Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible problem, please help.


  • This topic is locked This topic is locked
34 replies to this topic

#1 Flaarg

Flaarg

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 05 June 2013 - 11:48 AM

Here are my dds logs, I don't know whether or not I have a virus so I need help.
 
Attached File  attach.txt   10.27KB   2 downloads
 
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.94\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\v0fb7oc1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 MpKsl877c3611;MpKsl877c3611;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14fbc52c-fdc4-4d27-80bd-ee2339045118}\MpKsl877c3611.sys [2013-6-5 29904]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
.
=============== Created Last 30 ================
.
2013-06-05 08:50:09 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14fbc52c-fdc4-4d27-80bd-ee2339045118}\MpKsl877c3611.sys
2013-06-05 08:50:08 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14fbc52c-fdc4-4d27-80bd-ee2339045118}\offreg.dll
2013-06-05 08:43:37 7016152 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14fbc52c-fdc4-4d27-80bd-ee2339045118}\mpengine.dll
2013-06-05 03:54:25 -------- d-----w- c:\documents and settings\admin\application data\Windows Search
2013-06-05 03:06:57 7016152 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-06-01 02:32:34 -------- d-----w- c:\documents and settings\admin\local settings\application data\Mozilla
2013-05-27 22:28:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2013-05-27 22:28:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-05-27 22:28:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-05-27 22:28:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-05-27 22:28:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-05-27 22:28:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-05-08 08:36:03 -------- d-----w- c:\program files\Microsoft Security Client
.
==================== Find3M  ====================
.
2013-06-01 02:41:31 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-01 02:41:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 08:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 19:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 11:32:48.34 ===============
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:19 AM

Posted 08 June 2013 - 09:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 Flaarg

Flaarg
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 08 June 2013 - 09:54 PM

Alright, I got some results, though I don't like the sounds of all of them.

 

Adwcleaner:

 

# AdwCleaner v2.303 - Logfile created 06/08/2013 at 21:34:29
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : admin - D3FFM5C1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\admin\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\Software\Discount Buddy
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\v0fb7oc1.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [3191 octets] - [08/06/2013 21:33:13]
AdwCleaner[S1].txt - [3172 octets] - [08/06/2013 21:34:29]
 
########## EOF - C:\AdwCleaner[S1].txt - [3232 octets] ##########
 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by admin on Sat 06/08/2013 at 21:41:16.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\admin\Local Settings\Application Data\downloadterms"
Successfully deleted: [Folder] "C:\Program Files\coupons"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/08/2013 at 21:44:22.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by admin at 21:46:29 on 2013-06-08
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.446.229 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{7494BEE4-A975-414E-95BE-56C9A674C0DF} : DHCPNameServer = 75.75.76.76 75.75.75.75
Notify: WgaLogon - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\v0fb7oc1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
.
=============== Created Last 30 ================
.
2013-06-09 02:41:06 -------- d-----w- c:\windows\ERUNT
2013-06-09 02:40:10 -------- d-----w- C:\JRT
2013-06-08 16:27:08 7016152 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{85fe59ce-d9dc-489e-b6bd-1743a556ba40}\mpengine.dll
2013-06-07 16:23:19 7016152 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-06-05 03:54:25 -------- d-----w- c:\documents and settings\admin\application data\Windows Search
2013-06-01 02:32:34 -------- d-----w- c:\documents and settings\admin\local settings\application data\Mozilla
2013-05-27 22:28:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2013-05-27 22:28:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-05-27 22:28:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-05-27 22:28:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-05-27 22:28:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-05-27 22:28:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M  ====================
.
2013-06-01 02:41:31 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-01 02:41:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 08:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 19:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 21:47:19.42 ===============
 

SecuritycCheck: (This is the one that scares me.)

 

 UNSUPPORTED OPERATING SYSTEM! ABORTED!

 

 

No, seriously, WHAT!? Why on earth did it say that?



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:19 AM

Posted 09 June 2013 - 08:06 AM

SecuritycCheck: (This is the one that scares me.)

UNSUPPORTED OPERATING SYSTEM! ABORTED!

Restart the computer normally and run the .exe file as an Administrator.

===

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please let me know what problem persists.

#5 Flaarg

Flaarg
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 09 June 2013 - 07:06 PM

Alright, got SecurityCheck to work.

 

SecurityCheck:

 

 Results of screen317's Security Check version 0.99.64  
 Windows XP Service Pack 3 x86   
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Please wait while WMIC is being installed.d 
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Auslogics Registry Cleaner   
 Adobe Flash Player 11.7.700.202  
 Adobe Reader 7 Adobe Reader out of Date! 
 Mozilla Firefox (21.0) 
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 0% 
````````````````````End of Log`````````````````````` 
 

 

Combofix:

 

ComboFix 13-06-08.02 - admin 06/09/2013  18:48:47.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.446.214 [GMT -5:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\RAIDTest
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-09 to 2013-06-09  )))))))))))))))))))))))))))))))
.
.
2013-06-09 09:22 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F5C6D2A-6B4B-45AF-8A5F-C5EBD8809C67}\mpengine.dll
2013-06-09 02:48 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-09 02:41 . 2013-06-09 02:41 -------- d-----w- c:\windows\ERUNT
2013-06-09 02:40 . 2013-06-09 02:40 -------- d-----w- C:\JRT
2013-06-05 03:54 . 2013-06-05 03:54 -------- d-----w- c:\documents and settings\admin\Application Data\Windows Search
2013-06-01 02:32 . 2013-06-01 02:32 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Mozilla
2013-05-27 22:28 . 2013-05-27 22:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2013-05-27 22:28 . 2013-05-27 22:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-05-27 22:28 . 2013-05-27 22:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-05-27 22:28 . 2013-05-27 22:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-05-27 22:28 . 2013-05-27 22:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-05-27 22:28 . 2013-05-27 22:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2013-05-27 22:27 . 2013-05-27 22:28 -------- d-----w- c:\program files\QuickTime
2013-05-27 22:27 . 2013-05-27 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
.
.
.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:19 AM

Posted 10 June 2013 - 07:04 AM

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

The ComboFix log is not complete.
Please post again. Let me know what problem persists.

#7 Flaarg

Flaarg
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 10 June 2013 - 06:30 PM

Alright, here's the new log.

 

ComboFix:

 

ComboFix 13-06-08.02 - admin 06/10/2013  18:07:34.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.446.142 [GMT -5:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-10 to 2013-06-10  )))))))))))))))))))))))))))))))
.
.
2013-06-10 22:45 . 2013-06-10 22:45 -------- d-----w- c:\program files\Common Files\Adobe
2013-06-10 09:29 . 2013-06-10 09:29 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18F9F616-9DBE-49AA-9597-FCA5B0EF92E1}\offreg.dll
2013-06-10 09:29 . 2013-06-10 09:29 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18F9F616-9DBE-49AA-9597-FCA5B0EF92E1}\MpKsl2e612c47.sys
2013-06-10 09:23 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18F9F616-9DBE-49AA-9597-FCA5B0EF92E1}\mpengine.dll
2013-06-10 00:04 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-09 02:41 . 2013-06-09 02:41 -------- d-----w- c:\windows\ERUNT
2013-06-09 02:40 . 2013-06-09 02:40 -------- d-----w- C:\JRT
2013-06-05 03:54 . 2013-06-05 03:54 -------- d-----w- c:\documents and settings\admin\Application Data\Windows Search
2013-06-01 02:32 . 2013-06-01 02:32 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Mozilla
2013-05-27 22:28 . 2013-05-27 22:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2013-05-27 22:28 . 2013-05-27 22:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-05-27 22:28 . 2013-05-27 22:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-05-27 22:28 . 2013-05-27 22:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-05-27 22:28 . 2013-05-27 22:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-05-27 22:28 . 2013-05-27 22:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2013-05-27 22:27 . 2013-05-27 22:28 -------- d-----w- c:\program files\QuickTime
2013-05-27 22:27 . 2013-05-27 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-01 02:41 . 2012-12-29 10:02 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-01 02:41 . 2012-12-29 10:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2012-06-06 02:37 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 08:59 . 2013-05-01 08:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59 . 2013-05-01 08:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-16 22:17 . 2005-08-16 10:18 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2005-08-16 10:18 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 19:50 . 2012-06-06 00:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-28 24576]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ehTray"=c:\windows\ehome\ehtray.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R1 MpKsl2e612c47;MpKsl2e612c47;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18F9F616-9DBE-49AA-9597-FCA5B0EF92E1}\MpKsl2e612c47.sys [6/10/2013 4:29 AM 29904]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL2E612C47
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 23:14 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-29 02:41]
.
2013-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2013-06-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-06-06 20:58]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-28 01:09]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-28 01:09]
.
2013-06-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\v0fb7oc1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-10 18:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3576)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-06-10  18:17:45
ComboFix-quarantined-files.txt  2013-06-10 23:17
ComboFix2.txt  2013-06-09 23:58
.
Pre-Run: 53,574,955,008 bytes free
Post-Run: 53,562,675,200 bytes free
.
- - End Of File - - E062E318D3DB98267DADE39F71DA6A7B
49A546210C3E024EAC559A37A6BF499A


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:19 AM

Posted 11 June 2013 - 07:44 AM

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.
In Vista and Windows 7 right click the JavaRa.exe and select run as Administrator.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.
===

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
Please let me know what problem persists.

#9 Flaarg

Flaarg
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 11 June 2013 - 09:02 PM

JavaRa:

 

JavaRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Tue Jun 11 20:53:49 2013
 
Found and removed: C:\WINDOWS\System32\jpicpl32.cpl
 
Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}
 
Found and removed: JavaScript
 
Found and removed: JavaScript Author
 
Found and removed: JavaScript1.1
 
Found and removed: JavaScript1.1 Author
 
Found and removed: JavaScript1.2
 
Found and removed: JavaScript1.2 Author
 
Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}
 
Found and removed: Software\JavaSoft\Java Runtime Environment\1.5.0_06
 
Found and removed: Software\JavaSoft\Java2D\1.5.0_06
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\JavaPlugin
 
Found and removed: SOFTWARE\Classes\JavaPlugin.150_06
 
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0
 
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06
 
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5
 
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06
 
Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
 
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\
 
------------------------------------
 
Finished reporting.
 
 
 

TDSSKiller:

 

20:54:16.0010 3444  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:54:16.0541 3444  ============================================================
20:54:16.0541 3444  Current date / time: 2013/06/11 20:54:16.0541
20:54:16.0541 3444  SystemInfo:
20:54:16.0541 3444  
20:54:16.0541 3444  OS Version: 5.1.2600 ServicePack: 3.0
20:54:16.0541 3444  Product type: Workstation
20:54:16.0541 3444  ComputerName: D3FFM5C1
20:54:16.0541 3444  UserName: admin
20:54:16.0541 3444  Windows directory: C:\WINDOWS
20:54:16.0541 3444  System windows directory: C:\WINDOWS
20:54:16.0541 3444  Processor architecture: Intel x86
20:54:16.0541 3444  Number of processors: 1
20:54:16.0541 3444  Page size: 0x1000
20:54:16.0541 3444  Boot type: Normal boot
20:54:16.0541 3444  ============================================================
20:54:19.0056 3444  Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:54:19.0447 3444  ============================================================
20:54:19.0447 3444  \Device\Harddisk0\DR0:
20:54:19.0447 3444  MBR partitions:
20:54:19.0447 3444  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8BA231A
20:54:19.0447 3444  ============================================================
20:54:19.0618 3444  C: <-> \Device\Harddisk0\DR0\Partition1
20:54:19.0618 3444  ============================================================
20:54:19.0618 3444  Initialize success
20:54:19.0618 3444  ============================================================
20:54:36.0802 2664  ============================================================
20:54:36.0802 2664  Scan started
20:54:36.0802 2664  Mode: Manual; SigCheck; TDLFS; 
20:54:36.0802 2664  ============================================================
20:54:36.0865 2664  ================ Scan system memory ========================
20:54:36.0865 2664  System memory - ok
20:54:36.0881 2664  ================ Scan services =============================
20:54:36.0974 2664  Abiosdsk - ok
20:54:37.0037 2664  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:54:41.0348 2664  abp480n5 - ok
20:54:41.0395 2664  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:54:41.0801 2664  ACPI - ok
20:54:41.0833 2664  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
20:54:42.0114 2664  ACPIEC - ok
20:54:42.0161 2664  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:54:42.0192 2664  AdobeFlashPlayerUpdateSvc - ok
20:54:42.0223 2664  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:54:42.0411 2664  adpu160m - ok
20:54:42.0442 2664  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
20:54:42.0614 2664  aec - ok
20:54:42.0645 2664  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
20:54:42.0692 2664  AFD - ok
20:54:42.0723 2664  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
20:54:42.0911 2664  agp440 - ok
20:54:42.0926 2664  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:54:43.0145 2664  agpCPQ - ok
20:54:43.0192 2664  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:54:43.0286 2664  Aha154x - ok
20:54:43.0301 2664  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:54:43.0504 2664  aic78u2 - ok
20:54:43.0520 2664  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:54:43.0692 2664  aic78xx - ok
20:54:43.0739 2664  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
20:54:43.0895 2664  Alerter - ok
20:54:43.0926 2664  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
20:54:44.0145 2664  ALG - ok
20:54:44.0192 2664  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
20:54:44.0410 2664  AliIde - ok
20:54:44.0426 2664  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:54:44.0582 2664  alim1541 - ok
20:54:44.0598 2664  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:54:44.0879 2664  amdagp - ok
20:54:44.0926 2664  [ 0A4D13B388C814560BD69C3A496ECFA8 ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
20:54:44.0973 2664  AmdK8 - ok
20:54:45.0004 2664  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
20:54:45.0238 2664  amsint - ok
20:54:45.0332 2664  [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:54:45.0363 2664  Apple Mobile Device - ok
20:54:45.0394 2664  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
20:54:45.0676 2664  AppMgmt - ok
20:54:45.0691 2664  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
20:54:45.0879 2664  asc - ok
20:54:45.0910 2664  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:54:46.0004 2664  asc3350p - ok
20:54:46.0035 2664  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:54:46.0332 2664  asc3550 - ok
20:54:46.0425 2664  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:54:46.0472 2664  aspnet_state - ok
20:54:46.0504 2664  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:54:46.0691 2664  AsyncMac - ok
20:54:46.0707 2664  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
20:54:46.0863 2664  atapi - ok
20:54:46.0879 2664  Atdisk - ok
20:54:46.0894 2664  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:54:47.0050 2664  Atmarpc - ok
20:54:47.0082 2664  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:54:47.0238 2664  AudioSrv - ok
20:54:47.0269 2664  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
20:54:47.0488 2664  audstub - ok
20:54:47.0519 2664  [ 78E7B52DA292FA90BAD2F887BBF22159 ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
20:54:47.0582 2664  bcm4sbxp - ok
20:54:47.0597 2664  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:54:47.0831 2664  Beep - ok
20:54:47.0863 2664  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
20:54:48.0144 2664  BITS - ok
20:54:48.0191 2664  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:54:48.0206 2664  Bonjour Service - ok
20:54:48.0253 2664  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
20:54:48.0284 2664  Browser - ok
20:54:48.0363 2664  catchme - ok
20:54:48.0394 2664  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:54:48.0581 2664  cbidf - ok
20:54:48.0581 2664  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
20:54:48.0784 2664  cbidf2k - ok
20:54:48.0800 2664  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:54:48.0972 2664  cd20xrnt - ok
20:54:49.0003 2664  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
20:54:49.0191 2664  Cdaudio - ok
20:54:49.0237 2664  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:54:49.0394 2664  Cdfs - ok
20:54:49.0425 2664  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:54:49.0597 2664  Cdrom - ok
20:54:49.0612 2664  Changer - ok
20:54:49.0644 2664  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
20:54:49.0800 2664  CiSvc - ok
20:54:49.0815 2664  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
20:54:50.0003 2664  ClipSrv - ok
20:54:50.0034 2664  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:54:50.0097 2664  clr_optimization_v2.0.50727_32 - ok
20:54:50.0128 2664  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:54:50.0315 2664  CmdIde - ok
20:54:50.0331 2664  COMSysApp - ok
20:54:50.0362 2664  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:54:50.0581 2664  Cpqarray - ok
20:54:50.0612 2664  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:54:50.0768 2664  CryptSvc - ok
20:54:50.0800 2664  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:54:51.0018 2664  dac2w2k - ok
20:54:51.0034 2664  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:54:51.0268 2664  dac960nt - ok
20:54:51.0346 2664  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:54:51.0643 2664  DcomLaunch - ok
20:54:51.0706 2664  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:54:51.0909 2664  Dhcp - ok
20:54:51.0956 2664  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:54:52.0206 2664  Disk - ok
20:54:52.0221 2664  dmadmin - ok
20:54:52.0331 2664  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:54:52.0768 2664  dmboot - ok
20:54:52.0784 2664  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:54:53.0080 2664  dmio - ok
20:54:53.0127 2664  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:54:53.0315 2664  dmload - ok
20:54:53.0330 2664  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:54:53.0502 2664  dmserver - ok
20:54:53.0518 2664  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:54:53.0674 2664  DMusic - ok
20:54:53.0705 2664  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:54:53.0846 2664  Dnscache - ok
20:54:53.0893 2664  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:54:54.0080 2664  Dot3svc - ok
20:54:54.0096 2664  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:54:54.0393 2664  dpti2o - ok
20:54:54.0408 2664  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:54:54.0580 2664  drmkaud - ok
20:54:54.0596 2664  [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:54:54.0814 2664  E100B - ok
20:54:54.0861 2664  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:54:55.0189 2664  EapHost - ok
20:54:55.0267 2664  [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr         C:\WINDOWS\eHome\ehRecvr.exe
20:54:55.0424 2664  ehRecvr - ok
20:54:55.0486 2664  [ A53243709439AC2A4C216B817F8D7411 ] ehSched         C:\WINDOWS\eHome\ehSched.exe
20:54:55.0533 2664  ehSched - ok
20:54:55.0564 2664  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
20:54:55.0752 2664  ERSvc - ok
20:54:55.0783 2664  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
20:54:55.0924 2664  Eventlog - ok
20:54:55.0970 2664  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
20:54:56.0064 2664  EventSystem - ok
20:54:56.0111 2664  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
20:54:56.0345 2664  Fastfat - ok
20:54:56.0408 2664  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:54:56.0548 2664  FastUserSwitchingCompatibility - ok
20:54:56.0611 2664  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
20:54:56.0892 2664  Fax - ok
20:54:56.0939 2664  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
20:54:57.0126 2664  Fdc - ok
20:54:57.0158 2664  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:54:57.0298 2664  Fips - ok
20:54:57.0330 2664  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:54:57.0454 2664  Flpydisk - ok
20:54:57.0501 2664  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:54:57.0642 2664  FltMgr - ok
20:54:57.0704 2664  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:54:57.0720 2664  FontCache3.0.0.0 - ok
20:54:57.0736 2664  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:54:57.0923 2664  Fs_Rec - ok
20:54:57.0954 2664  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:54:58.0142 2664  Ftdisk - ok
20:54:58.0157 2664  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:54:58.0298 2664  Gpc - ok
20:54:58.0361 2664  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
20:54:58.0407 2664  gupdate - ok
20:54:58.0423 2664  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:54:58.0439 2664  gupdatem - ok
20:54:58.0486 2664  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:54:58.0626 2664  HDAudBus - ok
20:54:58.0704 2664  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:54:58.0845 2664  helpsvc - ok
20:54:58.0845 2664  HidServ - ok
20:54:58.0876 2664  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:54:59.0032 2664  HidUsb - ok
20:54:59.0064 2664  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:54:59.0220 2664  hkmsvc - ok
20:54:59.0251 2664  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
20:54:59.0438 2664  hpn - ok
20:54:59.0470 2664  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:54:59.0595 2664  HPZid412 - ok
20:54:59.0610 2664  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:54:59.0657 2664  HPZipr12 - ok
20:54:59.0688 2664  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:54:59.0735 2664  HPZius12 - ok
20:54:59.0767 2664  [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
20:54:59.0813 2664  HSFHWBS2 - ok
20:54:59.0845 2664  [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:54:59.0938 2664  HSF_DP - ok
20:54:59.0970 2664  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:55:00.0032 2664  HTTP - ok
20:55:00.0063 2664  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:55:00.0220 2664  HTTPFilter - ok
20:55:00.0235 2664  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
20:55:00.0391 2664  i2omgmt - ok
20:55:00.0407 2664  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:55:00.0548 2664  i2omp - ok
20:55:00.0579 2664  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:55:00.0735 2664  i8042prt - ok
20:55:00.0813 2664  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:55:00.0860 2664  idsvc - ok
20:55:00.0891 2664  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
20:55:01.0016 2664  Imapi - ok
20:55:01.0063 2664  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
20:55:01.0188 2664  ImapiService - ok
20:55:01.0219 2664  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:55:01.0391 2664  ini910u - ok
20:55:01.0422 2664  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
20:55:01.0563 2664  IntelIde - ok
20:55:01.0594 2664  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:55:01.0735 2664  intelppm - ok
20:55:01.0766 2664  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
20:55:01.0891 2664  Ip6Fw - ok
20:55:01.0922 2664  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:55:02.0110 2664  IpFilterDriver - ok
20:55:02.0141 2664  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:55:02.0266 2664  IpInIp - ok
20:55:02.0297 2664  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:55:02.0438 2664  IpNat - ok
20:55:02.0453 2664  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:55:02.0610 2664  IPSec - ok
20:55:02.0625 2664  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:55:02.0766 2664  IRENUM - ok
20:55:02.0782 2664  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:55:02.0906 2664  isapnp - ok
20:55:02.0938 2664  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:55:03.0063 2664  Kbdclass - ok
20:55:03.0078 2664  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:55:03.0219 2664  kbdhid - ok
20:55:03.0250 2664  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:55:03.0375 2664  kmixer - ok
20:55:03.0422 2664  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:55:03.0484 2664  KSecDD - ok
20:55:03.0531 2664  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
20:55:03.0563 2664  lanmanserver - ok
20:55:03.0609 2664  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:55:03.0656 2664  lanmanworkstation - ok
20:55:03.0656 2664  lbrtfdc - ok
20:55:03.0703 2664  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
20:55:03.0844 2664  LmHosts - ok
20:55:03.0875 2664  [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc         C:\WINDOWS\ehome\mcrdsvc.exe
20:55:03.0906 2664  McrdSvc - ok
20:55:03.0969 2664  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:55:04.0000 2664  MDM - ok
20:55:04.0016 2664  [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:55:04.0047 2664  mdmxsdk - ok
20:55:04.0078 2664  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
20:55:04.0219 2664  Messenger - ok
20:55:04.0250 2664  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
20:55:04.0437 2664  mnmdd - ok
20:55:04.0469 2664  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
20:55:04.0609 2664  mnmsrvc - ok
20:55:04.0641 2664  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
20:55:04.0765 2664  Modem - ok
20:55:04.0797 2664  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:55:04.0969 2664  MODEMCSA - ok
20:55:05.0000 2664  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:55:05.0125 2664  Mouclass - ok
20:55:05.0156 2664  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:55:05.0312 2664  mouhid - ok
20:55:05.0343 2664  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:55:05.0453 2664  MountMgr - ok
20:55:05.0500 2664  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:55:05.0515 2664  MpFilter - ok
20:55:05.0609 2664  [ A69630D039C38018689190234F866D77 ] MpKsl5d39cb44   c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DCA5E2F9-BC06-4C33-B70C-408417CF8F6C}\MpKsl5d39cb44.sys
20:55:05.0625 2664  MpKsl5d39cb44 - ok
20:55:05.0656 2664  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:55:05.0843 2664  mraid35x - ok
20:55:05.0859 2664  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:55:06.0000 2664  MRxDAV - ok
20:55:06.0046 2664  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:55:06.0078 2664  MRxSmb - ok
20:55:06.0125 2664  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
20:55:06.0265 2664  MSDTC - ok
20:55:06.0296 2664  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:55:06.0421 2664  Msfs - ok
20:55:06.0437 2664  MSIServer - ok
20:55:06.0468 2664  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:55:06.0609 2664  MSKSSRV - ok
20:55:06.0671 2664  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:55:06.0687 2664  MsMpSvc - ok
20:55:06.0703 2664  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:55:06.0859 2664  MSPCLOCK - ok
20:55:06.0874 2664  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:55:07.0015 2664  MSPQM - ok
20:55:07.0046 2664  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:55:07.0202 2664  mssmbios - ok
20:55:07.0234 2664  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
20:55:07.0281 2664  Mup - ok
20:55:07.0327 2664  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
20:55:07.0499 2664  napagent - ok
20:55:07.0515 2664  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:55:07.0671 2664  NDIS - ok
20:55:07.0702 2664  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:55:07.0734 2664  NdisTapi - ok
20:55:07.0780 2664  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:55:07.0921 2664  Ndisuio - ok
20:55:07.0937 2664  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:55:08.0093 2664  NdisWan - ok
20:55:08.0124 2664  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:55:08.0155 2664  NDProxy - ok
20:55:08.0187 2664  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:55:08.0327 2664  NetBIOS - ok
20:55:08.0358 2664  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:55:08.0499 2664  NetBT - ok
20:55:08.0546 2664  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:55:08.0687 2664  NetDDE - ok
20:55:08.0702 2664  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:55:08.0843 2664  NetDDEdsdm - ok
20:55:08.0874 2664  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:55:09.0015 2664  Netlogon - ok
20:55:09.0061 2664  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
20:55:09.0202 2664  Netman - ok
20:55:09.0265 2664  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:55:09.0280 2664  NetTcpPortSharing - ok
20:55:09.0311 2664  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
20:55:09.0327 2664  Nla - ok
20:55:09.0358 2664  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:55:09.0499 2664  Npfs - ok
20:55:09.0530 2664  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:55:09.0686 2664  Ntfs - ok
20:55:09.0718 2664  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
20:55:09.0843 2664  NtLmSsp - ok
20:55:09.0889 2664  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
20:55:10.0030 2664  NtmsSvc - ok
20:55:10.0061 2664  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:55:10.0233 2664  Null - ok
20:55:10.0358 2664  [ 15A6306A0B958BF60F09688D0EE70479 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:55:10.0577 2664  nv - ok
20:55:10.0608 2664  [ 986D6666E076AFD2B60ACAFD5B01A00F ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
20:55:10.0639 2664  NVSvc - ok
20:55:10.0671 2664  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:55:10.0842 2664  NwlnkFlt - ok
20:55:10.0874 2664  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:55:11.0030 2664  NwlnkFwd - ok
20:55:11.0061 2664  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:55:11.0077 2664  ose - ok
20:55:11.0092 2664  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
20:55:11.0233 2664  Parport - ok
20:55:11.0264 2664  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
20:55:11.0389 2664  PartMgr - ok
20:55:11.0420 2664  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:55:11.0577 2664  ParVdm - ok
20:55:11.0608 2664  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
20:55:11.0748 2664  PCI - ok
20:55:11.0764 2664  PCIDump - ok
20:55:11.0795 2664  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
20:55:11.0952 2664  PCIIde - ok
20:55:11.0983 2664  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
20:55:12.0108 2664  Pcmcia - ok
20:55:12.0108 2664  PDCOMP - ok
20:55:12.0123 2664  PDFRAME - ok
20:55:12.0139 2664  PDRELI - ok
20:55:12.0139 2664  PDRFRAME - ok
20:55:12.0170 2664  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
20:55:12.0342 2664  perc2 - ok
20:55:12.0358 2664  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:55:12.0530 2664  perc2hib - ok
20:55:12.0561 2664  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
20:55:12.0623 2664  PlugPlay - ok
20:55:12.0639 2664  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
20:55:12.0764 2664  PolicyAgent - ok
20:55:12.0811 2664  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:55:12.0936 2664  PptpMiniport - ok
20:55:12.0967 2664  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
20:55:13.0092 2664  Processor - ok
20:55:13.0123 2664  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:55:13.0248 2664  ProtectedStorage - ok
20:55:13.0264 2664  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:55:13.0404 2664  PSched - ok
20:55:13.0420 2664  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:55:13.0592 2664  Ptilink - ok
20:55:13.0623 2664  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:55:13.0795 2664  ql1080 - ok
20:55:13.0811 2664  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:55:13.0967 2664  Ql10wnt - ok
20:55:13.0998 2664  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:55:14.0139 2664  ql12160 - ok
20:55:14.0154 2664  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:55:14.0310 2664  ql1240 - ok
20:55:14.0326 2664  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:55:14.0498 2664  ql1280 - ok
20:55:14.0513 2664  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:55:14.0685 2664  RasAcd - ok
20:55:14.0717 2664  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:55:14.0857 2664  RasAuto - ok
20:55:14.0888 2664  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:55:15.0013 2664  Rasl2tp - ok
20:55:15.0060 2664  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:55:15.0185 2664  RasMan - ok
20:55:15.0232 2664  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:55:15.0373 2664  RasPppoe - ok
20:55:15.0388 2664  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:55:15.0545 2664  Raspti - ok
20:55:15.0560 2664  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:55:15.0685 2664  Rdbss - ok
20:55:15.0701 2664  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:55:15.0873 2664  RDPCDD - ok
20:55:15.0904 2664  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:55:16.0044 2664  rdpdr - ok
20:55:16.0076 2664  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
20:55:16.0123 2664  RDPWD - ok
20:55:16.0154 2664  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
20:55:16.0310 2664  RDSessMgr - ok
20:55:16.0326 2664  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
20:55:16.0466 2664  redbook - ok
20:55:16.0513 2664  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:55:16.0654 2664  RemoteAccess - ok
20:55:16.0685 2664  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:55:16.0826 2664  RemoteRegistry - ok
20:55:16.0857 2664  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:55:17.0013 2664  RpcLocator - ok
20:55:17.0029 2664  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
20:55:17.0091 2664  RpcSs - ok
20:55:17.0122 2664  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
20:55:17.0279 2664  RSVP - ok
20:55:17.0310 2664  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:55:17.0435 2664  SamSs - ok
20:55:17.0466 2664  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:55:17.0591 2664  SCardSvr - ok
20:55:17.0638 2664  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:55:17.0778 2664  Schedule - ok
20:55:17.0810 2664  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:55:17.0950 2664  Secdrv - ok
20:55:17.0982 2664  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:55:18.0122 2664  seclogon - ok
20:55:18.0153 2664  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
20:55:18.0294 2664  SENS - ok
20:55:18.0325 2664  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
20:55:18.0466 2664  serenum - ok
20:55:18.0481 2664  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
20:55:18.0638 2664  Serial - ok
20:55:18.0669 2664  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
20:55:18.0794 2664  Sfloppy - ok
20:55:18.0825 2664  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:55:18.0981 2664  SharedAccess - ok
20:55:19.0028 2664  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:55:19.0059 2664  ShellHWDetection - ok
20:55:19.0059 2664  Simbad - ok
20:55:19.0106 2664  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:55:19.0247 2664  sisagp - ok
20:55:19.0278 2664  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:55:19.0356 2664  Sparrow - ok
20:55:19.0387 2664  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:55:19.0528 2664  splitter - ok
20:55:19.0559 2664  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
20:55:19.0622 2664  Spooler - ok
20:55:19.0637 2664  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:55:19.0794 2664  sr - ok
20:55:19.0825 2664  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
20:55:19.0965 2664  srservice - ok
20:55:20.0012 2664  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:55:20.0059 2664  Srv - ok
20:55:20.0090 2664  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:55:20.0247 2664  SSDPSRV - ok
20:55:20.0294 2664  [ 8990440E4B2A7CA5A56A1833B03741FD ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
20:55:20.0419 2664  STHDA - ok
20:55:20.0465 2664  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:55:20.0622 2664  stisvc - ok
20:55:20.0653 2664  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:55:20.0778 2664  swenum - ok
20:55:20.0809 2664  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:55:20.0950 2664  swmidi - ok
20:55:20.0965 2664  SwPrv - ok
20:55:20.0981 2664  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
20:55:21.0168 2664  symc810 - ok
20:55:21.0184 2664  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:55:21.0356 2664  symc8xx - ok
20:55:21.0387 2664  [ B226F8A4D780ACDF76145B58BB791D5B ] symlcbrd        C:\WINDOWS\system32\drivers\symlcbrd.sys
20:55:21.0403 2664  symlcbrd - ok
20:55:21.0418 2664  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:55:21.0590 2664  sym_hi - ok
20:55:21.0621 2664  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:55:21.0762 2664  sym_u3 - ok
20:55:21.0793 2664  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:55:21.0934 2664  sysaudio - ok
20:55:21.0965 2664  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
20:55:22.0090 2664  SysmonLog - ok
20:55:22.0137 2664  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:55:22.0293 2664  TapiSrv - ok
20:55:22.0324 2664  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:55:22.0371 2664  Tcpip - ok
20:55:22.0402 2664  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:55:22.0543 2664  TDPIPE - ok
20:55:22.0574 2664  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
20:55:22.0715 2664  TDTCP - ok
20:55:22.0731 2664  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:55:22.0871 2664  TermDD - ok
20:55:22.0902 2664  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
20:55:23.0059 2664  TermService - ok
20:55:23.0074 2664  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:55:23.0090 2664  Themes - ok
20:55:23.0121 2664  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
20:55:23.0277 2664  TlntSvr - ok
20:55:23.0293 2664  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
20:55:23.0449 2664  TosIde - ok
20:55:23.0480 2664  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:55:23.0621 2664  TrkWks - ok
20:55:23.0652 2664  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:55:23.0793 2664  Udfs - ok
20:55:23.0824 2664  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
20:55:23.0902 2664  ultra - ok
20:55:23.0933 2664  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:55:24.0074 2664  Update - ok
20:55:24.0105 2664  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:55:24.0246 2664  upnphost - ok
20:55:24.0277 2664  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
20:55:24.0402 2664  UPS - ok
20:55:24.0433 2664  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:55:24.0574 2664  usbccgp - ok
20:55:24.0605 2664  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:55:24.0777 2664  usbehci - ok
20:55:24.0793 2664  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:55:24.0933 2664  usbhub - ok
20:55:24.0980 2664  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:55:25.0121 2664  usbohci - ok
20:55:25.0136 2664  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:55:25.0277 2664  usbprint - ok
20:55:25.0308 2664  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:55:25.0464 2664  usbscan - ok
20:55:25.0496 2664  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:55:25.0667 2664  USBSTOR - ok
20:55:25.0683 2664  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:55:25.0824 2664  usbuhci - ok
20:55:25.0839 2664  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
20:55:25.0980 2664  VgaSave - ok
20:55:26.0011 2664  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:55:26.0136 2664  viaagp - ok
20:55:26.0152 2664  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
20:55:26.0277 2664  ViaIde - ok
20:55:26.0308 2664  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
20:55:26.0433 2664  VolSnap - ok
20:55:26.0480 2664  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
20:55:26.0620 2664  VSS - ok
20:55:26.0652 2664  [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time         C:\WINDOWS\system32\w32time.dll
20:55:26.0792 2664  w32time - ok
20:55:26.0823 2664  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:55:26.0964 2664  Wanarp - ok
20:55:26.0980 2664  wanatw - ok
20:55:26.0980 2664  WDICA - ok
20:55:27.0011 2664  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:55:27.0152 2664  wdmaud - ok
20:55:27.0183 2664  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:55:27.0323 2664  WebClient - ok
20:55:27.0370 2664  [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:55:27.0433 2664  winachsf - ok
20:55:27.0495 2664  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:55:27.0636 2664  winmgmt - ok
20:55:27.0683 2664  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:55:27.0730 2664  WmdmPmSN - ok
20:55:27.0792 2664  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
20:55:27.0870 2664  Wmi - ok
20:55:27.0917 2664  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:55:28.0058 2664  WmiApSrv - ok
20:55:28.0120 2664  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
20:55:28.0198 2664  WMPNetworkSvc - ok
20:55:28.0229 2664  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:55:28.0417 2664  WS2IFSL - ok
20:55:28.0448 2664  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
20:55:28.0589 2664  wscsvc - ok
20:55:28.0604 2664  WSearch - ok
20:55:28.0636 2664  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:55:28.0761 2664  wuauserv - ok
20:55:28.0792 2664  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:55:28.0839 2664  WudfPf - ok
20:55:28.0870 2664  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:55:28.0901 2664  WudfRd - ok
20:55:28.0917 2664  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
20:55:28.0932 2664  WudfSvc - ok
20:55:28.0979 2664  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:55:29.0135 2664  WZCSVC - ok
20:55:29.0167 2664  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
20:55:29.0307 2664  xmlprov - ok
20:55:29.0307 2664  ================ Scan global ===============================
20:55:29.0339 2664  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:55:29.0385 2664  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:55:29.0401 2664  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:55:29.0417 2664  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:55:29.0432 2664  [Global] - ok
20:55:29.0432 2664  ================ Scan MBR ==================================
20:55:29.0448 2664  [ 49A546210C3E024EAC559A37A6BF499A ] \Device\Harddisk0\DR0
20:55:29.0667 2664  \Device\Harddisk0\DR0 - ok
20:55:29.0667 2664  ================ Scan VBR ==================================
20:55:29.0682 2664  [ 0325746678282948013E6EE520FE7BF2 ] \Device\Harddisk0\DR0\Partition1
20:55:29.0682 2664  \Device\Harddisk0\DR0\Partition1 - ok
20:55:29.0682 2664  ============================================================
20:55:29.0682 2664  Scan finished
20:55:29.0682 2664  ============================================================
20:55:29.0792 2224  Detected object count: 0
20:55:29.0792 2224  Actual detected object count: 0


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:19 AM

Posted 12 June 2013 - 07:55 AM

Looking good any remaining issues?

#11 Flaarg

Flaarg
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 13 June 2013 - 08:27 PM

I have a couple of issues that I'd like for you to look into.

 

First off I have a strange issue with Microsoft Security Essentials, I run a scan every night, yet less than 24 hours later it tends to say that I haven't run a scan in a while, despite the fact that I ran a scan less than 24 hours ago.

 

Second off, my DLL files are in C:\WINDOWS\system32 rather than C:\WINDOWS\system32\dllcache, in fact I don't even have a dllcache folder, could this lead to any issues?

 

Also, is there anyway I could dig deeper to hunt for viruses? It's rather hard to tell whether or not I'm still infected.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:19 AM

Posted 14 June 2013 - 10:17 AM

Let see if this scan will find anything.

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


#13 Flaarg

Flaarg
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 14 June 2013 - 07:18 PM

Alright, I ran ESET, it didn't find anything, I forgot to save a log (unless it didn't give me the option BECAUSE it didn't find anything, that is.) Any other ideas?



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:19 AM

Posted 15 June 2013 - 08:04 AM

If no log was created then you are clean.

Any issues with this computer at the moment?

#15 Flaarg

Flaarg
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 15 June 2013 - 06:25 PM

It seems better than before, but it's still hard to tell whether or not it's totally clean, it doesn't help that this computer is rather mediocre, I'm willing to look into anything you suggest, so if you can think of any other programs that could catch any potential viruses please let me know. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users