Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe 99% CPU Malware Bandoo WideSearch iLivid Movies Toolbar


  • This topic is locked This topic is locked
29 replies to this topic

#1 savage99

savage99

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 19 December 2013 - 06:08 AM

I have had two recent occasions of virus and malware infection on my PC.

 

On the first occasion I browsed the forums for similar topics and applied tools on my own. In all I applied MBAM, MBAR (and Fix Damage), HitMan Pro, AdwCleaner, Rogue Killer 32 bit, Combo Fix, Zoek.zip, fix_svchost.bat (Safe Mode with Networking), ESET Online Scanner, Rkill.exe, TDSSKiller.exe, aswMBR, Microsoft Host File Repair (support.microsoft.com/kb/972034), Junk Removal Tool, Security Check by screen317, MiniToolBox.

 

The items of infection include FindWide Search, iLivid, Bandoo, Movies Toolbar and a couple others that I unfortunately forgot the names of.

 

After the first instance the Firewall service had been restored. Windows Update was running. System Restore was running. I ran Microsoft Security Baseline Analyzer. I then installed recommended and a few optional Windows Updates. It seemed to be cleared of infection.

 

Then a couple weeks went by and another instance of virus and malware infection appeared. Although the types/names were different, the same underlying issue occurred during both instances.

 

In both instances of infection when I started the computer it was not very long before an svchost.exe process drained the CPU to 99 in the Windows Task Manager.

 

This second round of infection, I have not been able to clear the problem with the svchost.exe draining the CPU. Services are not running, i.e. System Restore, Windows Firewall, etc. I tried to run Microsoft Baseline Security Analyzer but now it won't scan successfully. After the first instance of infection was cleared I was able to run MBSA successfully and download the recommended windows updates.

 

Here below are the results of the DDS Scan (DDS.txt). I have the Attach.txt file saved on my desktop. I have zipped it up and have attached it.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.21359  BrowserJavaVersion: 10.45.2
Run by Daddy at 5:53:15 on 2013-12-19
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1791.1005 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\lxeecoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.duckduckgo.com/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7B37CA16-3A32-4FE7-ABA1-FDF27010E7B3} : DHCPNameServer = 209.18.47.61 209.18.47.62
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\daddy\application data\mozilla\firefox\profiles\vr32eifo.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-11-16 15:48; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-11-15 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-11-15 178304]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2011-11-5 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2011-11-5 83392]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-15 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-15 403440]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2011-11-4 13696]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-15 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-15 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-11-15 50344]
R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [2010-4-14 193192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-11-5 1684736]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2013-12-2 6016]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2013-12-2 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2013-12-2 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2013-12-2 23424]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys --> c:\windows\system32\drivers\motport.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2013-12-2 9472]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-12-18 05:10:11    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-12-16 23:10:03    24064    ----a-w-    c:\windows\zoek-delete.exe
2013-12-16 19:08:01    --------    d-sha-r-    C:\cmdcons
2013-12-12 12:45:15    9272200    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-12-02 15:45:26    9472    ----a-w-    c:\windows\system32\drivers\motusbdevice.sys
2013-12-02 15:45:25    6016    ----a-w-    c:\windows\system32\drivers\motfilt.sys
2013-12-02 15:45:25    23424    ----a-w-    c:\windows\system32\drivers\Motousbnet.sys
2013-12-02 15:45:24    23936    ----a-w-    c:\windows\system32\drivers\motmodem.sys
2013-12-02 15:45:23    8320    ----a-w-    c:\windows\system32\drivers\motccgpfl.sys
2013-12-02 15:45:23    6400    ----a-w-    c:\windows\system32\drivers\motswch.sys
2013-12-02 15:45:23    19712    ----a-w-    c:\windows\system32\drivers\motccgp.sys
2013-11-24 06:01:57    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M  ====================
.
2013-12-18 03:38:09    51416    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-12 12:46:13    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-15 23:30:41    774392    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-11-15 23:30:41    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-11-15 23:30:41    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-11-15 23:30:41    43152    ----a-w-    c:\windows\avastSS.scr
2013-11-15 23:30:41    178304    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-10-13 08:16:43    841216    ----a-w-    c:\windows\system32\wininet.dll
2013-10-13 08:16:41    1830912    ------w-    c:\windows\system32\inetcpl.cpl
2013-10-13 08:16:40    78336    ------w-    c:\windows\system32\ieencode.dll
2013-10-13 08:16:39    17408    ----a-w-    c:\windows\system32\corpol.dll
2013-10-12 15:56:19    278528    ----a-w-    c:\windows\system32\oakley.dll
2013-10-09 13:12:48    287744    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-08 11:50:41    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 11:29:36    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2013-10-07 10:59:21    603136    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-05 01:14:01    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
.
============= FINISH:  5:53:32.65 ===============
 

Attached Files


Edited by savage99, 19 December 2013 - 08:45 AM.


BC AdBot (Login to Remove)

 


#2 savage99

savage99
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 19 December 2013 - 06:23 AM

In addition, only on this second instance I have now had a few occasions where the PC just restarted on its own and the Blue Screen of Death and System Dump has occurred a few times.

 

Also after I end the process svchost.exe that is draining the CPU, I can go about using the PC. However, it won't play YouTube videos and the sound doesn't work.



#3 savage99

savage99
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 19 December 2013 - 07:59 AM

From the Windows Task Manager the problem service is PID 1372 svchost.exe



#4 savage99

savage99
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 19 December 2013 - 02:22 PM

Now from the Windows Task Manager the problem service seems to have changed to PID 1348 ( svchost.exe )



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:20 AM

Posted 19 December 2013 - 05:20 PM

Hello savage99,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 savage99

savage99
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 19 December 2013 - 11:19 PM

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-12-2013 05
Ran by Daddy (administrator) on FRED-ETVB67H6NH on 19-12-2013 23:10:18
Running from C:\Documents and Settings\Daddy\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
( ) C:\WINDOWS\system32\lxeecoms.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Farbar) C:\Documents and Settings\Daddy\My Documents\Downloads\FarbarRST.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [18702336 2009-08-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-15] (AVAST Software)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duckduckgo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\vr32eifo.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: https://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\vr32eifo.default\searchplugins\duckduckgo.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [846056 2011-06-22] (Acronis)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-15] (AVAST Software)
S2 lxeeCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
R2 lxee_device; C:\WINDOWS\system32\lxeecoms.exe [598696 2010-04-14] ( )
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [9096 2007-10-11] (Advanced Micro Devices)
R1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2013-11-15] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2013-11-15] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-11-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-15] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2013-11-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2013-11-15] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-11-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-11-15] ()
R1 BIOS; C:\WINDOWS\System32\drivers\BIOS.sys [13696 2009-06-10] (BIOSTAR Group)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtKHDMI.sys [3734976 2009-06-24] (Realtek Semiconductor Corp.)
R2 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [125472 2011-11-05] (Acronis)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2011-11-05] (Acronis)
S3 catchme; \??\C:\DOCUME~1\Daddy\LOCALS~1\Temp\catchme.sys [x]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
S3 motport; system32\DRIVERS\motport.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-19 23:10 - 2013-12-19 23:10 - 00000000 ____D C:\FRST
2013-12-19 13:43 - 2013-12-19 13:43 - 00001877 _____ C:\Documents and Settings\Daddy\Desktop\aswMBR_2.txt
2013-12-19 06:13 - 2013-12-19 08:40 - 00000000 ____D C:\Documents and Settings\Daddy\Desktop\DDS Scan
2013-12-18 00:24 - 2013-12-18 00:24 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2013-12-18 00:24 - 2013-12-18 00:24 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-12-18 00:24 - 2013-12-18 00:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-18 00:10 - 2013-12-18 00:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-12-17 21:27 - 2013-12-17 21:27 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-12-17 20:29 - 2013-12-17 20:29 - 00024279 _____ C:\Documents and Settings\Daddy\Desktop\GMER_scan.log
2013-12-17 16:06 - 2013-12-17 16:06 - 00000589 _____ C:\Documents and Settings\Daddy\Desktop\JRT.txt
2013-12-16 18:10 - 2013-12-16 17:58 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2013-12-16 16:54 - 2013-12-13 18:23 - 00009571 _____ C:\zoek-results2013-12-13-232339.log
2013-12-16 14:18 - 2013-12-16 14:18 - 00013601 _____ C:\ComboFix.txt
2013-12-16 14:08 - 2013-12-16 14:08 - 00000000 _RSHD C:\cmdcons
2013-12-13 18:27 - 2013-12-13 18:27 - 00079740 _____ C:\Documents and Settings\Daddy\Desktop\chrome-bookmarks_12_13_13.html
2013-12-13 18:25 - 2013-12-13 18:25 - 00212434 _____ C:\Documents and Settings\Daddy\Desktop\Firefox-bookmarks.html
2013-12-13 18:14 - 2013-12-13 17:49 - 00026299 _____ C:\zoek-results2013-12-13-224953.log
2013-12-13 17:23 - 2013-12-12 10:24 - 00009277 _____ C:\zoek-results2013-12-12-152422.log
2013-12-13 10:32 - 2013-12-13 10:32 - 00019852 _____ C:\Documents and Settings\Daddy\Desktop\MiniToolBoxResult.txt
2013-12-13 10:20 - 2013-12-13 10:20 - 00000930 _____ C:\Documents and Settings\Daddy\Desktop\Security Checkup.txt
2013-12-13 07:08 - 2013-12-19 13:43 - 00000512 _____ C:\Documents and Settings\Daddy\Desktop\MBR.dat
2013-12-13 07:08 - 2013-12-17 19:36 - 00003750 _____ C:\Documents and Settings\Daddy\Desktop\aswMBR.txt
2013-12-12 23:18 - 2013-12-12 23:19 - 00000000 ____D C:\Documents and Settings\Daddy\Desktop\TDSS files
2013-12-12 18:14 - 2013-12-17 20:53 - 00004800 _____ C:\Documents and Settings\Daddy\Desktop\Rkill.txt
2013-12-12 10:16 - 2013-12-12 09:38 - 00027437 _____ C:\zoek-results2013-12-12-143847.log
2013-12-12 09:27 - 2013-11-16 11:18 - 00031448 _____ C:\zoek-results2013-11-16-161856.log
2013-12-12 07:45 - 2013-12-12 07:45 - 09272200 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-12-10 09:35 - 2013-12-10 09:35 - 00000140 _____ C:\Documents and Settings\Daddy\Desktop\Samsung Rugby lll SGH A997 at T Clean ESN No Contract eBay.URL
2013-12-09 00:23 - 2013-12-09 00:24 - 76442947 _____ C:\Documents and Settings\Daddy\Desktop\Gerald Celente - News Trends.mp4
2013-12-07 20:07 - 2013-12-07 20:07 - 00000106 _____ C:\Documents and Settings\Daddy\Desktop\The Hunger Games Catching Fire - 29minutes.URL
2013-12-07 12:39 - 2013-12-07 12:39 - 00000000 ____D C:\Documents and Settings\All Users\Documents\CrashDump
2013-12-07 12:28 - 2013-12-07 13:10 - 00167808 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1409082233-1078081533-839522115-1003-0.dat
2013-12-03 15:21 - 2013-12-03 15:21 - 00675988 _____ C:\Documents and Settings\Daddy\Desktop\Minecraft(1).exe
2013-12-02 10:45 - 2010-04-01 14:31 - 00023424 _____ (Motorola) C:\WINDOWS\system32\Drivers\Motousbnet.sys
2013-12-02 10:45 - 2010-01-25 19:56 - 00009472 _____ (Motorola Inc) C:\WINDOWS\system32\Drivers\motusbdevice.sys
2013-12-02 10:45 - 2009-10-27 12:02 - 00023936 _____ (Motorola) C:\WINDOWS\system32\Drivers\motmodem.sys
2013-12-02 10:45 - 2009-06-19 16:59 - 00019712 _____ (Motorola) C:\WINDOWS\system32\Drivers\motccgp.sys
2013-12-02 10:45 - 2009-01-29 17:18 - 00008320 _____ (Motorola) C:\WINDOWS\system32\Drivers\motccgpfl.sys
2013-12-02 10:45 - 2009-01-29 17:11 - 00006016 _____ (Motorola Inc) C:\WINDOWS\system32\Drivers\motfilt.sys
2013-12-02 10:45 - 2007-11-02 15:51 - 00006400 _____ (Motorola) C:\WINDOWS\system32\Drivers\motswch.sys
2013-11-24 03:11 - 2013-12-13 18:29 - 00000000 ____D C:\Program Files\Google
2013-11-24 01:46 - 2013-11-24 01:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$
2013-11-24 01:10 - 2013-11-24 01:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$
2013-11-24 01:01 - 2013-12-12 07:46 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

==================== One Month Modified Files and Folders =======

2013-12-19 23:10 - 2013-12-19 23:10 - 00000000 ____D C:\FRST
2013-12-19 20:20 - 2011-11-04 17:58 - 00590908 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-19 19:17 - 2013-08-18 21:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-19 17:52 - 2011-11-21 15:55 - 00053345 ____C C:\Documents and Settings\All Users\lxeeJSW.log
2013-12-19 17:52 - 2011-11-20 20:57 - 00000000 ____D C:\Documents and Settings\All Users\lx_Cats
2013-12-19 17:33 - 2011-11-04 23:24 - 00327680 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-12-19 14:38 - 2011-11-04 23:33 - 00000000 ____D C:\Documents and Settings\Daddy
2013-12-19 14:19 - 2013-11-15 18:31 - 00000314 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-12-19 14:19 - 2013-03-30 00:05 - 00000159 ____N C:\WINDOWS\wiadebug.log
2013-12-19 14:19 - 2011-11-20 20:54 - 00213886 _____ C:\Documents and Settings\All Users\lxeescan.log
2013-12-19 14:19 - 2011-11-20 20:54 - 00000050 ____N C:\WINDOWS\wiaservc.log
2013-12-19 14:19 - 2011-11-04 23:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-19 14:19 - 2001-08-23 07:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-19 14:18 - 2011-11-04 23:33 - 00000178 ___SH C:\Documents and Settings\Daddy\ntuser.ini
2013-12-19 13:43 - 2013-12-19 13:43 - 00001877 _____ C:\Documents and Settings\Daddy\Desktop\aswMBR_2.txt
2013-12-19 13:43 - 2013-12-13 07:08 - 00000512 _____ C:\Documents and Settings\Daddy\Desktop\MBR.dat
2013-12-19 08:40 - 2013-12-19 06:13 - 00000000 ____D C:\Documents and Settings\Daddy\Desktop\DDS Scan
2013-12-18 14:37 - 2013-11-13 13:45 - 00000000 ____D C:\Documents and Settings\Daddy\SecurityScans
2013-12-18 08:25 - 2013-11-15 18:31 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-12-18 06:45 - 2012-04-02 17:03 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-18 00:24 - 2013-12-18 00:24 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2013-12-18 00:24 - 2013-12-18 00:24 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-12-18 00:24 - 2013-12-18 00:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-18 00:24 - 2011-11-06 23:21 - 00000000 ____D C:\Documents and Settings\Daddy\Application Data\Mozilla
2013-12-18 00:18 - 2013-12-18 00:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-12-18 00:18 - 2013-11-13 14:15 - 00000000 ____D C:\Documents and Settings\Daddy\Desktop\mbar
2013-12-17 22:38 - 2013-11-15 13:56 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-12-17 22:25 - 2013-11-14 18:01 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-12-17 22:25 - 2011-12-23 14:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB929399$
2013-12-17 21:27 - 2013-12-17 21:27 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-12-17 21:21 - 2013-09-12 10:51 - 00000000 ____D C:\WINDOWS\Minidump
2013-12-17 20:53 - 2013-12-12 18:14 - 00004800 _____ C:\Documents and Settings\Daddy\Desktop\Rkill.txt
2013-12-17 20:29 - 2013-12-17 20:29 - 00024279 _____ C:\Documents and Settings\Daddy\Desktop\GMER_scan.log
2013-12-17 19:36 - 2013-12-13 07:08 - 00003750 _____ C:\Documents and Settings\Daddy\Desktop\aswMBR.txt
2013-12-17 16:27 - 2013-11-16 15:48 - 00000000 ____D C:\Program Files\HitmanPro
2013-12-17 16:27 - 2012-12-31 09:53 - 00000000 ____D C:\Program Files\DVD Shrink
2013-12-17 16:06 - 2013-12-17 16:06 - 00000589 _____ C:\Documents and Settings\Daddy\Desktop\JRT.txt
2013-12-16 22:18 - 2011-11-20 16:42 - 00000000 ____D C:\Documents and Settings\Daddy\Local Settings\Application Data\CutePDF Writer
2013-12-16 18:20 - 2011-11-04 23:18 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2013-12-16 18:20 - 2011-11-04 23:18 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2013-12-16 18:13 - 2013-11-16 11:05 - 00004357 _____ C:\zoek-results.log
2013-12-16 17:58 - 2013-12-16 18:10 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2013-12-16 17:02 - 2013-11-16 11:15 - 00000000 ____D C:\Program Files\HiJackThis
2013-12-16 14:57 - 2011-11-04 23:31 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-12-16 14:18 - 2013-12-16 14:18 - 00013601 _____ C:\ComboFix.txt
2013-12-16 14:18 - 2013-11-15 14:25 - 00000000 ____D C:\Qoobox
2013-12-16 14:16 - 2001-08-23 07:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-12-16 14:08 - 2013-12-16 14:08 - 00000000 _RSHD C:\cmdcons
2013-12-16 14:08 - 2011-11-04 17:56 - 00000327 __RSH C:\boot.ini
2013-12-14 09:24 - 2013-11-15 13:32 - 00000000 ____D C:\AdwCleaner
2013-12-14 09:16 - 2013-11-14 17:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-12-13 18:29 - 2013-11-24 03:11 - 00000000 ____D C:\Program Files\Google
2013-12-13 18:29 - 2011-11-06 23:30 - 00000000 ____D C:\Documents and Settings\Daddy\Local Settings\Application Data\Google
2013-12-13 18:27 - 2013-12-13 18:27 - 00079740 _____ C:\Documents and Settings\Daddy\Desktop\chrome-bookmarks_12_13_13.html
2013-12-13 18:25 - 2013-12-13 18:25 - 00212434 _____ C:\Documents and Settings\Daddy\Desktop\Firefox-bookmarks.html
2013-12-13 18:23 - 2013-12-16 16:54 - 00009571 _____ C:\zoek-results2013-12-13-232339.log
2013-12-13 17:49 - 2013-12-13 18:14 - 00026299 _____ C:\zoek-results2013-12-13-224953.log
2013-12-13 10:45 - 2013-11-13 14:45 - 00000327 _____ C:\Boot.bak
2013-12-13 10:32 - 2013-12-13 10:32 - 00019852 _____ C:\Documents and Settings\Daddy\Desktop\MiniToolBoxResult.txt
2013-12-13 10:20 - 2013-12-13 10:20 - 00000930 _____ C:\Documents and Settings\Daddy\Desktop\Security Checkup.txt
2013-12-12 23:19 - 2013-12-12 23:18 - 00000000 ____D C:\Documents and Settings\Daddy\Desktop\TDSS files
2013-12-12 10:24 - 2013-12-13 17:23 - 00009277 _____ C:\zoek-results2013-12-12-152422.log
2013-12-12 09:38 - 2013-12-12 10:16 - 00027437 _____ C:\zoek-results2013-12-12-143847.log
2013-12-12 09:32 - 2013-11-16 11:03 - 00000000 ____D C:\zoek_backup
2013-12-12 07:46 - 2013-11-24 01:01 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-12 07:46 - 2011-11-06 23:04 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-12 07:45 - 2013-12-12 07:45 - 09272200 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-12-10 12:32 - 2011-11-05 08:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2478971$
2013-12-10 09:35 - 2013-12-10 09:35 - 00000140 _____ C:\Documents and Settings\Daddy\Desktop\Samsung Rugby lll SGH A997 at T Clean ESN No Contract eBay.URL
2013-12-09 20:11 - 2012-12-09 15:07 - 00000000 ____D C:\Documents and Settings\Daddy\Application Data\.minecraft
2013-12-09 00:24 - 2013-12-09 00:23 - 76442947 _____ C:\Documents and Settings\Daddy\Desktop\Gerald Celente - News Trends.mp4
2013-12-07 20:07 - 2013-12-07 20:07 - 00000106 _____ C:\Documents and Settings\Daddy\Desktop\The Hunger Games Catching Fire - 29minutes.URL
2013-12-07 13:10 - 2013-12-07 12:28 - 00167808 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1409082233-1078081533-839522115-1003-0.dat
2013-12-07 13:10 - 2013-10-20 00:33 - 00135558 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-12-07 13:09 - 2013-10-19 13:02 - 00000000 ____D C:\Documents and Settings\Daddy\Local Settings\Application Data\Samsung
2013-12-07 13:09 - 2013-10-19 13:01 - 00000000 ____D C:\Documents and Settings\Daddy\Application Data\Samsung
2013-12-07 13:09 - 2013-10-19 12:51 - 00000000 ____D C:\Program Files\Samsung
2013-12-07 13:09 - 2013-10-19 12:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Samsung
2013-12-07 13:09 - 2011-11-04 23:47 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-07 13:04 - 2013-10-23 00:40 - 00000000 ____D C:\Documents and Settings\Daddy\My Documents\CopyOfPersonalData-KerryMobile
2013-12-07 12:39 - 2013-12-07 12:39 - 00000000 ____D C:\Documents and Settings\All Users\Documents\CrashDump
2013-12-07 12:25 - 2013-10-19 13:08 - 00000000 ____D C:\Documents and Settings\Daddy\My Documents\SelfMV
2013-12-07 12:24 - 2011-11-04 23:49 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-12-06 12:22 - 2011-11-15 12:00 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-12-05 15:10 - 2011-11-04 23:11 - 00000000 __HDC C:\WINDOWS\$NtServicePackUninstall$
2013-12-04 12:36 - 2011-11-05 08:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2508272$
2013-12-03 15:21 - 2013-12-03 15:21 - 00675988 _____ C:\Documents and Settings\Daddy\Desktop\Minecraft(1).exe
2013-12-02 13:04 - 2011-11-05 08:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB959426$
2013-12-01 12:35 - 2011-11-06 23:39 - 00000000 ____D C:\Documents and Settings\Daddy\Local Settings\Application Data\Adobe
2013-11-24 01:46 - 2013-11-24 01:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$
2013-11-24 01:10 - 2013-11-24 01:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$
2013-11-24 01:09 - 2011-11-05 00:19 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2013-11-24 00:55 - 2011-11-04 23:47 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2013-11-21 23:39 - 2011-11-12 14:09 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

Some content of TEMP:
====================
C:\Documents and Settings\Daddy\Local Settings\Temp\HitmanPro.exe
C:\Documents and Settings\Daddy\Local Settings\Temp\ntdll_dump.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Addition Log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-12-2013 05
Ran by Daddy at 2013-12-19 23:11:12
Running from C:\Documents and Settings\Daddy\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

Acronis True Image WD Edition (Version: 13.0.14157)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Adobe Shockwave Player 12.0 (Version: 12.0.3.133)
AMD Processor Driver (Version: 1.3.2.0053)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Applian Director (Version: 2.1)
ATI - Software Uninstall Utility (Version: 6.14.10.1022)
ATI Catalyst Control Center (Version: 2.009.0625.1811)
ATI Parental Control & Encoder (Version: 3.0)
Audacity 1.2.6
avast! Free Antivirus (Version: 9.0.2008)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center Core Implementation (Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Full Existing (Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Full New (Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Light (Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Previews Common (Version: 2009.0625.1812.30825)
Catalyst Control Center Localization All (Version: 2009.0625.1812.30825)
CCC Help Chinese Standard (Version: 2009.0625.1811.30825)
CCC Help Chinese Traditional (Version: 2009.0625.1811.30825)
CCC Help Czech (Version: 2009.0625.1811.30825)
CCC Help Danish (Version: 2009.0625.1811.30825)
CCC Help Dutch (Version: 2009.0625.1811.30825)
CCC Help English (Version: 2009.0625.1811.30825)
CCC Help Finnish (Version: 2009.0625.1811.30825)
CCC Help French (Version: 2009.0625.1811.30825)
CCC Help German (Version: 2009.0625.1811.30825)
CCC Help Greek (Version: 2009.0625.1811.30825)
CCC Help Hungarian (Version: 2009.0625.1811.30825)
CCC Help Italian (Version: 2009.0625.1811.30825)
CCC Help Japanese (Version: 2009.0625.1811.30825)
CCC Help Korean (Version: 2009.0625.1811.30825)
CCC Help Norwegian (Version: 2009.0625.1811.30825)
CCC Help Polish (Version: 2009.0625.1811.30825)
CCC Help Portuguese (Version: 2009.0625.1811.30825)
CCC Help Russian (Version: 2009.0625.1811.30825)
CCC Help Spanish (Version: 2009.0625.1811.30825)
CCC Help Swedish (Version: 2009.0625.1811.30825)
CCC Help Thai (Version: 2009.0625.1811.30825)
CCC Help Turkish (Version: 2009.0625.1811.30825)
ccc-core-preinstall (Version: 2009.0625.1812.30825)
ccc-core-static (Version: 2009.0625.1812.30825)
ccc-utility (Version: 2009.0625.1812.30825)
CCleaner (Version: 4.07)
CDBurnerXP (Version: 4.3.9.2809)
ConvertHelper 2.2
CutePDF Writer 2.8
DTC Library
ESET Online Scanner v3
iTunes (Version: 11.1.2.32)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
LAME v3.98.3 for Audacity
Lexmark Pro700 Series
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Baseline Security Analyzer 2.3 (Version: 2.3.2208)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
OpenOffice 4.0.1 (Version: 4.01.9714)
QuickTime (Version: 7.74.80.86)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.20.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5928)
Replay Converter 4 (Version: 4.15)
RingJone (Version: 1.4.0.1)
Shared C Run-time for x86 (Version: 10.0.0)
Skins (Version: 2009.0625.1812.30825)
StuffIt Standard (Version: 9.0.0.21)
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2808679) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WD Align - Powered by Acronis (Version: 2.0.107)
WebEx Support Manager for Internet Explorer (Version: 6.5.4917)
WebFldrs XP (Version: 9.50.5318)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

==================== Restore Points  =========================

22-10-2013 17:27:59 Installed Java 7 Update 45
22-10-2013 19:10:32 Installed MotoCast
23-10-2013 06:02:25 Removed Samsung Kies
23-10-2013 06:08:36 Removed Motorola Device Manager
23-10-2013 06:09:57 Removed MotoCast
23-10-2013 12:17:51 Removed OpenOffice 4.0.0
23-10-2013 12:21:52 Installed OpenOffice 4.0.1
23-10-2013 13:36:58 Software Distribution Service 3.0
24-10-2013 14:49:24 System Checkpoint
25-10-2013 16:12:05 System Checkpoint
26-10-2013 22:39:05 System Checkpoint
27-10-2013 23:21:21 System Checkpoint
29-10-2013 00:42:48 System Checkpoint
30-10-2013 01:21:59 System Checkpoint
31-10-2013 01:48:17 System Checkpoint
01-11-2013 11:09:38 System Checkpoint
02-11-2013 15:20:50 System Checkpoint
03-11-2013 16:06:33 System Checkpoint
03-11-2013 17:16:27 Installed iTunes
04-11-2013 17:51:40 System Checkpoint
05-11-2013 19:08:49 System Checkpoint
06-11-2013 20:04:49 System Checkpoint
07-11-2013 23:42:37 System Checkpoint
09-11-2013 01:12:02 System Checkpoint
10-11-2013 01:40:47 System Checkpoint
12-11-2013 03:00:11 System Checkpoint
13-11-2013 04:03:53 System Checkpoint
13-11-2013 07:09:49 Defrag0209PM11132013
13-11-2013 17:50:44 Restore Operation
14-11-2013 12:50:21 Restore Operation
14-11-2013 12:59:48 Restore Operation
14-11-2013 18:50:14 Software Distribution Service 3.0
15-11-2013 23:29:49 avast! antivirus system restore point
16-11-2013 16:06:01 zoek.exe restore point
16-11-2013 20:11:23 Restore Operation
16-11-2013 20:50:27 Restore Operation
17-11-2013 02:45:25 Software Distribution Service 3.0
18-11-2013 03:48:56 System Checkpoint
19-11-2013 13:17:46 System Checkpoint
20-11-2013 14:06:52 System Checkpoint
22-11-2013 11:58:53 System Checkpoint
23-11-2013 17:33:18 System Checkpoint
24-11-2013 04:54:00 prior-install-updates
24-11-2013 05:55:09 Software Distribution Service 3.0
24-11-2013 06:09:34 Software Distribution Service 3.0
25-11-2013 12:11:55 System Checkpoint
26-11-2013 12:46:49 System Checkpoint
27-11-2013 15:33:54 System Checkpoint
28-11-2013 15:43:50 System Checkpoint
30-11-2013 01:44:18 System Checkpoint
01-12-2013 18:28:57 System Checkpoint
02-12-2013 15:45:04 Installed Motorola Driver Installation 4.6.0
03-12-2013 19:26:37 System Checkpoint
04-12-2013 19:27:06 System Checkpoint
05-12-2013 19:45:44 System Checkpoint
06-12-2013 21:33:06 System Checkpoint
07-12-2013 17:21:02 Installed Samsung Kies
07-12-2013 18:06:59 Removed Samsung Kies
07-12-2013 18:13:00 Removed MotoConnect
07-12-2013 18:16:27 Removed Motorola Driver Installation 4.6.0
08-12-2013 19:03:30 System Checkpoint
09-12-2013 19:16:04 System Checkpoint
10-12-2013 19:51:49 System Checkpoint
13-12-2013 03:33:50 System Checkpoint
13-12-2013 14:58:22 Installed Microsoft Fix it 50267
16-12-2013 05:21:37 Software Distribution Service 3.0
17-12-2013 12:10:39 System Checkpoint

==================== Hosts content: ==========================

2001-08-23 07:00 - 2013-12-17 20:34 - 00000741 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-18 20:56 - 2013-12-18 13:48 - 02152960 _____ () C:\Program Files\AVAST Software\Avast\defs\13121802\algo.dll
2011-11-13 15:44 - 2009-11-05 07:39 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2009-11-04 13:14 - 2009-11-04 13:14 - 00157696 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxeedrpp.dll
2009-05-18 13:29 - 2009-05-18 13:29 - 00819200 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeeptpc.dll
2009-11-04 13:14 - 2009-11-04 13:14 - 00165376 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeedrui.dll
2009-11-09 08:06 - 2009-11-09 08:06 - 00159744 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeePRPR.DLL
2009-11-04 13:14 - 2009-11-04 13:14 - 00236032 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeedr.dll
2009-10-30 17:47 - 2009-10-30 17:47 - 01003520 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeeHPEC.DLL
2009-05-27 12:16 - 2009-05-27 12:16 - 00192512 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeedatr.dll
2009-02-20 08:48 - 2009-02-20 08:48 - 00299008 _____ () C:\WINDOWS\system32\lxeesm.dll
2009-02-20 08:48 - 2009-02-20 08:48 - 00023552 _____ () C:\WINDOWS\system32\lxeesmr.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-15 18:30 - 2013-11-15 18:30 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-11-04 23:51 - 2011-11-04 23:51 - 00014848 _____ () C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2011-11-04 23:51 - 2011-11-04 23:51 - 00270336 _____ () C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-12-16 11:42 - 2009-12-16 11:42 - 00167936 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeemicro.dll
2010-04-01 17:24 - 2010-04-01 17:24 - 01159168 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeedrs.dll
2009-03-10 05:43 - 2009-03-10 05:43 - 00155648 _____ () C:\Program Files\Lexmark\Pro700 Series\lxeecaps.dll
2013-12-18 00:24 - 2013-11-12 22:39 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-12-12 07:45 - 2013-12-12 07:46 - 16242056 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll
2001-08-23 07:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\System32\quartz.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83959594.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83959594.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/18/2013 01:32:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12643172

Error: (12/18/2013 01:32:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12643172

Error: (12/18/2013 01:32:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/18/2013 01:32:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12626938

Error: (12/18/2013 01:32:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12626938

Error: (12/18/2013 01:32:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/18/2013 01:31:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12611032

Error: (12/18/2013 01:31:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12611032

Error: (12/18/2013 01:31:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/18/2013 01:31:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12594813


System errors:
=============
Error: (12/19/2013 01:29:10 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (12/19/2013 07:56:28 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the lxeeCATSCustConnectService service to connect.

Error: (12/19/2013 07:54:09 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (12/19/2013 05:16:00 AM) (Source: Service Control Manager) (User: )
Description: The lxeeCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (12/19/2013 05:16:00 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the lxeeCATSCustConnectService service to connect.

Error: (12/19/2013 05:14:05 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
%%5

Error: (12/19/2013 05:00:07 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (12/18/2013 08:56:23 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/18/2013 08:55:33 PM) (Source: Service Control Manager) (User: )
Description: The lxeeCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (12/18/2013 08:55:33 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the lxeeCATSCustConnectService service to connect.


Microsoft Office Sessions:
=========================
Error: (12/18/2013 01:32:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12643172

Error: (12/18/2013 01:32:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12643172

Error: (12/18/2013 01:32:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/18/2013 01:32:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12626938

Error: (12/18/2013 01:32:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12626938

Error: (12/18/2013 01:32:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/18/2013 01:31:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12611032

Error: (12/18/2013 01:31:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12611032

Error: (12/18/2013 01:31:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/18/2013 01:31:38 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12594813


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 1791.23 MB
Available physical RAM: 916.31 MB
Total Pagefile: 3684.93 MB
Available Pagefile: 2916.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:127.99 GB) (Free:75.58 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (Data) (Fixed) (Total:1735.03 GB) (Free:1539.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-336053927936) - (Type=07 NTFS)

==================== End Of Log ============================



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:20 AM

Posted 20 December 2013 - 03:41 PM

1.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.

    Once the scan has finished Click the Clean button

  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[S1].txt.

     

    2.

    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop

    Link 1
    Link 2

  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • RcAuto1.gif
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 savage99

savage99
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 20 December 2013 - 06:45 PM

AdwCleaner Log

 

# AdwCleaner v3.015 - Report created 20/12/2013 at 18:42:29
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Daddy - FRED-ETVB67H6NH
# Running from : C:\Documents and Settings\Daddy\My Documents\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21359


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\vr32eifo.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [986 octets] - [15/11/2013 13:32:22]
AdwCleaner[R1].txt - [1106 octets] - [15/11/2013 13:39:27]
AdwCleaner[R2].txt - [1228 octets] - [15/11/2013 14:05:55]
AdwCleaner[R3].txt - [1335 octets] - [15/11/2013 23:16:43]
AdwCleaner[R4].txt - [2885 octets] - [11/12/2013 08:43:16]
AdwCleaner[R5].txt - [1442 octets] - [13/12/2013 10:40:14]
AdwCleaner[R6].txt - [1392 octets] - [14/12/2013 09:23:33]
AdwCleaner[R7].txt - [1666 octets] - [20/12/2013 18:41:41]
AdwCleaner[S0].txt - [1046 octets] - [15/11/2013 13:32:58]
AdwCleaner[S1].txt - [1168 octets] - [15/11/2013 13:41:32]
AdwCleaner[S2].txt - [1290 octets] - [15/11/2013 14:07:36]
AdwCleaner[S3].txt - [1396 octets] - [15/11/2013 23:18:28]
AdwCleaner[S4].txt - [2893 octets] - [11/12/2013 08:49:29]
AdwCleaner[S5].txt - [1503 octets] - [13/12/2013 10:40:54]
AdwCleaner[S6].txt - [1454 octets] - [14/12/2013 09:24:26]
AdwCleaner[S7].txt - [1587 octets] - [20/12/2013 18:42:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1647 octets] ##########
 



#9 savage99

savage99
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 20 December 2013 - 07:12 PM

ComboFix Log

 

ComboFix 13-12-20.01 - Daddy 12/20/2013  18:55:52.8.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1791.1221 [GMT -5:00]
Running from: c:\documents and settings\Daddy\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-21 to 2013-12-21  )))))))))))))))))))))))))))))))
.
.
2013-12-20 04:10 . 2013-12-20 04:10    --------    d-----w-    C:\FRST
2013-12-18 05:24 . 2013-12-20 11:48    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-12-18 05:10 . 2013-12-18 05:18    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-12-18 02:27 . 2013-12-18 02:27    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Malwarebytes
2013-12-16 23:10 . 2013-12-16 22:58    24064    ----a-w-    c:\windows\zoek-delete.exe
2013-12-12 12:45 . 2013-12-12 12:45    9272200    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-12-02 15:45 . 2010-01-26 00:56    9472    ----a-w-    c:\windows\system32\drivers\motusbdevice.sys
2013-12-02 15:45 . 2010-04-01 19:31    23424    ----a-w-    c:\windows\system32\drivers\Motousbnet.sys
2013-12-02 15:45 . 2009-01-29 22:11    6016    ----a-w-    c:\windows\system32\drivers\motfilt.sys
2013-12-02 15:45 . 2009-10-27 17:02    23936    ----a-w-    c:\windows\system32\drivers\motmodem.sys
2013-12-02 15:45 . 2009-06-19 21:59    19712    ----a-w-    c:\windows\system32\drivers\motccgp.sys
2013-12-02 15:45 . 2009-01-29 22:18    8320    ----a-w-    c:\windows\system32\drivers\motccgpfl.sys
2013-12-02 15:45 . 2007-11-02 20:51    6400    ----a-w-    c:\windows\system32\drivers\motswch.sys
2013-11-24 08:11 . 2013-12-13 23:29    --------    d-----w-    c:\program files\Google
2013-11-24 06:01 . 2013-12-12 12:46    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-18 03:38 . 2013-11-15 18:56    51416    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-12 12:46 . 2011-11-07 04:04    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-15 23:30 . 2013-11-15 23:30    57672    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-11-15 23:30 . 2013-11-15 23:30    178304    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-11-15 23:30 . 2013-11-15 23:30    403440    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-11-15 23:30 . 2013-11-15 23:30    774392    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-11-15 23:30 . 2013-11-15 23:30    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-11-15 23:30 . 2013-11-15 23:30    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-11-15 23:30 . 2013-11-15 23:30    35656    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-11-15 23:30 . 2013-11-15 23:30    54832    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2013-11-15 23:30 . 2013-11-15 23:30    43152    ----a-w-    c:\windows\avastSS.scr
2013-11-15 23:30 . 2013-07-18 00:34    269216    ----a-w-    c:\windows\system32\aswBoot.exe
2013-10-13 08:16 . 2001-08-23 12:00    841216    ----a-w-    c:\windows\system32\wininet.dll
2013-10-13 08:16 . 2001-08-23 12:00    1830912    ------w-    c:\windows\system32\inetcpl.cpl
2013-10-13 08:16 . 2011-11-05 04:16    78336    ------w-    c:\windows\system32\ieencode.dll
2013-10-13 08:16 . 2001-08-23 12:00    17408    ----a-w-    c:\windows\system32\corpol.dll
2013-10-12 15:56 . 2001-08-23 12:00    278528    ----a-w-    c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2001-08-23 12:00    287744    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-08 11:50 . 2013-10-22 17:29    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 11:29 . 2013-10-22 17:29    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2013-10-07 10:59 . 2001-08-23 12:00    603136    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2011-11-05 05:20    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-15 23:30    321752    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-10-23 152392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-15 3568312]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2011-06-22 15:17    395392    ----a-w-    c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-05-11 10:37    958576    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 01:43    59720    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2011-01-24 00:37    148280    ----a-w-    c:\program files\Lexmark Pro700 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-10-23 22:31    152392    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxeemon.exe]
2011-01-24 00:37    770728    ----a-w-    c:\program files\Lexmark Pro700 Series\lxeemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 13:16    254336    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2011-06-22 15:15    2637824    ----a-w-    c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\lxeecoms.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [11/15/2013 6:30 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [11/15/2013 6:30 PM 178304]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [11/5/2011 10:48 AM 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [11/5/2011 10:48 AM 83392]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/15/2013 6:30 PM 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/15/2013 6:30 PM 403440]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [11/4/2011 11:46 PM 13696]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/15/2013 6:30 PM 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [11/15/2013 6:30 PM 70384]
R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]
S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [4/14/2010 7:01 PM 193192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/5/2011 12:17 AM 1684736]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [12/2/2013 10:45 AM 6016]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [12/2/2013 10:45 AM 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [12/2/2013 10:45 AM 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [12/2/2013 10:45 AM 23424]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys --> c:\windows\system32\DRIVERS\motport.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [12/2/2013 10:45 AM 9472]
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 12:46]
.
2013-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-12-20 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-15 23:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.duckduckgo.com/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Daddy\Application Data\Mozilla\Firefox\Profiles\vr32eifo.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/
FF - ExtSQL: 2013-11-16 15:48; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-83959594.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-20 19:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõwæ*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="?\16?\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"c:\\docume~1\\daddy\\locals~1\\temp\\wzse0.tmp\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3764)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-12-20  19:02:39
ComboFix-quarantined-files.txt  2013-12-21 00:02
ComboFix2.txt  2013-12-16 19:18
ComboFix3.txt  2013-12-13 15:57
ComboFix4.txt  2013-12-11 20:01
ComboFix5.txt  2013-12-20 23:48
.
Pre-Run: 81,059,864,576 bytes free
Post-Run: 81,042,681,856 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - E95D8773EC6FECA71412E50736EE848E
8F558EB6672622401DA993E1E865C861
 



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:20 AM

Posted 22 December 2013 - 04:01 PM

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 savage99

savage99
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 23 December 2013 - 03:56 PM

Same problem.

1) svchost.exe Process ID 1312 is draining the CPU at 99

2) Windows Firewall is not currently running

3) YouTube videos fail to work

4) No sound (no active mixer devices available type message)

5) Not sure if System Restore is working. Previous attempts in the past didn't work. I won't try now but it does open and restore points do appear as listed in the calendars.



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:20 AM

Posted 23 December 2013 - 03:58 PM

1.

  • Download Malwarebytes Anti-Rootkit from HERE

      
  • Unzip the contents to a folder in a convenient location.
      
  • Open the folder where the contents were unzipped and run mbar.exe
      
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
      
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
      
  • Wait while the system shuts down and the cleanup process is performed.
      
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
      
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

 

 

2.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 savage99

savage99
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 24 December 2013 - 11:42 PM

MBAR Logs

 

MBAR Log

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.25.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Daddy :: FRED-ETVB67H6NH [administrator]

12/24/2013 11:27:54 PM
mbar-log-2013-12-24 (23-27-54).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 233854
Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

System Log

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 1878245376, free: 1313513472

Downloaded database version: v2013.11.13.08
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
     11/13/2013 14:15:56
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
vsflt53.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
amdide.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
vididr.sys
timntr.sys
snapman.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\System32\DRIVERS\AmdPPM.sys
\SystemRoot\System32\DRIVERS\ati2mtag.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\DRIVERS\Rtenicxp.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\wmiacpi.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtKHDMI.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\??\C:\WINDOWS\System32\drivers\BIOS.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8990e3b0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000081\
Lower Device Object: 0xffffffff8a274ea0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a42bab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a43b940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a42bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a42b998, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a42d8f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a42bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a4aa9e0, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8a4c4f18, DeviceName: \Device\0000006c\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a43b940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 268410880
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 268412928  Numsec = 3638611968

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8990e3b0, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a2b0020, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a290de0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8990e3b0, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a3e1f10, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8a274ea0, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\
------------ End ----------
Read File: File "C:\Documents and Settings\LocalService\Cookies\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 1878245376, free: 1290493952

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 1878245376, free: 981364736

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 1878245376, free: 1239781376

Downloaded database version: v2013.11.15.08
=======================================
Initializing...
------------ Kernel report ------------
     11/15/2013 13:57:14
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
vsflt53.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
amdide.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
vididr.sys
timntr.sys
snapman.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\System32\DRIVERS\AmdPPM.sys
\SystemRoot\System32\DRIVERS\ati2mtag.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\DRIVERS\Rtenicxp.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\wmiacpi.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtKHDMI.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\??\C:\WINDOWS\system32\drivers\aswTdi.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\??\C:\WINDOWS\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\??\C:\WINDOWS\System32\drivers\BIOS.sys
\??\C:\WINDOWS\system32\drivers\aswSP.sys
\??\C:\WINDOWS\system32\drivers\aswSnx.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\aswFsBlk.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8a1d28b0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000082\
Lower Device Object: 0xffffffff8a383ea0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a42bab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a43b940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a42bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a42b998, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a42d8f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a42bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a4aa9e0, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8a4c4f18, DeviceName: \Device\0000006c\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a43b940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 268410880
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 268412928  Numsec = 3638611968

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8a1d28b0, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a401678, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a2d3e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a1d28b0, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a2cdb00, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8a383ea0, DeviceName: \Device\00000082\, DriverName: \Driver\USBSTOR\
------------ End ----------
Read File: File "C:\Documents and Settings\LocalService\Cookies\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 1878245376, free: 1447501824

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 1878245376, free: 1270702080

Downloaded database version: v2013.12.04.07
=======================================
Initializing...
------------ Kernel report ------------
     12/04/2013 13:06:20
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
wgecu.sys
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
vsflt53.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
amdide.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
vididr.sys
timntr.sys
snapman.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\System32\DRIVERS\AmdPPM.sys
\SystemRoot\System32\DRIVERS\ati2mtag.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\DRIVERS\Rtenicxp.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\wmiacpi.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtKHDMI.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\??\C:\WINDOWS\system32\drivers\aswTdi.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\??\C:\WINDOWS\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\??\C:\WINDOWS\System32\drivers\BIOS.sys
\??\C:\WINDOWS\system32\drivers\aswSP.sys
\??\C:\WINDOWS\system32\drivers\aswSnx.sys
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\aswFsBlk.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\hitmanpro37.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a492ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a4bdd98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a492ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a492998, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a435908, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a492ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a4b99e0, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8a480f18, DeviceName: \Device\0000006e\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a4bdd98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 268410880
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 268412928  Numsec = 3638611968

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
Done!
Read File: File "C:\Documents and Settings\LocalService\Cookies\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 1878245376, free: 1436229632

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 1878245376, free: 1211076608

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 1878245376, free: 1228742656

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 1878245376, free: 1107349504

Downloaded database version: v2013.12.11.03
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
     12/11/2013 08:05:28
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
vsflt53.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
amdide.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
vididr.sys
timntr.sys
snapman.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\System32\DRIVERS\AmdPPM.sys
\SystemRoot\System32\DRIVERS\ati2mtag.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\DRIVERS\Rtenicxp.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\wmiacpi.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtKHDMI.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\??\C:\WINDOWS\system32\drivers\aswTdi.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\??\C:\WINDOWS\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\??\C:\WINDOWS\System32\drivers\BIOS.sys
\??\C:\WINDOWS\system32\drivers\aswSP.sys
\??\C:\WINDOWS\system32\drivers\aswSnx.sys
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\aswFsBlk.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8a1e1248
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000084\
Lower Device Object: 0xffffffff8a1e0ea0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a431ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a513940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a431ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a431998, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a4338f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a431ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a5069e0, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8a4a9f18, DeviceName: \Device\0000006e\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a513940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 268410880
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 268412928  Numsec = 3638611968

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8a1e1248, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a4768a0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a16d730, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a1e1248, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a509020, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8a1e0ea0, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\
------------ End ----------
Read File: File "C:\Documents and Settings\LocalService\Cookies\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 1878245376, free: 1438621696

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 1878245376, free: 1355071488

Downloaded database version: v2013.12.11.04
Downloaded database version: v2013.12.11.05
Downloaded database version: v2013.12.11.06
Downloaded database version: v2013.12.12.01
Downloaded database version: v2013.12.12.02
Downloaded database version: v2013.12.12.03
Downloaded database version: v2013.12.12.04
Downloaded database version: v2013.12.12.05
Downloaded database version: v2013.12.12.06
Downloaded database version: v2013.12.12.07
Downloaded database version: v2013.12.12.08
Downloaded database version: v2013.12.13.01
Downloaded database version: v2013.12.13.02
Downloaded database version: v2013.12.13.03
Downloaded database version: v2013.12.13.04
Downloaded database version: v2013.12.13.05
=======================================
Initializing...
------------ Kernel report ------------
     12/13/2013 11:07:47
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
vsflt53.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
amdide.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
vididr.sys
timntr.sys
snapman.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\System32\DRIVERS\AmdPPM.sys
\SystemRoot\System32\DRIVERS\ati2mtag.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\DRIVERS\Rtenicxp.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\wmiacpi.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtKHDMI.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\??\C:\WINDOWS\system32\drivers\aswTdi.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\??\C:\WINDOWS\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\??\C:\WINDOWS\System32\drivers\BIOS.sys
\??\C:\WINDOWS\system32\drivers\aswSP.sys
\??\C:\WINDOWS\system32\drivers\aswSnx.sys
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\aswFsBlk.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff898c6328
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000084\
Lower Device Object: 0xffffffff8a37cda8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a431ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a513940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a431ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a431998, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a4338f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a431ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a5069e0, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8a4a9f18, DeviceName: \Device\0000006e\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a513940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 268410880
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 268412928  Numsec = 3638611968

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff898c6328, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff898e3020, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a3da350, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff898c6328, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a4018b8, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8a37cda8, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\
------------ End ----------
Read File: File "C:\Documents and Settings\LocalService\Cookies\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 1878245376, free: 1437814784

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 1878245376, free: 1336668160

Downloaded database version: v2013.12.13.06
Downloaded database version: v2013.12.13.07
Downloaded database version: v2013.12.13.08
Downloaded database version: v2013.12.14.01
Downloaded database version: v2013.12.14.02
Downloaded database version: v2013.12.14.03
=======================================
Initializing...
------------ Kernel report ------------
     12/14/2013 09:01:48
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
vsflt53.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
amdide.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
vididr.sys
timntr.sys
snapman.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\System32\DRIVERS\AmdPPM.sys
\SystemRoot\System32\DRIVERS\ati2mtag.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\DRIVERS\Rtenicxp.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\wmiacpi.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtKHDMI.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\??\C:\WINDOWS\system32\drivers\aswTdi.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\??\C:\WINDOWS\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\??\C:\WINDOWS\System32\drivers\BIOS.sys
\??\C:\WINDOWS\system32\drivers\aswSP.sys
\??\C:\WINDOWS\system32\drivers\aswSnx.sys
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\aswFsBlk.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a431ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a513940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a431ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a431998, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a4338f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a431ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a5069e0, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8a4a9f18, DeviceName: \Device\0000006e\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a513940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 268410880
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 268412928  Numsec = 3638611968

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
Done!
Read File: File "C:\Documents and Settings\LocalService\Cookies\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 1878245376, free: 1436704768

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 1878245376, free: 1370071040

Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     12/18/2013 00:10:11
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
kkqdkumv.sys
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
vsflt53.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
amdide.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
vididr.sys
timntr.sys
snapman.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\System32\DRIVERS\AmdPPM.sys
\SystemRoot\System32\DRIVERS\ati2mtag.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\DRIVERS\Rtenicxp.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\wmiacpi.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtKHDMI.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\??\C:\WINDOWS\system32\drivers\aswTdi.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\??\C:\WINDOWS\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\??\C:\WINDOWS\System32\drivers\BIOS.sys
\??\C:\WINDOWS\system32\drivers\aswSP.sys
\??\C:\WINDOWS\system32\drivers\aswSnx.sys
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\aswFsBlk.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a4acab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a4bd940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a4acab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a4ac998, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a4798f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a4acab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a4b99e0, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8a480f18, DeviceName: \Device\0000006e\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a4bd940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 268410880
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 268412928  Numsec = 3638611968

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
Done!
Read File: File "C:\Documents and Settings\LocalService\Cookies\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 1878245376, free: 1439440896

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 1878245376, free: 1108676608

Downloaded database version: v2013.12.25.01
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     12/24/2013 23:27:44
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
vsflt53.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
amdide.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
vididr.sys
timntr.sys
snapman.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\System32\DRIVERS\AmdPPM.sys
\SystemRoot\System32\DRIVERS\ati2mtag.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\DRIVERS\Rtenicxp.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\wmiacpi.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtKHDMI.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\??\C:\WINDOWS\system32\drivers\aswTdi.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\??\C:\WINDOWS\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\??\C:\WINDOWS\System32\drivers\BIOS.sys
\??\C:\WINDOWS\system32\drivers\aswSP.sys
\??\C:\WINDOWS\system32\drivers\aswSnx.sys
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\aswFsBlk.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a431ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a513940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a431ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a431998, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a4338f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a431ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a5069e0, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8a4a9f18, DeviceName: \Device\0000006e\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a513940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 268410880
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 268412928  Numsec = 3638611968

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
Done!
Read File: File "C:\Documents and Settings\LocalService\Cookies\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
 



#14 savage99

savage99
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 25 December 2013 - 12:03 AM

RogueKiller Log Reports

 

 

1) FIRST REPORT FILE:    RKreport[0]_D_12242013_235254.txt

 

RogueKiller V8.7.13 [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Daddy [Admin rights]
Mode : Remove -- Date : 12/24/2013 23:52:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\RunOnce :  (A0) (cmd /c "C:\Documents and Settings\Daddy\Desktop\mbar\mbar.exe" /rdv /s [7]) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD20EARS-00MVWB0 +++++
--- User ---
[MBR] 01ced6c9181390e04f7a91e0e1d1ef9d
[BSP] e24cb1d96bb0435339ae2e20363bf06b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 131060 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 268412928 | Size: 1776666 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_12242013_235254.txt >>
RKreport[0]_S_12242013_235229.txt


2) SECOND REPORT FILE:   RKreport[0]_S_12242013_235229.txt

 

RogueKiller V8.7.13 [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Daddy [Admin rights]
Mode : Scan -- Date : 12/24/2013 23:52:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\RunOnce :  (A0) (cmd /c "C:\Documents and Settings\Daddy\Desktop\mbar\mbar.exe" /rdv /s [7]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD20EARS-00MVWB0 +++++
--- User ---
[MBR] 01ced6c9181390e04f7a91e0e1d1ef9d
[BSP] e24cb1d96bb0435339ae2e20363bf06b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 131060 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 268412928 | Size: 1776666 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12242013_235229.txt >>

 



#15 savage99

savage99
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 25 December 2013 - 12:05 AM

Restarted the PC after the RogueKiller scan and the 99 CPU process drain ( svchost.exe ) appeared. Initially upon restart the Windows Firewall service was running. The Windows Security Center was available to open. After a short period of time both were no longer running again.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users