Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess rootkit infection. DDS not generating logs. Freezing


  • This topic is locked This topic is locked
65 replies to this topic

#1 neverends

neverends

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 13 August 2013 - 09:13 PM

Instructed to post new topic  here after running DDS. It estimates three minutes to complete and generate the two logs. Stared program and it froze (apparently) after about one minute with the "Please wait..." message showing, and progress bar about 80% across. HD indicator light, after showing considerable HD activity during first minute, slowed to crawl and bllinked at steady one second interval. Gave it 15 minutes and finally did a cold reboot to safe mode and reattempted. Same thing. Froze about one minute in and I let it sit (apparently) idle for approx. 40 minutes before aborting.

 

Should I give it longer, or proceed to another approach?

 

Thanks. I will start it again tonight and let it run until morning just in case.

 



BC AdBot (Login to Remove)

 


#2 neverends

neverends
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 14 August 2013 - 07:39 AM

Just to update, let DDS run overnight (approx 8 hrs). Definitely frozen. No logs.



#3 neverends

neverends
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 14 August 2013 - 05:27 PM

OTL run on instructions from Broni. Log follows. Only log produced.

 

 

OTL logfile created on: 8/14/2013 5:44:52 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 86.25% Memory free
4.33 Gb Paging File | 4.11 Gb Available in Paging File | 95.03% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 431.68 Gb Free Space | 92.68% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 401.04 Gb Free Space | 86.10% Space Free | Partition Type: NTFS
Drive F: | 7.50 Gb Total Space | 5.96 Gb Free Space | 79.52% Space Free | Partition Type: FAT32
Drive M: | 14.90 Gb Total Space | 0.91 Gb Free Space | 6.08% Space Free | Partition Type: FAT32
 
Computer Name: OWNER-7F3301E51 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/14 17:25:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/12/13 19:10:16 | 000,144,832 | ---- | M] () -- C:\Program Files\LG Electronics\LGE LTE Driver\LGVL600SVC.exe
PRC - [2010/10/14 23:37:24 | 003,975,088 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/10/06 13:35:25 | 000,065,536 | ---- | M] (Mijenix Corporation) -- C:\Program Files\ZipMagic\zm32nt.exe
PRC - [2010/09/08 02:21:00 | 000,779,960 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/05/31 07:18:16 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/08/24 19:52:30 | 000,082,432 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2009/03/05 00:28:44 | 000,356,352 | ---- | M] (PC Dynamics, Inc.) -- C:\Program Files\SafeHouse\SdwTray.exe
PRC - [2009/03/05 00:26:14 | 000,151,552 | ---- | M] (PC Dynamics, Inc.) -- C:\Program Files\SafeHouse\SdwMon32.exe
PRC - [2008/04/14 05:42:32 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/18 12:57:54 | 000,741,376 | ---- | M] (Software602 a.s.) -- C:\Program Files\Software602\Print2PDF\PrnPack.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010/12/13 19:10:16 | 000,144,832 | ---- | M] () -- C:\Program Files\LG Electronics\LGE LTE Driver\LGVL600SVC.exe
MOD - [2010/10/06 13:35:25 | 000,090,112 | ---- | M] () -- C:\Program Files\ZipMagic\MXExHand.dll
MOD - [2010/03/29 16:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2009/08/24 19:52:30 | 000,082,432 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
MOD - [2005/10/13 16:33:26 | 000,331,776 | ---- | M] () -- C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprint.dll
MOD - [2005/01/26 11:37:30 | 000,061,440 | ---- | M] () -- C:\Program Files\Common Files\soft602\W5_STRSN.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/12/13 19:10:16 | 000,144,832 | ---- | M] () [Auto | Running] -- C:\Program Files\LG Electronics\LGE LTE Driver\LGVL600SVC.exe -- (LGE NDIS Connection Service)
SRV - [2010/10/14 23:37:24 | 003,975,088 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/09/08 02:21:00 | 000,779,960 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/08/24 19:52:30 | 000,082,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2005/11/11 14:42:22 | 000,077,824 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe -- (bepprldr)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\MosIrUsb.sys -- (MosIrUsb)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\HPW5ECP.SYS -- (HPW5ECP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\DMusic.sys -- (DMusic)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2011/03/01 12:32:32 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2011/02/16 11:52:02 | 000,032,512 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGELTEBus.sys -- (LGELTEBus)
DRV - [2011/02/16 11:51:50 | 000,101,888 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGELTEmdm.sys -- (LGELTEmdm)
DRV - [2011/02/16 11:51:34 | 000,038,016 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGELTEMux.sys -- (LGELTEMux)
DRV - [2011/02/16 11:51:24 | 000,046,336 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGELTENdis.sys -- (LGELTENdis)
DRV - [2011/02/16 11:51:10 | 000,102,784 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGELTEprt.sys -- (LGELTEprt)
DRV - [2010/10/14 23:37:26 | 000,163,232 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/10/14 23:37:19 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm273.sys -- (tdrpman273)
DRV - [2010/10/14 23:37:18 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2010/10/14 23:37:11 | 000,170,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2010/10/06 13:35:26 | 000,156,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\ZipMagic\zmNTZip.sys -- (zmNTZip)
DRV - [2010/10/06 13:35:26 | 000,005,760 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\ZmNTMon.sys -- (zmNTMon)
DRV - [2009/12/18 12:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/08/24 19:53:24 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/05/15 15:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwvmser2.sys -- (NWVMPort2)
DRV - [2009/05/15 15:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwvmser.sys -- (NWVMPort)
DRV - [2009/05/15 15:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwvmmdm.sys -- (NWVMModem)
DRV - [2009/03/05 00:26:22 | 000,077,824 | ---- | M] (PC Dynamics, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\SafDskNT.sys -- (SafDskNT)
DRV - [2008/07/25 01:18:32 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/12/13 18:31:56 | 000,087,040 | ---- | M] (Cmotech Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmusbser.sys -- (cmusbser)
DRV - [2004/07/21 11:38:42 | 000,018,240 | ---- | M] (Compuware Corporation - NuMega Lab) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DbgMsg.sys -- (DbgMsg)
DRV - [2002/07/24 13:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/19 10:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 10:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 10:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 10:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/19 10:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2002/07/19 10:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2002/07/02 12:20:51 | 000,070,382 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2002/07/02 12:20:51 | 000,006,030 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [2002/07/02 12:20:50 | 000,050,830 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2001/08/17 12:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman)
DRV - [2001/08/17 12:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1)
DRV - [2001/08/17 12:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-823518204-1960408961-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.godfreysite.com/
IE - HKU\S-1-5-21-823518204-1960408961-682003330-1003\..\SearchScopes,DefaultScope = {7CAD7444-2754-49A1-9662-E78CF3F35BB4}
IE - HKU\S-1-5-21-823518204-1960408961-682003330-1003\..\SearchScopes\{7CAD7444-2754-49A1-9662-E78CF3F35BB4}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-823518204-1960408961-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2011/08/22 20:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
 
O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc.                    )
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PrintPack dispatcher] C:\Program Files\Software602\Print2PDF\PrnPack.exe (Software602 a.s.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZipMagic] C:\Program Files\ZipMagic\zm32nt.exe (Mijenix Corporation)
O4 - HKU\S-1-5-21-823518204-1960408961-682003330-1003..\Run: [PC Dynamics SdwMon32] C:\Program Files\SafeHouse\SdwMon32.exe (PC Dynamics, Inc.)
O4 - HKU\S-1-5-21-823518204-1960408961-682003330-1003..\Run: [SafeHouseSystemTray] C:\Program Files\SafeHouse\SdwTray.exe (PC Dynamics, Inc.)
O4 - HKU\S-1-5-21-823518204-1960408961-682003330-1003..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software)
O4 - HKLM..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe ()
O4 - HKU\S-1-5-21-823518204-1960408961-682003330-1003..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe ()
O4 - HKLM..\RunServices: [ZipMagic] C:\Program Files\ZipMagic\zm32nt.exe (Mijenix Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\CALENDER.lnk = C:\Documents and Settings\Owner\My Documents\CALENDER.txt ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-1960408961-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-823518204-1960408961-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll (Software602 a.s.)
O9 - Extra 'Tools' menuitem : Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\system32\Print602.dll (Software602 a.s.)
O15 - HKU\S-1-5-21-823518204-1960408961-682003330-1003\..Trusted Domains: ameritrade.com ([gainskeeper] https in Trusted sites)
O15 - HKU\S-1-5-21-823518204-1960408961-682003330-1003\..Trusted Domains: ameritrade.com ([research] https in Trusted sites)
O15 - HKU\S-1-5-21-823518204-1960408961-682003330-1003\..Trusted Domains: ameritrade.com ([valubond] https in Trusted sites)
O15 - HKU\S-1-5-21-823518204-1960408961-682003330-1003\..Trusted Domains: ameritrade.com ([wwws] https in Trusted sites)
O15 - HKU\S-1-5-21-823518204-1960408961-682003330-1003\..Trusted Domains: intellicast.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-823518204-1960408961-682003330-1003\..Trusted Domains: mylabbill.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-823518204-1960408961-682003330-1003\..Trusted Domains: remititonline.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-823518204-1960408961-682003330-1003\..Trusted Domains: streamer.com ([tdameritrade-fl] * in Trusted sites)
O15 - HKU\S-1-5-21-823518204-1960408961-682003330-1003\..Trusted Domains: streamer.com ([tdameritrade-fl] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1273445850250 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1376249961015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab (SysInfo Class)
O16 - DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} http://speaksofrain.nightowldvr.com:777/HiDvrOcx.cab (HiDvrOcx Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/09 18:32:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/03/12 09:12:57 | 000,000,000 | RH-D | M] - C:\autorun -- [ NTFS ]
O33 - MountPoints2\{20098c86-0c99-11e2-84c9-f748ee9306fb}\Shell - "" = AutoRun
O33 - MountPoints2\{20098c86-0c99-11e2-84c9-f748ee9306fb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{20098c86-0c99-11e2-84c9-f748ee9306fb}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{af9febc6-fa3f-11df-8135-8ad3b51c2f94}\Shell - "" = AutoRun
O33 - MountPoints2\{af9febc6-fa3f-11df-8135-8ad3b51c2f94}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{af9febc6-fa3f-11df-8135-8ad3b51c2f94}\Shell\AutoRun\command - "" = K:\LiteAuto.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/14 17:25:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/08/14 08:21:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/08/13 08:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/08/13 08:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\mbar
[2013/08/13 08:44:21 | 001,893,504 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Owner\Desktop\iExplore.exe
[2013/08/13 08:43:08 | 012,081,912 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\Owner\Desktop\mbar-1.06.1.1005.exe
[2013/08/13 08:41:54 | 000,357,143 | ---- | C] (Farbar) -- C:\Documents and Settings\Owner\Desktop\FSS.exe
[2013/08/12 01:18:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/12 01:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2013/08/12 01:09:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013/08/12 00:46:26 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/08/11 22:01:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/08/11 22:01:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/08/11 22:01:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/08/11 22:01:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/08/11 22:01:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/11 22:01:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/08/11 21:24:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2013/08/11 18:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2013/08/11 18:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/08/11 18:44:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/08/11 18:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/11 16:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MALWARE ISSUE
[2013/08/11 16:06:59 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com
[2013/08/11 15:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/08/11 15:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2013/08/11 13:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2013/08/11 13:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/08/06 12:12:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RABBITRABBIT
[2013/07/30 21:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/07/29 17:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2013/07/29 17:15:43 | 000,000,000 | ---D | C] -- C:\4e0f428c1ab8a9b7e69ec24b7aeb16
[2013/07/29 17:15:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2013/07/29 17:15:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2013/07/19 11:13:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/14 18:03:33 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/08/14 17:26:06 | 000,000,675 | ---- | M] () -- C:\WINDOWS\RPNCALC.INI
[2013/08/14 17:25:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/08/14 15:50:15 | 000,000,329 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2013/08/14 08:15:39 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/14 08:15:39 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/14 08:11:35 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/14 08:11:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/14 00:05:28 | 000,024,264 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000004-00001102-00000002-80271102}.rfx
[2013/08/14 00:05:28 | 000,024,264 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000004-00001102-00000002-80271102}.rfx
[2013/08/14 00:05:28 | 000,016,324 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000002-80271102}.rfx
[2013/08/14 00:05:28 | 000,016,324 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000002-80271102}.rfx
[2013/08/14 00:05:28 | 000,001,240 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2013/08/14 00:05:28 | 000,001,240 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2013/08/14 00:05:28 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000004-00001102-00000002-80271102}.dat
[2013/08/14 00:05:28 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000002-80271102}.dat
[2013/08/13 23:59:06 | 000,000,569 | ---- | M] () -- C:\WINDOWS\PSTUDIO.INI
[2013/08/13 08:44:23 | 001,893,504 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Owner\Desktop\iExplore.exe
[2013/08/13 08:43:17 | 012,081,912 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\Owner\Desktop\mbar-1.06.1.1005.exe
[2013/08/13 08:41:55 | 000,357,143 | ---- | M] (Farbar) -- C:\Documents and Settings\Owner\Desktop\FSS.exe
[2013/08/13 08:41:19 | 000,891,115 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2013/08/12 18:13:08 | 000,000,028 | ---- | M] () -- C:\WINDOWS\qbwcd.ini
[2013/08/12 08:55:18 | 000,001,965 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/08/12 01:10:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/12 01:08:07 | 000,004,632 | ---- | M] () -- C:\FixitRegBackup.reg
[2013/08/11 18:44:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/11 17:00:56 | 003,373,917 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000004-00001102-00000002-80271102}.CDF
[2013/08/11 17:00:52 | 000,004,095 | ---- | M] () -- C:\TempStore.sdsk
[2013/08/11 16:07:03 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com
[2013/08/11 15:41:00 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/11 13:51:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/07/29 17:27:18 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/07/29 17:27:18 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/07/29 17:16:40 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/07/29 17:15:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/13 08:45:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/13 08:41:18 | 000,891,115 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2013/08/12 00:55:32 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/08/11 22:01:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/08/11 22:01:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/08/11 22:01:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/08/11 22:01:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/08/11 22:01:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/08/11 20:31:05 | 000,004,632 | ---- | C] () -- C:\FixitRegBackup.reg
[2013/08/11 13:48:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/07/29 17:15:42 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2013/05/12 21:45:08 | 000,188,416 | RHS- | C] () -- C:\WINDOWS\System32\winDCE32.dll
[2013/05/12 21:45:07 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2012/11/21 10:24:14 | 000,000,243 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\RmUserCfg.ini
[2012/11/21 10:24:14 | 000,000,035 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\IpAndPort.fig
[2012/03/22 09:42:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VL600ZV8_SW_Upgrade_Tool.INI
[2012/03/08 13:02:30 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2012/02/26 17:59:06 | 000,017,768 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012/02/26 17:52:33 | 000,001,534 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2012/02/15 09:21:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/10/05 12:48:40 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Owner\default.pls
[2010/10/04 12:42:37 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2012/11/14 09:32:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/03/10 00:33:41 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/10/14 23:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2012/02/26 17:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2010/10/07 11:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IMSIDesign
[2010/11/27 17:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2011/07/15 08:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2013/07/30 13:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/03/22 09:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2010/12/18 00:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acronis
[2013/06/03 17:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2010/10/25 21:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ATTNaturalVoices
[2013/05/12 20:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\avidemux
[2012/07/12 12:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bullzip
[2010/11/20 12:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CEZEO software
[2010/11/07 16:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DisplayTune
[2011/03/16 08:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2013/08/12 01:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2010/10/18 21:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Audio Editor
[2010/10/07 11:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IMSIDesign
[2012/10/30 09:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2010/10/04 12:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2011/03/16 08:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ParetoLogic
[2012/07/04 14:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Philipp Winterberg
[2011/04/22 10:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smith Micro
[2010/10/11 00:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 8256 bytes -> C:\TempStore.sdsk:Backup
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E138854D

< End of report >



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:55 PM

Posted 17 August 2013 - 08:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
Please post the logs and let me know what problem persists.

#5 neverends

neverends
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 17 August 2013 - 09:43 AM

I'm on it. Thanks.



#6 neverends

neverends
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 17 August 2013 - 09:58 AM

May be a while. Avast site running dead slow. Other tools downloaded.



#7 neverends

neverends
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 17 August 2013 - 11:19 AM

Logs follow. Did NOT download Avast AV or definitions when prompted by aswMBR.exe as this was not addressed in instructions and it took about an hour to download the executable. Also Rogue Killer opened IE to a malware removal web site three times during its scan. I closed it each time.

 

I must be going blind, but I don't see an attach file option, so let me know if you want me to post contents of aswMBR.txt rather than attach zip file.

 

No symptoms apparent since I removed a suspicious BHO found from a hijackthis scan I ran early on (about a week ago).  Prior to that was getting redirects on google searches. Last time I ran RKill it showed signs of zeroaccess remaining. Don't want to run again unless and until you instruct.  Please advise and thanks again.

 

11:37:30.0906 1208  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:37:30.0921 1208  ============================================================
11:37:30.0921 1208  Current date / time: 2013/08/17 11:37:30.0921
11:37:30.0921 1208  SystemInfo:
11:37:30.0921 1208 
11:37:30.0921 1208  OS Version: 5.1.2600 ServicePack: 3.0
11:37:30.0921 1208  Product type: Workstation
11:37:30.0921 1208  ComputerName: OWNER-7F3301E51
11:37:30.0921 1208  UserName: Owner
11:37:30.0921 1208  Windows directory: C:\WINDOWS
11:37:30.0921 1208  System windows directory: C:\WINDOWS
11:37:30.0921 1208  Processor architecture: Intel x86
11:37:30.0921 1208  Number of processors: 2
11:37:30.0921 1208  Page size: 0x1000
11:37:30.0921 1208  Boot type: Normal boot
11:37:30.0921 1208  ============================================================
11:37:32.0203 1208  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:37:32.0203 1208  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:37:32.0234 1208  Drive \Device\Harddisk6\DR8 - Size: 0x1E0BFFE00 (7.51 Gb), SectorSize: 0x200, Cylinders: 0x3D4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:37:32.0250 1208  Drive \Device\Harddisk7\DR9 - Size: 0x3BB3FFE00 (14.93 Gb), SectorSize: 0x200, Cylinders: 0x79C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:37:32.0250 1208  ============================================================
11:37:32.0250 1208  \Device\Harddisk0\DR0:
11:37:32.0250 1208  MBR partitions:
11:37:32.0250 1208  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385800
11:37:32.0250 1208  \Device\Harddisk1\DR1:
11:37:32.0250 1208  MBR partitions:
11:37:32.0250 1208  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
11:37:32.0250 1208  \Device\Harddisk6\DR8:
11:37:32.0250 1208  MBR partitions:
11:37:32.0250 1208  \Device\Harddisk6\DR8\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xF05FDF
11:37:32.0250 1208  \Device\Harddisk7\DR9:
11:37:32.0250 1208  MBR partitions:
11:37:32.0250 1208  \Device\Harddisk7\DR9\Partition1: MBR, Type 0xC, StartLBA 0x34, BlocksNum 0x1DD5A92
11:37:32.0250 1208  ============================================================
11:37:32.0281 1208  C: <-> \Device\Harddisk0\DR0\Partition1
11:37:32.0593 1208  E: <-> \Device\Harddisk1\DR1\Partition1
11:37:32.0593 1208  ============================================================
11:37:32.0593 1208  Initialize success
11:37:32.0593 1208  ============================================================
11:37:57.0140 2712  ============================================================
11:37:57.0140 2712  Scan started
11:37:57.0140 2712  Mode: Manual; SigCheck; TDLFS;
11:37:57.0140 2712  ============================================================
11:37:57.0437 2712  ================ Scan system memory ========================
11:37:57.0437 2712  System memory - ok
11:37:57.0437 2712  ================ Scan services =============================
11:37:57.0515 2712  Abiosdsk - ok
11:37:57.0531 2712  abp480n5 - ok
11:37:57.0562 2712  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:37:57.0828 2712  ACPI - ok
11:37:57.0859 2712  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
11:37:57.0984 2712  ACPIEC - ok
11:37:58.0046 2712  [ 0BEEE785AD5FCF1787EA2F1448A21659 ] AcrSch2Svc      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
11:37:58.0093 2712  AcrSch2Svc - ok
11:37:58.0093 2712  adpu160m - ok
11:37:58.0125 2712  [ 3CB6AE5435987B1F8C83FD2730479878 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
11:37:58.0187 2712  aeaudio - ok
11:37:58.0203 2712  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:37:58.0359 2712  aec - ok
11:37:58.0375 2712  [ 927CF84B23FCAC998193563BD465FD58 ] afcdp           C:\WINDOWS\system32\DRIVERS\afcdp.sys
11:37:58.0390 2712  afcdp - ok
11:37:58.0468 2712  [ E6E182BDAAD59CEE0339F0474A558015 ] afcdpsrv        C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
11:37:58.0625 2712  afcdpsrv - ok
11:37:58.0656 2712  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:37:58.0718 2712  AFD - ok
11:37:58.0734 2712  Aha154x - ok
11:37:58.0734 2712  aic78u2 - ok
11:37:58.0750 2712  aic78xx - ok
11:37:58.0781 2712  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:37:58.0921 2712  Alerter - ok
11:37:58.0937 2712  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
11:37:59.0078 2712  ALG - ok
11:37:59.0093 2712  AliIde - ok
11:37:59.0093 2712  amsint - ok
11:37:59.0109 2712  AppMgmt - ok
11:37:59.0109 2712  asc - ok
11:37:59.0125 2712  asc3350p - ok
11:37:59.0125 2712  asc3550 - ok
11:37:59.0203 2712  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:37:59.0234 2712  aspnet_state - ok
11:37:59.0250 2712  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:37:59.0390 2712  AsyncMac - ok
11:37:59.0421 2712  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:37:59.0546 2712  atapi - ok
11:37:59.0562 2712  Atdisk - ok
11:37:59.0609 2712  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:37:59.0750 2712  Atmarpc - ok
11:37:59.0765 2712  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:37:59.0906 2712  AudioSrv - ok
11:37:59.0937 2712  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:38:00.0062 2712  audstub - ok
11:38:00.0109 2712  [ 5175E788BCD1CB7345AB21F3E14369D2 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:38:00.0156 2712  b57w2k - ok
11:38:00.0187 2712  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:38:00.0328 2712  Beep - ok
11:38:00.0375 2712  [ 3B7C95F8E90C8DCFE4234F062886FABA ] bepprldr        C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe
11:38:00.0390 2712  bepprldr ( UnsignedFile.Multi.Generic ) - warning
11:38:00.0390 2712  bepprldr - detected UnsignedFile.Multi.Generic (1)
11:38:00.0421 2712  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:38:00.0609 2712  BITS - ok
11:38:00.0656 2712  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
11:38:00.0703 2712  Browser - ok
11:38:00.0718 2712  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:38:00.0859 2712  cbidf2k - ok
11:38:00.0859 2712  cd20xrnt - ok
11:38:00.0875 2712  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:38:01.0000 2712  Cdaudio - ok
11:38:01.0031 2712  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:38:01.0171 2712  Cdfs - ok
11:38:01.0187 2712  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:38:01.0312 2712  Cdrom - ok
11:38:01.0359 2712  [ 84853B3FD012251690570E9E7E43343F ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
11:38:01.0359 2712  cercsr6 ( UnsignedFile.Multi.Generic ) - warning
11:38:01.0359 2712  cercsr6 - detected UnsignedFile.Multi.Generic (1)
11:38:01.0375 2712  Changer - ok
11:38:01.0390 2712  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:38:01.0531 2712  CiSvc - ok
11:38:01.0546 2712  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:38:01.0671 2712  ClipSrv - ok
11:38:01.0703 2712  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:38:01.0718 2712  clr_optimization_v2.0.50727_32 - ok
11:38:01.0906 2712  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:38:01.0921 2712  clr_optimization_v4.0.30319_32 - ok
11:38:01.0937 2712  CmdIde - ok
11:38:01.0953 2712  [ 631155CE46B7DA2AAC47EEDF7EE42EBE ] cmusbser        C:\WINDOWS\system32\DRIVERS\cmusbser.sys
11:38:02.0015 2712  cmusbser - ok
11:38:02.0015 2712  COMSysApp - ok
11:38:02.0031 2712  Cpqarray - ok
11:38:02.0062 2712  [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv          C:\Program Files\SystemRequirementsLab\cpudrv.sys
11:38:02.0078 2712  cpudrv - ok
11:38:02.0109 2712  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:38:02.0250 2712  CryptSvc - ok
11:38:02.0281 2712  [ 4B6096745F72B4FD36514617E2EA5D37 ] ctac32k         C:\WINDOWS\system32\drivers\ctac32k.sys
11:38:02.0328 2712  ctac32k - ok
11:38:02.0359 2712  [ 3576EC792347ED15699F6D830E0F5437 ] ctaud2k         C:\WINDOWS\system32\drivers\ctaud2k.sys
11:38:02.0406 2712  ctaud2k - ok
11:38:02.0437 2712  [ 71007BD2E1E26927FE3E4EB00C0BEEDF ] ctljystk        C:\WINDOWS\system32\DRIVERS\ctljystk.sys
11:38:02.0562 2712  ctljystk - ok
11:38:02.0578 2712  [ 097D42574E3C6D98CD5A2EE7647FA6BF ] ctprxy2k        C:\WINDOWS\system32\drivers\ctprxy2k.sys
11:38:02.0593 2712  ctprxy2k - ok
11:38:02.0609 2712  [ C58A2507EF62B20B9BD670C666088B50 ] ctsfm2k         C:\WINDOWS\system32\drivers\ctsfm2k.sys
11:38:02.0640 2712  ctsfm2k - ok
11:38:02.0640 2712  dac2w2k - ok
11:38:02.0656 2712  dac960nt - ok
11:38:02.0687 2712  [ 5D69C704A11A037F05270EE98106E12F ] DbgMsg          C:\WINDOWS\System32\Drivers\DbgMsg.sys
11:38:02.0687 2712  DbgMsg ( UnsignedFile.Multi.Generic ) - warning
11:38:02.0687 2712  DbgMsg - detected UnsignedFile.Multi.Generic (1)
11:38:02.0734 2712  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:38:02.0812 2712  DcomLaunch - ok
11:38:02.0828 2712  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:38:02.0968 2712  Dhcp - ok
11:38:03.0000 2712  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:38:03.0125 2712  Disk - ok
11:38:03.0125 2712  dmadmin - ok
11:38:03.0171 2712  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:38:03.0328 2712  dmboot - ok
11:38:03.0343 2712  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:38:03.0484 2712  dmio - ok
11:38:03.0500 2712  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:38:03.0640 2712  dmload - ok
11:38:03.0656 2712  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:38:03.0890 2712  dmserver - ok
11:38:03.0890 2712  DMusic - ok
11:38:03.0937 2712  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:38:04.0015 2712  Dnscache - ok
11:38:04.0031 2712  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:38:04.0171 2712  Dot3svc - ok
11:38:04.0171 2712  dpti2o - ok
11:38:04.0203 2712  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:38:04.0312 2712  drmkaud - ok
11:38:04.0343 2712  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:38:04.0468 2712  EapHost - ok
11:38:04.0515 2712  [ 01F83E1B5DCE05F5CB7D99113CA9E890 ] emu10k          C:\WINDOWS\system32\drivers\emu10k1m.sys
11:38:04.0656 2712  emu10k - ok
11:38:04.0671 2712  [ 7FFA171CCE6A8BFC774862A578BA39A2 ] emu10k1         C:\WINDOWS\system32\drivers\ctlfacem.sys
11:38:04.0812 2712  emu10k1 - ok
11:38:04.0828 2712  [ A9D94B89372F3F9609A1A5EEC631A260 ] emupia          C:\WINDOWS\system32\drivers\emupia2k.sys
11:38:04.0859 2712  emupia - ok
11:38:04.0890 2712  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:38:05.0015 2712  ERSvc - ok
11:38:05.0062 2712  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
11:38:05.0078 2712  Eventlog - ok
11:38:05.0093 2712  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
11:38:05.0140 2712  EventSystem - ok
11:38:05.0171 2712  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:38:05.0312 2712  Fastfat - ok
11:38:05.0328 2712  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:38:05.0375 2712  FastUserSwitchingCompatibility - ok
11:38:05.0406 2712  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
11:38:05.0531 2712  Fdc - ok
11:38:05.0578 2712  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:38:05.0718 2712  Fips - ok
11:38:05.0750 2712  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:38:05.0875 2712  Flpydisk - ok
11:38:05.0890 2712  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:38:06.0015 2712  FltMgr - ok
11:38:06.0062 2712  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:38:06.0078 2712  FontCache3.0.0.0 - ok
11:38:06.0093 2712  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:38:06.0218 2712  Fs_Rec - ok
11:38:06.0234 2712  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:38:06.0375 2712  Ftdisk - ok
11:38:06.0390 2712  [ 065639773D8B03F33577F6CDAEA21063 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
11:38:06.0515 2712  gameenum - ok
11:38:06.0546 2712  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:38:06.0687 2712  Gpc - ok
11:38:06.0765 2712  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
11:38:06.0781 2712  gupdate - ok
11:38:06.0781 2712  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:38:06.0812 2712  gupdatem - ok
11:38:06.0843 2712  [ DC9847CDC43665ED4CC780947516209C ] ha10kx2k        C:\WINDOWS\system32\drivers\ha10kx2k.sys
11:38:06.0906 2712  ha10kx2k - ok
11:38:06.0953 2712  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:38:07.0078 2712  helpsvc - ok
11:38:07.0125 2712  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
11:38:07.0250 2712  HidServ - ok
11:38:07.0281 2712  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:38:07.0421 2712  hidusb - ok
11:38:07.0453 2712  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:38:07.0578 2712  hkmsvc - ok
11:38:07.0578 2712  hpn - ok
11:38:07.0578 2712  HPW5ECP - ok
11:38:07.0609 2712  [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:38:07.0656 2712  HPZid412 - ok
11:38:07.0671 2712  [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:38:07.0703 2712  HPZipr12 - ok
11:38:07.0718 2712  [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:38:07.0765 2712  HPZius12 - ok
11:38:07.0796 2712  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:38:07.0843 2712  HTTP - ok
11:38:07.0875 2712  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:38:08.0015 2712  HTTPFilter - ok
11:38:08.0015 2712  i2omgmt - ok
11:38:08.0031 2712  i2omp - ok
11:38:08.0046 2712  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:38:08.0203 2712  i8042prt - ok
11:38:08.0312 2712  [ 2AAE7BE67911F4AEC9AD28E9CFB9096F ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:38:08.0515 2712  ialm - ok
11:38:08.0578 2712  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:38:08.0625 2712  idsvc - ok
11:38:08.0656 2712  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:38:08.0796 2712  Imapi - ok
11:38:08.0812 2712  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
11:38:08.0953 2712  ImapiService - ok
11:38:08.0968 2712  ini910u - ok
11:38:08.0984 2712  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
11:38:09.0125 2712  IntelIde - ok
11:38:09.0125 2712  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:38:09.0250 2712  intelppm - ok
11:38:09.0265 2712  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
11:38:09.0406 2712  Ip6Fw - ok
11:38:09.0421 2712  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:38:09.0562 2712  IpFilterDriver - ok
11:38:09.0593 2712  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:38:09.0718 2712  IpInIp - ok
11:38:09.0750 2712  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:38:09.0890 2712  IpNat - ok
11:38:09.0906 2712  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:38:10.0046 2712  IPSec - ok
11:38:10.0078 2712  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:38:10.0203 2712  IRENUM - ok
11:38:10.0218 2712  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:38:10.0343 2712  isapnp - ok
11:38:10.0390 2712  [ A0D14B7538FA3AE9CB771B9E99CECF43 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:38:10.0421 2712  JavaQuickStarterService - ok
11:38:10.0453 2712  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:38:10.0578 2712  Kbdclass - ok
11:38:10.0578 2712  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:38:10.0703 2712  kbdhid - ok
11:38:10.0734 2712  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:38:10.0875 2712  kmixer - ok
11:38:10.0890 2712  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:38:10.0953 2712  KSecDD - ok
11:38:11.0000 2712  [ 80794CC09E6AEA4C10EC35AE6BA86AD4 ] l8042pr2        C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
11:38:11.0046 2712  l8042pr2 - ok
11:38:11.0062 2712  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
11:38:11.0125 2712  lanmanserver - ok
11:38:11.0140 2712  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:38:11.0171 2712  lanmanworkstation - ok
11:38:11.0171 2712  lbrtfdc - ok
11:38:11.0234 2712  [ CEF3B5BCFB1DB3D00CCD38B00C09623C ] LGE NDIS Connection Service C:\Program Files\LG Electronics\LGE LTE Driver\LGVL600SVC.exe
11:38:11.0250 2712  LGE NDIS Connection Service - ok
11:38:11.0265 2712  [ FD80EF17566BBFFF19E4BC63BF4B1A49 ] LGELTEBus       C:\WINDOWS\system32\DRIVERS\LGELTEBus.sys
11:38:11.0296 2712  LGELTEBus - ok
11:38:11.0328 2712  [ ACD2F40495BD63FD98EDDDB31301C075 ] LGELTEmdm       C:\WINDOWS\system32\DRIVERS\LGELTEmdm.sys
11:38:11.0359 2712  LGELTEmdm - ok
11:38:11.0375 2712  [ BCA1B0E215163E70F6BD728FEEA249B8 ] LGELTEMux       C:\WINDOWS\system32\DRIVERS\LGELTEMux.sys
11:38:11.0421 2712  LGELTEMux - ok
11:38:11.0421 2712  [ 5B62DD2AAA78EA64B96EF4B4FDAF8F46 ] LGELTENdis      C:\WINDOWS\system32\DRIVERS\LGELTENdis.sys
11:38:11.0453 2712  LGELTENdis - ok
11:38:11.0468 2712  [ 06A38A740A314578B174FF2B21BB80D1 ] LGELTEprt       C:\WINDOWS\system32\DRIVERS\LGELTEprt.sys
11:38:11.0500 2712  LGELTEprt - ok
11:38:11.0531 2712  [ B3E69110FBA2C07B634E6BF20FE9F9AC ] LKbdFlt2        C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
11:38:11.0546 2712  LKbdFlt2 - ok
11:38:11.0578 2712  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:38:11.0734 2712  LmHosts - ok
11:38:11.0750 2712  [ 6D8F6F74341D804A2552D5C6EDC98CB9 ] LMouFlt2        C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
11:38:11.0765 2712  LMouFlt2 - ok
11:38:11.0796 2712  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:38:11.0921 2712  Messenger - ok
11:38:11.0953 2712  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:38:12.0093 2712  mnmdd - ok
11:38:12.0125 2712  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
11:38:12.0250 2712  mnmsrvc - ok
11:38:12.0265 2712  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:38:12.0390 2712  Modem - ok
11:38:12.0406 2712  MosIrUsb - ok
11:38:12.0437 2712  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:38:12.0578 2712  Mouclass - ok
11:38:12.0609 2712  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:38:12.0750 2712  mouhid - ok
11:38:12.0781 2712  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:38:12.0921 2712  MountMgr - ok
11:38:12.0937 2712  [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:38:12.0968 2712  MpFilter - ok
11:38:12.0968 2712  mraid35x - ok
11:38:13.0000 2712  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:38:13.0125 2712  MRxDAV - ok
11:38:13.0171 2712  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:38:13.0234 2712  MRxSmb - ok
11:38:13.0234 2712  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
11:38:13.0359 2712  MSDTC - ok
11:38:13.0375 2712  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:38:13.0500 2712  Msfs - ok
11:38:13.0500 2712  MSIServer - ok
11:38:13.0531 2712  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:38:13.0656 2712  MSKSSRV - ok
11:38:13.0703 2712  MsMpSvc - ok
11:38:13.0718 2712  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:38:13.0859 2712  MSPCLOCK - ok
11:38:13.0875 2712  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:38:14.0000 2712  MSPQM - ok
11:38:14.0031 2712  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:38:14.0171 2712  mssmbios - ok
11:38:14.0187 2712  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:38:14.0203 2712  Mup - ok
11:38:14.0234 2712  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:38:14.0359 2712  napagent - ok
11:38:14.0375 2712  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:38:14.0515 2712  NDIS - ok
11:38:14.0546 2712  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:38:14.0578 2712  NdisTapi - ok
11:38:14.0609 2712  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:38:14.0750 2712  Ndisuio - ok
11:38:14.0765 2712  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:38:14.0906 2712  NdisWan - ok
11:38:14.0921 2712  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:38:14.0953 2712  NDProxy - ok
11:38:14.0953 2712  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:38:15.0078 2712  NetBIOS - ok
11:38:15.0093 2712  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:38:15.0250 2712  NetBT - ok
11:38:15.0265 2712  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:38:15.0390 2712  NetDDE - ok
11:38:15.0406 2712  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:38:15.0531 2712  NetDDEdsdm - ok
11:38:15.0562 2712  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:38:15.0687 2712  Netlogon - ok
11:38:15.0718 2712  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
11:38:15.0859 2712  Netman - ok
11:38:15.0875 2712  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:38:15.0906 2712  NetTcpPortSharing - ok
11:38:15.0921 2712  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:38:15.0953 2712  Nla - ok
11:38:15.0968 2712  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:38:16.0109 2712  Npfs - ok
11:38:16.0140 2712  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:38:16.0296 2712  Ntfs - ok
11:38:16.0312 2712  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
11:38:16.0437 2712  NtLmSsp - ok
11:38:16.0453 2712  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:38:16.0593 2712  NtmsSvc - ok
11:38:16.0640 2712  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:38:16.0796 2712  Null - ok
11:38:16.0843 2712  [ 23E6A6A7D4930B70D9FFFD371450EF1C ] NvtlService     C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
11:38:16.0859 2712  NvtlService ( UnsignedFile.Multi.Generic ) - warning
11:38:16.0859 2712  NvtlService - detected UnsignedFile.Multi.Generic (1)
11:38:16.0875 2712  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:38:17.0015 2712  NwlnkFlt - ok
11:38:17.0031 2712  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:38:17.0171 2712  NwlnkFwd - ok
11:38:17.0187 2712  [ B7112F30D7EFF4B5052EBA879F46228F ] NWVMModem       C:\WINDOWS\system32\DRIVERS\nwvmmdm.sys
11:38:17.0234 2712  NWVMModem - ok
11:38:17.0250 2712  [ B7112F30D7EFF4B5052EBA879F46228F ] NWVMPort        C:\WINDOWS\system32\DRIVERS\nwvmser.sys
11:38:17.0265 2712  NWVMPort - ok
11:38:17.0281 2712  [ B7112F30D7EFF4B5052EBA879F46228F ] NWVMPort2       C:\WINDOWS\system32\DRIVERS\nwvmser2.sys
11:38:17.0296 2712  NWVMPort2 - ok
11:38:17.0312 2712  [ F29184BDC81C398B6027A67FF6A19895 ] ossrv           C:\WINDOWS\system32\drivers\ctoss2k.sys
11:38:17.0343 2712  ossrv - ok
11:38:17.0375 2712  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
11:38:17.0500 2712  Parport - ok
11:38:17.0531 2712  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:38:17.0671 2712  PartMgr - ok
11:38:17.0687 2712  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:38:17.0828 2712  ParVdm - ok
11:38:17.0843 2712  [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PCASp50         C:\WINDOWS\system32\Drivers\PCASp50.sys
11:38:17.0859 2712  PCASp50 - ok
11:38:17.0875 2712  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:38:18.0000 2712  PCI - ok
11:38:18.0000 2712  PCIDump - ok
11:38:18.0015 2712  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
11:38:18.0140 2712  PCIIde - ok
11:38:18.0156 2712  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
11:38:18.0296 2712  Pcmcia - ok
11:38:18.0296 2712  PDCOMP - ok
11:38:18.0312 2712  PDFRAME - ok
11:38:18.0312 2712  PDRELI - ok
11:38:18.0328 2712  PDRFRAME - ok
11:38:18.0328 2712  perc2 - ok
11:38:18.0328 2712  perc2hib - ok
11:38:18.0375 2712  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
11:38:18.0390 2712  PlugPlay - ok
11:38:18.0421 2712  [ 08B11F5C60EDCA255B18CEDEF8EFBA2A ] Point32         C:\WINDOWS\system32\DRIVERS\point32.sys
11:38:18.0421 2712  Point32 ( UnsignedFile.Multi.Generic ) - warning
11:38:18.0421 2712  Point32 - detected UnsignedFile.Multi.Generic (1)
11:38:18.0421 2712  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
11:38:18.0546 2712  PolicyAgent - ok
11:38:18.0578 2712  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:38:18.0718 2712  PptpMiniport - ok
11:38:18.0734 2712  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:38:18.0859 2712  ProtectedStorage - ok
11:38:18.0859 2712  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:38:19.0000 2712  PSched - ok
11:38:19.0015 2712  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:38:19.0156 2712  Ptilink - ok
11:38:19.0156 2712  ql1080 - ok
11:38:19.0171 2712  Ql10wnt - ok
11:38:19.0171 2712  ql12160 - ok
11:38:19.0187 2712  ql1240 - ok
11:38:19.0187 2712  ql1280 - ok
11:38:19.0218 2712  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:38:19.0343 2712  RasAcd - ok
11:38:19.0375 2712  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:38:19.0500 2712  RasAuto - ok
11:38:19.0515 2712  [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda         C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:38:19.0578 2712  Rasirda - ok
11:38:19.0578 2712  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:38:19.0703 2712  Rasl2tp - ok
11:38:19.0718 2712  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:38:19.0890 2712  RasMan - ok
11:38:19.0906 2712  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:38:20.0015 2712  RasPppoe - ok
11:38:20.0031 2712  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:38:20.0187 2712  Raspti - ok
11:38:20.0218 2712  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:38:20.0328 2712  Rdbss - ok
11:38:20.0343 2712  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:38:20.0484 2712  RDPCDD - ok
11:38:20.0515 2712  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:38:20.0578 2712  RDPWD - ok
11:38:20.0609 2712  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:38:20.0734 2712  RDSessMgr - ok
11:38:20.0750 2712  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:38:20.0875 2712  redbook - ok
11:38:20.0906 2712  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:38:21.0031 2712  RemoteAccess - ok
11:38:21.0046 2712  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:38:21.0171 2712  RpcLocator - ok
11:38:21.0203 2712  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
11:38:21.0234 2712  RpcSs - ok
11:38:21.0250 2712  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
11:38:21.0390 2712  RSVP - ok
11:38:21.0421 2712  [ CBA7EEB0FCD16BDCA28CDBB2E1E8804A ] SafDskNT        C:\WINDOWS\system32\drivers\SafDskNT.sys
11:38:21.0421 2712  SafDskNT ( UnsignedFile.Multi.Generic ) - warning
11:38:21.0421 2712  SafDskNT - detected UnsignedFile.Multi.Generic (1)
11:38:21.0437 2712  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:38:21.0562 2712  SamSs - ok
11:38:21.0578 2712  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:38:21.0703 2712  SCardSvr - ok
11:38:21.0734 2712  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:38:21.0875 2712  Schedule - ok
11:38:21.0890 2712  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:38:22.0000 2712  Secdrv - ok
11:38:22.0031 2712  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:38:22.0171 2712  seclogon - ok
11:38:22.0171 2712  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
11:38:22.0296 2712  SENS - ok
11:38:22.0312 2712  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:38:22.0468 2712  serenum - ok
11:38:22.0468 2712  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
11:38:22.0593 2712  Serial - ok
11:38:22.0640 2712  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
11:38:22.0781 2712  Sfloppy - ok
11:38:22.0796 2712  [ 0B1A5E9CACB5CDD54A2815107BD7C772 ] sfman           C:\WINDOWS\system32\drivers\sfmanm.sys
11:38:22.0937 2712  sfman - ok
11:38:22.0984 2712  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:38:23.0109 2712  SharedAccess - ok
11:38:23.0125 2712  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:38:23.0156 2712  ShellHWDetection - ok
11:38:23.0156 2712  Simbad - ok
11:38:23.0218 2712  [ 1E715247EFFFDDA938C085913045D599 ] SMSIVZAM5       C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
11:38:23.0234 2712  SMSIVZAM5 - ok
11:38:23.0281 2712  [ 86D17B6760DD2B09E932FF101714E0DC ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
11:38:23.0343 2712  smwdm - ok
11:38:23.0359 2712  [ 85BADA660D57BC5AEF52B11CABD6D8F9 ] snapman         C:\WINDOWS\system32\DRIVERS\snapman.sys
11:38:23.0390 2712  snapman - ok
11:38:23.0406 2712  [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
11:38:23.0406 2712  SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning
11:38:23.0421 2712  SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
11:38:23.0421 2712  Sparrow - ok
11:38:23.0453 2712  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:38:23.0578 2712  splitter - ok
11:38:23.0609 2712  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:38:23.0671 2712  Spooler - ok
11:38:23.0687 2712  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:38:23.0812 2712  sr - ok
11:38:23.0828 2712  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
11:38:23.0968 2712  srservice - ok
11:38:24.0000 2712  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:38:24.0046 2712  Srv - ok
11:38:24.0078 2712  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:38:24.0218 2712  SSDPSRV - ok
11:38:24.0234 2712  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:38:24.0390 2712  stisvc - ok
11:38:24.0421 2712  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:38:24.0562 2712  swenum - ok
11:38:24.0578 2712  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:38:24.0703 2712  swmidi - ok
11:38:24.0718 2712  SwPrv - ok
11:38:24.0718 2712  symc810 - ok
11:38:24.0734 2712  symc8xx - ok
11:38:24.0734 2712  sym_hi - ok
11:38:24.0750 2712  sym_u3 - ok
11:38:24.0750 2712  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:38:24.0953 2712  sysaudio - ok
11:38:24.0968 2712  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:38:25.0093 2712  SysmonLog - ok
11:38:25.0109 2712  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:38:25.0234 2712  TapiSrv - ok
11:38:25.0281 2712  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:38:25.0312 2712  Tcpip - ok
11:38:25.0328 2712  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:38:25.0453 2712  TDPIPE - ok
11:38:25.0484 2712  [ 431801FCC97034E04A6EFF81136578D7 ] tdrpman273      C:\WINDOWS\system32\DRIVERS\tdrpm273.sys
11:38:25.0531 2712  tdrpman273 - ok
11:38:25.0546 2712  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:38:25.0687 2712  TDTCP - ok
11:38:25.0687 2712  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:38:25.0812 2712  TermDD - ok
11:38:25.0843 2712  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
11:38:25.0984 2712  TermService - ok
11:38:26.0015 2712  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:38:26.0031 2712  Themes - ok
11:38:26.0062 2712  [ A34D7024BB7140EC785C86BC065D4F60 ] timounter       C:\WINDOWS\system32\DRIVERS\timntr.sys
11:38:26.0093 2712  timounter - ok
11:38:26.0109 2712  TosIde - ok
11:38:26.0125 2712  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:38:26.0265 2712  TrkWks - ok
11:38:26.0296 2712  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:38:26.0421 2712  Udfs - ok
11:38:26.0437 2712  ultra - ok
11:38:26.0468 2712  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:38:26.0593 2712  Update - ok
11:38:26.0609 2712  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:38:26.0750 2712  upnphost - ok
11:38:26.0750 2712  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
11:38:26.0875 2712  UPS - ok
11:38:26.0906 2712  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:38:27.0046 2712  usbccgp - ok
11:38:27.0062 2712  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:38:27.0187 2712  usbehci - ok
11:38:27.0187 2712  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:38:27.0328 2712  usbhub - ok
11:38:27.0343 2712  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:38:27.0484 2712  usbprint - ok
11:38:27.0500 2712  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:38:27.0625 2712  usbscan - ok
11:38:27.0640 2712  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:38:27.0765 2712  USBSTOR - ok
11:38:27.0796 2712  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:38:27.0906 2712  usbuhci - ok
11:38:27.0937 2712  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:38:28.0062 2712  VgaSave - ok
11:38:28.0078 2712  ViaIde - ok
11:38:28.0078 2712  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:38:28.0218 2712  VolSnap - ok
11:38:28.0250 2712  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
11:38:28.0375 2712  VSS - ok
11:38:28.0390 2712  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
11:38:28.0531 2712  W32Time - ok
11:38:28.0562 2712  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:38:28.0687 2712  Wanarp - ok
11:38:28.0703 2712  WDICA - ok
11:38:28.0718 2712  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:38:28.0843 2712  wdmaud - ok
11:38:28.0859 2712  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:38:28.0984 2712  WebClient - ok
11:38:29.0062 2712  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:38:29.0187 2712  winmgmt - ok
11:38:29.0234 2712  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
11:38:29.0250 2712  WmdmPmSN - ok
11:38:29.0265 2712  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:38:29.0390 2712  WmiAcpi - ok
11:38:29.0406 2712  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:38:29.0546 2712  WmiApSrv - ok
11:38:29.0609 2712  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
11:38:29.0671 2712  WMPNetworkSvc - ok
11:38:29.0796 2712  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:38:29.0843 2712  WPFFontCache_v0400 - ok
11:38:29.0859 2712  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:38:30.0000 2712  WS2IFSL - ok
11:38:30.0031 2712  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
11:38:30.0171 2712  wscsvc - ok
11:38:30.0187 2712  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:38:30.0312 2712  wuauserv - ok
11:38:30.0328 2712  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:38:30.0359 2712  WudfPf - ok
11:38:30.0390 2712  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:38:30.0406 2712  WudfRd - ok
11:38:30.0421 2712  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
11:38:30.0453 2712  WudfSvc - ok
11:38:30.0484 2712  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:38:30.0640 2712  WZCSVC - ok
11:38:30.0671 2712  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:38:30.0796 2712  xmlprov - ok
11:38:30.0828 2712  [ 82D7092A76390FF11F065FB2D188EE03 ] zmNTMon         C:\WINDOWS\system32\drivers\zmNTMon.sys
11:38:30.0843 2712  zmNTMon ( UnsignedFile.Multi.Generic ) - warning
11:38:30.0843 2712  zmNTMon - detected UnsignedFile.Multi.Generic (1)
11:38:30.0890 2712  [ 7A5CF3747B39E7BB5EA76901B9E63B8A ] zmNTZip         C:\Program Files\ZipMagic\zmNTZip.sys
11:38:30.0906 2712  zmNTZip ( UnsignedFile.Multi.Generic ) - warning
11:38:30.0906 2712  zmNTZip - detected UnsignedFile.Multi.Generic (1)
11:38:30.0921 2712  ================ Scan global ===============================
11:38:30.0953 2712  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:38:30.0968 2712  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
11:38:30.0984 2712  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
11:38:31.0015 2712  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:38:31.0015 2712  [Global] - ok
11:38:31.0015 2712  ================ Scan MBR ==================================
11:38:31.0031 2712  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
11:38:31.0531 2712  \Device\Harddisk0\DR0 - ok
11:38:31.0531 2712  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
11:38:31.0593 2712  \Device\Harddisk1\DR1 - ok
11:38:31.0593 2712  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk6\DR8
11:38:35.0671 2712  \Device\Harddisk6\DR8 - ok
11:38:35.0671 2712  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk7\DR9
11:38:35.0843 2712  \Device\Harddisk7\DR9 - ok
11:38:35.0843 2712  ================ Scan VBR ==================================
11:38:35.0843 2712  [ 4F03ED006465026412577042D37FA5BA ] \Device\Harddisk0\DR0\Partition1
11:38:35.0843 2712  \Device\Harddisk0\DR0\Partition1 - ok
11:38:35.0859 2712  [ 5EF352D20B6AD200338FE444FBC58369 ] \Device\Harddisk1\DR1\Partition1
11:38:35.0859 2712  \Device\Harddisk1\DR1\Partition1 - ok
11:38:35.0859 2712  [ A8366C36449D188C4776B4D6601A0CD2 ] \Device\Harddisk6\DR8\Partition1
11:38:35.0859 2712  \Device\Harddisk6\DR8\Partition1 - ok
11:38:35.0875 2712  [ 154B1B6C38A07A5FF3490065363D3BB5 ] \Device\Harddisk7\DR9\Partition1
11:38:35.0875 2712  \Device\Harddisk7\DR9\Partition1 - ok
11:38:35.0875 2712  ============================================================
11:38:35.0875 2712  Scan finished
11:38:35.0875 2712  ============================================================
11:38:35.0984 2588  Detected object count: 9
11:38:35.0984 2588  Actual detected object count: 9
11:40:32.0671 2588  bepprldr ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:32.0671 2588  bepprldr ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:32.0671 2588  cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:32.0671 2588  cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:32.0687 2588  DbgMsg ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:32.0687 2588  DbgMsg ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:32.0687 2588  NvtlService ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:32.0687 2588  NvtlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:32.0687 2588  Point32 ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:32.0687 2588  Point32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:32.0687 2588  SafDskNT ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:32.0687 2588  SafDskNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:32.0687 2588  SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:32.0687 2588  SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:32.0687 2588  zmNTMon ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:32.0687 2588  zmNTMon ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:32.0703 2588  zmNTZip ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:32.0703 2588  zmNTZip ( UnsignedFile.Multi.Generic ) - User select action: Skip
 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-17 11:42:11
-----------------------------
11:42:11.906    OS Version: Windows 5.1.2600 Service Pack 3
11:42:11.906    Number of processors: 2 586 0x409
11:42:11.921    ComputerName: OWNER-7F3301E51  UserName: Owner
11:42:12.531    Initialize success
11:43:55.109    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
11:43:55.109    Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476940MB BusType: 3
11:43:55.109    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-19
11:43:55.109    Disk 1 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476940MB BusType: 3
11:43:55.296    Disk 0 MBR read successfully
11:43:55.312    Disk 0 MBR scan
11:43:55.312    Disk 0 Windows VISTA default MBR code
11:43:55.312    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       476939 MB offset 2048
11:43:55.328    Disk 0 scanning sectors +976773120
11:43:55.546    Disk 0 scanning C:\WINDOWS\system32\drivers
11:44:00.750    Service scanning
11:44:09.781    Modules scanning
11:44:13.125    Disk 0 trace - called modules:
11:44:13.140    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:44:13.140    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ada20f0]
11:44:13.140    3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8addc9e8]
11:44:13.140    5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8adbed98]
11:44:13.156    Scan finished successfully
11:44:26.281    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MALWARE ISSUE\LOGS TO POST\MBR.dat"
11:44:26.281    The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MALWARE ISSUE\LOGS TO POST\aswMBR.txt"

 

RogueKiller V8.6.5 [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 08/17/2013 11:51:52
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 1 ¤¤¤
[Owner][SUSP PATH] CALENDER.lnk : C:\Documents and Settings\Owner\Start Menu\Programs\Startup\CALENDER.lnk @C:\Documents and Settings\Owner\My Documents\CALENDER.txt [-][-] -> DELETED

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Junction] Antimalware : C:\Program Files\Microsoft Security Client\Antimalware >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] Backup : C:\Program Files\Microsoft Security Client\Backup >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] DbgHelp.dll : C:\Program Files\Microsoft Security Client\DbgHelp.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] Drivers : C:\Program Files\Microsoft Security Client\Drivers >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] en-us : C:\Program Files\Microsoft Security Client\en-us >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] EppManifest.dll : C:\Program Files\Microsoft Security Client\EppManifest.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] LegitLib.dll : C:\Program Files\Microsoft Security Client\LegitLib.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Microsoft Security Client\MpAsDesc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Microsoft Security Client\MpClient.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Microsoft Security Client\MpCmdRun.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Microsoft Security Client\MpCommu.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] mpevmsg.dll : C:\Program Files\Microsoft Security Client\mpevmsg.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpOAv.dll : C:\Program Files\Microsoft Security Client\MpOAv.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Microsoft Security Client\MpRTP.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Microsoft Security Client\MpSvc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Microsoft Security Client\MsMpCom.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpEng.exe : C:\Program Files\Microsoft Security Client\MsMpEng.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Microsoft Security Client\MsMpLics.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Microsoft Security Client\MsMpRes.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] msseces.exe : C:\Program Files\Microsoft Security Client\msseces.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsseWat.dll : C:\Program Files\Microsoft Security Client\MsseWat.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] Setup.exe : C:\Program Files\Microsoft Security Client\Setup.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] SetupRes.dll : C:\Program Files\Microsoft Security Client\SetupRes.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] shellext.dll : C:\Program Files\Microsoft Security Client\shellext.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] sqmapi.dll : C:\Program Files\Microsoft Security Client\sqmapi.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] SymSrv.dll : C:\Program Files\Microsoft Security Client\SymSrv.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] SymSrv.yes : C:\Program Files\Microsoft Security Client\SymSrv.yes >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Folder] Install : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Desktop\Install [-] --> DELETED
[ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> DELETED
[ZeroAccess][Folder] {46a11492-1840-afa8-e27f-0820d981738e} : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Desktop\Install\{46a11492-1840-afa8-e27f-0820d981738e}\???\???\???ﯹ๛\{46a11492-1840-afa8-e27f-0820d981738e} [-] --> DELETED
[ZeroAccess][Folder] ???ﯹ๛ : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Desktop\Install\{46a11492-1840-afa8-e27f-0820d981738e}\???\???\???ﯹ๛ [-] --> DELETED
[ZeroAccess][Folder] ??? : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Desktop\Install\{46a11492-1840-afa8-e27f-0820d981738e}\???\??? [-] --> DELETED
[ZeroAccess][Folder] ??? : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Desktop\Install\{46a11492-1840-afa8-e27f-0820d981738e}\??? [-] --> DELETED
[ZeroAccess][Folder] {46a11492-1840-afa8-e27f-0820d981738e} : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Desktop\Install\{46a11492-1840-afa8-e27f-0820d981738e} [-] --> DELETED
[ZeroAccess][Folder] L : C:\Program Files\Google\Desktop\Install\{46a11492-1840-afa8-e27f-0820d981738e}\   \   \???ﯹ๛\{46a11492-1840-afa8-e27f-0820d981738e}\L [-] --> DELETED
[ZeroAccess][Folder] U : C:\Program Files\Google\Desktop\Install\{46a11492-1840-afa8-e27f-0820d981738e}\   \   \???ﯹ๛\{46a11492-1840-afa8-e27f-0820d981738e}\U [-] --> DELETED
[ZeroAccess][Folder] {46a11492-1840-afa8-e27f-0820d981738e} : C:\Program Files\Google\Desktop\Install\{46a11492-1840-afa8-e27f-0820d981738e}\   \   \???ﯹ๛\{46a11492-1840-afa8-e27f-0820d981738e} [-] --> DELETED
[ZeroAccess][Folder] ???ﯹ๛ : C:\Program Files\Google\Desktop\Install\{46a11492-1840-afa8-e27f-0820d981738e}\   \   \???ﯹ๛ [-] --> DELETED
[ZeroAccess][Folder]     : C:\Program Files\Google\Desktop\Install\{46a11492-1840-afa8-e27f-0820d981738e}\   \    [-] --> DELETED
[ZeroAccess][Folder]     : C:\Program Files\Google\Desktop\Install\{46a11492-1840-afa8-e27f-0820d981738e}\    [-] --> DELETED
[ZeroAccess][Folder] {46a11492-1840-afa8-e27f-0820d981738e} : C:\Program Files\Google\Desktop\Install\{46a11492-1840-afa8-e27f-0820d981738e} [-] --> DELETED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD502HJ +++++
--- User ---
[MBR] b3557196d6b60f6b553b345e2172a3a5
[BSP] 97dd573c46ca6556d97446a4d18253d2 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476939 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD502HJ +++++
--- User ---
[MBR] 92d0db975c66e6b9fe1bb19e921c7f88
[BSP] 4baf610b9ae51733e19d3bc85f0aa9cd : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_08172013_115152.txt >>
RKreport[0]_S_08172013_114933.txt



#8 neverends

neverends
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 17 August 2013 - 12:07 PM

Forgot to mention I had attempted a reinstall of MSSE early on after uninstalling (wasn't working). MSSE installation program aborted on each of many attempts to install. That is, until now! Just reinstalled successfully after rebooting machine and it is scanning right now.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:55 PM

Posted 17 August 2013 - 12:40 PM


Run these scans when you can.

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM

Let me know what problem persists.

#10 neverends

neverends
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 17 August 2013 - 02:20 PM

Done, however DDS still will not run successfully. Freezes in same manner as discussed with Broni in topic before I posted to this forum. Check that thread. Had to abort and cold re-boot. Tried several times (as before).

Ran others as instructed, successfully. BTW, if I have script protection running I do not recognize it. I did disable MSSE real-time protection and closed WIndow Washer and WinPatrol but DDS still will not complete scan.

 

Other logs follow:

 

 

# AdwCleaner v2.306 - Logfile created 08/17/2013 at 14:40:20
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - OWNER-7F3301E51
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\FreeRIP
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\Owner\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Owner\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Coupon Companion Plugin
Folder Deleted : C:\Program Files\FreeRIP3

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [2041 octets] - [17/08/2013 14:40:20]

########## EOF - C:\AdwCleaner[S1].txt - [2101 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.7 (08.17.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on Sat 08/17/2013 at 14:45:19.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\pccustubinstaller"

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/17/2013 at 14:49:51.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 Results of screen317's Security Check version 0.99.72 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 Microsoft Security Essentials   
`````````Anti-malware/Other Utilities Check:`````````
 WinPatrol
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner (remove only)  
 Java™ 6 Update 39 
 Java version out of Date!
 Adobe Reader 10.1.1 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 WinPatrol winpatrol.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````

 

 

 

 



#11 neverends

neverends
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 17 August 2013 - 06:10 PM

MSSE just detected Win32 viresef malware and when I let it clean and reboot now MSSE is gone again! Steps backward!

 

Only sites I have linked since this started have been my email (gmail) and bleeping computer to pursue this problem, and I have disabled internet connection when not doing that, so appears something already on the machine and not cleaned is reinstalling the zeroaccess. All I can figure. Winpatrol also alerted me to a registry change which I blocked.

 

Damn.



#12 neverends

neverends
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 17 August 2013 - 07:04 PM

Have to amend that. MSSE icon is gone from launch tray but I can open it from start menu. Doing a full scan now.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:55 PM

Posted 18 August 2013 - 08:51 AM

Please run the RogueKiller tool one more time.

I want to see if the ZeroAccess is gone or not.
Fix it if it's still there.

#14 neverends

neverends
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 18 August 2013 - 09:52 AM

Done. Log follows. Found two registry entries which I had RK delete. Also did a full (deep) MSSE scan late last night and it found 4 viresef entries which I had it fix. Quick scan this morning found nothing further.

 

Machine seems sluggish, some tray icons are messed up (e.g. MSSE icon is showing up for another app, and no MSSE in tray but I can still bring it up from start menu). Running an audio editor last night, found it ran nominally but would freeze on exit with multiple error boxes that would not close. Had to use alt-ctr-del task manager to exit program. Have not tried many programs to see how things are running in general. Real concern are work apps (e.g. MSWord, Excel, CAD, etc.), Can try some today to see if there are issues I don't know about.

 

 

RogueKiller V8.6.5 [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 08/18/2013 10:40:11
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD502HJ +++++
--- User ---
[MBR] b3557196d6b60f6b553b345e2172a3a5
[BSP] 97dd573c46ca6556d97446a4d18253d2 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476939 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD502HJ +++++
--- User ---
[MBR] 92d0db975c66e6b9fe1bb19e921c7f88
[BSP] 4baf610b9ae51733e19d3bc85f0aa9cd : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_08182013_104011.txt >>
RKreport[0]_D_08172013_115152.txt;RKreport[0]_H_08182013_103552.txt;RKreport[0]_S_08172013_114933.txt
RKreport[0]_S_08182013_103258.txt;RKreport[0]_S_08182013_103855.txt



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:55 PM

Posted 18 August 2013 - 12:43 PM

Please run this tool.

Download the junction.exe file to a folder (name junction) on your desktop.

Link: http://technet.microsoft.com/en-us/sysinternals/bb896768

Open Notepad and copy/paste the contents in the quote box below, into Notepad.

junction -s c:\ > log.txt
notepad log.txt
exit


Save this as junction.bat Choose to "Save type as - All Files" and save it to your desktop.

It should look like this: bat_icon.gif
  • Double click Junction folder to open it.
  • Now drag the junction.bat into the Junction folder
  • Double click the junction.bat and allow it to run.
It can take a while to complete, so be patient. Post the log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users