643288949-1005\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1399513951-2088295395-3643288949-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1399513951-2088295395-3643288949-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1399513951-2088295395-3643288949-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1399513951-2088295395-3643288949-500\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1399513951-2088295395-3643288949-500\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1399513951-2088295395-3643288949-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1399513951-2088295395-3643288949-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.5.1.cab (DownloadManager Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144387498046 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} http://ds1.downloadtech.net/cn1060/pcpowerscan.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00C1A3F6-021A-45FC-92F4-0C787A44BC61}: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E07227F-16E6-485F-B96F-11A9A19531F2}: DhcpNameServer = 192.168.1.1 68.116.46.115 24.205.224.36
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\WinXP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\WinXP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/22 12:37:20 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1399513951-2088295395-3643288949-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2012/04/01 20:02:03 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WinXP\Desktop\OTL.exe
[2012/04/01 13:49:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\WinXP\Recent
[2012/04/01 13:37:30 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\WinXP\Desktop\FixTDSS.exe
[2012/03/31 18:27:20 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\WinXP\Desktop\aswMBR.exe
[2012/03/30 19:39:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/30 17:06:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/30 17:05:34 | 004,450,054 | R--- | C] (Swearware) -- C:\Documents and Settings\WinXP\Desktop\ComboFix.exe
[2012/03/28 22:40:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\WinXP\Desktop\dds.scr
[2012/03/27 19:26:35 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spoolsv.exe
[2012/03/21 21:14:25 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\WinXP\Desktop\MicrosoftFixit.Printing.Run.exe
[2012/03/21 20:37:18 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\WinXP\Desktop\tdsskiller.exe
[2012/03/21 20:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Desktop\GooredFix Backups
[2012/03/21 20:35:12 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\WinXP\Desktop\GooredFix.exe
[2012/03/15 20:52:26 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/03/09 18:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Application Data\ElevatedDiagnostics
[2012/03/09 18:35:47 | 000,000,000 | ---D | C] -- C:\found.000
[2012/03/08 16:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/03/08 16:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2012/03/08 16:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/03/01 21:43:03 | 000,000,000 | ---D | C] -- C:\WAR2
[2012/02/24 19:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/02/22 21:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinXP\Application Data\Help
[2012/02/07 21:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2012/02/07 21:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2011
[2012/01/24 18:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/01/24 18:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\WinXP\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\WinXP\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2012/04/01 20:02:04 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WinXP\Desktop\OTL.exe
[2012/04/01 19:57:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/01 13:48:57 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/04/01 13:43:39 | 000,502,990 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/01 13:43:39 | 000,087,074 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/01 13:43:03 | 000,000,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/04/01 13:40:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/01 13:38:53 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2012/04/01 13:38:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/01 13:37:30 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\WinXP\Desktop\FixTDSS.exe
[2012/03/31 20:55:16 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\MBR.dat
[2012/03/31 18:27:20 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\WinXP\Desktop\aswMBR.exe
[2012/03/30 19:38:25 | 000,739,157 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\vacuum.jpg
[2012/03/30 17:53:25 | 000,091,918 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\makes-me-smile-12.jpg
[2012/03/30 17:15:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/30 17:05:41 | 004,450,054 | R--- | M] (Swearware) -- C:\Documents and Settings\WinXP\Desktop\ComboFix.exe
[2012/03/30 07:35:07 | 000,766,426 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\bedframe.jpg
[2012/03/30 07:34:16 | 001,407,340 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\trundle.jpg
[2012/03/30 07:33:46 | 000,529,403 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\dresser.jpg
[2012/03/30 07:12:13 | 000,026,992 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\542466_3292205858534_1069408422_33084674_1356330798_n.jpg
[2012/03/30 06:49:42 | 000,156,718 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\funny-desktop-wallpapers-thechive-19.jpg
[2012/03/28 22:45:23 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\fuvbr66k.exe
[2012/03/28 22:38:48 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\WinXP\Desktop\dds.scr
[2012/03/27 18:41:09 | 000,018,216 | ---- | M] () -- C:\Documents and Settings\WinXP\Application Data\wklnhst.dat
[2012/03/27 18:31:06 | 099,180,044 | ---- | M] () -- C:\Documents and Settings\WinXP\My Documents\back up reg.reg
[2012/03/27 11:43:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/26 13:41:00 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\WinXP\Desktop\tdsskiller.exe
[2012/03/23 20:34:09 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2012/03/22 06:53:45 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\WinXP\My Documents\Printers and Faxes.lnk
[2012/03/22 00:23:26 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/21 21:56:09 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\WinXP\My Documents\hosts
[2012/03/21 21:14:18 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\WinXP\Desktop\MicrosoftFixit.Printing.Run.exe
[2012/03/21 20:35:06 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\WinXP\Desktop\GooredFix.exe
[2012/03/21 20:30:46 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/03/15 20:52:26 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/03/14 18:15:20 | 000,380,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/11 09:41:34 | 000,933,359 | ---- | M] () -- C:\Documents and Settings\WinXP\Desktop\3_10_charter.pdf
[2012/03/08 16:43:58 | 000,002,294 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2012/03/08 16:24:53 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2012/03/06 19:10:41 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/23 07:56:25 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012/02/07 21:32:38 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/03 18:41:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/03 02:22:18 | 001,860,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/02/03 02:22:18 | 001,860,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2012/01/31 22:20:57 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\WinXP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/24 18:38:51 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/01/13 07:32:27 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\WinXP\Application Data\aafdfc4
[2012/01/13 07:32:27 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\7f7db9f4
[2012/01/13 07:32:15 | 000,000,526 | ---- | M] () -- C:\Documents and Settings\WinXP\Local Settings\Application Data\185292a3
[2012/01/11 12:06:47 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/11 12:06:47 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/01/09 09:20:25 | 000,139,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\WinXP\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\WinXP\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/01 13:42:58 | 000,000,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/03/31 20:55:16 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\MBR.dat
[2012/03/30 17:53:24 | 000,091,918 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\makes-me-smile-12.jpg
[2012/03/30 17:06:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/30 17:06:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/30 17:06:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/30 17:06:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/30 07:35:07 | 000,766,426 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\bedframe.jpg
[2012/03/30 07:34:16 | 001,407,340 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\trundle.jpg
[2012/03/30 07:33:56 | 000,739,157 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\vacuum.jpg
[2012/03/30 07:33:46 | 000,529,403 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\dresser.jpg
[2012/03/30 07:12:12 | 000,026,992 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\542466_3292205858534_1069408422_33084674_1356330798_n.jpg
[2012/03/30 06:49:42 | 000,156,718 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\funny-desktop-wallpapers-thechive-19.jpg
[2012/03/28 22:45:21 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\fuvbr66k.exe
[2012/03/27 18:30:51 | 099,180,044 | ---- | C] () -- C:\Documents and Settings\WinXP\My Documents\back up reg.reg
[2012/03/22 06:53:45 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\WinXP\My Documents\Printers and Faxes.lnk
[2012/03/21 21:52:47 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\WinXP\My Documents\hosts
[2012/03/21 20:29:27 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/03/11 09:41:33 | 000,933,359 | ---- | C] () -- C:\Documents and Settings\WinXP\Desktop\3_10_charter.pdf
[2012/03/09 18:49:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/09 18:49:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/03/08 16:24:53 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2012/02/24 19:31:35 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/02/10 20:56:31 | 000,424,930 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1399513951-2088295395-3643288949-1005-0.dat
[2012/02/10 20:56:31 | 000,358,090 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/07 21:26:51 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/03 18:41:06 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/24 18:38:51 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/01/13 07:32:02 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\WinXP\Application Data\aafdfc4
[2012/01/13 07:32:02 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\7f7db9f4
[2012/01/13 07:32:02 | 000,000,526 | ---- | C] () -- C:\Documents and Settings\WinXP\Local Settings\Application Data\185292a3
[2011/09/06 20:39:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2011/09/06 20:39:04 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011/09/06 20:39:04 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT
[2011/04/25 19:19:28 | 000,013,074 | -HS- | C] () -- C:\Documents and Settings\WinXP\Local Settings\Application Data\6fq6p8858ae86mofmhwa61ow7l2sl4
[2011/04/25 19:19:28 | 000,013,074 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6fq6p8858ae86mofmhwa61ow7l2sl4
[2011/03/17 00:46:53 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/03/10 07:40:21 | 004,119,184 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/07 21:45:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/24 20:43:07 | 000,000,055 | ---- | C] () -- C:\WINDOWS\AutoCAD 2000 EReg.ini
[2010/10/20 06:51:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2010/10/20 06:41:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2010/09/20 14:26:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/09/20 14:26:06 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/09/20 14:26:06 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/09/20 14:26:06 | 000,203,336 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/09/20 14:26:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/09/20 14:26:06 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/08/14 12:26:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/06 20:48:33 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/05 22:09:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:35 AM

Posted 01 April 2012 - 10:23 PM

In what browsers do these redirects happen in



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:35 AM

Posted 05 April 2012 - 01:15 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:35 AM

Posted 07 April 2012 - 11:28 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:35 AM

Posted 11 April 2012 - 05:14 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users