Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SAS reported & quarintined a null trojan,please view logs and let me know what's up.


  • This topic is locked This topic is locked
19 replies to this topic

#1 1450

1450

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 06 October 2012 - 09:19 PM

OTL logfile created on: 10/6/2012 9:43:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\gigihead\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 79.46 Mb Available Physical Memory | 17.76% Memory free
1.03 Gb Paging File | 0.42 Gb Available in Paging File | 41.17% Paging File free
Paging file location(s): C:\pagefile.sys 670 670 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 106.79 Gb Free Space | 71.65% Space Free | Partition Type: NTFS

Computer Name: BOB | User Name: gigihead | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/06 21:42:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gigihead\My Documents\Downloads\OTL.exe
PRC - [2012/10/04 15:20:59 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/10/02 13:57:20 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/21 05:12:23 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/18 14:38:26 | 000,232,104 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/02/11 17:27:58 | 000,200,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/06 14:18:30 | 001,815,040 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12100601\algo.dll
MOD - [2012/10/04 15:37:59 | 014,581,688 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_500_85.dll
MOD - [2012/10/02 13:57:22 | 002,294,752 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/02/11 17:27:58 | 000,200,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (SLService)
SRV - [2012/10/04 15:41:47 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 13:57:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/08/21 05:12:23 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys -- (Trufos)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys -- (Profos)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\DOCUME~1\DUDSI\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\DOCUME~1\DUDSI\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/09/07 17:04:46 | 000,020,552 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,202,928 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/08/21 05:13:14 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/08/21 05:13:13 | 000,113,776 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/13 06:47:41 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2011/11/30 21:35:00 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 02:30:58 | 000,022,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2011/09/02 02:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/10/22 11:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/10/22 11:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/10/20 14:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/04/13 23:53:48 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2008/04/13 23:53:48 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2008/04/13 23:53:46 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2008/04/13 23:53:42 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2008/04/13 23:53:42 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2008/04/13 23:53:40 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2005/09/29 09:34:58 | 000,056,960 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2005/09/29 09:34:50 | 000,045,824 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2004/08/03 22:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\recagent.sys -- (RecAgent)
DRV - [2004/05/25 15:58:04 | 000,396,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce)
DRV - [2004/05/25 15:58:02 | 000,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax)
DRV - [2003/05/02 19:52:00 | 000,033,920 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sunkfilt.sys -- (SunkFilt)
DRV - [2002/11/26 15:52:00 | 000,080,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [1999/04/23 22:22:00 | 000,087,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\modem.dsp -- (Modem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm002YYus&ptb=BF3A285F-7297-49A5-9085-145148CEA166&ind=2011051914&ptnrS=Y9xdm002YYus&si=&n=77de378a&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aol-chromesbox-en-us&tb_uuid=20100329194511906&tb_oid=03-02-2010&tb_mrud=29-03-2010
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E 72 64 01 E0 A1 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_500_85.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2009/11/16 12:53:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2009/11/16 12:54:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/19 15:53:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/03 02:34:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/04 15:51:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/04 15:51:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/10/04 15:51:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012/10/03 02:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\gigihead\Application Data\Mozilla\Extensions
[2012/10/04 15:33:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\gigihead\Application Data\Mozilla\Firefox\Profiles\u8ru071i.default\extensions
[2012/10/04 15:33:29 | 000,621,521 | ---- | M] () (No name found) -- C:\Documents and Settings\gigihead\Application Data\Mozilla\Firefox\Profiles\u8ru071i.default\extensions\testpilot@labs.mozilla.com.xpi
[2012/10/04 15:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/27 15:39:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2012/06/23 13:41:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2012/10/04 15:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/06/23 13:41:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution(2)\extensions(2)
[2012/10/02 13:57:41 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/02 13:57:02 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/10/02 13:57:02 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_500_80.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\gigihead\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\gigihead\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\gigihead\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\gigihead\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Gmail = C:\Documents and Settings\gigihead\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/11/27 16:04:05 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE File not found
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343413747078 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1AD9EBF-3836-48DC-860C-CC0C165A51DC}: DhcpNameServer = 192.168.1.1 71.243.0.12
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/23 06:26:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/06 21:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\Desktop\Documents and Settings
[2012/10/06 21:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
[2012/10/06 21:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/10/04 23:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\Application Data\SUPERAntiSpyware.com
[2012/10/04 23:37:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\Start Menu\Programs\SUPERAntiSpyware
[2012/10/04 23:37:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/10/04 23:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/10/04 16:17:45 | 000,113,776 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2012/10/04 16:17:00 | 000,202,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012/10/04 16:16:55 | 000,018,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/10/04 16:14:06 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2012/10/04 16:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2012/10/04 15:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/10/04 15:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/10/04 15:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\Local Settings\Application Data\Thunderbird
[2012/10/04 15:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\Application Data\Thunderbird
[2012/10/04 14:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
[2012/10/04 14:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/10/04 14:35:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gigihead\Recent
[2012/10/04 14:28:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/10/04 00:13:35 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/10/04 00:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2012/10/04 00:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/10/03 23:18:53 | 000,356,352 | ---- | C] (DjLizard.net) -- C:\Documents and Settings\gigihead\Desktop\Dial-a-fix.exe
[2012/10/03 23:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\Desktop\Dial-a-fix-v0.60.0.24
[2012/10/03 19:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\Local Settings\Application Data\Apple Computer
[2012/10/03 19:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\Application Data\Apple Computer
[2012/10/03 19:45:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\gigihead\IECompatCache
[2012/10/03 19:40:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\gigihead\PrivacIE
[2012/10/03 19:38:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\gigihead\IETldCache
[2012/10/03 18:53:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2012/10/03 18:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\Local Settings\Application Data\Adobe
[2012/10/03 02:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\Application Data\Adobe
[2012/10/03 02:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\Local Settings\Application Data\Google
[2012/10/03 02:34:56 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/10/03 02:34:55 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/10/03 02:34:53 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/10/03 02:34:52 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/10/03 02:34:50 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/10/03 02:34:49 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/10/03 02:34:49 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/10/03 02:34:47 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/10/03 02:33:31 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/10/03 02:33:28 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/10/03 02:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\My Documents\Downloads
[2012/10/03 02:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\Local Settings\Application Data\Mozilla
[2012/10/03 02:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\Application Data\Mozilla
[2012/10/03 02:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\Local Settings\Application Data\antiphishing-vmntbcleaner1_0dn
[2012/10/03 02:21:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gigihead\My Documents\My Pictures
[2012/10/03 02:21:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gigihead\My Documents\My Music
[2012/10/03 02:21:43 | 000,000,000 | --SD | C] -- C:\Documents and Settings\gigihead\Application Data\Microsoft
[2012/10/03 02:21:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gigihead\Start Menu\Programs\Startup
[2012/10/03 02:21:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gigihead\Start Menu
[2012/10/03 02:21:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gigihead\SendTo
[2012/10/03 02:21:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gigihead\My Documents
[2012/10/03 02:21:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gigihead\Favorites
[2012/10/03 02:21:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gigihead\Application Data
[2012/10/03 02:21:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\gigihead\Start Menu\Programs\Accessories
[2012/10/03 02:21:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\gigihead\Cookies
[2012/10/03 02:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\Templates
[2012/10/03 02:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\PrintHood
[2012/10/03 02:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\NetHood
[2012/10/03 02:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\Local Settings\Application Data\Microsoft
[2012/10/03 02:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\Application Data\Macromedia
[2012/10/03 02:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\Local Settings
[2012/10/03 02:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gigihead\Desktop
[2012/10/03 00:42:18 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/03 00:42:05 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/03 00:42:05 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/03 00:42:05 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/09/30 03:01:31 | 000,000,000 | ---D | C] -- C:\f1e38d9292b83f6bf629
[2012/09/30 00:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/30 00:32:04 | 000,020,552 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/29 15:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\IMinent Toolbar
[2012/09/29 15:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Iminent
[2012/09/29 15:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Iminent
[2012/09/29 15:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/09/29 15:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\Iminent
[2012/09/21 13:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/06 21:41:09 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/06 21:05:06 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2012/10/06 20:10:29 | 000,540,921 | ---- | M] () -- C:\Documents and Settings\gigihead\Desktop\Autoruns.zip
[2012/10/06 19:56:51 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/06 19:55:57 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/10/06 19:55:36 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/06 19:55:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/06 19:54:00 | 000,000,580 | ---- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/10/06 19:22:55 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FEEB9AEB-E214-44A6-A2C7-81348D59685C}.job
[2012/10/06 19:15:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/05 03:30:08 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2012/10/05 02:00:08 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 51deec95-5288-47c8-b504-fce22be2ff8f.job
[2012/10/05 00:28:59 | 000,003,739 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/05 00:26:16 | 000,739,892 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/05 00:26:16 | 000,163,564 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/04 23:38:42 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d2ec21c7-3c15-4b47-a0ff-250bcf5d5767.job
[2012/10/04 23:37:36 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\gigihead\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/04 16:16:53 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/10/04 16:06:55 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/10/04 15:50:50 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/10/04 15:42:13 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\gigihead\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/10/04 15:41:45 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/04 15:41:45 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/04 15:32:48 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\gigihead\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/04 15:32:48 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/10/04 14:50:30 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2012/10/04 14:36:47 | 000,010,530 | ---- | M] () -- C:\Documents and Settings\gigihead\My Documents\cc_20121004_143641.reg
[2012/10/04 00:13:24 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/10/03 23:17:58 | 000,335,992 | ---- | M] () -- C:\Documents and Settings\gigihead\Desktop\Dial-a-fix-v0.60.0.24.zip
[2012/10/03 21:08:54 | 000,042,344 | ---- | M] () -- C:\Documents and Settings\gigihead\My Documents\cc_20121003_210845.reg
[2012/10/03 02:22:29 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\gigihead\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/03 01:46:58 | 000,003,946 | ---- | M] () -- C:\FixitRegBackup.reg
[2012/10/03 00:41:53 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/03 00:41:48 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/03 00:41:48 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/03 00:41:48 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/03 00:41:48 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/10/03 00:41:47 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/10/03 00:41:47 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/09/30 00:32:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/29 23:39:24 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/09/29 16:13:46 | 000,231,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/07 17:04:46 | 000,020,552 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/06 21:05:05 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2012/10/06 20:08:37 | 000,540,921 | ---- | C] () -- C:\Documents and Settings\gigihead\Desktop\Autoruns.zip
[2012/10/05 00:24:47 | 000,003,739 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/10/04 23:38:42 | 000,000,516 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d2ec21c7-3c15-4b47-a0ff-250bcf5d5767.job
[2012/10/04 23:38:39 | 000,000,516 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 51deec95-5288-47c8-b504-fce22be2ff8f.job
[2012/10/04 23:37:36 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\gigihead\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/04 16:06:55 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/10/04 15:50:50 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/10/04 15:42:13 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\gigihead\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/10/04 15:32:48 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\gigihead\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/04 14:50:30 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2012/10/04 14:36:44 | 000,010,530 | ---- | C] () -- C:\Documents and Settings\gigihead\My Documents\cc_20121004_143641.reg
[2012/10/04 00:13:24 | 000,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/10/03 23:17:18 | 000,335,992 | ---- | C] () -- C:\Documents and Settings\gigihead\Desktop\Dial-a-fix-v0.60.0.24.zip
[2012/10/03 21:08:50 | 000,042,344 | ---- | C] () -- C:\Documents and Settings\gigihead\My Documents\cc_20121003_210845.reg
[2012/10/03 18:37:26 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/10/03 18:11:06 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\gigihead\Start Menu\Programs\Update Checker.lnk
[2012/10/03 02:34:50 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/03 02:23:50 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\gigihead\Start Menu\Programs\Outlook Express.lnk
[2012/10/03 02:22:29 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\gigihead\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/03 02:22:29 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\gigihead\Start Menu\Programs\Internet Explorer.lnk
[2012/10/03 02:22:23 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\gigihead\Start Menu\Programs\Windows Media Player.lnk
[2012/10/03 02:21:44 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\gigihead\Start Menu\Programs\Remote Assistance.lnk
[2012/10/03 01:46:57 | 000,003,946 | ---- | C] () -- C:\FixitRegBackup.reg
[2012/09/30 00:32:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/29 15:44:05 | 469,291,008 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/14 16:26:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/27 03:24:18 | 000,012,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/11/26 16:19:52 | 000,002,217 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2011/02/18 03:31:19 | 000,235,206 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/11/18 22:14:27 | 000,042,900 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2007/12/29 19:10:24 | 000,001,396 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== ZeroAccess Check ==========

[2007/10/14 21:38:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D158BAF9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93E9C78D

< End of report >

OTL Extras logfile created on: 10/6/2012 9:43:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\gigihead\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 79.46 Mb Available Physical Memory | 17.76% Memory free
1.03 Gb Paging File | 0.42 Gb Available in Paging File | 41.17% Paging File free
Paging file location(s): C:\pagefile.sys 670 670 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 106.79 Gb Free Space | 71.65% Space Free | Partition Type: NTFS

Computer Name: BOB | User Name: gigihead | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Disabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Disabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00180408-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 Runtime
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}" = The Sims Superstar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C8169AB-B6C1-413B-81B6-73B77127D82F}" = Microsoft File Transfer Manager
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DA399FC-350F-41AC-8CA6-B9F8496753BE}_is1" = Media Finder 1.0.9.24
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6264FF6-C49D-4533-AF42-4875C38BB24C}" = Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B8726461-A7C6-4628-A67C-FE5FC5FB3E9F}" = Software for Scanners
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9C8FC30-AD33-4186-A064-46A2C5A80A5B}" = eMachines Bay Reader V1.00
"{CAFECAFE-0013-0001-0122-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.22
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB1F1933-58B6-4ACD-A7E8-ABE8CC086A07}" = System Requirements Lab for Intel
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"7-Zip" = 7-Zip 9.22beta
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"avast" = avast! Internet Security
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"ESET Online Scanner" = ESET Online Scanner v3
"filehippo.com" = FileHippo.com Update Checker
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{C9C8FC30-AD33-4186-A064-46A2C5A80A5B}" = eMachines Bay Reader V1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 16.0 (x86 en-US)" = Mozilla Firefox 16.0 (x86 en-US)
"Mozilla Thunderbird 16.0 (x86 en-US)" = Mozilla Thunderbird 16.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NT Drive Recovery_is1" = NT Drive Recovery
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"SLAMRNTV" = 56Kbps Internal Modem
"sp6" = Logitech SetPoint 6.32
"Speccy" = Speccy
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"VLC media player" = VLC media player 2.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 3.6 [32-Bit]
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.1
"WinZip Self-Extractor" = WinZip Self-Extractor
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2012 3:28:34 PM | Computer Name = BOB | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EE7

Error - 9/29/2012 3:28:34 PM | Computer Name = BOB | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 9/29/2012 3:33:02 PM | Computer Name = BOB | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EE7

Error - 9/29/2012 3:44:46 PM | Computer Name = BOB | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EE7

Error - 9/29/2012 3:44:46 PM | Computer Name = BOB | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 9/29/2012 3:44:54 PM | Computer Name = BOB | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EE7

Error - 9/29/2012 3:44:54 PM | Computer Name = BOB | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 10/3/2012 12:41:17 AM | Computer Name = BOB | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/4/2012 3:47:53 PM | Computer Name = BOB | Source = MsiInstaller | ID = 11500
Description = Product: QuickTime -- Error 1500. Another installation is in progress.
You must complete that installation before continuing this one.

Error - 10/4/2012 3:48:58 PM | Computer Name = BOB | Source = MsiInstaller | ID = 11500
Description = Product: QuickTime -- Error 1500. Another installation is in progress.
You must complete that installation before continuing this one.

[ System Events ]
Error - 10/4/2012 4:21:08 PM | Computer Name = BOB | Source = Service Control Manager | ID = 7000
Description = The OrangeWare USB Enhanced Host Controller Service service failed
to start due to the following error: %%1058

Error - 10/4/2012 11:21:50 PM | Computer Name = BOB | Source = Service Control Manager | ID = 7000
Description = The OrangeWare USB Enhanced Host Controller Service service failed
to start due to the following error: %%1058

Error - 10/4/2012 11:26:54 PM | Computer Name = BOB | Source = Service Control Manager | ID = 7000
Description = The OrangeWare USB Enhanced Host Controller Service service failed
to start due to the following error: %%1058

Error - 10/4/2012 11:33:05 PM | Computer Name = BOB | Source = Service Control Manager | ID = 7000
Description = The OrangeWare USB Enhanced Host Controller Service service failed
to start due to the following error: %%1058

Error - 10/5/2012 3:01:42 AM | Computer Name = BOB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Silverlight (KB2690729).

Error - 10/5/2012 3:15:29 AM | Computer Name = BOB | Source = Service Control Manager | ID = 7000
Description = The OrangeWare USB Enhanced Host Controller Service service failed
to start due to the following error: %%1058

Error - 10/6/2012 7:15:54 PM | Computer Name = BOB | Source = Service Control Manager | ID = 7000
Description = The OrangeWare USB Enhanced Host Controller Service service failed
to start due to the following error: %%1058

Error - 10/6/2012 7:27:19 PM | Computer Name = BOB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Silverlight (KB2690729).

Error - 10/6/2012 7:35:04 PM | Computer Name = BOB | Source = Service Control Manager | ID = 7000
Description = The OrangeWare USB Enhanced Host Controller Service service failed
to start due to the following error: %%1058

Error - 10/6/2012 7:56:24 PM | Computer Name = BOB | Source = Service Control Manager | ID = 7000
Description = The OrangeWare USB Enhanced Host Controller Service service failed
to start due to the following error: %%1058


< End of report >

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 10/06/2012 08:24:27 PM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the A:\ drive
Finished processing the A:\ drive. 0 files processed.

Processing the C:\ drive
Finished processing the C:\ drive. 77500 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 0 files processed.

Processing the E:\ drive
Finished processing the E:\ drive. 0 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 0 files processed.

Processing the G:\ drive
Finished processing the G:\ drive. 0 files processed.

The C:\DOCUME~1\gigihead\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
* NoRun policy was found and deleted!
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Restarting Explorer.exe in order to apply changes.

Program finished at: 10/06/2012 08:33:21 PM
Execution time: 0 hours(s), 8 minute(s), and 53 seconds(s)

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:54 AM

Posted 07 October 2012 - 06:22 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 1450

1450
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 08 October 2012 - 09:45 PM

Hi mole, my name is Bob and I look forward to working with you.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:54 AM

Posted 09 October 2012 - 07:43 PM

Hi Bob,

The OTL log shows that you have been infected by ZeroAccess.

Please run TDSSKiller first of all

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 1450

1450
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 09 October 2012 - 08:25 PM

tdsskiller log

21:27:45.0234 1004 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:27:45.0687 1004 ============================================================
21:27:45.0687 1004 Current date / time: 2012/10/09 21:27:45.0687
21:27:45.0687 1004 SystemInfo:
21:27:45.0687 1004
21:27:45.0687 1004 OS Version: 5.1.2600 ServicePack: 3.0
21:27:45.0687 1004 Product type: Workstation
21:27:45.0687 1004 ComputerName: BOB
21:27:45.0687 1004 UserName: gigihead
21:27:45.0687 1004 Windows directory: C:\WINDOWS
21:27:45.0687 1004 System windows directory: C:\WINDOWS
21:27:45.0687 1004 Processor architecture: Intel x86
21:27:45.0687 1004 Number of processors: 1
21:27:45.0687 1004 Page size: 0x1000
21:27:45.0687 1004 Boot type: Normal boot
21:27:45.0687 1004 ============================================================
21:27:47.0671 1004 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:27:47.0750 1004 ============================================================
21:27:47.0750 1004 \Device\Harddisk0\DR0:
21:27:47.0750 1004 MBR partitions:
21:27:47.0750 1004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
21:27:47.0750 1004 ============================================================
21:27:47.0781 1004 C: <-> \Device\Harddisk0\DR0\Partition1
21:27:47.0781 1004 ============================================================
21:27:47.0781 1004 Initialize success
21:27:47.0781 1004 ============================================================
21:28:08.0875 1912 ============================================================
21:28:08.0875 1912 Scan started
21:28:08.0875 1912 Mode: Manual;
21:28:08.0875 1912 ============================================================
21:28:09.0500 1912 ================ Scan system memory ========================
21:28:09.0500 1912 System memory - ok
21:28:09.0515 1912 ================ Scan services =============================
21:28:09.0734 1912 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:28:09.0750 1912 !SASCORE - ok
21:28:11.0406 1912 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
21:28:11.0406 1912 Aavmker4 - ok
21:28:11.0421 1912 Abiosdsk - ok
21:28:11.0453 1912 abp480n5 - ok
21:28:11.0562 1912 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:28:11.0562 1912 ACDaemon - ok
21:28:11.0671 1912 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:28:11.0671 1912 ACPI - ok
21:28:11.0718 1912 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:28:11.0718 1912 ACPIEC - ok
21:28:11.0859 1912 [ 3EEFBC4876C95803699FCD8BDDEA1782 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:28:11.0890 1912 AdobeFlashPlayerUpdateSvc - ok
21:28:11.0906 1912 adpu160m - ok
21:28:11.0968 1912 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:28:11.0968 1912 aec - ok
21:28:12.0046 1912 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:28:12.0046 1912 AFD - ok
21:28:12.0062 1912 Aha154x - ok
21:28:12.0078 1912 aic78u2 - ok
21:28:12.0109 1912 aic78xx - ok
21:28:12.0187 1912 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:28:12.0187 1912 Alerter - ok
21:28:12.0265 1912 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:28:12.0265 1912 ALG - ok
21:28:12.0281 1912 AliIde - ok
21:28:12.0359 1912 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
21:28:12.0359 1912 AmdK7 - ok
21:28:12.0375 1912 amsint - ok
21:28:12.0406 1912 asc - ok
21:28:12.0421 1912 asc3350p - ok
21:28:12.0437 1912 asc3550 - ok
21:28:12.0718 1912 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:28:12.0718 1912 aspnet_state - ok
21:28:12.0796 1912 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:28:12.0812 1912 aswFsBlk - ok
21:28:12.0875 1912 [ 09678587C5C70F91720631EF048B4744 ] aswFW C:\WINDOWS\system32\drivers\aswFW.sys
21:28:12.0875 1912 aswFW - ok
21:28:12.0953 1912 [ 31E0D16EB06D09A248AFF20C76F9091B ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
21:28:12.0953 1912 aswKbd - ok
21:28:13.0015 1912 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
21:28:13.0015 1912 aswMon2 - ok
21:28:13.0109 1912 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\WINDOWS\system32\DRIVERS\aswNdis.sys
21:28:13.0109 1912 aswNdis - ok
21:28:13.0203 1912 [ C6E5E1E0FB3827B2359F4D394ECAA070 ] aswNdis2 C:\WINDOWS\system32\drivers\aswNdis2.sys
21:28:13.0218 1912 aswNdis2 - ok
21:28:13.0281 1912 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
21:28:13.0281 1912 AswRdr - ok
21:28:13.0437 1912 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
21:28:13.0453 1912 aswSnx - ok
21:28:13.0500 1912 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
21:28:13.0500 1912 aswSP - ok
21:28:13.0531 1912 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
21:28:13.0531 1912 aswTdi - ok
21:28:13.0609 1912 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:28:13.0609 1912 AsyncMac - ok
21:28:13.0671 1912 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:28:13.0671 1912 atapi - ok
21:28:13.0687 1912 Atdisk - ok
21:28:13.0781 1912 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:28:13.0781 1912 Atmarpc - ok
21:28:13.0843 1912 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:28:13.0843 1912 AudioSrv - ok
21:28:13.0906 1912 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:28:13.0921 1912 audstub - ok
21:28:14.0078 1912 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:28:14.0078 1912 avast! Antivirus - ok
21:28:14.0234 1912 [ DD4C61CB3CDBC8B0A7D2107C6944DC71 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
21:28:14.0234 1912 avast! Firewall - ok
21:28:14.0265 1912 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys
21:28:14.0265 1912 Avc - ok
21:28:14.0343 1912 [ 1AF676DB3F3D4CC709CFAB2571CF5FC3 ] AVGIDSEH C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
21:28:14.0343 1912 AVGIDSEH - ok
21:28:14.0406 1912 [ D1BAF652EDA0AE70896276A1FB32C2D4 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:28:14.0406 1912 Avgrkx86 - ok
21:28:14.0468 1912 [ AAF0EBCAD95F2164CFFB544E00392498 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:28:14.0468 1912 Avgtdix - ok
21:28:14.0656 1912 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files\AVG\AVG10\avgwdsvc.exe
21:28:14.0671 1912 avgwd - ok
21:28:14.0734 1912 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:28:14.0734 1912 Beep - ok
21:28:14.0828 1912 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:28:14.0828 1912 BITS - ok
21:28:14.0875 1912 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
21:28:14.0875 1912 Browser - ok
21:28:14.0984 1912 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:28:14.0984 1912 cbidf2k - ok
21:28:15.0031 1912 cd20xrnt - ok
21:28:15.0093 1912 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:28:15.0093 1912 Cdaudio - ok
21:28:15.0171 1912 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:28:15.0171 1912 Cdfs - ok
21:28:15.0375 1912 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:28:15.0375 1912 Cdrom - ok
21:28:15.0390 1912 Changer - ok
21:28:15.0484 1912 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:28:15.0546 1912 CiSvc - ok
21:28:15.0625 1912 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:28:15.0625 1912 ClipSrv - ok
21:28:15.0656 1912 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:28:15.0656 1912 clr_optimization_v2.0.50727_32 - ok
21:28:15.0843 1912 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:28:15.0843 1912 clr_optimization_v4.0.30319_32 - ok
21:28:15.0859 1912 CmdIde - ok
21:28:15.0875 1912 COMSysApp - ok
21:28:15.0921 1912 Cpqarray - ok
21:28:16.0031 1912 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
21:28:16.0031 1912 cpudrv - ok
21:28:16.0171 1912 cpuz132 - ok
21:28:16.0187 1912 cpuz134 - ok
21:28:16.0250 1912 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:28:16.0250 1912 CryptSvc - ok
21:28:16.0281 1912 dac2w2k - ok
21:28:16.0312 1912 dac960nt - ok
21:28:16.0421 1912 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:28:16.0437 1912 DcomLaunch - ok
21:28:16.0500 1912 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:28:16.0500 1912 Dhcp - ok
21:28:16.0562 1912 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:28:16.0562 1912 Disk - ok
21:28:16.0578 1912 dmadmin - ok
21:28:16.0656 1912 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:28:16.0656 1912 dmboot - ok
21:28:16.0734 1912 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:28:16.0734 1912 dmio - ok
21:28:16.0796 1912 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:28:16.0796 1912 dmload - ok
21:28:16.0890 1912 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:28:16.0890 1912 dmserver - ok
21:28:16.0953 1912 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:28:16.0953 1912 DMusic - ok
21:28:17.0062 1912 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:28:17.0062 1912 Dnscache - ok
21:28:17.0187 1912 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:28:17.0203 1912 Dot3svc - ok
21:28:17.0218 1912 dpti2o - ok
21:28:17.0375 1912 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:28:17.0421 1912 drmkaud - ok
21:28:17.0562 1912 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:28:17.0562 1912 EapHost - ok
21:28:17.0609 1912 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:28:17.0625 1912 ERSvc - ok
21:28:17.0765 1912 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:28:17.0765 1912 Eventlog - ok
21:28:17.0890 1912 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
21:28:17.0890 1912 EventSystem - ok
21:28:17.0984 1912 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:28:18.0187 1912 Fastfat - ok
21:28:18.0265 1912 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:28:18.0375 1912 FastUserSwitchingCompatibility - ok
21:28:18.0484 1912 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:28:18.0531 1912 Fdc - ok
21:28:18.0578 1912 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:28:18.0578 1912 Fips - ok
21:28:18.0703 1912 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:28:18.0703 1912 Flpydisk - ok
21:28:18.0875 1912 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:28:18.0890 1912 FltMgr - ok
21:28:19.0046 1912 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:28:19.0046 1912 FontCache3.0.0.0 - ok
21:28:19.0093 1912 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:28:19.0093 1912 Fs_Rec - ok
21:28:19.0156 1912 [ B7AA8283EC551D3A3B924E520E0621A7 ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
21:28:19.0156 1912 FTDIBUS - ok
21:28:19.0250 1912 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:28:19.0250 1912 Ftdisk - ok
21:28:19.0312 1912 [ 596D31583CE332B5514520D74837F434 ] FTSER2K C:\WINDOWS\system32\drivers\ftser2k.sys
21:28:19.0312 1912 FTSER2K - ok
21:28:19.0359 1912 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:28:19.0359 1912 GEARAspiWDM - ok
21:28:19.0421 1912 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:28:19.0437 1912 Gpc - ok
21:28:19.0609 1912 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:28:19.0609 1912 helpsvc - ok
21:28:19.0703 1912 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:28:19.0718 1912 HidUsb - ok
21:28:19.0781 1912 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:28:19.0781 1912 hkmsvc - ok
21:28:19.0796 1912 hpn - ok
21:28:19.0875 1912 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:28:19.0875 1912 HTTP - ok
21:28:19.0937 1912 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:28:19.0953 1912 HTTPFilter - ok
21:28:19.0968 1912 i2omgmt - ok
21:28:20.0000 1912 i2omp - ok
21:28:20.0046 1912 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:28:20.0046 1912 i8042prt - ok
21:28:20.0281 1912 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:28:20.0296 1912 idsvc - ok
21:28:20.0343 1912 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:28:20.0343 1912 Imapi - ok
21:28:20.0390 1912 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:28:20.0390 1912 ImapiService - ok
21:28:20.0421 1912 ini910u - ok
21:28:20.0453 1912 IntelIde - ok
21:28:20.0500 1912 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:28:20.0500 1912 Ip6Fw - ok
21:28:20.0546 1912 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:28:20.0546 1912 IpFilterDriver - ok
21:28:20.0562 1912 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:28:20.0562 1912 IpInIp - ok
21:28:20.0609 1912 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:28:20.0609 1912 IpNat - ok
21:28:20.0640 1912 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:28:20.0640 1912 IPSec - ok
21:28:20.0687 1912 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:28:20.0687 1912 IRENUM - ok
21:28:20.0703 1912 is3srv - ok
21:28:20.0734 1912 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:28:20.0750 1912 isapnp - ok
21:28:20.0796 1912 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:28:20.0812 1912 Kbdclass - ok
21:28:20.0843 1912 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:28:20.0843 1912 kmixer - ok
21:28:20.0875 1912 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:28:20.0875 1912 KSecDD - ok
21:28:20.0921 1912 [ 3CE13ABC9F612E08F6B23EECC63780E4 ] L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
21:28:20.0921 1912 L8042Kbd - ok
21:28:20.0968 1912 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:28:20.0984 1912 lanmanserver - ok
21:28:21.0031 1912 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:28:21.0046 1912 lanmanworkstation - ok
21:28:21.0093 1912 [ BE2DC24D403643A2D1D98F33C7087B38 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
21:28:21.0093 1912 LBeepKE - ok
21:28:21.0109 1912 lbrtfdc - ok
21:28:21.0218 1912 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
21:28:21.0218 1912 LBTServ - ok
21:28:21.0281 1912 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
21:28:21.0281 1912 LHidFilt - ok
21:28:21.0328 1912 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:28:21.0343 1912 LmHosts - ok
21:28:21.0359 1912 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
21:28:21.0359 1912 LMouFilt - ok
21:28:21.0406 1912 [ DDFA88E36D5F8DB5FBDBDDDC4969DB0A ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
21:28:21.0406 1912 LUsbFilt - ok
21:28:21.0500 1912 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
21:28:21.0500 1912 MatSvc - ok
21:28:21.0546 1912 [ 52BAEAF6CEB95EF15340BD275C2ECDD7 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:28:21.0562 1912 MBAMProtector - ok
21:28:21.0625 1912 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:28:21.0625 1912 MBAMScheduler - ok
21:28:21.0687 1912 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:28:21.0687 1912 MBAMService - ok
21:28:21.0734 1912 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:28:21.0734 1912 Messenger - ok
21:28:21.0781 1912 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:28:21.0796 1912 mnmdd - ok
21:28:21.0843 1912 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:28:21.0843 1912 mnmsrvc - ok
21:28:21.0890 1912 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:28:21.0890 1912 Modem - ok
21:28:21.0953 1912 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:28:21.0953 1912 MODEMCSA - ok
21:28:22.0000 1912 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:28:22.0000 1912 Mouclass - ok
21:28:22.0046 1912 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:28:22.0062 1912 mouhid - ok
21:28:22.0109 1912 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:28:22.0109 1912 MountMgr - ok
21:28:22.0171 1912 [ 4256F4C8607AFF934B972FFC869E40FC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:28:22.0171 1912 MozillaMaintenance - ok
21:28:22.0187 1912 mraid35x - ok
21:28:22.0218 1912 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:28:22.0218 1912 MRxDAV - ok
21:28:22.0281 1912 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:28:22.0296 1912 MRxSmb - ok
21:28:22.0328 1912 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:28:22.0328 1912 MSDTC - ok
21:28:22.0375 1912 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:28:22.0375 1912 Msfs - ok
21:28:22.0390 1912 MSIServer - ok
21:28:22.0453 1912 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:28:22.0453 1912 MSKSSRV - ok
21:28:22.0468 1912 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:28:22.0468 1912 MSPCLOCK - ok
21:28:22.0500 1912 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:28:22.0500 1912 MSPQM - ok
21:28:22.0531 1912 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:28:22.0531 1912 mssmbios - ok
21:28:22.0593 1912 [ C53775780148884AC87C455489A0C070 ] Mtlmnt5 C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
21:28:22.0593 1912 Mtlmnt5 - ok
21:28:22.0671 1912 [ 54886A652BF5685192141DF304E923FD ] Mtlstrm C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
21:28:22.0687 1912 Mtlstrm - ok
21:28:22.0734 1912 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:28:22.0750 1912 Mup - ok
21:28:22.0796 1912 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:28:22.0812 1912 napagent - ok
21:28:22.0859 1912 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:28:22.0875 1912 NDIS - ok
21:28:22.0906 1912 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:28:22.0906 1912 NdisTapi - ok
21:28:22.0937 1912 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:28:22.0953 1912 Ndisuio - ok
21:28:22.0968 1912 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:28:22.0984 1912 NdisWan - ok
21:28:23.0031 1912 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:28:23.0031 1912 NDProxy - ok
21:28:23.0078 1912 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:28:23.0078 1912 NetBIOS - ok
21:28:23.0109 1912 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:28:23.0109 1912 NetBT - ok
21:28:23.0156 1912 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:28:23.0171 1912 NetDDE - ok
21:28:23.0187 1912 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:28:23.0187 1912 NetDDEdsdm - ok
21:28:23.0234 1912 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:28:23.0234 1912 Netlogon - ok
21:28:23.0296 1912 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:28:23.0312 1912 Netman - ok
21:28:23.0343 1912 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:28:23.0359 1912 NetTcpPortSharing - ok
21:28:23.0406 1912 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:28:23.0406 1912 Nla - ok
21:28:23.0453 1912 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\npf.sys
21:28:23.0453 1912 NPF - ok
21:28:23.0500 1912 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:28:23.0500 1912 Npfs - ok
21:28:23.0562 1912 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:28:23.0562 1912 Ntfs - ok
21:28:23.0593 1912 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:28:23.0593 1912 NtLmSsp - ok
21:28:23.0656 1912 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:28:23.0671 1912 NtmsSvc - ok
21:28:23.0718 1912 [ 576B34CEAE5B7E5D9FD2775E93B3DB53 ] NtMtlFax C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
21:28:23.0718 1912 NtMtlFax - ok
21:28:23.0750 1912 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:28:23.0750 1912 Null - ok
21:28:23.0859 1912 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:28:23.0890 1912 nv - ok
21:28:23.0937 1912 [ 47B3852808DD579A463FCE7085B77413 ] nvax C:\WINDOWS\system32\drivers\nvax.sys
21:28:23.0937 1912 nvax - ok
21:28:23.0984 1912 [ C8400CA70BF8A30156487BF887886432 ] NVENET C:\WINDOWS\system32\DRIVERS\NVENET.sys
21:28:23.0984 1912 NVENET - ok
21:28:24.0031 1912 [ ADBCBA116496229A163193BBE0BB28CE ] nvnforce C:\WINDOWS\system32\drivers\nvapu.sys
21:28:24.0031 1912 nvnforce - ok
21:28:24.0093 1912 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:28:24.0093 1912 NwlnkFlt - ok
21:28:24.0109 1912 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:28:24.0125 1912 NwlnkFwd - ok
21:28:24.0171 1912 [ 2FADD6E3AEAFF1A6B84B8D304C395BD5 ] ousb2hub C:\WINDOWS\system32\DRIVERS\ousb2hub.sys
21:28:24.0171 1912 ousb2hub - ok
21:28:24.0218 1912 [ 961414DACB73858B0A2E9075AB2D1EA8 ] ousbehci C:\WINDOWS\system32\Drivers\ousbehci.sys
21:28:24.0218 1912 ousbehci - ok
21:28:24.0281 1912 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:28:24.0281 1912 Parport - ok
21:28:24.0328 1912 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:28:24.0375 1912 PartMgr - ok
21:28:24.0421 1912 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:28:24.0421 1912 ParVdm - ok
21:28:24.0453 1912 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:28:24.0453 1912 PCI - ok
21:28:24.0468 1912 PCIDump - ok
21:28:24.0500 1912 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:28:24.0515 1912 PCIIde - ok
21:28:24.0562 1912 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:28:24.0562 1912 Pcmcia - ok
21:28:24.0578 1912 PDCOMP - ok
21:28:24.0609 1912 PDFRAME - ok
21:28:24.0625 1912 PDRELI - ok
21:28:24.0671 1912 PDRFRAME - ok
21:28:24.0687 1912 perc2 - ok
21:28:24.0718 1912 perc2hib - ok
21:28:24.0781 1912 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:28:24.0796 1912 PlugPlay - ok
21:28:24.0828 1912 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:28:24.0828 1912 PolicyAgent - ok
21:28:24.0875 1912 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:28:24.0890 1912 PptpMiniport - ok
21:28:24.0906 1912 Profos - ok
21:28:24.0921 1912 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:28:24.0921 1912 ProtectedStorage - ok
21:28:24.0953 1912 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:28:24.0953 1912 PSched - ok
21:28:25.0000 1912 [ A283E768FA12EF33087F07B01F82D6DD ] PSEXESVC C:\WINDOWS\PSEXESVC.EXE
21:28:25.0000 1912 PSEXESVC - ok
21:28:25.0046 1912 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:28:25.0062 1912 Ptilink - ok
21:28:25.0078 1912 ql1080 - ok
21:28:25.0093 1912 Ql10wnt - ok
21:28:25.0109 1912 ql12160 - ok
21:28:25.0140 1912 ql1240 - ok
21:28:25.0156 1912 ql1280 - ok
21:28:25.0187 1912 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:28:25.0203 1912 RasAcd - ok
21:28:25.0250 1912 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:28:25.0265 1912 RasAuto - ok
21:28:25.0296 1912 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:28:25.0296 1912 Rasl2tp - ok
21:28:25.0359 1912 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:28:25.0359 1912 RasMan - ok
21:28:25.0390 1912 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:28:25.0390 1912 RasPppoe - ok
21:28:25.0406 1912 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:28:25.0421 1912 Raspti - ok
21:28:25.0453 1912 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:28:25.0453 1912 Rdbss - ok
21:28:25.0484 1912 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:28:25.0484 1912 RDPCDD - ok
21:28:25.0562 1912 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:28:25.0578 1912 RDPWD - ok
21:28:25.0625 1912 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:28:25.0640 1912 RDSessMgr - ok
21:28:25.0687 1912 [ E9AAA0092D74A9D371659C4C38882E12 ] RecAgent C:\WINDOWS\system32\DRIVERS\RecAgent.sys
21:28:25.0687 1912 RecAgent - ok
21:28:25.0734 1912 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:28:25.0750 1912 redbook - ok
21:28:25.0796 1912 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:28:25.0796 1912 RemoteAccess - ok
21:28:25.0843 1912 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
21:28:25.0859 1912 ROOTMODEM - ok
21:28:25.0906 1912 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
21:28:25.0906 1912 rpcapd - ok
21:28:25.0953 1912 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:28:25.0953 1912 RpcLocator - ok
21:28:26.0000 1912 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:28:26.0015 1912 RpcSs - ok
21:28:26.0062 1912 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:28:26.0078 1912 RSVP - ok
21:28:26.0109 1912 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:28:26.0125 1912 SamSs - ok
21:28:26.0156 1912 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:28:26.0156 1912 SASDIFSV - ok
21:28:26.0187 1912 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:28:26.0187 1912 SASKUTIL - ok
21:28:26.0234 1912 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:28:26.0250 1912 SCardSvr - ok
21:28:26.0296 1912 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:28:26.0312 1912 Schedule - ok
21:28:26.0359 1912 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:28:26.0359 1912 Secdrv - ok
21:28:26.0406 1912 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:28:26.0421 1912 seclogon - ok
21:28:26.0453 1912 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:28:26.0468 1912 SENS - ok
21:28:26.0515 1912 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:28:26.0515 1912 serenum - ok
21:28:26.0546 1912 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:28:26.0562 1912 Serial - ok
21:28:26.0656 1912 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:28:26.0656 1912 Sfloppy - ok
21:28:26.0718 1912 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:28:26.0734 1912 SharedAccess - ok
21:28:26.0765 1912 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:28:26.0781 1912 ShellHWDetection - ok
21:28:26.0796 1912 Simbad - ok
21:28:26.0843 1912 [ 2C1779C0FEB1F4A6033600305EBA623A ] Slntamr C:\WINDOWS\system32\DRIVERS\slntamr.sys
21:28:26.0859 1912 Slntamr - ok
21:28:26.0890 1912 [ F9B8E30E82EE95CF3E1D3E495599B99C ] SlNtHal C:\WINDOWS\system32\DRIVERS\Slnthal.sys
21:28:26.0890 1912 SlNtHal - ok
21:28:26.0937 1912 [ DB56BB2C55723815CF549D7FC50CFCEB ] SlWdmSup C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
21:28:26.0937 1912 SlWdmSup - ok
21:28:26.0968 1912 Sparrow - ok
21:28:27.0015 1912 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:28:27.0031 1912 splitter - ok
21:28:27.0078 1912 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:28:27.0078 1912 Spooler - ok
21:28:27.0109 1912 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:28:27.0125 1912 sr - ok
21:28:27.0171 1912 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:28:27.0187 1912 srservice - ok
21:28:27.0250 1912 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:28:27.0265 1912 Srv - ok
21:28:27.0343 1912 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:28:27.0359 1912 SSDPSRV - ok
21:28:27.0437 1912 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:28:27.0437 1912 stisvc - ok
21:28:27.0500 1912 [ B8D1921F4CD9FC75E22C4C9C65FF950D ] SunkFilt C:\WINDOWS\System32\Drivers\sunkfilt.sys
21:28:27.0500 1912 SunkFilt - ok
21:28:27.0546 1912 [ AB7F6435B3DC381919C3E2CB4D94C7FB ] SWDUMon C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
21:28:27.0562 1912 SWDUMon - ok
21:28:27.0593 1912 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:28:27.0609 1912 swenum - ok
21:28:27.0640 1912 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:28:27.0640 1912 swmidi - ok
21:28:27.0656 1912 SwPrv - ok
21:28:27.0687 1912 symc810 - ok
21:28:27.0718 1912 symc8xx - ok
21:28:27.0734 1912 sym_hi - ok
21:28:27.0765 1912 sym_u3 - ok
21:28:27.0812 1912 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:28:27.0812 1912 sysaudio - ok
21:28:27.0859 1912 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:28:27.0875 1912 SysmonLog - ok
21:28:27.0890 1912 szkg5 - ok
21:28:27.0906 1912 szkgfs - ok
21:28:27.0953 1912 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:28:27.0968 1912 TapiSrv - ok
21:28:28.0031 1912 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:28:28.0046 1912 Tcpip - ok
21:28:28.0062 1912 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:28:28.0078 1912 TDPIPE - ok
21:28:28.0125 1912 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:28:28.0125 1912 TDTCP - ok
21:28:28.0171 1912 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:28:28.0171 1912 TermDD - ok
21:28:28.0234 1912 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:28:28.0234 1912 TermService - ok
21:28:28.0281 1912 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:28:28.0281 1912 Themes - ok
21:28:28.0312 1912 TosIde - ok
21:28:28.0343 1912 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:28:28.0359 1912 TrkWks - ok
21:28:28.0375 1912 Trufos - ok
21:28:28.0421 1912 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:28:28.0421 1912 Udfs - ok
21:28:28.0437 1912 ultra - ok
21:28:28.0515 1912 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:28:28.0515 1912 Update - ok
21:28:28.0562 1912 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:28:28.0578 1912 upnphost - ok
21:28:28.0609 1912 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:28:28.0609 1912 UPS - ok
21:28:28.0656 1912 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:28:28.0656 1912 USBAAPL - ok
21:28:28.0687 1912 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:28:28.0703 1912 usbehci - ok
21:28:28.0750 1912 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:28:28.0765 1912 usbhub - ok
21:28:28.0812 1912 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:28:28.0812 1912 usbohci - ok
21:28:28.0859 1912 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:28:28.0859 1912 usbscan - ok
21:28:28.0890 1912 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:28:28.0906 1912 usbstor - ok
21:28:28.0921 1912 V90drv - ok
21:28:28.0968 1912 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:28:28.0968 1912 VgaSave - ok
21:28:28.0984 1912 ViaIde - ok
21:28:29.0046 1912 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:28:29.0062 1912 VolSnap - ok
21:28:29.0109 1912 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:28:29.0125 1912 VSS - ok
21:28:29.0187 1912 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
21:28:29.0187 1912 W32Time - ok
21:28:29.0250 1912 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:28:29.0265 1912 Wanarp - ok
21:28:29.0281 1912 wanatw - ok
21:28:29.0359 1912 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:28:29.0390 1912 Wdf01000 - ok
21:28:29.0406 1912 WDICA - ok
21:28:29.0437 1912 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:28:29.0437 1912 wdmaud - ok
21:28:29.0484 1912 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:28:29.0484 1912 WebClient - ok
21:28:29.0562 1912 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:28:29.0562 1912 winmgmt - ok
21:28:29.0625 1912 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:28:29.0640 1912 WmdmPmSN - ok
21:28:29.0687 1912 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:28:29.0687 1912 WmiApSrv - ok
21:28:29.0765 1912 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:28:29.0781 1912 WMPNetworkSvc - ok
21:28:29.0875 1912 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:28:29.0890 1912 WPFFontCache_v0400 - ok
21:28:29.0937 1912 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:28:29.0937 1912 WS2IFSL - ok
21:28:29.0984 1912 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:28:30.0015 1912 wscsvc - ok
21:28:30.0046 1912 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:28:30.0062 1912 wuauserv - ok
21:28:30.0109 1912 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:28:30.0125 1912 WudfPf - ok
21:28:30.0140 1912 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:28:30.0156 1912 WudfRd - ok
21:28:30.0203 1912 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:28:30.0218 1912 WudfSvc - ok
21:28:30.0281 1912 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:28:30.0296 1912 WZCSVC - ok
21:28:30.0343 1912 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:28:30.0359 1912 xmlprov - ok
21:28:30.0375 1912 ================ Scan global ===============================
21:28:30.0406 1912 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:28:30.0453 1912 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:28:30.0484 1912 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:28:30.0531 1912 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:28:30.0531 1912 [Global] - ok
21:28:30.0546 1912 ================ Scan MBR ==================================
21:28:30.0562 1912 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:28:30.0734 1912 \Device\Harddisk0\DR0 - ok
21:28:30.0734 1912 ================ Scan VBR ==================================
21:28:30.0750 1912 [ C9192CC91DD82001AF6A7910D626B424 ] \Device\Harddisk0\DR0\Partition1
21:28:30.0750 1912 \Device\Harddisk0\DR0\Partition1 - ok
21:28:30.0750 1912 ============================================================
21:28:30.0750 1912 Scan finished
21:28:30.0750 1912 ============================================================
21:28:30.0796 1172 Detected object count: 0
21:28:30.0796 1172 Actual detected object count: 0
21:28:39.0796 1008 Deinitialize success

logging on to original administration account, let you know the results.

#6 1450

1450
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 09 October 2012 - 08:53 PM

Tried to download firefox 16. pop-up window states that I need windows XP or better.

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:54 AM

Posted 10 October 2012 - 02:04 PM

Please run Combofix next

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you receive the message "Illegal operation attempted on a registry key that has been marked for deletion." then please reboot the system.
Posted Image
m0le is a proud member of UNITE

#8 1450

1450
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 10 October 2012 - 11:51 PM

Hi mole, ran combofix, restored windows recovery. Autoscan ran for three and a half hours, since the box said it should take 10 - 20 minutes I figured it got hung up, so decided to cancel and retry. When closing the program I noticed in the blue box parts of the program were completed so I ran it again for another 3+ hours. Here's the log, hope I didn't mess things up w/ the restart.


ComboFix 12-10-10.02 - gigihead 10/10/2012 23:23:43.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.169 [GMT -4:00]
Running from: c:\documents and settings\gigihead\Desktop\comfix.exe.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\0B4227B4.TMP
c:\program files\RadioPI_4eEI
c:\windows\system32\FlashPlayerInstaller.exe
c:\windows\system32\logs
c:\windows\system32\logs\{9525A6BB-76E2-4F71-9C96-A6A73A6658E9}.log
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\SET51.tmp
c:\windows\system32\SET59.tmp
c:\windows\system32\SET5B.tmp
c:\windows\system32\skinboxer43.dll
c:\windows\system32\spool\prtprocs\w32x86\CNMPD14(2).DLL
c:\windows\system32\spool\prtprocs\w32x86\CNMPD14(3).DLL
c:\windows\system32\spool\prtprocs\w32x86\CNMPD14(4).DLL
c:\windows\system32\spool\prtprocs\w32x86\CNMPD14(5).DLL
c:\windows\system32\spool\prtprocs\w32x86\CNMPD14(6).DLL
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-11 to 2012-10-11 )))))))))))))))))))))))))))))))
.
.
2012-10-07 04:27 . 2012-10-07 04:27 -------- d-----w- c:\program files\Recuva
2012-10-07 03:29 . 2012-10-10 21:02 -------- d-----w- c:\windows\system32\CatRoot2
2012-10-07 03:03 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-10-07 03:02 . 2012-10-07 03:02 -------- d-----w- C:\RegBackup
2012-10-07 02:54 . 2012-10-07 03:20 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-10-05 03:37 . 2012-10-05 03:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-05 03:37 . 2012-10-05 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-10-04 20:17 . 2012-08-21 09:13 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-04 20:17 . 2012-08-21 09:13 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-04 20:16 . 2012-08-21 09:13 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-04 20:14 . 2012-07-13 10:47 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-10-04 19:32 . 2012-10-02 17:57 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2012-10-04 19:32 . 2012-10-02 17:57 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2012-10-04 18:50 . 2012-10-04 18:50 -------- d-----w- c:\program files\Speccy
2012-10-04 04:13 . 2012-10-07 03:31 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-04 04:13 . 2012-10-04 04:13 -------- d-----w- c:\program files\Tweaking.com
2012-10-03 06:34 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-03 06:34 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-03 06:34 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-03 06:34 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-03 06:34 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-03 06:34 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-03 06:34 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-03 06:34 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-03 06:33 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-03 06:33 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-03 06:21 . 2012-10-07 04:27 -------- d-----w- c:\documents and settings\gigihead
2012-10-03 05:46 . 2012-10-03 05:46 3946 ----a-w- C:\FixitRegBackup.reg
2012-10-03 04:42 . 2012-10-03 04:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-30 07:01 . 2012-09-30 07:01 -------- d-----w- C:\f1e38d9292b83f6bf629
2012-09-30 04:32 . 2012-09-07 21:04 20552 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-29 20:12 . 2012-09-29 20:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-29 19:54 . 2012-09-29 19:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-09-29 19:54 . 2012-09-29 19:54 -------- d-----w- c:\program files\IMinent Toolbar
2012-09-29 19:54 . 2012-09-29 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Iminent
2012-09-29 19:54 . 2012-10-04 00:16 -------- d-----w- c:\program files\Bonjour
2012-09-29 19:54 . 2012-09-29 19:54 -------- d-----w- c:\program files\Iminent
2012-09-21 17:51 . 2012-09-30 04:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 20:46 . 2012-02-24 08:29 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 20:45 . 2011-07-16 18:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-03 04:41 . 2011-10-25 15:44 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-03 04:41 . 2011-12-13 17:22 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-03 04:41 . 2010-06-18 02:30 746984 -c--a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:14 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2004-08-04 12:00 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-02 17:57 . 2012-07-27 05:03 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-04 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-02-18 232104]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^DUDSI^Start Menu^Programs^Startup^PandaUSBVaccine.lnk]
path=c:\documents and settings\DUDSI\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
backup=c:\windows\pss\PandaUSBVaccine.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-10-07 09:40 1387288 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Finder]
2012-05-02 17:37 8587776 ----a-w- c:\program files\Media Finder\Media Finder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [10/4/2012 4:14 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [10/4/2012 4:17 PM 202928]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [10/4/2012 4:17 PM 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [10/4/2012 4:16 PM 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/3/2012 2:34 AM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/3/2012 2:34 AM 355632]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 2:54 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/3/2012 2:34 AM 21256]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [10/4/2012 4:14 PM 133912]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [12/2/2011 9:49 PM 12184]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/30/2012 12:32 AM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/30/2012 12:32 AM 676936]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 2:19 PM 50704]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/30/2012 12:32 AM 20552]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2/17/2011 5:41 PM 45824]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2/24/2012 4:29 AM 250808]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 11:09 PM 267568]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/27/2012 1:03 AM 115168]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2/17/2011 5:41 PM 56960]
S3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE [10/6/2012 10:54 PM 181064]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [11/27/2011 3:24 AM 12984]
S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
S4 cpuz134;cpuz134;\??\c:\docume~1\DUDSI\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\DUDSI\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S4 is3srv;is3srv; [x]
S4 szkg5;szkg5; [x]
S4 szkgfs;szkgfs; [x]
S4 V90drv;v90drv; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-24 20:48]
.
2011-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-10-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-03 09:12]
.
2012-10-10 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
.
2012-10-09 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
.
2012-10-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 51deec95-5288-47c8-b504-fce22be2ff8f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-10-09 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d2ec21c7-3c15-4b47-a0ff-250bcf5d5767.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-10-10 c:\windows\Tasks\User_Feed_Synchronization-{FEEB9AEB-E214-44A6-A2C7-81348D59685C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
2012-10-09 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2011-07-14 08:31]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
FF - ProfilePath - c:\documents and settings\gigihead\Application Data\Mozilla\Firefox\Profiles\u8ru071i.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-Kernel and Hardware Abstraction Layer - KHALMNPR.EXE
MSConfigStartUp-Pareto_Update - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-10 23:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_500_90_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_500_90_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(488)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2012-10-10 23:39:09
ComboFix-quarantined-files.txt 2012-10-11 03:39
.
Pre-Run: 115,288,215,552 bytes free
Post-Run: 116,190,982,144 bytes free
.
- - End Of File - - 28DE11B26CE40F97A965171C8C3B1D27

On another note, when SAS reported the null trojan it stated it was found in system restore. Should I remove all restore points except the last? I am going to try my original admin account. If there is any problems I'll let you know in my next (and hopefully final) post.

Thanks, Bob

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:54 AM

Posted 11 October 2012 - 07:05 PM

Should I remove all restore points except the last? I am going to try my original admin account. If there is any problems I'll let you know in my next (and hopefully final) post.


When we're done here we will carry out a set of instructions that will remove all restore points.

Please run an online scan with ESET which will remove items such as copies of malware in the system restore folder

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#10 1450

1450
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 12 October 2012 - 01:34 PM

Hi MOle, had an interesting evening. Ran eset, went to transfer txt file, found out my my computer/confuser will not open evt files. Wnt to copy on clipboard and recieved this
Help and Support | Security | Microsoft Update

Stop (blue screen) error caused by a device or driver

You received this message because a hardware device, its driver, or related software has caused a stop error, also called a blue screen error. This type of error means the computer has shut down abruptly to protect itself from potential data corruption or loss. In this case, we were unable to detect the specific device or driver that caused the problem.

The following troubleshooting steps might prevent the stop error from recurring. Try them in the order given. If one step does not solve the problem, then move on to the next one.
Steps to solve this problem

Download and install the latest updates and device drivers for your computer

Scan your computer for viruses

Check your hard disk for errors
Steps to work around this problem

Warning
These steps are designed to address a particular problem but might do so by temporarily disabling or removing some functionality on your computer.

Remove any new hardware or software to isolate the cause of the blue screen

Restore your computer to an earlier state

Advanced troubleshooting

eset log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6ba1bd2fcaaf5d4ba59dcbb9ac566263
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-24 02:21:17
# local_time=2011-11-23 09:21:17 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 287229 287229 0 0
# compatibility_mode=1032 16777177 100 96 0 65160268 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=12808
# found=0
# cleaned=0
# scan_time=856
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6ba1bd2fcaaf5d4ba59dcbb9ac566263
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-24 06:19:56
# local_time=2011-11-24 01:19:56 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 290432 290432 0 0
# compatibility_mode=1032 16777177 100 96 0 65163471 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=65753
# found=7
# cleaned=0
# scan_time=11897
C:\Documents and Settings\DUDSI\Application Data\AVG\Rescue\PC Tuneup 2011\111029154404546.rsc Win32/TrojanDownloader.Prodatect.BK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\DUDSI\Desktop\openofficesuite-setup.exe Win32/DownloadAdmin.A.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\DUDSI\My Documents\Downloads\openofficesuite-setup(1).exe Win32/DownloadAdmin.A.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\DUDSI\My Documents\Downloads\openofficesuite-setup(2).exe Win32/DownloadAdmin.A.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\DUDSI\My Documents\Downloads\openofficesuite-setup.exe Win32/DownloadAdmin.A.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\DUDSI\My Documents\Downloads\SoftonicDownloader_for_firefox.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9aa02ca3e320a947a00824a32563b420
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-28 09:55:51
# local_time=2012-09-28 05:55:51 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=4.0.1381 NT Service Pack 5
# compatibility_mode=512 16777215 100 0 6422360 6422360 0 0
# compatibility_mode=1024 16777215 100 0 25059627 25059627 0 0
# compatibility_mode=5892 16776574 0 20 1739533 188688931 0 0
# compatibility_mode=8192 67108863 100 0 25842724 25842724 0 0
# scanned=85431
# found=20
# cleaned=20
# scan_time=8378
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\DUDSI\My Documents\Downloads\asc5-setup-aff.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\DUDSI\My Documents\Downloads\cole2k.media.-.codec.pack.v7.9.5.-advanced-.setup.exe a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\DUDSI\My Documents\Downloads\Downloader.exe a variant of Win32/InstallCore.T application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\DUDSI\My Documents\Downloads\DriverPerformer-T2FIBDCO.exe a variant of Win32/InstallBrain application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\DUDSI\My Documents\Downloads\IZArc4.1.6(1).exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\DUDSI\My Documents\Downloads\IZArc4.1.6(3).exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\DUDSI\My Documents\Downloads\IZArc4.1.6.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\DUDSI\My Documents\Downloads\IZArcInstall.exe a variant of Win32/Somoto.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\DUDSI\My Documents\Downloads\openofficesuite-setup(1).exe Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\DUDSI\My Documents\Downloads\openofficesuite-setup(2).exe Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\DUDSI\My Documents\Downloads\openofficesuite-setup(3).exe Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\DUDSI\My Documents\Downloads\openofficesuite-setup(4).exe Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\DUDSI\My Documents\Downloads\openofficesuite-setup(5).exe Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\DUDSI\My Documents\Downloads\openofficesuite-setup(6).exe Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\DUDSI\My Documents\Downloads\openofficesuite-setup.exe Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\DUDSI\My Documents\Downloads\PerfectUninstaller_Setup.exe probably a variant of Win32/PerfectUninstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Joe St.Hilaire\Local Settings\Temp\nsp7.tmp\__localxml.xml Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\InstallBrainService\InstallBrainService(2).exe a variant of Win32/InstallBrain application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=19493ceaf711c245a98a0545341d1cad
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-10-02 05:09:34
# local_time=2012-10-02 01:09:34 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=4.0.1381 NT Service Pack 5
# compatibility_mode=512 16777215 100 0 6708208 6708208 0 0
# compatibility_mode=1024 16777215 100 0 25345475 25345475 0 0
# compatibility_mode=5892 16776574 0 20 2025381 188974779 0 0
# compatibility_mode=8192 67108863 100 0 26128572 26128572 0 0
# scanned=77823
# found=3
# cleaned=3
# scan_time=7750
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\InstallBrainService\InstallBrainService(2).exe a variant of Win32/InstallBrain application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok





#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:54 AM

Posted 12 October 2012 - 06:29 PM

you haven't said but I am assuming that you are still at the Microsoft warning. Please try and run System Restore ("Restore your computer to an earlier state")

For our purpose please just use a restore point just before the ESET run.

Then let me know if you're booting again.
Posted Image
m0le is a proud member of UNITE

#12 1450

1450
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 17 October 2012 - 12:03 AM

Hi M0le, How are things across the big pond? Sorry about the delay. I'm still having issues, but nowhere near my previous problems. I'm in the process of noting these and will let you know the results shortly.

Thanks for your patience, Bob

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:54 AM

Posted 17 October 2012 - 02:50 PM

:thumbup2:
Posted Image
m0le is a proud member of UNITE

#14 1450

1450
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 19 October 2012 - 10:46 PM

Here's what I got so far.

Xp sp3 still not recognized in original admin. DUDSI
Computer stand-by and log off not working.
Firefox and other programs, MBM etc. not loading properly in gigihead.
Programs not ending properly, and in gigihead will not close when prompted to end now.
Cursor not working in safe-mode.
Ran MBM and SAS no infections found.
Also computer freezes frequently and crashes on occasion.
And... received a AVG shell extension error notification?
And.... while trying to download Security Check .exe, I received this notification,The system cannot find the path specification. 'color' is not a recognized as an internal or external command, operable program or hatch file.
Busy script notifications ( continue or stop script )popping up frequently.

Edited by 1450, 20 October 2012 - 12:00 AM.


#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:54 AM

Posted 20 October 2012 - 08:33 PM

The vast majority of the items on the list don't look malware-related but I have to be sure here. I feel that most of the options we have will fail because the system seems quite damaged but let's confirm this.

Let's try to boot your computer using the Ultimate Boot CD for Windows (UBCD4win).

Please print this guide for future reference!

You will need a blank CD, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

:step1:

1. Download and Run Ultimate Boot CD for Windows
  • Save it to your Desktop.
  • Double-Click on the UBCD4Win.EXE that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up.
    NOTES:
  • Do not install to a folder with spaces in it's name.
  • Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read HERE for information regarding the files that normally trigger AV software.
2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
  • Double-Click on UBCD4WinBuilder.exe located in your C:\ubcd4win folder.
  • Click "I agree" to the Builders License.
  • Click NO to Search for Windows Installation Files
  • Make the following selections from the Main Screen that pops up:
    • Builder
    • Source:(path to Windows installation files)
    • Enter the path to the drive where your XP CD is located.
    • You can click on the "..." button on the right to navigate to the path as well.
  • Custom: (include files and folders from this directory)
    • No information is necessary, leave blank.
  • Output: (C:\ubcd4win\BartPE)
    • Keep the default BartPE
  • Media output
  • Choose Create ISO image
  • Do not choose Burn to CD/DVD


Please note: If your XP install disc is SP1 then please .....

  • Disable- DComLaunch Service
  • Enable- LargeIDE Fix

    This can be done by pressing the "Plugin" button and checking or unchecking the appropriate selections

Also note: If you have a Dell XP install disc you will need to follow the instructions here
http://www.ubcd4win.com/faq.htm#dell
[/list]
3. Click on the "Build" button
  • You will see the Windows EULA message. Click on I Agree
  • You will now see the Build Screen. Let it run it's course
  • When the Build is finished you can click close, then exit


4. Burn your ISO file to CD
  • Please see HERE on how to burn an ISO to CD.
[/list]
==========

:step2:

Next, from your clean computer:

Download Farbar Recovery Scan Tool
and save it to your flash drive.

Now plug your flashdrive back into your sick computer and follow the next instructions:

==========

:step3:

1. Restart Your sick Computer Using the UBCD4Win Disc That You Have Created
  • Insert the UBCD4Win disc in to one of your CD/DVD drives.
  • Restart your computer.
    • The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
  • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.
    • It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.
  • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
    • Click on Yes if you want to use the PE environment to get online post your log and reply by way of an Ethernet connection.
  • You should now have a desktop that looks like this:

    Posted Image


==========

:step4:

  • Single click My computer from your UBCD4W desktop to navigate to the Farbar Recovery Scan Tool you saved to your flash drive.
  • Double click on it to begin running the tool.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your next reply.

Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users