Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Alureon was found but keeps coming back!! Is there any hope?


  • This topic is locked This topic is locked
47 replies to this topic

#1 ZSnapper

ZSnapper

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 21 August 2013 - 12:36 AM

Tdsskiller found the alureon infection and appears to cure it but shortly thereafter, it seems to come back. I am running win-XP on my Dell inspirion and could really use some direction. I have run several antivirus but nothing seems to get the job done completely.

By any chance is there any one program that is fully capable of cleaning out this virus? I can post the text log upon request if needed. Please let me know if this machine can be saved. Any help or suggestions will be greatly appreciated. Thanks for your time and consideration.

zsnapper



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:19 PM

Posted 25 August 2013 - 01:15 PM

Hello, .
My name is etavares and I will be helping you with this log.
 
Here are some guidelines to ensure we are able to get your machine back under your control.
 
  • Please do not run any unsupervised scans, fixes, etc.  We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so.  Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned.  Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first.  There's no harm in asking questions!
  •  
    Backdoor Warning
    One or more of the identified infections is a backdoor trojan.
     
    This allows hackers to remotely control your computer, steal critical system information and download and execute files.
     
    I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
     
    Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
     
     
    We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.  If you do decide to proceed, please continue with the fix below.
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
    Step 1
     
  • Download TDSSKiller.exe  and save it to your desktop.  
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
  • for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply
  •  
     
     
    Step 2
     
    We need to create an OTL report,
  • (If that link doesn't work, try this alternate link
  • Save it to your desktop.
  • Double click on the otlDesktopIcon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Select "Use Safelist" under "Extra Registry"
  • Under the Custom Scan box paste this in:
  • netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP 
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
     
     
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.  If they are too big to paste in one reply, please split them into separate posts.
  •  
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #3 ZSnapper

    ZSnapper
    • Topic Starter

    • Members
    • 49 posts
    • OFFLINE
    •  
    • Local time:02:19 PM

    Posted 25 August 2013 - 02:59 PM

    Thanks! Etavares so much for your help. I wanted to make sure you want the tdss to be re-run from my regular desktop or from safemode..? I noticed when in safe mode it seems the pc works fine with no issues, almost like the virus is inactive or not able to interfere. I will wait for your instructions. Thanks!!

     



    #4 ZSnapper

    ZSnapper
    • Topic Starter

    • Members
    • 49 posts
    • OFFLINE
    •  
    • Local time:02:19 PM

    Posted 25 August 2013 - 05:40 PM

    18:00:50.0625 3536  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
    18:00:50.0671 3536  ============================================================
    18:00:50.0671 3536  Current date / time: 2013/08/25 18:00:50.0671
    18:00:50.0671 3536  SystemInfo:
    18:00:50.0671 3536  
    18:00:50.0671 3536  OS Version: 5.1.2600 ServicePack: 3.0
    18:00:50.0671 3536  Product type: Workstation
    18:00:50.0671 3536  ComputerName: RICH-WINXP
    18:00:50.0671 3536  UserName: Rad
    18:00:50.0671 3536  Windows directory: C:\WINDOWS
    18:00:50.0671 3536  System windows directory: C:\WINDOWS
    18:00:50.0671 3536  Processor architecture: Intel x86
    18:00:50.0671 3536  Number of processors: 2
    18:00:50.0671 3536  Page size: 0x1000
    18:00:50.0671 3536  Boot type: Normal boot
    18:00:50.0671 3536  ============================================================
    18:01:07.0000 3536  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    18:01:07.0046 3536  ============================================================
    18:01:07.0046 3536  \Device\Harddisk0\DR0:
    18:01:07.0140 3536  MBR partitions:
    18:01:07.0140 3536  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
    18:01:07.0156 3536  ============================================================
    18:01:08.0656 3536  C: <-> \Device\Harddisk0\DR0\Partition1
    18:01:08.0656 3536  ============================================================
    18:01:08.0656 3536  Initialize success
    18:01:08.0656 3536  ============================================================
    18:01:37.0234 3964  ============================================================
    18:01:37.0234 3964  Scan started
    18:01:37.0234 3964  Mode: Manual; SigCheck; TDLFS;
    18:01:37.0234 3964  ============================================================
    18:01:37.0953 3964  ================ Scan system memory ========================
    18:01:37.0953 3964  System memory - ok
    18:01:37.0953 3964  ================ Scan services =============================
    18:01:38.0062 3964  Abiosdsk - ok
    18:01:38.0078 3964  abp480n5 - ok
    18:01:38.0171 3964  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
    18:01:41.0203 3964  ACPI - ok
    18:01:41.0250 3964  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    18:01:41.0500 3964  ACPIEC - ok
    18:01:41.0500 3964  adpu160m - ok
    18:01:41.0546 3964  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
    18:01:41.0765 3964  aec - ok
    18:01:41.0812 3964  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
    18:01:41.0859 3964  AFD - ok
    18:01:41.0875 3964  Aha154x - ok
    18:01:41.0890 3964  aic78u2 - ok
    18:01:41.0890 3964  aic78xx - ok
    18:01:41.0937 3964  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
    18:01:42.0140 3964  Alerter - ok
    18:01:42.0187 3964  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
    18:01:42.0281 3964  ALG - ok
    18:01:42.0296 3964  AliIde - ok
    18:01:42.0296 3964  amsint - ok
    18:01:42.0312 3964  AppMgmt - ok
    18:01:42.0312 3964  asc - ok
    18:01:42.0328 3964  asc3350p - ok
    18:01:42.0328 3964  asc3550 - ok
    18:01:42.0500 3964  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    18:01:42.0546 3964  aspnet_state - ok
    18:01:42.0593 3964  [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
    18:01:42.0718 3964  aswFsBlk - ok
    18:01:42.0765 3964  [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
    18:01:42.0796 3964  aswMonFlt - ok
    18:01:42.0812 3964  [ 7B43265F92257A21CBFD88E7A651044C ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
    18:01:42.0843 3964  AswRdr - ok
    18:01:42.0843 3964  [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
    18:01:42.0875 3964  aswRvrt - ok
    18:01:42.0984 3964  [ CCD565A8A72AF7D45F9A242013870926 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
    18:01:43.0062 3964  aswSnx - ok
    18:01:43.0156 3964  [ 937300BC7C4CDF7576BCCE44E19BBB9D ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
    18:01:43.0203 3964  aswSP - ok
    18:01:43.0218 3964  [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
    18:01:43.0250 3964  aswTdi - ok
    18:01:43.0296 3964  [ 8CFAA2B965773A653F48F1207A9CB9C4 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
    18:01:43.0328 3964  aswVmm - ok
    18:01:43.0375 3964  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:01:43.0562 3964  AsyncMac - ok
    18:01:43.0593 3964  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:01:43.0781 3964  atapi - ok
    18:01:43.0796 3964  Atdisk - ok
    18:01:43.0921 3964  [ 8BB6A2488A93259FDDC18D040008C1A4 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
    18:01:43.0984 3964  Ati HotKey Poller - ok
    18:01:44.0156 3964  [ E78B73EB84C257D0D940E041742D2699 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    18:01:44.0359 3964  ati2mtag - ok
    18:01:44.0515 3964  [ 1842B56B3D3F195C36F62708D266B95E ] atiide          C:\WINDOWS\system32\DRIVERS\atiide.sys
    18:01:44.0609 3964  atiide - ok
    18:01:44.0625 3964  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:01:44.0828 3964  Atmarpc - ok
    18:01:44.0875 3964  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
    18:01:45.0062 3964  AudioSrv - ok
    18:01:45.0109 3964  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:01:45.0312 3964  audstub - ok
    18:01:45.0484 3964  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    18:01:45.0515 3964  avast! Antivirus - ok
    18:01:45.0671 3964  [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    18:01:46.0343 3964  BCM43XX - ok
    18:01:46.0343 3964  bcm4sbxp - ok
    18:01:46.0421 3964  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
    18:01:46.0671 3964  Beep - ok
    18:01:46.0968 3964  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
    18:01:47.0437 3964  BITS - ok
    18:01:47.0562 3964  [ 4BA311473E0D8557827E6F2FE33A8095 ] brfilt          C:\WINDOWS\system32\Drivers\Brfilt.sys
    18:01:47.0812 3964  brfilt - ok
    18:01:47.0906 3964  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
    18:01:48.0125 3964  Browser - ok
    18:01:48.0312 3964  [ 8E06CD96E00472C03770A697D04031C0 ] BrSerWDM        C:\WINDOWS\system32\Drivers\BrSerWdm.sys
    18:01:48.0562 3964  BrSerWDM - ok
    18:01:48.0578 3964  [ 1C5F014048E5B2748C1A8AD297C50B6F ] BrUsbScn        C:\WINDOWS\system32\Drivers\BrUsbScn.sys
    18:01:48.0796 3964  BrUsbScn - ok
    18:01:49.0031 3964  catchme - ok
    18:01:49.0078 3964  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:01:49.0312 3964  cbidf2k - ok
    18:01:49.0328 3964  cd20xrnt - ok
    18:01:49.0359 3964  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:01:49.0578 3964  Cdaudio - ok
    18:01:49.0640 3964  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
    18:01:49.0859 3964  Cdfs - ok
    18:01:49.0890 3964  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
    18:01:50.0109 3964  Cdrom - ok
    18:01:50.0109 3964  Changer - ok
    18:01:50.0171 3964  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc           C:\WINDOWS\system32\cisvc.exe
    18:01:50.0375 3964  cisvc - ok
    18:01:50.0406 3964  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
    18:01:50.0640 3964  ClipSrv - ok
    18:01:50.0687 3964  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:01:50.0718 3964  clr_optimization_v2.0.50727_32 - ok
    18:01:50.0859 3964  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:01:50.0890 3964  clr_optimization_v4.0.30319_32 - ok
    18:01:50.0921 3964  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    18:01:51.0125 3964  CmBatt - ok
    18:01:51.0140 3964  CmdIde - ok
    18:01:51.0156 3964  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
    18:01:51.0359 3964  Compbatt - ok
    18:01:51.0375 3964  COMSysApp - ok
    18:01:51.0390 3964  Cpqarray - ok
    18:01:51.0437 3964  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
    18:01:51.0656 3964  CryptSvc - ok
    18:01:51.0656 3964  dac2w2k - ok
    18:01:51.0671 3964  dac960nt - ok
    18:01:51.0859 3964  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
    18:01:51.0968 3964  DcomLaunch - ok
    18:01:52.0015 3964  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
    18:01:52.0234 3964  Dhcp - ok
    18:01:52.0296 3964  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
    18:01:52.0500 3964  Disk - ok
    18:01:52.0515 3964  dmadmin - ok
    18:01:52.0625 3964  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
    18:01:53.0953 3964  dmboot - ok
    18:01:53.0953 3964  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
    18:01:54.0140 3964  dmio - ok
    18:01:54.0171 3964  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
    18:01:54.0406 3964  dmload - ok
    18:01:54.0484 3964  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
    18:01:54.0671 3964  dmserver - ok
    18:01:54.0718 3964  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
    18:01:54.0921 3964  DMusic - ok
    18:01:54.0984 3964  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
    18:01:55.0046 3964  Dnscache - ok
    18:01:55.0109 3964  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
    18:01:55.0312 3964  Dot3svc - ok
    18:01:55.0312 3964  dpti2o - ok
    18:01:55.0328 3964  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
    18:01:55.0500 3964  drmkaud - ok
    18:01:55.0531 3964  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
    18:01:55.0703 3964  EapHost - ok
    18:01:55.0734 3964  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
    18:01:55.0921 3964  ERSvc - ok
    18:01:55.0968 3964  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
    18:01:56.0031 3964  Eventlog - ok
    18:01:56.0078 3964  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
    18:01:56.0109 3964  EventSystem - ok
    18:01:56.0156 3964  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
    18:01:56.0343 3964  Fastfat - ok
    18:01:56.0390 3964  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    18:01:56.0453 3964  FastUserSwitchingCompatibility - ok
    18:01:56.0468 3964  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
    18:01:56.0656 3964  Fdc - ok
    18:01:56.0703 3964  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
    18:01:56.0890 3964  Fips - ok
    18:01:56.0890 3964  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
    18:01:57.0093 3964  Flpydisk - ok
    18:01:57.0156 3964  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
    18:01:57.0343 3964  FltMgr - ok
    18:01:57.0453 3964  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    18:01:57.0500 3964  FontCache3.0.0.0 - ok
    18:01:57.0546 3964  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
    18:01:57.0734 3964  Fs_Rec - ok
    18:01:57.0765 3964  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    18:01:57.0968 3964  Ftdisk - ok
    18:01:57.0968 3964  GMSIPCI - ok
    18:01:58.0015 3964  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
    18:01:58.0250 3964  Gpc - ok
    18:01:58.0328 3964  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
    18:01:58.0359 3964  gupdate - ok
    18:01:58.0375 3964  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
    18:01:58.0406 3964  gupdatem - ok
    18:01:58.0421 3964  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    18:01:58.0625 3964  HDAudBus - ok
    18:01:58.0687 3964  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    18:01:58.0875 3964  helpsvc - ok
    18:01:58.0890 3964  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
    18:01:59.0093 3964  HidServ - ok
    18:01:59.0109 3964  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
    18:01:59.0312 3964  HidUsb - ok
    18:01:59.0343 3964  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
    18:01:59.0578 3964  hkmsvc - ok
    18:01:59.0625 3964  [ 1451AB76D18AF31D9BE3176FC90F58D1 ] HPM1210RcvFaxSrvc C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
    18:01:59.0656 3964  HPM1210RcvFaxSrvc - ok
    18:01:59.0656 3964  hpn - ok
    18:01:59.0687 3964  [ 1D387C1F30296D3A24205CC2D09C6926 ] HPSIService     C:\WINDOWS\system32\HPSIsvc.exe
    18:01:59.0718 3964  HPSIService - ok
    18:01:59.0718 3964  hpt3xx - ok
    18:01:59.0765 3964  [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
    18:01:59.0843 3964  HSF_DPV - ok
    18:01:59.0875 3964  [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL        C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
    18:01:59.0906 3964  HSXHWAZL - ok
    18:01:59.0968 3964  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
    18:02:00.0000 3964  HTTP - ok
    18:02:00.0031 3964  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
    18:02:00.0265 3964  HTTPFilter - ok
    18:02:00.0281 3964  i2omgmt - ok
    18:02:00.0281 3964  i2omp - ok
    18:02:00.0328 3964  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    18:02:00.0515 3964  i8042prt - ok
    18:02:00.0609 3964  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    18:02:00.0703 3964  idsvc - ok
    18:02:00.0734 3964  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
    18:02:00.0906 3964  Imapi - ok
    18:02:00.0953 3964  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
    18:02:01.0140 3964  ImapiService - ok
    18:02:01.0156 3964  ini910u - ok
    18:02:01.0156 3964  IntelIde - ok
    18:02:01.0218 3964  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
    18:02:01.0421 3964  ip6fw - ok
    18:02:01.0453 3964  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    18:02:01.0656 3964  IpFilterDriver - ok
    18:02:01.0671 3964  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
    18:02:01.0843 3964  IpInIp - ok
    18:02:01.0875 3964  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
    18:02:02.0078 3964  IpNat - ok
    18:02:02.0109 3964  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
    18:02:02.0312 3964  IPSec - ok
    18:02:02.0312 3964  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
    18:02:02.0406 3964  IRENUM - ok
    18:02:02.0437 3964  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
    18:02:02.0625 3964  isapnp - ok
    18:02:02.0640 3964  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    18:02:02.0843 3964  Kbdclass - ok
    18:02:02.0875 3964  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
    18:02:03.0078 3964  kmixer - ok
    18:02:03.0093 3964  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
    18:02:03.0140 3964  KSecDD - ok
    18:02:03.0187 3964  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
    18:02:03.0218 3964  lanmanserver - ok
    18:02:03.0234 3964  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    18:02:03.0265 3964  lanmanworkstation - ok
    18:02:03.0281 3964  lbrtfdc - ok
    18:02:03.0296 3964  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
    18:02:03.0500 3964  LmHosts - ok
    18:02:03.0515 3964  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
    18:02:03.0546 3964  MBAMProtector - ok
    18:02:03.0593 3964  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    18:02:03.0625 3964  MBAMScheduler - ok
    18:02:03.0671 3964  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    18:02:03.0718 3964  MBAMService - ok
    18:02:03.0750 3964  [ E246A32C445056996074A397DA56E815 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    18:02:03.0781 3964  mdmxsdk - ok
    18:02:03.0812 3964  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
    18:02:04.0000 3964  Messenger - ok
    18:02:04.0046 3964  [ A7DA20AB18A1BDAE28B0F349E57DA0D1 ] mf              C:\WINDOWS\system32\DRIVERS\mf.sys
    18:02:04.0218 3964  mf - ok
    18:02:04.0265 3964  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
    18:02:04.0453 3964  mnmdd - ok
    18:02:04.0500 3964  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
    18:02:04.0687 3964  mnmsrvc - ok
    18:02:04.0718 3964  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
    18:02:04.0906 3964  Modem - ok
    18:02:04.0921 3964  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
    18:02:05.0109 3964  Mouclass - ok
    18:02:05.0156 3964  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
    18:02:05.0343 3964  mouhid - ok
    18:02:05.0375 3964  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
    18:02:05.0578 3964  MountMgr - ok
    18:02:05.0625 3964  [ E6DB6C61739E18906DC2C4191F6EDEA2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    18:02:05.0656 3964  MozillaMaintenance - ok
    18:02:05.0703 3964  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    18:02:05.0750 3964  MpFilter - ok
    18:02:05.0812 3964  MpKsl510e1b10 - ok
    18:02:05.0828 3964  MpKslf16279bf - ok
    18:02:05.0828 3964  mraid35x - ok
    18:02:05.0843 3964  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    18:02:06.0031 3964  MRxDAV - ok
    18:02:06.0078 3964  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    18:02:06.0109 3964  MRxSmb - ok
    18:02:06.0156 3964  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
    18:02:06.0390 3964  MSDTC - ok
    18:02:06.0406 3964  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
    18:02:06.0578 3964  Msfs - ok
    18:02:06.0593 3964  MSIServer - ok
    18:02:06.0593 3964  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
    18:02:06.0781 3964  MSKSSRV - ok
    18:02:06.0828 3964  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
    18:02:06.0859 3964  MsMpSvc - ok
    18:02:06.0859 3964  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    18:02:07.0031 3964  MSPCLOCK - ok
    18:02:07.0046 3964  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
    18:02:07.0218 3964  MSPQM - ok
    18:02:07.0250 3964  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    18:02:07.0546 3964  mssmbios - ok
    18:02:07.0593 3964  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
    18:02:07.0625 3964  Mup - ok
    18:02:07.0671 3964  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
    18:02:07.0859 3964  napagent - ok
    18:02:07.0890 3964  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
    18:02:08.0078 3964  NDIS - ok
    18:02:08.0109 3964  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    18:02:08.0140 3964  NdisTapi - ok
    18:02:08.0156 3964  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    18:02:08.0343 3964  Ndisuio - ok
    18:02:08.0359 3964  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    18:02:08.0578 3964  NdisWan - ok
    18:02:08.0593 3964  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
    18:02:08.0625 3964  NDProxy - ok
    18:02:08.0625 3964  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
    18:02:08.0859 3964  NetBIOS - ok
    18:02:08.0875 3964  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:02:09.0078 3964  NetBT - ok
    18:02:09.0109 3964  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
    18:02:09.0328 3964  NetDDE - ok
    18:02:09.0343 3964  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
    18:02:09.0531 3964  NetDDEdsdm - ok
    18:02:09.0562 3964  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
    18:02:09.0750 3964  Netlogon - ok
    18:02:09.0765 3964  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
    18:02:09.0984 3964  Netman - ok
    18:02:10.0000 3964  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:02:10.0031 3964  NetTcpPortSharing - ok
    18:02:10.0062 3964  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
    18:02:10.0093 3964  Nla - ok
    18:02:10.0125 3964  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
    18:02:10.0312 3964  Npfs - ok
    18:02:10.0343 3964  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
    18:02:10.0593 3964  Ntfs - ok
    18:02:10.0593 3964  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
    18:02:10.0781 3964  NtLmSsp - ok
    18:02:10.0812 3964  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
    18:02:11.0046 3964  NtmsSvc - ok
    18:02:11.0078 3964  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
    18:02:11.0234 3964  Null - ok
    18:02:11.0281 3964  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:02:11.0468 3964  NwlnkFlt - ok
    18:02:11.0484 3964  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:02:11.0656 3964  NwlnkFwd - ok
    18:02:11.0718 3964  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    18:02:11.0750 3964  odserv - ok
    18:02:11.0781 3964  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:02:11.0812 3964  ose - ok
    18:02:11.0843 3964  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
    18:02:12.0031 3964  Parport - ok
    18:02:12.0046 3964  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
    18:02:12.0250 3964  PartMgr - ok
    18:02:12.0296 3964  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
    18:02:12.0484 3964  ParVdm - ok
    18:02:12.0484 3964  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
    18:02:12.0671 3964  PCI - ok
    18:02:12.0687 3964  PCIDump - ok
    18:02:12.0718 3964  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
    18:02:12.0906 3964  PCIIde - ok
    18:02:12.0906 3964  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
    18:02:13.0109 3964  Pcmcia - ok
    18:02:13.0109 3964  PDCOMP - ok
    18:02:13.0125 3964  PDFRAME - ok
    18:02:13.0125 3964  PDRELI - ok
    18:02:13.0140 3964  PDRFRAME - ok
    18:02:13.0156 3964  perc2 - ok
    18:02:13.0156 3964  perc2hib - ok
    18:02:13.0203 3964  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
    18:02:13.0234 3964  PlugPlay - ok
    18:02:13.0234 3964  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
    18:02:13.0453 3964  PolicyAgent - ok
    18:02:13.0453 3964  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:02:13.0625 3964  PptpMiniport - ok
    18:02:13.0640 3964  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
    18:02:13.0812 3964  Processor - ok
    18:02:13.0828 3964  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    18:02:13.0984 3964  ProtectedStorage - ok
    18:02:14.0000 3964  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
    18:02:14.0203 3964  PSched - ok
    18:02:14.0218 3964  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:02:14.0390 3964  Ptilink - ok
    18:02:14.0406 3964  ql1080 - ok
    18:02:14.0406 3964  Ql10wnt - ok
    18:02:14.0421 3964  ql12160 - ok
    18:02:14.0437 3964  ql1240 - ok
    18:02:14.0437 3964  ql1280 - ok
    18:02:14.0453 3964  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:02:14.0656 3964  RasAcd - ok
    18:02:14.0687 3964  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
    18:02:14.0859 3964  RasAuto - ok
    18:02:14.0890 3964  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:02:15.0062 3964  Rasl2tp - ok
    18:02:15.0093 3964  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
    18:02:15.0265 3964  RasMan - ok
    18:02:15.0265 3964  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:02:15.0437 3964  RasPppoe - ok
    18:02:15.0453 3964  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:02:15.0625 3964  Raspti - ok
    18:02:15.0687 3964  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:02:15.0921 3964  Rdbss - ok
    18:02:15.0937 3964  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:02:16.0140 3964  RDPCDD - ok
    18:02:16.0171 3964  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
    18:02:16.0203 3964  RDPWD - ok
    18:02:16.0250 3964  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
    18:02:16.0437 3964  RDSessMgr - ok
    18:02:16.0468 3964  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:02:16.0656 3964  redbook - ok
    18:02:16.0687 3964  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
    18:02:16.0875 3964  RemoteAccess - ok
    18:02:16.0921 3964  [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
    18:02:16.0968 3964  rimmptsk - ok
    18:02:16.0984 3964  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
    18:02:17.0171 3964  RpcLocator - ok
    18:02:17.0203 3964  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
    18:02:17.0250 3964  RpcSs - ok
    18:02:17.0281 3964  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
    18:02:17.0484 3964  RSVP - ok
    18:02:17.0484 3964  RTL8192su - ok
    18:02:17.0515 3964  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
    18:02:17.0718 3964  SamSs - ok
    18:02:17.0750 3964  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
    18:02:17.0937 3964  SCardSvr - ok
    18:02:17.0984 3964  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
    18:02:18.0203 3964  Schedule - ok
    18:02:18.0234 3964  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
    18:02:18.0406 3964  sdbus - ok
    18:02:18.0406 3964  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:02:18.0484 3964  Secdrv - ok
    18:02:18.0500 3964  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
    18:02:18.0703 3964  seclogon - ok
    18:02:18.0718 3964  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
    18:02:18.0906 3964  SENS - ok
    18:02:18.0921 3964  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
    18:02:19.0140 3964  Serial - ok
    18:02:19.0187 3964  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
    18:02:19.0375 3964  Sfloppy - ok
    18:02:19.0421 3964  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
    18:02:19.0640 3964  SharedAccess - ok
    18:02:19.0671 3964  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    18:02:19.0703 3964  ShellHWDetection - ok
    18:02:19.0703 3964  Simbad - ok
    18:02:19.0718 3964  Sparrow - ok
    18:02:19.0750 3964  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
    18:02:19.0937 3964  splitter - ok
    18:02:19.0968 3964  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
    18:02:20.0000 3964  Spooler - ok
    18:02:20.0078 3964  [ 777115C9CC675BD98127660712D2F784 ] sprtsvc_DellSupportCenter C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    18:02:20.0109 3964  sprtsvc_DellSupportCenter - ok
    18:02:20.0125 3964  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
    18:02:20.0203 3964  sr - ok
    18:02:20.0234 3964  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
    18:02:20.0328 3964  srservice - ok
    18:02:20.0343 3964  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
    18:02:20.0390 3964  Srv - ok
    18:02:20.0421 3964  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
    18:02:20.0515 3964  SSDPSRV - ok
    18:02:20.0687 3964  [ 951801DFB54D86F611F0AF47825476F9 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
    18:02:20.0843 3964  STHDA - ok
    18:02:20.0890 3964  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
    18:02:21.0093 3964  StillCam - ok
    18:02:21.0156 3964  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
    18:02:21.0437 3964  stisvc - ok
    18:02:21.0500 3964  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:02:21.0718 3964  swenum - ok
    18:02:21.0734 3964  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
    18:02:21.0937 3964  swmidi - ok
    18:02:21.0953 3964  SwPrv - ok
    18:02:21.0968 3964  symc810 - ok
    18:02:21.0968 3964  symc8xx - ok
    18:02:21.0984 3964  sym_hi - ok
    18:02:21.0984 3964  sym_u3 - ok
    18:02:22.0046 3964  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
    18:02:22.0265 3964  sysaudio - ok
    18:02:22.0312 3964  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
    18:02:22.0515 3964  SysmonLog - ok
    18:02:22.0562 3964  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
    18:02:22.0781 3964  TapiSrv - ok
    18:02:22.0843 3964  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:02:22.0968 3964  Tcpip - ok
    18:02:23.0031 3964  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:02:23.0265 3964  TDPIPE - ok
    18:02:23.0281 3964  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
    18:02:23.0453 3964  TDTCP - ok
    18:02:23.0468 3964  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:02:23.0703 3964  TermDD - ok
    18:02:23.0750 3964  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
    18:02:23.0953 3964  TermService - ok
    18:02:24.0015 3964  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
    18:02:24.0046 3964  Themes - ok
    18:02:24.0062 3964  TosIde - ok
    18:02:24.0109 3964  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
    18:02:24.0359 3964  TrkWks - ok
    18:02:24.0375 3964  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
    18:02:24.0562 3964  Udfs - ok
    18:02:24.0578 3964  UIUSys - ok
    18:02:24.0578 3964  ultra - ok
    18:02:24.0625 3964  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
    18:02:24.0937 3964  Update - ok
    18:02:24.0984 3964  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
    18:02:25.0109 3964  upnphost - ok
    18:02:25.0125 3964  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
    18:02:25.0312 3964  UPS - ok
    18:02:25.0343 3964  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    18:02:25.0515 3964  usbccgp - ok
    18:02:25.0562 3964  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:02:25.0734 3964  usbehci - ok
    18:02:25.0750 3964  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:02:25.0937 3964  usbhub - ok
    18:02:25.0984 3964  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
    18:02:26.0156 3964  usbohci - ok
    18:02:26.0171 3964  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
    18:02:26.0390 3964  usbprint - ok
    18:02:26.0406 3964  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    18:02:26.0609 3964  USBSTOR - ok
    18:02:26.0640 3964  [ 2A7A8AD9D39A2FAF9D9293B5DAFF3A4B ] usb_rndis       C:\WINDOWS\system32\DRIVERS\usb8023.sys
    18:02:26.0687 3964  usb_rndis - ok
    18:02:26.0718 3964  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
    18:02:26.0890 3964  VgaSave - ok
    18:02:26.0890 3964  ViaIde - ok
    18:02:26.0906 3964  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
    18:02:27.0109 3964  VolSnap - ok
    18:02:27.0140 3964  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
    18:02:27.0250 3964  VSS - ok
    18:02:27.0281 3964  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
    18:02:27.0484 3964  W32Time - ok
    18:02:27.0500 3964  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:02:27.0718 3964  Wanarp - ok
    18:02:27.0734 3964  WDICA - ok
    18:02:27.0750 3964  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
    18:02:27.0937 3964  wdmaud - ok
    18:02:27.0984 3964  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
    18:02:28.0187 3964  WebClient - ok
    18:02:28.0218 3964  [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    18:02:28.0265 3964  winachsf - ok
    18:02:28.0343 3964  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
    18:02:28.0515 3964  winmgmt - ok
    18:02:28.0531 3964  wltrysvc - ok
    18:02:28.0578 3964  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
    18:02:28.0781 3964  WmdmPmSN - ok
    18:02:28.0812 3964  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    18:02:29.0000 3964  WmiAcpi - ok
    18:02:29.0031 3964  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
    18:02:29.0203 3964  WmiApSrv - ok
    18:02:29.0281 3964  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    18:02:29.0390 3964  WPFFontCache_v0400 - ok
    18:02:29.0421 3964  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
    18:02:29.0640 3964  WS2IFSL - ok
    18:02:29.0687 3964  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
    18:02:29.0890 3964  wscsvc - ok
    18:02:29.0921 3964  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
    18:02:30.0125 3964  wuauserv - ok
    18:02:30.0171 3964  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
    18:02:30.0375 3964  WZCSVC - ok
    18:02:30.0390 3964  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
    18:02:30.0609 3964  xmlprov - ok
    18:02:30.0625 3964  ================ Scan global ===============================
    18:02:30.0656 3964  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    18:02:30.0687 3964  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
    18:02:30.0718 3964  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
    18:02:30.0750 3964  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    18:02:30.0750 3964  [Global] - ok
    18:02:30.0750 3964  ================ Scan MBR ==================================
    18:02:30.0765 3964  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    18:02:31.0031 3964  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    18:02:31.0031 3964  \Device\Harddisk0\DR0 - detected TDSS File System (1)
    18:02:31.0031 3964  ================ Scan VBR ==================================
    18:02:31.0031 3964  [ 5495286D34D5ABBA1FDEB3D3A7045E85 ] \Device\Harddisk0\DR0\Partition1
    18:02:31.0046 3964  \Device\Harddisk0\DR0\Partition1 - ok
    18:02:31.0046 3964  ============================================================
    18:02:31.0046 3964  Scan finished
    18:02:31.0046 3964  ============================================================
    18:02:31.0156 3956  Detected object count: 1
    18:02:31.0156 3956  Actual detected object count: 1
    18:02:48.0828 3956  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    18:02:48.0828 3956  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    18:03:48.0718 3340  Deinitialize success
     

    step-2/OTL SCAN

    OTL logfile created on: 8/25/2013 6:12:15 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Rad\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1.87 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 70.07% Memory free
    3.04 Gb Paging File | 2.56 Gb Available in Paging File | 84.14% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 78.13 Gb Total Space | 53.42 Gb Free Space | 68.38% Space Free | Partition Type: NTFS
     
    Computer Name: RICH-WINXP | User Name: Rad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2013/08/25 16:16:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rad\desktop\OTL.exe
    PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/05/18 02:22:53 | 000,099,896 | ---- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
    PRC - [2010/10/25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2010/05/11 15:58:04 | 000,247,352 | ---- | M] (HP) -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
    PRC - [2009/06/03 13:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/05/10 09:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2013/08/17 13:21:15 | 002,094,592 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13081701\algo.dll
    MOD - [2013/04/18 19:34:20 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\fa9929dcc1c9d46855b03a6931fa5c74\System.Web.ni.dll
    MOD - [2013/04/18 19:32:07 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9b7981233fae522d6d15b26024cc28f6\System.Windows.Forms.ni.dll
    MOD - [2013/04/18 19:28:16 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    MOD - [2013/04/18 19:28:14 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2012/09/12 15:32:08 | 000,088,688 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
    MOD - [2012/05/29 03:01:22 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
    MOD - [2012/05/29 00:29:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
    MOD - [2012/05/29 00:29:13 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
    MOD - [2012/05/29 00:25:18 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
    MOD - [2012/05/29 00:24:51 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
    MOD - [2011/04/15 12:14:14 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\m1210nwia.dll
    MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
    MOD - [2010/03/31 11:50:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HPM1210PP.dll
    MOD - [2010/03/31 11:50:12 | 000,167,936 | ---- | M] () -- C:\WINDOWS\system32\HPM1210LM.DLL
    MOD - [2007/03/16 18:10:38 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013/08/16 00:20:28 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/05/18 02:22:53 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
    SRV - [2010/05/11 15:58:04 | 000,247,352 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe -- (HPM1210RcvFaxSrvc)
    SRV - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\RTL8192su.sys -- (RTL8192su)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{557CD899-56F0-4919-85B9-F3E8DA6B923C}\MpKslf16279bf.sys -- (MpKslf16279bf)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F3B2D5FB-BEB9-4493-8A74-82623263300B}\MpKsl510e1b10.sys -- (MpKsl510e1b10)
    DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
    DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rad\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2013/08/14 18:25:27 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2013/08/14 18:25:27 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2013/08/14 18:25:27 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2013/05/09 04:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2013/02/11 20:32:23 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (usb_rndis)
    DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
    DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2007/03/16 18:10:46 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2006/11/14 23:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2006/10/11 20:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2006/09/13 17:41:46 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atiide.sys -- (atiide)
    DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
    DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
     
     
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
     
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
     
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?tab%3Dlm&scc=1&ltmpl=default&ltmplcache=2
    IE - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\..\SearchScopes,DefaultScope = {E8DE2BB6-C49A-4DDF-B644-58AB366D48BC}
    IE - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\..\SearchScopes\{E8DE2BB6-C49A-4DDF-B644-58AB366D48BC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    IE - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.startup.homepage: "https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
    FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/11/02 19:09:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF [2013/08/13 18:10:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/16 00:20:19 | 000,000,000 | ---D | M]
     
    [2011/05/06 21:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rad\Application Data\Mozilla\Extensions
    [2011/12/17 20:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rad\Application Data\Mozilla\Firefox\Profiles\p50y2xxk.default\extensions
    [2011/07/21 00:35:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rad\Application Data\Mozilla\Firefox\Profiles\p50y2xxk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2013/08/16 00:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/08/16 00:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/08/16 00:20:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2012/03/05 20:27:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
     
    O1 HOSTS File: ([2013/08/13 15:58:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
    O4 - HKU\S-1-5-21-1801674531-1770027372-725345543-1004..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O15 - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\..Trusted Domains: google.com ([www] https in Trusted sites)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1303493186326 (WUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Rad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/04/21 16:47:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    NetSvcs: 6to4 -  File not found
    NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    NetSvcs: Ias -  File not found
    NetSvcs: Iprip -  File not found
    NetSvcs: Irmon -  File not found
    NetSvcs: NWCWorkstation -  File not found
    NetSvcs: Nwsapagent -  File not found
    NetSvcs: WmdmPmSp -  File not found
     
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 0
     
    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2013/08/25 18:04:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rad\Desktop\OTL.exe
    [2013/08/25 17:18:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2013/08/20 14:46:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rad\Desktop\KasperskyTDSSKillerPortable
    [2013/08/20 14:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rad\Local Settings\Application Data\NPE
    [2013/08/20 14:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rad\Desktop\RK_Quarantine
    [2013/08/20 14:34:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2013/08/20 14:24:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rad\My Documents\My Videos
    [2013/08/17 21:25:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2013/08/16 00:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
    [2013/08/16 00:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/08/14 18:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2013/08/14 17:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rad\Desktop\AdwCleaner
    [2013/08/14 17:35:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2013/08/14 17:20:40 | 001,158,897 | ---- | C] (Thisisu) -- C:\Documents and Settings\Rad\Desktop\JRT.exe
    [2013/08/14 15:21:30 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/08/13 18:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2013/08/13 17:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2013/08/13 17:46:46 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2013/08/13 17:46:45 | 000,369,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2013/08/13 17:46:43 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2013/08/13 17:46:42 | 000,770,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2013/08/13 17:46:42 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2013/08/13 17:46:40 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
    [2013/08/13 17:46:39 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2013/08/13 17:46:22 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2013/08/13 17:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2013/08/13 17:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2013/08/13 16:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
    [2013/08/13 16:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    [2013/08/13 15:49:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2013/08/13 15:49:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2013/08/13 15:49:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2013/08/13 15:49:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2013/08/13 15:44:52 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/08/13 15:44:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
    [2013/08/13 15:44:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2013/08/13 15:34:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2013/08/12 14:38:36 | 002,986,440 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Rad\Desktop\NPE.exe
    [2013/08/12 14:24:55 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rad\Desktop\tdsskiller.exe
    [2013/08/12 14:20:56 | 000,331,504 | ---- | C] (PortableApps.com) -- C:\Documents and Settings\Rad\Desktop\KasperskyTDSSKillerPortable_2.8.16_English_online.paf.exe
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2013/08/25 18:12:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/08/25 18:09:53 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
    [2013/08/25 18:09:47 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/08/25 18:09:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/08/25 16:16:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rad\Desktop\OTL.exe
    [2013/08/24 19:26:57 | 000,506,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/08/24 19:26:57 | 000,090,864 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/08/24 19:22:47 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/08/20 14:24:15 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Rad\Desktop\Shortcut to ComboFix.exe.lnk
    [2013/08/17 21:25:09 | 000,000,360 | RHS- | M] () -- C:\boot.ini
    [2013/08/16 02:26:26 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/08/16 02:21:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/08/14 18:25:27 | 000,770,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2013/08/14 18:25:27 | 000,369,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2013/08/14 18:25:27 | 000,175,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2013/08/14 18:25:27 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
    [2013/08/14 18:25:27 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
    [2013/08/14 18:25:27 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
    [2013/08/14 17:20:40 | 001,158,897 | ---- | M] (Thisisu) -- C:\Documents and Settings\Rad\Desktop\JRT.exe
    [2013/08/14 00:20:16 | 000,000,250 | ---- | M] () -- C:\Boot.bak
    [2013/08/13 18:12:59 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2013/08/13 18:12:36 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2013/08/13 17:31:25 | 000,915,968 | ---- | M] () -- C:\Documents and Settings\Rad\Desktop\RogueKiller.exe
    [2013/08/13 17:11:48 | 000,000,139 | ---- | M] () -- C:\Documents and Settings\Rad\Desktop\rk-proxy.reg
    [2013/08/13 15:58:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2013/08/12 14:38:28 | 002,986,440 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Rad\Desktop\NPE.exe
    [2013/08/12 14:24:38 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rad\Desktop\tdsskiller.exe
    [2013/08/12 14:20:16 | 000,331,504 | ---- | M] (PortableApps.com) -- C:\Documents and Settings\Rad\Desktop\KasperskyTDSSKillerPortable_2.8.16_English_online.paf.exe
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2013/08/20 14:12:41 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Rad\Desktop\Shortcut to ComboFix.exe.lnk
    [2013/08/17 21:25:09 | 000,000,250 | ---- | C] () -- C:\Boot.bak
    [2013/08/17 21:25:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2013/08/13 17:46:54 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
    [2013/08/13 17:46:54 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
    [2013/08/13 17:46:54 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
    [2013/08/13 17:46:51 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/08/13 17:46:46 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2013/08/13 17:46:42 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2013/08/13 17:46:41 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2013/08/13 17:46:40 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/08/13 17:31:24 | 000,915,968 | ---- | C] () -- C:\Documents and Settings\Rad\Desktop\RogueKiller.exe
    [2013/08/13 17:11:48 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Rad\Desktop\rk-proxy.reg
    [2013/08/13 15:49:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2013/08/13 15:49:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2013/08/13 15:49:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2013/08/13 15:49:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2013/08/13 15:49:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2013/03/21 00:38:31 | 000,088,688 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2013/01/30 13:16:20 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\HPM1210SM.exe
    [2013/01/30 13:16:20 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\HPM1210LM.DLL
    [2013/01/30 13:15:04 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\m1210nwia.dll
    [2013/01/30 13:15:04 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\m1210wia.dll
    [2013/01/30 13:15:04 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\HPM1210SMs.dll
    [2013/01/30 12:38:50 | 000,284,672 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.DLL
    [2012/06/15 14:08:39 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
    [2012/06/15 14:08:39 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
    [2012/06/15 14:08:05 | 000,000,904 | ---- | C] () -- C:\WINDOWS\winpoint.ini
    [2012/06/15 13:59:34 | 000,000,124 | ---- | C] () -- C:\WINDOWS\netsetup.ini
    [2012/05/29 00:05:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/05/06 19:28:22 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2011/11/16 16:30:21 | 000,002,651 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
    [2011/11/16 16:30:17 | 000,000,256 | R--- | C] () -- C:\WINDOWS\System32\brmsl05f.bin
    [2011/08/31 13:22:42 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2011/08/19 00:52:03 | 000,015,612 | -HS- | C] () -- C:\Documents and Settings\Rad\Local Settings\Application Data\qu2xk58mwq25038gr4t27u0h267r5s515081x3p0a1itv
    [2011/08/19 00:52:03 | 000,015,612 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qu2xk58mwq25038gr4t27u0h267r5s515081x3p0a1itv
     
    ========== ZeroAccess Check ==========
     
    [2011/04/22 16:48:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    ========== LOP Check ==========
     
    [2013/08/16 00:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GlarySoft
    [2006/05/25 00:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
    [2013/08/13 18:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/04/22 17:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
    [2011/04/22 17:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
    [2011/11/02 19:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2011/04/22 17:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2012/06/15 14:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rad\Application Data\Calyx Software
    [2013/03/29 12:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rad\Application Data\Foxit Software
    [2012/02/03 15:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rad\Application Data\GlarySoft
    [2011/07/20 23:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rad\Application Data\OpenOffice.org
    [2013/04/29 16:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rad\Application Data\pchc
    [2013/07/15 18:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rad\Application Data\PrimoPDF
     
    ========== Purity Check ==========
     
     
     
    ========== Custom Scans ==========
     
    < %SYSTEMDRIVE%\*.* >
    [2011/04/21 16:47:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2013/08/14 00:20:16 | 000,000,250 | ---- | M] () -- C:\Boot.bak
    [2013/08/17 21:25:09 | 000,000,360 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2013/08/20 14:34:33 | 000,010,421 | ---- | M] () -- C:\ComboFix.txt
    [2011/04/21 16:47:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/04/21 16:47:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/04/21 16:47:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2001/08/18 08:00:00 | 000,024,448 | RHS- | M] (Microsoft Corporation) -- C:\NTBOOTDD.SYS
    [2011/04/22 15:21:52 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2006/05/25 00:17:51 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2013/08/25 18:09:32 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
    [2013/08/24 19:24:46 | 000,000,409 | ---- | M] () -- C:\rkill.log
    [2013/08/13 15:36:23 | 000,080,308 | ---- | M] () -- C:\TDSSKiller.2.8.18.0_13.08.2013_15.30.56_log.txt
    [2013/08/13 16:47:08 | 000,003,438 | ---- | M] () -- C:\TDSSKiller.2.8.18.0_13.08.2013_16.46.31_log.txt
    [2013/08/13 16:53:25 | 000,172,734 | ---- | M] () -- C:\TDSSKiller.2.8.18.0_13.08.2013_16.51.10_log.txt
    [2013/08/13 16:59:34 | 000,186,398 | ---- | M] () -- C:\TDSSKiller.2.8.18.0_13.08.2013_16.56.20_log.txt
    [2013/08/13 23:35:19 | 000,003,438 | ---- | M] () -- C:\TDSSKiller.2.8.18.0_13.08.2013_23.34.52_log.txt
    [2013/08/13 23:42:04 | 000,174,916 | ---- | M] () -- C:\TDSSKiller.2.8.18.0_13.08.2013_23.37.46_log.txt
    [2013/08/13 23:45:18 | 000,003,500 | ---- | M] () -- C:\TDSSKiller.2.8.18.0_13.08.2013_23.45.03_log.txt
    [2013/08/18 01:43:21 | 000,003,438 | ---- | M] () -- C:\TDSSKiller.2.8.18.0_18.08.2013_01.42.54_log.txt
    [2013/08/18 01:59:38 | 000,178,156 | ---- | M] () -- C:\TDSSKiller.2.8.18.0_18.08.2013_01.45.24_log.txt
    [2013/08/20 14:01:37 | 000,082,492 | ---- | M] () -- C:\TDSSKiller.2.8.18.0_20.08.2013_13.54.22_log.txt
    [2013/08/20 14:14:58 | 000,003,412 | ---- | M] () -- C:\TDSSKiller.2.8.18.0_20.08.2013_14.14.08_log.txt
    [2013/08/20 14:19:53 | 000,264,474 | ---- | M] () -- C:\TDSSKiller.2.8.18.0_20.08.2013_14.16.57_log.txt
    [2013/08/20 14:47:19 | 000,003,396 | ---- | M] () -- C:\TDSSKiller.2.8.18.0_20.08.2013_14.47.01_log.txt
    [2013/08/20 14:53:26 | 000,331,332 | ---- | M] () -- C:\TDSSKiller.2.8.18.0_20.08.2013_14.51.51_log.txt
    [2013/08/25 18:03:48 | 000,080,762 | ---- | M] () -- C:\TDSSKiller.2.8.18.0_25.08.2013_18.00.50_log.txt
     
    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2010/03/31 11:50:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\HPM1210PP.dll
     
    < %systemroot%\*. /mp /s >
     
    < %systemroot%\system32\*.sys /90 >
    [2013/06/03 21:40:45 | 001,876,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
     
    < %systemroot%\system32\*.dll /lockedfiles >
     
    < %systemroot%\Tasks\*.job /lockedfiles >
     
    < %systemroot%\system32\drivers\*.sys /lockedfiles >
     
    < %systemroot%\system32\*.exe /lockedfiles >
     
    < %systemroot%\System32\config\*.sav >
    [2006/05/28 11:25:25 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2006/05/28 11:25:25 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2006/05/28 11:25:25 | 000,409,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
     
    < %PROGRAMFILES%\* >
    [2011/04/22 16:37:00 | 000,059,392 | ---- | M] () -- C:\Program Files\windows installer 3.1 EULA.doc
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
     
    < %USERPROFILE%\..|smtmp;true;true;true /FP  >
     
    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
     
    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/08/16 00:20:24 | 000,869,624 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/08/16 00:20:24 | 000,869,624 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/08/16 00:20:24 | 000,869,624 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/08/16 00:20:29 | 000,276,376 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/08/16 00:20:29 | 000,276,376 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/08/16 00:20:29 | 000,276,376 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/03/01 21:08:48 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/03/01 21:08:48 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/03/01 21:08:48 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
     
    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/08/16 00:20:24 | 000,869,624 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/08/16 00:20:24 | 000,869,624 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/08/16 00:20:24 | 000,869,624 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/08/16 00:20:29 | 000,276,376 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/08/16 00:20:29 | 000,276,376 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/08/16 00:20:29 | 000,276,376 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/03/01 21:08:48 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/03/01 21:08:48 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/03/01 21:08:48 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

    < End of report >
     

    etavares, I thought you should know, before I posted my issue I had run several various scans. I hope this does not ruin your fix process. Thanks again!!



    #5 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:19 PM

    Posted 25 August 2013 - 06:56 PM

    Hi,

     

    Alureon is still present.  Please run TDSS Killer again.  When it finds TDSS File System, select "Cure" and post the resulting log.

     

    -etavares



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #6 ZSnapper

    ZSnapper
    • Topic Starter

    • Members
    • 49 posts
    • OFFLINE
    •  
    • Local time:02:19 PM

    Posted 25 August 2013 - 07:43 PM

    As the TDSS was deleting the file, Avast popped up with a warning that a threat was identified. It didn't stay up long enough for me to read the entire file name it had found. Here is the 2nd TDSS scan log. Thanks!

     

    20:30:43.0984 3888  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
    20:30:44.0062 3888  ============================================================
    20:30:44.0062 3888  Current date / time: 2013/08/25 20:30:44.0062
    20:30:44.0062 3888  SystemInfo:
    20:30:44.0062 3888  
    20:30:44.0062 3888  OS Version: 5.1.2600 ServicePack: 3.0
    20:30:44.0062 3888  Product type: Workstation
    20:30:44.0062 3888  ComputerName: RICH-WINXP
    20:30:44.0062 3888  UserName: Rad
    20:30:44.0062 3888  Windows directory: C:\WINDOWS
    20:30:44.0062 3888  System windows directory: C:\WINDOWS
    20:30:44.0062 3888  Processor architecture: Intel x86
    20:30:44.0062 3888  Number of processors: 2
    20:30:44.0062 3888  Page size: 0x1000
    20:30:44.0062 3888  Boot type: Normal boot
    20:30:44.0062 3888  ============================================================
    20:30:49.0953 3888  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    20:30:49.0984 3888  ============================================================
    20:30:49.0984 3888  \Device\Harddisk0\DR0:
    20:30:50.0000 3888  MBR partitions:
    20:30:50.0000 3888  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
    20:30:50.0000 3888  ============================================================
    20:30:50.0109 3888  C: <-> \Device\Harddisk0\DR0\Partition1
    20:30:50.0109 3888  ============================================================
    20:30:50.0109 3888  Initialize success
    20:30:50.0109 3888  ============================================================
    20:30:58.0578 3940  ============================================================
    20:30:58.0578 3940  Scan started
    20:30:58.0578 3940  Mode: Manual; SigCheck; TDLFS;
    20:30:58.0578 3940  ============================================================
    20:30:59.0187 3940  ================ Scan system memory ========================
    20:30:59.0187 3940  System memory - ok
    20:30:59.0187 3940  ================ Scan services =============================
    20:30:59.0281 3940  Abiosdsk - ok
    20:30:59.0281 3940  abp480n5 - ok
    20:30:59.0343 3940  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
    20:31:00.0984 3940  ACPI - ok
    20:31:01.0000 3940  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    20:31:01.0187 3940  ACPIEC - ok
    20:31:01.0203 3940  adpu160m - ok
    20:31:01.0234 3940  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
    20:31:01.0437 3940  aec - ok
    20:31:01.0468 3940  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
    20:31:01.0515 3940  AFD - ok
    20:31:01.0515 3940  Aha154x - ok
    20:31:01.0531 3940  aic78u2 - ok
    20:31:01.0531 3940  aic78xx - ok
    20:31:01.0562 3940  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
    20:31:01.0734 3940  Alerter - ok
    20:31:01.0750 3940  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
    20:31:01.0843 3940  ALG - ok
    20:31:01.0859 3940  AliIde - ok
    20:31:01.0859 3940  amsint - ok
    20:31:01.0859 3940  AppMgmt - ok
    20:31:01.0875 3940  asc - ok
    20:31:01.0875 3940  asc3350p - ok
    20:31:01.0890 3940  asc3550 - ok
    20:31:01.0968 3940  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    20:31:02.0000 3940  aspnet_state - ok
    20:31:02.0015 3940  [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
    20:31:02.0078 3940  aswFsBlk - ok
    20:31:02.0125 3940  [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
    20:31:02.0140 3940  aswMonFlt - ok
    20:31:02.0171 3940  [ 7B43265F92257A21CBFD88E7A651044C ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
    20:31:02.0187 3940  AswRdr - ok
    20:31:02.0203 3940  [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
    20:31:02.0234 3940  aswRvrt - ok
    20:31:02.0250 3940  [ CCD565A8A72AF7D45F9A242013870926 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
    20:31:02.0296 3940  aswSnx - ok
    20:31:02.0328 3940  [ 937300BC7C4CDF7576BCCE44E19BBB9D ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
    20:31:02.0375 3940  aswSP - ok
    20:31:02.0390 3940  [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
    20:31:02.0421 3940  aswTdi - ok
    20:31:02.0421 3940  [ 8CFAA2B965773A653F48F1207A9CB9C4 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
    20:31:02.0453 3940  aswVmm - ok
    20:31:02.0484 3940  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    20:31:02.0656 3940  AsyncMac - ok
    20:31:02.0687 3940  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
    20:31:02.0859 3940  atapi - ok
    20:31:02.0875 3940  Atdisk - ok
    20:31:02.0937 3940  [ 8BB6A2488A93259FDDC18D040008C1A4 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
    20:31:02.0984 3940  Ati HotKey Poller - ok
    20:31:03.0046 3940  [ E78B73EB84C257D0D940E041742D2699 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    20:31:03.0125 3940  ati2mtag - ok
    20:31:03.0140 3940  [ 1842B56B3D3F195C36F62708D266B95E ] atiide          C:\WINDOWS\system32\DRIVERS\atiide.sys
    20:31:03.0171 3940  atiide - ok
    20:31:03.0203 3940  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    20:31:03.0359 3940  Atmarpc - ok
    20:31:03.0406 3940  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
    20:31:03.0593 3940  AudioSrv - ok
    20:31:03.0609 3940  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
    20:31:03.0765 3940  audstub - ok
    20:31:03.0843 3940  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    20:31:03.0859 3940  avast! Antivirus - ok
    20:31:03.0921 3940  [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    20:31:03.0968 3940  BCM43XX - ok
    20:31:03.0968 3940  bcm4sbxp - ok
    20:31:04.0015 3940  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
    20:31:04.0203 3940  Beep - ok
    20:31:04.0234 3940  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
    20:31:04.0453 3940  BITS - ok
    20:31:04.0500 3940  [ 4BA311473E0D8557827E6F2FE33A8095 ] brfilt          C:\WINDOWS\system32\Drivers\Brfilt.sys
    20:31:04.0687 3940  brfilt - ok
    20:31:04.0734 3940  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
    20:31:04.0781 3940  Browser - ok
    20:31:04.0812 3940  [ 8E06CD96E00472C03770A697D04031C0 ] BrSerWDM        C:\WINDOWS\system32\Drivers\BrSerWdm.sys
    20:31:05.0015 3940  BrSerWDM - ok
    20:31:05.0062 3940  [ 1C5F014048E5B2748C1A8AD297C50B6F ] BrUsbScn        C:\WINDOWS\system32\Drivers\BrUsbScn.sys
    20:31:05.0234 3940  BrUsbScn - ok
    20:31:05.0421 3940  catchme - ok
    20:31:05.0437 3940  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
    20:31:05.0640 3940  cbidf2k - ok
    20:31:05.0656 3940  cd20xrnt - ok
    20:31:05.0671 3940  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
    20:31:05.0859 3940  Cdaudio - ok
    20:31:05.0906 3940  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
    20:31:06.0093 3940  Cdfs - ok
    20:31:06.0109 3940  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
    20:31:06.0296 3940  Cdrom - ok
    20:31:06.0312 3940  Changer - ok
    20:31:06.0343 3940  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc           C:\WINDOWS\system32\cisvc.exe
    20:31:06.0500 3940  cisvc - ok
    20:31:06.0531 3940  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
    20:31:06.0703 3940  ClipSrv - ok
    20:31:06.0734 3940  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:31:06.0750 3940  clr_optimization_v2.0.50727_32 - ok
    20:31:06.0843 3940  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    20:31:06.0875 3940  clr_optimization_v4.0.30319_32 - ok
    20:31:06.0875 3940  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    20:31:07.0046 3940  CmBatt - ok
    20:31:07.0046 3940  CmdIde - ok
    20:31:07.0062 3940  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
    20:31:07.0234 3940  Compbatt - ok
    20:31:07.0250 3940  COMSysApp - ok
    20:31:07.0265 3940  Cpqarray - ok
    20:31:07.0296 3940  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
    20:31:07.0484 3940  CryptSvc - ok
    20:31:07.0484 3940  dac2w2k - ok
    20:31:07.0500 3940  dac960nt - ok
    20:31:07.0546 3940  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
    20:31:07.0578 3940  DcomLaunch - ok
    20:31:07.0609 3940  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
    20:31:07.0781 3940  Dhcp - ok
    20:31:07.0796 3940  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
    20:31:07.0968 3940  Disk - ok
    20:31:07.0968 3940  dmadmin - ok
    20:31:08.0015 3940  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
    20:31:08.0250 3940  dmboot - ok
    20:31:08.0265 3940  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
    20:31:08.0437 3940  dmio - ok
    20:31:08.0453 3940  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
    20:31:08.0625 3940  dmload - ok
    20:31:08.0656 3940  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
    20:31:08.0828 3940  dmserver - ok
    20:31:08.0859 3940  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
    20:31:09.0062 3940  DMusic - ok
    20:31:09.0093 3940  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
    20:31:09.0156 3940  Dnscache - ok
    20:31:09.0203 3940  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
    20:31:09.0375 3940  Dot3svc - ok
    20:31:09.0390 3940  dpti2o - ok
    20:31:09.0421 3940  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
    20:31:09.0625 3940  drmkaud - ok
    20:31:09.0656 3940  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
    20:31:09.0968 3940  EapHost - ok
    20:31:10.0000 3940  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
    20:31:10.0203 3940  ERSvc - ok
    20:31:10.0234 3940  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
    20:31:10.0281 3940  Eventlog - ok
    20:31:10.0296 3940  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
    20:31:10.0328 3940  EventSystem - ok
    20:31:10.0390 3940  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
    20:31:10.0562 3940  Fastfat - ok
    20:31:10.0593 3940  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    20:31:10.0625 3940  FastUserSwitchingCompatibility - ok
    20:31:10.0656 3940  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
    20:31:10.0812 3940  Fdc - ok
    20:31:10.0828 3940  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
    20:31:11.0000 3940  Fips - ok
    20:31:11.0015 3940  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
    20:31:11.0171 3940  Flpydisk - ok
    20:31:11.0218 3940  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
    20:31:11.0406 3940  FltMgr - ok
    20:31:11.0468 3940  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    20:31:11.0484 3940  FontCache3.0.0.0 - ok
    20:31:11.0500 3940  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
    20:31:11.0671 3940  Fs_Rec - ok
    20:31:11.0703 3940  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    20:31:11.0859 3940  Ftdisk - ok
    20:31:11.0859 3940  GMSIPCI - ok
    20:31:11.0906 3940  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
    20:31:12.0093 3940  Gpc - ok
    20:31:12.0187 3940  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
    20:31:12.0203 3940  gupdate - ok
    20:31:12.0218 3940  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
    20:31:12.0234 3940  gupdatem - ok
    20:31:12.0281 3940  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    20:31:12.0437 3940  HDAudBus - ok
    20:31:12.0515 3940  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    20:31:12.0703 3940  helpsvc - ok
    20:31:12.0734 3940  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
    20:31:12.0921 3940  HidServ - ok
    20:31:12.0953 3940  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
    20:31:13.0125 3940  HidUsb - ok
    20:31:13.0156 3940  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
    20:31:13.0343 3940  hkmsvc - ok
    20:31:13.0359 3940  [ 1451AB76D18AF31D9BE3176FC90F58D1 ] HPM1210RcvFaxSrvc C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
    20:31:13.0390 3940  HPM1210RcvFaxSrvc - ok
    20:31:13.0390 3940  hpn - ok
    20:31:13.0421 3940  [ 1D387C1F30296D3A24205CC2D09C6926 ] HPSIService     C:\WINDOWS\system32\HPSIsvc.exe
    20:31:13.0437 3940  HPSIService - ok
    20:31:13.0453 3940  hpt3xx - ok
    20:31:13.0500 3940  [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
    20:31:13.0546 3940  HSF_DPV - ok
    20:31:13.0578 3940  [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL        C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
    20:31:13.0609 3940  HSXHWAZL - ok
    20:31:13.0656 3940  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
    20:31:13.0687 3940  HTTP - ok
    20:31:13.0734 3940  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
    20:31:13.0937 3940  HTTPFilter - ok
    20:31:13.0937 3940  i2omgmt - ok
    20:31:13.0953 3940  i2omp - ok
    20:31:13.0984 3940  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    20:31:14.0171 3940  i8042prt - ok
    20:31:14.0265 3940  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    20:31:14.0375 3940  idsvc - ok
    20:31:14.0406 3940  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
    20:31:14.0593 3940  Imapi - ok
    20:31:14.0640 3940  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
    20:31:14.0796 3940  ImapiService - ok
    20:31:14.0796 3940  ini910u - ok
    20:31:14.0812 3940  IntelIde - ok
    20:31:14.0843 3940  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
    20:31:15.0078 3940  ip6fw - ok
    20:31:15.0078 3940  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    20:31:15.0406 3940  IpFilterDriver - ok
    20:31:15.0437 3940  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
    20:31:15.0593 3940  IpInIp - ok
    20:31:15.0625 3940  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
    20:31:15.0796 3940  IpNat - ok
    20:31:15.0812 3940  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
    20:31:15.0984 3940  IPSec - ok
    20:31:16.0000 3940  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
    20:31:16.0062 3940  IRENUM - ok
    20:31:16.0109 3940  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
    20:31:16.0281 3940  isapnp - ok
    20:31:16.0312 3940  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    20:31:16.0500 3940  Kbdclass - ok
    20:31:16.0531 3940  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
    20:31:16.0687 3940  kmixer - ok
    20:31:16.0718 3940  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
    20:31:16.0734 3940  KSecDD - ok
    20:31:16.0781 3940  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
    20:31:16.0796 3940  lanmanserver - ok
    20:31:16.0812 3940  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    20:31:16.0843 3940  lanmanworkstation - ok
    20:31:16.0843 3940  lbrtfdc - ok
    20:31:16.0875 3940  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
    20:31:17.0062 3940  LmHosts - ok
    20:31:17.0078 3940  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
    20:31:17.0109 3940  MBAMProtector - ok
    20:31:17.0156 3940  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    20:31:17.0187 3940  MBAMScheduler - ok
    20:31:17.0234 3940  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    20:31:17.0281 3940  MBAMService - ok
    20:31:17.0296 3940  [ E246A32C445056996074A397DA56E815 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    20:31:17.0343 3940  mdmxsdk - ok
    20:31:17.0359 3940  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
    20:31:17.0546 3940  Messenger - ok
    20:31:17.0578 3940  [ A7DA20AB18A1BDAE28B0F349E57DA0D1 ] mf              C:\WINDOWS\system32\DRIVERS\mf.sys
    20:31:17.0734 3940  mf - ok
    20:31:17.0781 3940  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
    20:31:17.0953 3940  mnmdd - ok
    20:31:17.0984 3940  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
    20:31:18.0187 3940  mnmsrvc - ok
    20:31:18.0218 3940  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
    20:31:18.0375 3940  Modem - ok
    20:31:18.0406 3940  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
    20:31:18.0578 3940  Mouclass - ok
    20:31:18.0609 3940  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
    20:31:18.0781 3940  mouhid - ok
    20:31:18.0796 3940  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
    20:31:18.0968 3940  MountMgr - ok
    20:31:19.0031 3940  [ E6DB6C61739E18906DC2C4191F6EDEA2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    20:31:19.0046 3940  MozillaMaintenance - ok
    20:31:19.0093 3940  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    20:31:19.0156 3940  MpFilter - ok
    20:31:19.0234 3940  MpKsl510e1b10 - ok
    20:31:19.0234 3940  MpKslf16279bf - ok
    20:31:19.0234 3940  mraid35x - ok
    20:31:19.0250 3940  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    20:31:19.0406 3940  MRxDAV - ok
    20:31:19.0500 3940  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    20:31:19.0625 3940  MRxSmb - ok
    20:31:19.0671 3940  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
    20:31:19.0890 3940  MSDTC - ok
    20:31:19.0921 3940  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
    20:31:20.0109 3940  Msfs - ok
    20:31:20.0109 3940  MSIServer - ok
    20:31:20.0140 3940  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
    20:31:20.0343 3940  MSKSSRV - ok
    20:31:20.0625 3940  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
    20:31:20.0984 3940  MsMpSvc - ok
    20:31:21.0000 3940  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    20:31:21.0203 3940  MSPCLOCK - ok
    20:31:21.0218 3940  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
    20:31:21.0421 3940  MSPQM - ok
    20:31:21.0468 3940  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    20:31:21.0640 3940  mssmbios - ok
    20:31:21.0687 3940  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
    20:31:21.0734 3940  Mup - ok
    20:31:21.0765 3940  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
    20:31:21.0953 3940  napagent - ok
    20:31:22.0000 3940  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
    20:31:22.0171 3940  NDIS - ok
    20:31:22.0203 3940  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    20:31:22.0218 3940  NdisTapi - ok
    20:31:22.0250 3940  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    20:31:22.0437 3940  Ndisuio - ok
    20:31:22.0437 3940  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    20:31:22.0609 3940  NdisWan - ok
    20:31:22.0625 3940  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
    20:31:22.0656 3940  NDProxy - ok
    20:31:22.0656 3940  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
    20:31:22.0828 3940  NetBIOS - ok
    20:31:22.0843 3940  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
    20:31:23.0031 3940  NetBT - ok
    20:31:23.0062 3940  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
    20:31:23.0234 3940  NetDDE - ok
    20:31:23.0234 3940  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
    20:31:23.0406 3940  NetDDEdsdm - ok
    20:31:23.0437 3940  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
    20:31:23.0609 3940  Netlogon - ok
    20:31:23.0625 3940  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
    20:31:23.0796 3940  Netman - ok
    20:31:23.0828 3940  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    20:31:23.0859 3940  NetTcpPortSharing - ok
    20:31:23.0890 3940  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
    20:31:23.0921 3940  Nla - ok
    20:31:23.0921 3940  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
    20:31:24.0109 3940  Npfs - ok
    20:31:24.0156 3940  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
    20:31:24.0343 3940  Ntfs - ok
    20:31:24.0359 3940  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
    20:31:24.0546 3940  NtLmSsp - ok
    20:31:24.0562 3940  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
    20:31:24.0734 3940  NtmsSvc - ok
    20:31:24.0765 3940  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
    20:31:24.0921 3940  Null - ok
    20:31:24.0953 3940  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    20:31:25.0156 3940  NwlnkFlt - ok
    20:31:25.0171 3940  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    20:31:25.0312 3940  NwlnkFwd - ok
    20:31:25.0375 3940  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    20:31:25.0421 3940  odserv - ok
    20:31:25.0453 3940  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    20:31:25.0484 3940  ose - ok
    20:31:25.0515 3940  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
    20:31:25.0718 3940  Parport - ok
    20:31:25.0734 3940  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
    20:31:25.0906 3940  PartMgr - ok
    20:31:25.0937 3940  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
    20:31:26.0125 3940  ParVdm - ok
    20:31:26.0265 3940  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
    20:31:26.0484 3940  PCI - ok
    20:31:26.0484 3940  PCIDump - ok
    20:31:26.0500 3940  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
    20:31:26.0687 3940  PCIIde - ok
    20:31:26.0687 3940  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
    20:31:26.0859 3940  Pcmcia - ok
    20:31:26.0859 3940  PDCOMP - ok
    20:31:26.0859 3940  PDFRAME - ok
    20:31:26.0875 3940  PDRELI - ok
    20:31:26.0875 3940  PDRFRAME - ok
    20:31:26.0890 3940  perc2 - ok
    20:31:26.0890 3940  perc2hib - ok
    20:31:26.0937 3940  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
    20:31:26.0953 3940  PlugPlay - ok
    20:31:26.0968 3940  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
    20:31:27.0140 3940  PolicyAgent - ok
    20:31:27.0156 3940  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
    20:31:27.0328 3940  PptpMiniport - ok
    20:31:27.0359 3940  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
    20:31:27.0515 3940  Processor - ok
    20:31:27.0531 3940  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    20:31:27.0703 3940  ProtectedStorage - ok
    20:31:27.0718 3940  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
    20:31:27.0890 3940  PSched - ok
    20:31:27.0906 3940  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
    20:31:28.0093 3940  Ptilink - ok
    20:31:28.0093 3940  ql1080 - ok
    20:31:28.0109 3940  Ql10wnt - ok
    20:31:28.0109 3940  ql12160 - ok
    20:31:28.0125 3940  ql1240 - ok
    20:31:28.0125 3940  ql1280 - ok
    20:31:28.0156 3940  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
    20:31:28.0296 3940  RasAcd - ok
    20:31:28.0328 3940  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
    20:31:28.0500 3940  RasAuto - ok
    20:31:28.0500 3940  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    20:31:28.0671 3940  Rasl2tp - ok
    20:31:28.0718 3940  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
    20:31:28.0890 3940  RasMan - ok
    20:31:28.0890 3940  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    20:31:29.0062 3940  RasPppoe - ok
    20:31:29.0062 3940  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
    20:31:29.0218 3940  Raspti - ok
    20:31:29.0250 3940  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
    20:31:29.0437 3940  Rdbss - ok
    20:31:29.0437 3940  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    20:31:29.0609 3940  RDPCDD - ok
    20:31:29.0656 3940  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
    20:31:29.0671 3940  RDPWD - ok
    20:31:29.0718 3940  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
    20:31:29.0875 3940  RDSessMgr - ok
    20:31:29.0906 3940  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
    20:31:30.0093 3940  redbook - ok
    20:31:30.0109 3940  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
    20:31:30.0281 3940  RemoteAccess - ok
    20:31:30.0312 3940  [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
    20:31:30.0328 3940  rimmptsk - ok
    20:31:30.0343 3940  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
    20:31:30.0500 3940  RpcLocator - ok
    20:31:30.0531 3940  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
    20:31:30.0562 3940  RpcSs - ok
    20:31:30.0578 3940  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
    20:31:30.0765 3940  RSVP - ok
    20:31:30.0765 3940  RTL8192su - ok
    20:31:30.0828 3940  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
    20:31:31.0015 3940  SamSs - ok
    20:31:31.0015 3940  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
    20:31:31.0203 3940  SCardSvr - ok
    20:31:31.0265 3940  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
    20:31:31.0453 3940  Schedule - ok
    20:31:31.0468 3940  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
    20:31:31.0640 3940  sdbus - ok
    20:31:31.0671 3940  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
    20:31:31.0734 3940  Secdrv - ok
    20:31:31.0750 3940  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
    20:31:31.0921 3940  seclogon - ok
    20:31:31.0921 3940  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
    20:31:32.0109 3940  SENS - ok
    20:31:32.0125 3940  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
    20:31:32.0296 3940  Serial - ok
    20:31:32.0328 3940  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
    20:31:32.0531 3940  Sfloppy - ok
    20:31:32.0578 3940  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
    20:31:32.0765 3940  SharedAccess - ok
    20:31:32.0796 3940  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    20:31:32.0828 3940  ShellHWDetection - ok
    20:31:32.0828 3940  Simbad - ok
    20:31:32.0843 3940  Sparrow - ok
    20:31:32.0859 3940  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
    20:31:33.0015 3940  splitter - ok
    20:31:33.0031 3940  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
    20:31:33.0062 3940  Spooler - ok
    20:31:33.0109 3940  [ 777115C9CC675BD98127660712D2F784 ] sprtsvc_DellSupportCenter C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    20:31:33.0125 3940  sprtsvc_DellSupportCenter - ok
    20:31:33.0140 3940  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
    20:31:33.0218 3940  sr - ok
    20:31:33.0250 3940  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
    20:31:33.0328 3940  srservice - ok
    20:31:33.0343 3940  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
    20:31:33.0406 3940  Srv - ok
    20:31:33.0437 3940  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
    20:31:33.0546 3940  SSDPSRV - ok
    20:31:33.0609 3940  [ 951801DFB54D86F611F0AF47825476F9 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
    20:31:33.0687 3940  STHDA - ok
    20:31:33.0734 3940  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
    20:31:33.0859 3940  StillCam - ok
    20:31:33.0875 3940  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
    20:31:34.0078 3940  stisvc - ok
    20:31:34.0109 3940  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
    20:31:34.0281 3940  swenum - ok
    20:31:34.0296 3940  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
    20:31:34.0500 3940  swmidi - ok
    20:31:34.0500 3940  SwPrv - ok
    20:31:34.0515 3940  symc810 - ok
    20:31:34.0515 3940  symc8xx - ok
    20:31:34.0531 3940  sym_hi - ok
    20:31:34.0531 3940  sym_u3 - ok
    20:31:34.0562 3940  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
    20:31:34.0765 3940  sysaudio - ok
    20:31:34.0781 3940  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
    20:31:34.0968 3940  SysmonLog - ok
    20:31:35.0000 3940  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
    20:31:35.0140 3940  TapiSrv - ok
    20:31:35.0171 3940  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
    20:31:35.0234 3940  Tcpip - ok
    20:31:35.0265 3940  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
    20:31:35.0437 3940  TDPIPE - ok
    20:31:35.0468 3940  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
    20:31:35.0640 3940  TDTCP - ok
    20:31:35.0656 3940  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
    20:31:35.0843 3940  TermDD - ok
    20:31:35.0859 3940  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
    20:31:36.0015 3940  TermService - ok
    20:31:36.0031 3940  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
    20:31:36.0062 3940  Themes - ok
    20:31:36.0062 3940  TosIde - ok
    20:31:36.0078 3940  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
    20:31:36.0265 3940  TrkWks - ok
    20:31:36.0281 3940  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
    20:31:36.0453 3940  Udfs - ok
    20:31:36.0453 3940  UIUSys - ok
    20:31:36.0468 3940  ultra - ok
    20:31:36.0500 3940  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
    20:31:36.0671 3940  Update - ok
    20:31:36.0687 3940  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
    20:31:36.0765 3940  upnphost - ok
    20:31:36.0765 3940  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
    20:31:36.0921 3940  UPS - ok
    20:31:36.0937 3940  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    20:31:37.0125 3940  usbccgp - ok
    20:31:37.0140 3940  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
    20:31:37.0312 3940  usbehci - ok
    20:31:37.0312 3940  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
    20:31:37.0484 3940  usbhub - ok
    20:31:37.0500 3940  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
    20:31:37.0656 3940  usbohci - ok
    20:31:37.0671 3940  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
    20:31:37.0859 3940  usbprint - ok
    20:31:37.0875 3940  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    20:31:38.0046 3940  USBSTOR - ok
    20:31:38.0078 3940  [ 2A7A8AD9D39A2FAF9D9293B5DAFF3A4B ] usb_rndis       C:\WINDOWS\system32\DRIVERS\usb8023.sys
    20:31:38.0109 3940  usb_rndis - ok
    20:31:38.0125 3940  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
    20:31:38.0312 3940  VgaSave - ok
    20:31:38.0312 3940  ViaIde - ok
    20:31:38.0343 3940  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
    20:31:38.0484 3940  VolSnap - ok
    20:31:38.0515 3940  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
    20:31:38.0609 3940  VSS - ok
    20:31:38.0656 3940  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
    20:31:38.0859 3940  W32Time - ok
    20:31:38.0890 3940  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
    20:31:39.0062 3940  Wanarp - ok
    20:31:39.0078 3940  WDICA - ok
    20:31:39.0093 3940  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
    20:31:39.0250 3940  wdmaud - ok
    20:31:39.0281 3940  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
    20:31:39.0453 3940  WebClient - ok
    20:31:39.0500 3940  [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    20:31:39.0531 3940  winachsf - ok
    20:31:39.0609 3940  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
    20:31:39.0765 3940  winmgmt - ok
    20:31:39.0781 3940  wltrysvc - ok
    20:31:39.0828 3940  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
    20:31:40.0000 3940  WmdmPmSN - ok
    20:31:40.0031 3940  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    20:31:40.0187 3940  WmiAcpi - ok
    20:31:40.0218 3940  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
    20:31:40.0390 3940  WmiApSrv - ok
    20:31:40.0468 3940  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    20:31:40.0578 3940  WPFFontCache_v0400 - ok
    20:31:40.0609 3940  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
    20:31:40.0781 3940  WS2IFSL - ok
    20:31:40.0828 3940  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
    20:31:41.0015 3940  wscsvc - ok
    20:31:41.0062 3940  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
    20:31:41.0218 3940  wuauserv - ok
    20:31:41.0265 3940  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
    20:31:41.0484 3940  WZCSVC - ok
    20:31:41.0500 3940  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
    20:31:41.0671 3940  xmlprov - ok
    20:31:41.0687 3940  ================ Scan global ===============================
    20:31:41.0718 3940  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    20:31:41.0750 3940  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
    20:31:41.0781 3940  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
    20:31:41.0828 3940  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    20:31:41.0828 3940  [Global] - ok
    20:31:41.0828 3940  ================ Scan MBR ==================================
    20:31:41.0859 3940  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    20:31:42.0078 3940  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    20:31:42.0078 3940  \Device\Harddisk0\DR0 - detected TDSS File System (1)
    20:31:42.0078 3940  ================ Scan VBR ==================================
    20:31:42.0093 3940  [ 5495286D34D5ABBA1FDEB3D3A7045E85 ] \Device\Harddisk0\DR0\Partition1
    20:31:42.0093 3940  \Device\Harddisk0\DR0\Partition1 - ok
    20:31:42.0093 3940  ============================================================
    20:31:42.0093 3940  Scan finished
    20:31:42.0093 3940  ============================================================
    20:31:42.0203 3932  Detected object count: 1
    20:31:42.0203 3932  Actual detected object count: 1
    20:32:03.0859 3932  \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
    20:32:03.0968 3932  \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
    20:32:03.0984 3932  \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
    20:32:04.0015 3932  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    20:32:08.0484 3932  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    20:32:08.0484 3932  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    20:32:08.0687 3932  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    20:32:08.0812 3932  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    20:32:08.0921 3932  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    20:32:09.0062 3932  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    20:32:09.0218 3932  \Device\Harddisk0\DR0\TDLFS - deleted
    20:32:09.0218 3932  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
    20:33:10.0546 3484  Deinitialize success
     



    #7 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:19 PM

    Posted 25 August 2013 - 08:28 PM

    Hello, ZSnapper.
     
     
    Next, please download ComboFix from one of these locations:
    * IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
       
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  •    
  • Double click on etavaresCF.exe & follow the prompts.
  •    
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  •    
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
     
     
    RcAuto1.gif
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
     
    whatnext.png
     
    Click on Yes, to continue scanning for malware.
     
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.
     
    Note:  After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion."  If you receive this error, please reboot and it should disappear.
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #8 ZSnapper

    ZSnapper
    • Topic Starter

    • Members
    • 49 posts
    • OFFLINE
    •  
    • Local time:02:19 PM

    Posted 25 August 2013 - 09:20 PM

    Here ya go! really do appreciate your time & effort!

     

    ComboFix 13-08-25.01 - Rad 08/25/2013  22:08:36.5.2 - x86
    Running from: c:\documents and settings\Rad\Desktop\etavaresCF.exe
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-07-26 to 2013-08-26  )))))))))))))))))))))))))))))))
    .
    .
    2013-08-20 18:44 . 2013-08-20 18:45    --------    d-----w-    c:\documents and settings\Rad\Local Settings\Application Data\NPE
    2013-08-18 00:55 . 2013-08-18 00:55    --------    d-sh--w-    c:\documents and settings\Administrator\IECompatCache
    2013-08-16 06:10 . 2013-07-02 06:54    7143960    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{367E0488-D081-46F4-AE2F-84A1EFE5212C}\mpengine.dll
    2013-08-16 04:45 . 2013-08-16 04:45    --------    d-----w-    c:\documents and settings\All Users\Application Data\McAfee
    2013-08-16 04:27 . 2013-08-16 04:27    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
    2013-08-16 04:06 . 2013-08-16 04:06    --------    d-sh--w-    c:\documents and settings\Administrator\PrivacIE
    2013-08-16 04:00 . 2013-08-16 04:02    --------    d-----w-    c:\documents and settings\Administrator\Application Data\GlarySoft
    2013-08-14 22:21 . 2013-08-14 22:21    --------    d-----w-    c:\program files\ESET
    2013-08-14 22:19 . 2013-07-02 06:54    7143960    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-08-14 21:35 . 2013-08-14 21:35    --------    d-----w-    c:\windows\ERUNT
    2013-08-14 19:21 . 2013-08-14 19:21    --------    d-----w-    C:\FRST
    2013-08-13 21:45 . 2013-08-13 21:45    --------    d-----w-    c:\program files\AVAST Software
    2013-08-13 21:42 . 2013-08-13 22:06    --------    d-----w-    c:\documents and settings\All Users\Application Data\AVAST Software
    2013-08-13 20:59 . 2013-08-14 04:26    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\NPE
    2013-08-13 20:59 . 2013-08-13 20:59    --------    d-----w-    c:\documents and settings\All Users\Application Data\Norton
    2013-08-13 20:22 . 2013-08-13 20:39    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2013-08-13 19:34 . 2013-08-26 00:32    --------    d-----w-    C:\TDSSKiller_Quarantine
    2013-08-13 19:22 . 2013-08-13 19:22    --------    d-sh--w-    c:\documents and settings\Administrator\IETldCache
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-08-16 04:27 . 2011-08-18 19:25    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-06-04 07:23 . 2001-08-18 12:00    562688    ----a-w-    c:\windows\system32\qedit.dll
    2013-06-04 01:40 . 2001-08-18 12:00    1876736    ----a-w-    c:\windows\system32\win32k.sys
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-05-09 08:58    121968    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01473180.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45389891.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\61388366.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\82493209.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
    "1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
    "53:UDP"= 53:UDP:Realtek AP UDP Prot
    "9100:TCP"= 9100:TCP:Advanced TCP/IP Printer Port
    "427:TCP"= 427:TCP:Advanced TCP/IP SLP Port
    "161:TCP"= 161:TCP:Advanced TCP/IP SNMP Port
    .
    R1 MpKsl510e1b10;MpKsl510e1b10;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F3B2D5FB-BEB9-4493-8A74-82623263300B}\MpKsl510e1b10.sys [x]
    R1 MpKslf16279bf;MpKslf16279bf;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{557CD899-56F0-4919-85B9-F3E8DA6B923C}\MpKslf16279bf.sys [x]
    R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\Drivers\Brfilt.sys [2001-08-17 2944]
    R3 BrSerWDM;Brother Serial driver;c:\windows\system32\Drivers\BrSerWdm.sys [2001-08-17 60416]
    R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\Drivers\BrUsbScn.sys [2001-08-17 10368]
    R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
    S0 aswRvrt;aswRvrt; [x]
    S0 aswVmm;aswVmm; [x]
    S0 atiide;atiide;c:\windows\system32\DRIVERS\atiide.sys [2006-09-13 3456]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
    S2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2010-05-11 247352]
    S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-05-18 99896]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-08-26 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-13 08:58]
    .
    2013-08-26 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2012-02-03 23:33]
    .
    2013-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-08-13 21:46]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?tab%3Dlm&scc=1&ltmpl=default&ltmplcache=2
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: google.com\www
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\documents and settings\Rad\Application Data\Mozilla\Firefox\Profiles\p50y2xxk.default\
    FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2013-08-13 18:10; wrc@avast.com; c:\progra~1\AVASTS~1\Avast\WebRep\FF
    FF - ExtSQL: !HIDDEN! 2011-04-23 19:46; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-08-25 22:13
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...  
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...  
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(504)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\System32\BCMLogon.dll
    .
    - - - - - - - > 'explorer.exe'(3256)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    Completion time: 2013-08-25  22:14:49
    ComboFix-quarantined-files.txt  2013-08-26 02:14
    ComboFix2.txt  2013-08-20 18:34
    ComboFix3.txt  2013-08-18 01:32
    ComboFix4.txt  2013-08-14 03:53
    ComboFix5.txt  2013-08-26 02:03
    .
    Pre-Run: 57,002,946,560 bytes free
    Post-Run: 56,982,319,104 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=signature(83c583c5)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    signature(83c583c5)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
    [spybotsd]
    timeout.old=30
    .
    - - End Of File - - 349B371EF209984414B3ACB85F7DA7D8
    8F558EB6672622401DA993E1E865C861
     



    #9 ZSnapper

    ZSnapper
    • Topic Starter

    • Members
    • 49 posts
    • OFFLINE
    •  
    • Local time:02:19 PM

    Posted 27 August 2013 - 11:24 AM

    hi etavares:

    Just wondering if there are further steps.. or has my laptop been cleaned. thanks for taking the time to help me with this problem. it has def interferred with my work and I have fallen way behind. Thanks again!!

    zsnap



    #10 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:19 PM

    Posted 27 August 2013 - 06:58 PM

    Hello, ZSnapper.
     
    Sorry for the delay.  It's looking better.
     
     
    Step 1
     
    I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
  •  
     
     
    Step 2
     
    Please download Malwarebytes Anti-Malware and save it to your desktop.
     
    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
  • Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
     
     
     
    Step 3

    In OTL, please press Quick Scan and post the resulting log.
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #11 ZSnapper

    ZSnapper
    • Topic Starter

    • Members
    • 49 posts
    • OFFLINE
    •  
    • Local time:02:19 PM

    Posted 27 August 2013 - 09:47 PM

    Here are the 3 logs:

    C:\TDSSKiller_Quarantine\20.08.2013_14.51.51\tdlfs0000\tsk0003.dta Win32/Olmarik.AVQ trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\20.08.2013_14.51.51\tdlfs0000\tsk0005.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\20.08.2013_14.51.51\tdlfs0000\tsk0006.dta Win64/Olmarik.R trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\20.08.2013_14.51.51\tdlfs0000\tsk0007.dta Win64/Olmarik.R trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\20.08.2013_14.51.51\tdlfs0000\tsk0008.dta Win64/Olmarik.W trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\20.08.2013_14.51.51\tdlfs0000\tsk0009.dta a variant of Win32/Olmarik.AXC trojan cleaned by deleting - quarantined

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.08.28.01

    Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.18702
    Administrator :: RICH-WINXP [administrator]

    8/27/2013 10:15:16 PM
    mbam-log-2013-08-27 (22-15-16).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 230867
    Time elapsed: 3 minute(s), 44 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

     
    OTL logfile created on: 8/27/2013 10:32:32 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1.87 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 74.08% Memory free
    3.04 Gb Paging File | 2.79 Gb Available in Paging File | 91.73% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 78.13 Gb Total Space | 53.06 Gb Free Space | 67.91% Space Free | Partition Type: NTFS
     
    Computer Name: RICH-WINXP | User Name: Administrator | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2013/08/27 22:30:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
     
     
    ========== Modules (No Company Name) ==========
     
     
    ========== Services (SafeList) ==========
     
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013/08/16 00:20:28 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/05/18 02:22:53 | 000,099,896 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
    SRV - [2010/05/11 15:58:04 | 000,247,352 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe -- (HPM1210RcvFaxSrvc)
    SRV - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\RTL8192su.sys -- (RTL8192su)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{557CD899-56F0-4919-85B9-F3E8DA6B923C}\MpKslf16279bf.sys -- (MpKslf16279bf)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F3B2D5FB-BEB9-4493-8A74-82623263300B}\MpKsl510e1b10.sys -- (MpKsl510e1b10)
    DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
    DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rad\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2013/08/14 18:25:27 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2013/08/14 18:25:27 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2013/08/14 18:25:27 | 000,175,176 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2013/05/09 04:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2013/02/11 20:32:23 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (usb_rndis)
    DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
    DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2007/03/16 18:10:46 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2006/11/14 23:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2006/10/11 20:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2006/09/13 17:41:46 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atiide.sys -- (atiide)
    DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
    DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
     
     
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
     
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
     
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-21-1801674531-1770027372-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-1801674531-1770027372-725345543-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1801674531-1770027372-725345543-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
    IE - HKU\S-1-5-21-1801674531-1770027372-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - user.js - File not found
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/11/02 19:09:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF [2013/08/13 18:10:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/16 00:20:19 | 000,000,000 | ---D | M]
     
    [2006/05/25 00:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2013/08/13 17:30:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s50d2gol.default\extensions
    [2013/08/13 17:30:55 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s50d2gol.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
    [2013/08/16 00:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/08/16 00:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/08/16 00:20:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2012/03/05 20:27:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
     
    O1 HOSTS File: ([2013/08/13 15:58:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1801674531-1770027372-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1801674531-1770027372-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1801674531-1770027372-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1801674531-1770027372-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1303493186326 (WUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54C8B0C1-11FF-4BE5-AB5E-AA81E426B461}: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/04/21 16:47:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2013/08/27 22:30:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2013/08/25 22:22:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2013/08/25 22:07:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2013/08/20 14:34:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2013/08/17 20:55:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
    [2013/08/16 00:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
    [2013/08/16 00:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
    [2013/08/16 00:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/08/16 00:06:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
    [2013/08/16 00:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GlarySoft
    [2013/08/14 18:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2013/08/14 17:35:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2013/08/14 15:21:30 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/08/13 23:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ZZListPad
    [2013/08/13 23:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
    [2013/08/13 18:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2013/08/13 17:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
    [2013/08/13 17:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2013/08/13 17:46:46 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2013/08/13 17:46:45 | 000,369,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2013/08/13 17:46:43 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2013/08/13 17:46:42 | 000,770,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2013/08/13 17:46:42 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2013/08/13 17:46:40 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
    [2013/08/13 17:46:39 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2013/08/13 17:46:22 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2013/08/13 17:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2013/08/13 17:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2013/08/13 16:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE
    [2013/08/13 16:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
    [2013/08/13 16:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\KasperskyTDSSKillerPortable
    [2013/08/13 16:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    [2013/08/13 15:49:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2013/08/13 15:49:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2013/08/13 15:49:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2013/08/13 15:49:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2013/08/13 15:44:52 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/08/13 15:44:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
    [2013/08/13 15:44:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
    [2013/08/13 15:44:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
    [2013/08/13 15:44:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
    [2013/08/13 15:44:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
    [2013/08/13 15:44:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2013/08/13 15:42:07 | 005,105,390 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2013/08/13 15:34:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2013/08/13 15:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\zzgingCT
    [2013/08/13 15:22:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2013/08/27 22:30:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2013/08/27 20:29:42 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/08/27 20:28:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/08/25 22:07:30 | 000,508,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/08/25 22:07:30 | 000,091,860 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/08/25 22:07:06 | 000,000,360 | RHS- | M] () -- C:\boot.ini
    [2013/08/25 21:56:47 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
    [2013/08/25 21:56:43 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/08/25 21:56:42 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/08/17 21:25:09 | 000,000,360 | ---- | M] () -- C:\Boot.bak
    [2013/08/17 21:03:15 | 005,105,390 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2013/08/16 02:26:26 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/08/16 02:21:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/08/14 18:25:27 | 000,770,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2013/08/14 18:25:27 | 000,369,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2013/08/14 18:25:27 | 000,175,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2013/08/14 18:25:27 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
    [2013/08/14 18:25:27 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
    [2013/08/14 18:25:27 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
    [2013/08/13 18:12:59 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2013/08/13 18:12:36 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2013/08/13 15:58:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2013/08/17 21:25:09 | 000,000,360 | ---- | C] () -- C:\Boot.bak
    [2013/08/17 21:25:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2013/08/13 17:46:54 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
    [2013/08/13 17:46:54 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
    [2013/08/13 17:46:54 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
    [2013/08/13 17:46:51 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/08/13 17:46:46 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2013/08/13 17:46:42 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2013/08/13 17:46:41 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2013/08/13 17:46:40 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/08/13 15:49:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2013/08/13 15:49:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2013/08/13 15:49:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2013/08/13 15:49:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2013/08/13 15:49:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2013/03/21 00:38:31 | 000,088,688 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2013/01/30 13:16:20 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\HPM1210SM.exe
    [2013/01/30 13:16:20 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\HPM1210LM.DLL
    [2013/01/30 13:15:04 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\m1210nwia.dll
    [2013/01/30 13:15:04 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\m1210wia.dll
    [2013/01/30 13:15:04 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\HPM1210SMs.dll
    [2013/01/30 12:38:50 | 000,284,672 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.DLL
    [2012/06/15 14:08:39 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
    [2012/06/15 14:08:39 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
    [2012/06/15 14:08:05 | 000,000,904 | ---- | C] () -- C:\WINDOWS\winpoint.ini
    [2012/06/15 13:59:34 | 000,000,124 | ---- | C] () -- C:\WINDOWS\netsetup.ini
    [2012/05/29 00:05:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/05/06 19:28:22 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2011/11/16 16:30:21 | 000,002,651 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
    [2011/11/16 16:30:17 | 000,000,256 | R--- | C] () -- C:\WINDOWS\System32\brmsl05f.bin
    [2011/08/31 13:22:42 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2011/08/19 23:29:58 | 000,015,514 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\qu2xk58mwq25038gr4t27u0h267r5s515081x3p0a1itv
    [2011/08/19 00:52:03 | 000,015,612 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qu2xk58mwq25038gr4t27u0h267r5s515081x3p0a1itv
     
    ========== ZeroAccess Check ==========
     
    [2011/04/22 16:48:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    ========== LOP Check ==========
     
    [2013/08/16 00:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GlarySoft
    [2006/05/25 00:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
    [2013/08/13 18:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/04/22 17:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
    [2011/04/22 17:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
    [2011/11/02 19:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2011/04/22 17:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2012/06/15 14:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rad\Application Data\Calyx Software
    [2013/03/29 12:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rad\Application Data\Foxit Software
    [2012/02/03 15:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rad\Application Data\GlarySoft
    [2011/07/20 23:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rad\Application Data\OpenOffice.org
    [2013/04/29 16:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rad\Application Data\pchc
    [2013/07/15 18:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rad\Application Data\PrimoPDF
     
    ========== Purity Check ==========
     
     

    < End of report >

    How does it look.. are we making good progress? Thanks!



    #12 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:19 PM

    Posted 28 August 2013 - 07:07 PM

    Hello, ZSnapper.
     
    We are making progress.  How is your computer running at this point?
     
     
    We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the otlDesktopIcon.png icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
  • :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\RTL8192su.sys -- (RTL8192su)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{557CD899-56F0-4919-85B9-F3E8DA6B923C}\MpKslf16279bf.sys -- (MpKslf16279bf)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F3B2D5FB-BEB9-4493-8A74-82623263300B}\MpKsl510e1b10.sys -- (MpKsl510e1b10)
    DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
    DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rad\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
     
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the runscanbutton.png button.
  • A report will open, copy and paste it in a reply here.
  •  
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #13 ZSnapper

    ZSnapper
    • Topic Starter

    • Members
    • 49 posts
    • OFFLINE
    •  
    • Local time:02:19 PM

    Posted 28 August 2013 - 07:59 PM

    laptop is working real fine! no more issues with flickering screen and svchost.exe not using 50% CPU in task mgr like before. Looking real good! Many, many thanks to you!!

     

    LOG AFTER RUN-FIX:
    Service WDICA stopped successfully!
    Service WDICA deleted successfully!
    Service UIUSys stopped successfully!
    Service UIUSys deleted successfully!
    File system32\DRIVERS\UIUSYS.SYS not found.
    Service RTL8192su stopped successfully!
    Service RTL8192su deleted successfully!
    File System32\DRIVERS\RTL8192su.sys not found.
    Service PDRFRAME stopped successfully!
    Service PDRFRAME deleted successfully!
    Service PDRELI stopped successfully!
    Service PDRELI deleted successfully!
    Service PDFRAME stopped successfully!
    Service PDFRAME deleted successfully!
    Service PDCOMP stopped successfully!
    Service PDCOMP deleted successfully!
    Service PCIDump stopped successfully!
    Service PCIDump deleted successfully!
    Service MpKslf16279bf stopped successfully!
    Service MpKslf16279bf deleted successfully!
    File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{557CD899-56F0-4919-85B9-F3E8DA6B923C}\MpKslf16279bf.sys not found.
    Service MpKsl510e1b10 stopped successfully!
    Service MpKsl510e1b10 deleted successfully!
    File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F3B2D5FB-BEB9-4493-8A74-82623263300B}\MpKsl510e1b10.sys not found.
    Service lbrtfdc stopped successfully!
    Service lbrtfdc deleted successfully!
    Service i2omgmt stopped successfully!
    Service i2omgmt deleted successfully!
    Service GMSIPCI stopped successfully!
    Service GMSIPCI deleted successfully!
    File D:\INSTALL\GMSIPCI.SYS not found.
    Service Changer stopped successfully!
    Service Changer deleted successfully!
    Service catchme stopped successfully!
    Service catchme deleted successfully!
    File C:\DOCUME~1\Rad\LOCALS~1\Temp\catchme.sys not found.
    Service bcm4sbxp stopped successfully!
    Service bcm4sbxp deleted successfully!
    File system32\DRIVERS\bcm4sbxp.sys not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
     
    OTL by OldTimer - Version 3.2.69.0 log created on 08282013_203235

    LOG AFTER REBOOT: OTL logfile created on: 8/28/2013 8:39:39 PM - Run 3
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Rad\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1.87 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 67.00% Memory free
    3.04 Gb Paging File | 2.54 Gb Available in Paging File | 83.64% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 78.13 Gb Total Space | 53.07 Gb Free Space | 67.93% Space Free | Partition Type: NTFS
     
    Computer Name: RICH-WINXP | User Name: Rad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2013/08/25 16:16:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rad\desktop\OTL.exe
    PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/05/18 02:22:53 | 000,099,896 | ---- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
    PRC - [2010/10/25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2010/05/11 15:58:04 | 000,247,352 | ---- | M] (HP) -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
    PRC - [2009/06/03 13:46:42 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
    PRC - [2009/06/03 13:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/05/10 09:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2013/08/28 15:00:58 | 002,096,128 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13082801\algo.dll
    MOD - [2013/04/18 19:34:20 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\fa9929dcc1c9d46855b03a6931fa5c74\System.Web.ni.dll
    MOD - [2013/04/18 19:32:07 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9b7981233fae522d6d15b26024cc28f6\System.Windows.Forms.ni.dll
    MOD - [2013/04/18 19:28:16 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    MOD - [2013/04/18 19:28:14 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2012/09/12 15:32:08 | 000,088,688 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
    MOD - [2012/05/29 03:01:22 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
    MOD - [2012/05/29 00:29:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
    MOD - [2012/05/29 00:29:13 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
    MOD - [2012/05/29 00:25:18 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
    MOD - [2012/05/29 00:24:51 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
    MOD - [2011/04/15 12:14:14 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\m1210nwia.dll
    MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
    MOD - [2010/03/31 11:50:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HPM1210PP.dll
    MOD - [2010/03/31 11:50:12 | 000,167,936 | ---- | M] () -- C:\WINDOWS\system32\HPM1210LM.DLL
    MOD - [2007/03/16 18:10:38 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013/08/16 00:20:28 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/05/18 02:22:53 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
    SRV - [2010/05/11 15:58:04 | 000,247,352 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe -- (HPM1210RcvFaxSrvc)
    SRV - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - [2013/08/14 18:25:27 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2013/08/14 18:25:27 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2013/08/14 18:25:27 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2013/05/09 04:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2013/02/11 20:32:23 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (usb_rndis)
    DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
    DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2007/03/16 18:10:46 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2006/11/14 23:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2006/10/11 20:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2006/09/13 17:41:46 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atiide.sys -- (atiide)
    DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
    DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
     
     
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
     
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
     
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?tab%3Dlm&scc=1&ltmpl=default&ltmplcache=2
    IE - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\..\SearchScopes,DefaultScope = {E8DE2BB6-C49A-4DDF-B644-58AB366D48BC}
    IE - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\..\SearchScopes\{E8DE2BB6-C49A-4DDF-B644-58AB366D48BC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    IE - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.startup.homepage: "https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
    FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/11/02 19:09:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF [2013/08/13 18:10:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/16 00:20:19 | 000,000,000 | ---D | M]
     
    [2011/05/06 21:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rad\Application Data\Mozilla\Extensions
    [2011/12/17 20:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rad\Application Data\Mozilla\Firefox\Profiles\p50y2xxk.default\extensions
    [2011/07/21 00:35:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rad\Application Data\Mozilla\Firefox\Profiles\p50y2xxk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2013/08/16 00:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/08/16 00:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/08/16 00:20:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2012/03/05 20:27:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
     
    O1 HOSTS File: ([2013/08/13 15:58:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
    O4 - HKU\S-1-5-21-1801674531-1770027372-725345543-1004..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O15 - HKU\S-1-5-21-1801674531-1770027372-725345543-1004\..Trusted Domains: google.com ([www] https in Trusted sites)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1303493186326 (WUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Rad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/04/21 16:47:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2013/08/28 20:32:35 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/08/25 22:22:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2013/08/25 22:07:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2013/08/25 21:59:56 | 005,113,393 | R--- | C] (Swearware) -- C:\Documents and Settings\Rad\Desktop\etavaresCF.exe
    [2013/08/25 18:04:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rad\Desktop\OTL.exe
    [2013/08/20 14:46:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rad\Desktop\KasperskyTDSSKillerPortable
    [2013/08/20 14:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rad\Local Settings\Application Data\NPE
    [2013/08/20 14:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rad\Desktop\RK_Quarantine
    [2013/08/20 14:34:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2013/08/20 14:24:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rad\My Documents\My Videos
    [2013/08/17 20:59:52 | 004,614,888 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Rad\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [2013/08/16 00:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
    [2013/08/16 00:27:19 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/08/16 00:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/08/14 18:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2013/08/14 17:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rad\Desktop\AdwCleaner
    [2013/08/14 17:35:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2013/08/14 17:20:40 | 001,158,897 | ---- | C] (Thisisu) -- C:\Documents and Settings\Rad\Desktop\JRT.exe
    [2013/08/14 15:21:30 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/08/13 18:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2013/08/13 17:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2013/08/13 17:46:46 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2013/08/13 17:46:45 | 000,369,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2013/08/13 17:46:43 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2013/08/13 17:46:42 | 000,770,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2013/08/13 17:46:42 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2013/08/13 17:46:40 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
    [2013/08/13 17:46:39 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2013/08/13 17:46:22 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2013/08/13 17:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2013/08/13 17:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2013/08/13 16:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
    [2013/08/13 16:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    [2013/08/13 15:49:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2013/08/13 15:49:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2013/08/13 15:49:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2013/08/13 15:49:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2013/08/13 15:44:52 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/08/13 15:44:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
    [2013/08/13 15:44:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2013/08/13 15:34:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2013/08/12 14:38:36 | 002,986,440 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Rad\Desktop\NPE.exe
    [2013/08/12 14:24:55 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rad\Desktop\tdsskiller.exe
    [2013/08/12 14:20:56 | 000,331,504 | ---- | C] (PortableApps.com) -- C:\Documents and Settings\Rad\Desktop\KasperskyTDSSKillerPortable_2.8.16_English_online.paf.exe
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2013/08/28 20:38:17 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
    [2013/08/28 20:38:07 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/08/28 20:38:03 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/08/28 20:38:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/08/25 22:07:30 | 000,508,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/08/25 22:07:30 | 000,091,860 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/08/25 22:07:06 | 000,000,360 | RHS- | M] () -- C:\boot.ini
    [2013/08/25 22:00:11 | 005,113,393 | R--- | M] (Swearware) -- C:\Documents and Settings\Rad\Desktop\etavaresCF.exe
    [2013/08/25 21:56:43 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/08/25 16:16:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rad\Desktop\OTL.exe
    [2013/08/20 14:24:15 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Rad\Desktop\Shortcut to ComboFix.exe.lnk
    [2013/08/17 21:25:09 | 000,000,360 | ---- | M] () -- C:\Boot.bak
    [2013/08/17 20:59:52 | 004,614,888 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Rad\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [2013/08/16 02:26:26 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/08/16 02:21:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/08/16 00:27:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/08/16 00:27:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/08/14 18:25:27 | 000,770,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2013/08/14 18:25:27 | 000,369,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2013/08/14 18:25:27 | 000,175,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2013/08/14 18:25:27 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
    [2013/08/14 18:25:27 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
    [2013/08/14 18:25:27 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
    [2013/08/14 17:20:40 | 001,158,897 | ---- | M] (Thisisu) -- C:\Documents and Settings\Rad\Desktop\JRT.exe
    [2013/08/13 18:12:59 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2013/08/13 18:12:36 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2013/08/13 17:31:25 | 000,915,968 | ---- | M] () -- C:\Documents and Settings\Rad\Desktop\RogueKiller.exe
    [2013/08/13 17:11:48 | 000,000,139 | ---- | M] () -- C:\Documents and Settings\Rad\Desktop\rk-proxy.reg
    [2013/08/13 15:58:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2013/08/12 14:38:28 | 002,986,440 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Rad\Desktop\NPE.exe
    [2013/08/12 14:24:38 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rad\Desktop\tdsskiller.exe
    [2013/08/12 14:20:16 | 000,331,504 | ---- | M] (PortableApps.com) -- C:\Documents and Settings\Rad\Desktop\KasperskyTDSSKillerPortable_2.8.16_English_online.paf.exe
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2013/08/20 14:12:41 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Rad\Desktop\Shortcut to ComboFix.exe.lnk
    [2013/08/17 21:25:09 | 000,000,360 | ---- | C] () -- C:\Boot.bak
    [2013/08/17 21:25:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2013/08/13 17:46:54 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
    [2013/08/13 17:46:54 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
    [2013/08/13 17:46:54 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
    [2013/08/13 17:46:51 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/08/13 17:46:46 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2013/08/13 17:46:42 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2013/08/13 17:46:41 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2013/08/13 17:46:40 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/08/13 17:31:24 | 000,915,968 | ---- | C] () -- C:\Documents and Settings\Rad\Desktop\RogueKiller.exe
    [2013/08/13 17:11:48 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Rad\Desktop\rk-proxy.reg
    [2013/08/13 15:49:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2013/08/13 15:49:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2013/08/13 15:49:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2013/08/13 15:49:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2013/08/13 15:49:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2013/03/21 00:38:31 | 000,088,688 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2013/01/30 13:16:20 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\HPM1210SM.exe
    [2013/01/30 13:16:20 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\HPM1210LM.DLL
    [2013/01/30 13:15:04 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\m1210nwia.dll
    [2013/01/30 13:15:04 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\m1210wia.dll
    [2013/01/30 13:15:04 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\HPM1210SMs.dll
    [2013/01/30 12:38:50 | 000,284,672 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.DLL
    [2012/06/15 14:08:39 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
    [2012/06/15 14:08:39 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
    [2012/06/15 14:08:05 | 000,000,904 | ---- | C] () -- C:\WINDOWS\winpoint.ini
    [2012/06/15 13:59:34 | 000,000,124 | ---- | C] () -- C:\WINDOWS\netsetup.ini
    [2012/05/29 00:05:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/05/06 19:28:22 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2011/11/16 16:30:21 | 000,002,651 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
    [2011/11/16 16:30:17 | 000,000,256 | R--- | C] () -- C:\WINDOWS\System32\brmsl05f.bin
    [2011/08/31 13:22:42 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2011/08/19 00:52:03 | 000,015,612 | -HS- | C] () -- C:\Documents and Settings\Rad\Local Settings\Application Data\qu2xk58mwq25038gr4t27u0h267r5s515081x3p0a1itv
    [2011/08/19 00:52:03 | 000,015,612 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qu2xk58mwq25038gr4t27u0h267r5s515081x3p0a1itv
     
    ========== ZeroAccess Check ==========
     
    [2011/04/22 16:48:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >
     



    #14 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:19 PM

    Posted 29 August 2013 - 08:17 PM

    Hello, ZSnapper.
     
    Ok, good news.  Your log appears clean.  Let's clean up our mess.  If your computer is running well; please do the steps listed below.  At the end, I've also listed a few completely optional things you can do to further secure your computer.  Safe surfing!
     
     
     
    Step 1
     
     
     
    Uninstall ComboFix and Clean Up
    Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall)  See below:
    CF_Uninstall-1.jpg
    Please advise if this step is missed for any reason as it performs some important actions.
     
    Download and Run OTC
     
    We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • If that link doesn't work, try this one.
  • Double click OTC_Icon.jpgicon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  •  
    If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it.  See the instructions here to do so.
     
     
    Optional Items
     
    Please take the time to read below to secure your machine and take the necessary steps to keep it that way.
     
     
    System Still Slow?
    You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.  If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
    If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware
     
    Protect yourself from malicious sites
     
    The HOSTS file can protect you from connecting to bad sites.  See The Hosts File and what it can do for you for more background.
     
     
     
     
    Keep Windows Up to Date
    It is important that you visit http://www.windowsupdate.com regularly.  This will ensure your computer has always the latest security updates available installed on your computer.  If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
     
     
     
    Update your AntiVirus Software
     
    It is imperative that you update your Antivirus software at least once a week (Even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.  If you use a commercial antivirus program you must make sure you keep renewing your subscription.  Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.
     
     
    Make sure your applications have all of their updates
     
    It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.  You can check these by visiting Secunia Software Inspector and Calendar of Updates.
     
     
     
     
     
     
    Update all these programs regularly
    Make sure you update all your programs regularly.  Without regular updates you WILL NOT be protected when new malicious programs are released.  You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually.  It will alert you when an update is available for a variety of software.  It is very useful.
     
    Follow this list and your potential for being infected again will reduce dramatically.
     
    Good luck!
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #15 ZSnapper

    ZSnapper
    • Topic Starter

    • Members
    • 49 posts
    • OFFLINE
    •  
    • Local time:02:19 PM

    Posted 30 August 2013 - 06:40 PM

    Etavares: thank you so much, you did an excellent job. I do have a couple of questions: Would you be able to tell me how this infection typically gets on a machine? Also, I have a Desktop that is behaving the same way but a recent Eset-scan showed something called Java Exploit OOtrojan... would you be able to help me with that or should I start a new post? Thanks again for all your time expertise. You're a lifesaver!!




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users