Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MalwareBytes blocks malicious website


  • This topic is locked This topic is locked
16 replies to this topic

#1 Tayy

Tayy

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 07 February 2014 - 06:58 AM

Hello

 

A few days ago I started getting pop-ups that said "Congratulations you've won a prize" (in my native Slovenian language). I had to click OK button to proceed to the sites I wanted to visit.

First pop-up appeared when I visited a xxx site that was probably infected. Later pop-ups started appearing on almost all sites I visited.

Yesterday I installed MalwareBytes and it is blocking some potentially malicous sites (lookup at who.is showed they are from Moldova, Russia, Romania etc)

From log file:

2014/02/06 17:28:36 +0100    TURK-PC    Turk    IP-BLOCK    218.7.200.202 (Type: outgoing)
2014/02/06 17:33:15 +0100    TURK-PC    Turk    IP-BLOCK    89.28.31.195 (Type: incoming)
2014/02/06 18:14:43 +0100    TURK-PC    Turk    IP-BLOCK    109.196.137.15 (Type: outgoing)
2014/02/06 18:59:11 +0100    TURK-PC    Turk    IP-BLOCK    220.248.167.235 (Type: outgoing)

2014/02/07 09:17:48 +0100    TURK-PC    Turk    IP-BLOCK    178.152.13.101 (Type: outgoing)

2014/02/07 12:09:46 +0100    TURK-PC    Turk    IP-BLOCK    188.211.239.23 (Type: outgoing)
2014/02/07 12:09:52 +0100    TURK-PC    Turk    IP-BLOCK    188.211.239.23 (Type: outgoing)
2014/02/07 12:12:36 +0100    TURK-PC    Turk    IP-BLOCK    95.58.99.40 (Type: outgoing)
2014/02/07 12:14:05 +0100    TURK-PC    Turk    IP-BLOCK    188.211.239.23 (Type: outgoing)
2014/02/07 12:14:08 +0100    TURK-PC    Turk    IP-BLOCK    188.211.239.23 (Type: outgoing)
2014/02/07 12:14:14 +0100    TURK-PC    Turk    IP-BLOCK    188.211.239.23 (Type: outgoing)

 

Any help would be greatly appreciated.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Turk at 12:32:41 on 2014-02-07
Microsoft Windows XP Professional  5.1.2600.3.1250.386.1033.18.2047.1017 [GMT 1:00]
.
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Documents and Settings\Turk\Application Data\uTorrent\uTorrent.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.yahoo.com?fr=fp-comodo
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WinFast Schedule] c:\program files\winfast\wfdtv\WFWIZ.exe
uRun: [uTorrent] "c:\documents and settings\turk\application data\utorrent\uTorrent.exe"  /MINIMIZED
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WinFastDTV] c:\program files\winfast\wfdtv\DTVSchdl.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: I&zvoz v Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{FB91E714-A83F-4F2C-9007-DFD077BD4C81} : DHCPNameServer = 192.168.1.254
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs=     c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\turk\application data\mozilla\firefox\profiles\b9xsuu7k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.najdi.si/
FF - plugin: c:\documents and settings\turk\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll
FF - ExtSQL: !HIDDEN! 2010-10-30 20:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-9-10 18096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-10 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-10 32640]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-10 1990464]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-2-6 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-2-6 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-2-6 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-2-7 40776]
R3 WFFALCON;Leadtek WinFast PVR3000 Series Driver;c:\windows\system32\drivers\wffalcon.sys [2012-10-31 134016]
S3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [2012-10-23 433920]
.
=============== Created Last 30 ================
.
2014-02-07 11:05:56    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-06 17:26:51    5556104    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2014-02-06 16:06:25    --------    d-----w-    c:\documents and settings\turk\application data\Malwarebytes
2014-02-06 16:06:10    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-02-06 16:06:10    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-02-06 16:06:10    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2014-02-06 15:56:14    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2014-02-06 15:56:14    --------    d-----w-    c:\windows\system32\wbem\Repository
2014-02-06 15:50:31    --------    d-----w-    c:\documents and settings\all users\application data\Cas1
2014-02-06 15:49:50    --------    d-----w-    c:\program files\iPhone Configuration Utility
2014-02-06 15:49:36    --------    d-----w-    c:\program files\iTunes
2014-02-06 15:49:36    --------    d-----w-    c:\program files\iPod
2014-02-06 15:49:04    --------    d-----w-    c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-06 14:22:43    --------    d-----w-    c:\program files\iPod(2)
2014-02-06 14:22:37    --------    d-----w-    c:\program files\iTunes(2)
2014-02-06 14:22:37    --------    d-----w-    c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1(2)
2014-02-06 14:22:00    --------    d-----w-    c:\program files\Apple Software Update(2)
2014-02-06 14:10:18    --------    d-----w-    c:\windows\SxsCaPendDel
2014-01-25 14:03:59    --------    d-----w-    c:\program files\MKVToolNix
2014-01-24 21:32:37    --------    d-----w-    c:\program files\Subtitle Workshop
2014-01-11 10:33:16    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2014-01-11 10:33:08    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-01-10 15:52:31    --------    d-----w-    c:\documents and settings\all users\application data\Canneverbe Limited
2014-01-10 15:51:32    --------    d-----w-    c:\documents and settings\turk\application data\Canneverbe Limited
2014-01-10 15:51:31    13120    ----a-w-    c:\windows\system32\drivers\StarOpen.sys
.
==================== Find3M  ====================
.
2014-02-06 17:27:01    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-06 17:27:01    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-01-31 21:13:47    2    ----a-w-    c:\windows\system32\Dvbpws.dll
2013-11-27 20:21:06    40960    ----a-w-    c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59:42    150528    ----a-w-    c:\windows\system32\imagehlp.dll
.
============= FINISH: 12:34:19,15 ===============


 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 AM

Posted 07 February 2014 - 10:44 AM

Hello,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 Tayy

Tayy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 07 February 2014 - 02:14 PM

Hello Aronov

 

Thank you very much for taking your time.

Here are the two logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2014
Ran by Turk (administrator) on TURK-PC on 07-02-2014 19:26:55
Running from C:\Documents and Settings\Turk\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\WFWIZ.exe
(BitTorrent Inc.) C:\Documents and Settings\Turk\Application Data\uTorrent\uTorrent.exe
() C:\Program Files\USB TV\EM28XX\BDARemote.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [High Definition Audio Property Page Shortcut] - C:\WINDOWS\system32\HDAShCut.exe [61952 2005-01-07] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16862208 2010-10-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [69632 2010-10-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-08] (COMODO)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-05-11] (Hewlett-Packard Co.)
HKLM\...\Run: [WinFastDTV] - C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [101888 2012-09-10] (Leadtek Research Inc.)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-790525478-839522115-725345543-1003\...\Run: [WinFast Schedule] - C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2916352 2012-08-28] (Leadtek Research Inc.)
HKU\S-1-5-21-790525478-839522115-725345543-1003\...\Run: [uTorrent] - C:\Documents and Settings\Turk\Application Data\uTorrent\uTorrent.exe [905296 2014-01-23] (BitTorrent Inc.)
AppInit_DLLs: C:\WINDOWS\system32\guard32.dll => C:\WINDOWS\system32\guard32.dll [301264 2012-11-08] (COMODO)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk
ShortcutTarget: BDARemote.lnk -> C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Turk\Application Data\Mozilla\Firefox\Profiles\b9xsuu7k.default
FF Homepage: hxxp://www.najdi.si/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Documents and Settings\Turk\Application Data\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Turk\Application Data\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ceneji.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\najdi-si.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\odpiralni.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Turk\Application Data\Mozilla\Firefox\Profiles\b9xsuu7k.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] ()
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

R3 ATIAVAIW; C:\WINDOWS\System32\DRIVERS\atinavt2.sys [170496 2009-02-04] (ATI Technologies Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [18096 2012-11-08] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [497952 2012-11-08] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [32640 2012-11-08] (COMODO)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider)
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [99080 2012-11-08] (COMODO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-02-07] (Malwarebytes Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
R3 WFFALCON; C:\WINDOWS\System32\drivers\wffalcon.sys [134016 2009-11-23] (Leadtek Research Inc.)
S3 WFLR6654; C:\WINDOWS\System32\drivers\wfeaglxt.sys [433920 2009-10-21] (Leadtek Research Inc.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;
U3 mbr; \??\C:\DOCUME~1\Turk\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-07 19:26 - 2014-02-07 19:27 - 00011622 _____ () C:\Documents and Settings\Turk\Desktop\FRST.txt
2014-02-07 19:26 - 2014-02-07 19:26 - 00000000 ____D () C:\FRST
2014-02-07 19:24 - 2014-02-07 19:24 - 01136640 _____ (Farbar) C:\Documents and Settings\Turk\Desktop\FRST.exe
2014-02-07 19:08 - 2014-02-07 19:08 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-02-06 20:37 - 2014-02-06 20:37 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-02-06 20:35 - 2014-02-06 20:36 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Prenosi
2014-02-06 20:34 - 2014-02-06 20:34 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-02-06 20:34 - 2014-02-06 20:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2014-02-06 20:34 - 2014-02-06 20:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-02-06 20:33 - 2014-02-06 20:41 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-06 20:33 - 2014-02-06 20:34 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-02-06 20:33 - 2014-02-06 20:33 - 00000000 ____D () C:\WINDOWS\CSC
2014-02-06 20:33 - 2010-10-27 16:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-02-06 20:33 - 2010-10-27 07:57 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-02-06 20:33 - 2010-10-27 07:57 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-02-06 20:33 - 2010-10-27 07:57 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-02-06 18:26 - 2014-02-06 18:26 - 05556104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-02-06 17:06 - 2014-02-06 17:06 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-06 17:06 - 2014-02-06 17:06 - 00000000 ____D () C:\Documents and Settings\Turk\Application Data\Malwarebytes
2014-02-06 17:06 - 2014-02-06 17:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-02-06 17:06 - 2014-02-06 17:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-02-06 17:06 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-06 16:50 - 2014-02-06 16:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Cas1
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Program Files\iTunes
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Program Files\iPod
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Program Files\iPhone Configuration Utility
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iPhone Configuration Utility
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-06 15:22 - 2014-02-06 16:49 - 00000000 ____D () C:\Program Files\iTunes(2)
2014-02-06 15:22 - 2014-02-06 16:49 - 00000000 ____D () C:\Program Files\iPod(2)
2014-02-06 15:22 - 2014-02-06 16:49 - 00000000 ____D () C:\Program Files\Apple Software Update(2)
2014-02-06 15:22 - 2014-02-06 16:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1(2)
2014-02-06 15:10 - 2014-02-06 15:10 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel
2014-01-25 15:03 - 2014-01-25 15:10 - 00000000 ____D () C:\Program Files\MKVToolNix
2014-01-25 14:48 - 2014-01-25 14:48 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-01-24 22:32 - 2014-01-24 22:34 - 00000000 ____D () C:\Program Files\Subtitle Workshop
2014-01-15 19:53 - 2014-01-15 19:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 19:52 - 2014-01-15 19:54 - 00004445 _____ () C:\WINDOWS\KB2914368.log
2014-01-11 11:33 - 2014-01-11 11:33 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-01-11 11:33 - 2014-01-11 11:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-01-11 11:33 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-11 11:33 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-11 11:33 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-11 11:33 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-11 11:33 - 2013-10-08 07:29 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-01-11 11:32 - 2014-01-11 11:33 - 00004705 _____ () C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2014-01-10 17:50 - 2014-01-10 17:50 - 00000000 ____D () C:\Documents and Settings\Turk\My Documents\Moje prejete datoteke
2014-01-10 16:52 - 2014-01-10 16:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2014-01-10 16:51 - 2014-01-10 16:51 - 00001556 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
2014-01-10 16:51 - 2014-01-10 16:51 - 00000000 ____D () C:\Program Files\CDBurnerXP
2014-01-10 16:51 - 2014-01-10 16:51 - 00000000 ____D () C:\Documents and Settings\Turk\Application Data\Canneverbe Limited
2014-01-10 16:51 - 2013-08-25 10:30 - 00013120 _____ () C:\WINDOWS\system32\Drivers\StarOpen.sys

==================== One Month Modified Files and Folders =======

2014-02-07 19:27 - 2014-02-07 19:26 - 00011622 _____ () C:\Documents and Settings\Turk\Desktop\FRST.txt
2014-02-07 19:27 - 2013-08-09 18:23 - 00000000 ____D () C:\Documents and Settings\Turk\Application Data\uTorrent
2014-02-07 19:26 - 2014-02-07 19:26 - 00000000 ____D () C:\FRST
2014-02-07 19:26 - 2012-05-01 09:51 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-07 19:25 - 2010-10-27 16:29 - 00000000 ____D () C:\Documents and Settings\Turk\My Documents\Prenosi
2014-02-07 19:24 - 2014-02-07 19:24 - 01136640 _____ (Farbar) C:\Documents and Settings\Turk\Desktop\FRST.exe
2014-02-07 19:23 - 2010-10-27 12:07 - 01474832 _____ () C:\WINDOWS\system32\Drivers\sfi.dat
2014-02-07 19:08 - 2014-02-07 19:08 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-02-07 13:25 - 2010-10-27 07:56 - 01894128 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-07 13:21 - 2013-09-21 12:23 - 00000000 ____D () C:\Documents and Settings\Turk\My Documents\DAVID
2014-02-07 12:04 - 2010-10-27 09:45 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-07 12:04 - 2010-10-27 09:45 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-02-07 12:04 - 2007-07-27 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-07 12:03 - 2010-10-27 08:05 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-07 09:25 - 2010-10-27 11:52 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-02-07 09:25 - 2010-10-27 08:06 - 00000178 ___SH () C:\Documents and Settings\Turk\ntuser.ini
2014-02-07 09:25 - 2010-10-27 08:05 - 00032560 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-06 20:41 - 2014-02-06 20:33 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-06 20:37 - 2014-02-06 20:37 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-02-06 20:36 - 2014-02-06 20:35 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Prenosi
2014-02-06 20:34 - 2014-02-06 20:34 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-02-06 20:34 - 2014-02-06 20:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2014-02-06 20:34 - 2014-02-06 20:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-02-06 20:34 - 2014-02-06 20:33 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-02-06 20:33 - 2014-02-06 20:33 - 00000000 ____D () C:\WINDOWS\CSC
2014-02-06 18:27 - 2012-05-01 09:51 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-06 18:27 - 2012-05-01 09:51 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-06 18:26 - 2014-02-06 18:26 - 05556104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-02-06 17:06 - 2014-02-06 17:06 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-06 17:06 - 2014-02-06 17:06 - 00000000 ____D () C:\Documents and Settings\Turk\Application Data\Malwarebytes
2014-02-06 17:06 - 2014-02-06 17:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-02-06 17:06 - 2014-02-06 17:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-02-06 16:56 - 2010-10-27 08:06 - 00000000 ____D () C:\Documents and Settings\Turk
2014-02-06 16:56 - 2010-10-27 08:05 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-02-06 16:56 - 2010-10-27 08:00 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-02-06 16:56 - 2010-10-27 07:54 - 00000000 ____D () C:\WINDOWS\Registration
2014-02-06 16:50 - 2014-02-06 16:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Cas1
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Program Files\iTunes
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Program Files\iPod
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Program Files\iPhone Configuration Utility
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iPhone Configuration Utility
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-06 16:49 - 2014-02-06 15:22 - 00000000 ____D () C:\Program Files\iTunes(2)
2014-02-06 16:49 - 2014-02-06 15:22 - 00000000 ____D () C:\Program Files\iPod(2)
2014-02-06 16:49 - 2014-02-06 15:22 - 00000000 ____D () C:\Program Files\Apple Software Update(2)
2014-02-06 16:49 - 2013-01-11 13:16 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-06 16:48 - 2014-02-06 15:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1(2)
2014-02-06 16:48 - 2010-10-27 07:55 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-02-06 15:25 - 2010-10-27 09:42 - 00840138 _____ () C:\WINDOWS\setupapi.log
2014-02-06 15:22 - 2013-01-11 15:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer
2014-02-06 15:21 - 2013-01-11 13:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple
2014-02-06 15:10 - 2014-02-06 15:10 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel
2014-02-06 15:06 - 2010-10-27 08:18 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-01-31 22:13 - 2010-10-27 16:46 - 00000002 _____ () C:\WINDOWS\system32\Dvbpws.dll
2014-01-30 18:45 - 2010-10-31 10:22 - 00017920 _____ () C:\Documents and Settings\Turk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-25 15:10 - 2014-01-25 15:03 - 00000000 ____D () C:\Program Files\MKVToolNix
2014-01-25 14:48 - 2014-01-25 14:48 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-01-25 14:48 - 2012-01-26 08:37 - 00000000 ____D () C:\Documents and Settings\Turk\My Documents\recepti
2014-01-25 14:42 - 2010-10-27 08:27 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-01-24 22:34 - 2014-01-24 22:32 - 00000000 ____D () C:\Program Files\Subtitle Workshop
2014-01-15 19:54 - 2014-01-15 19:52 - 00004445 _____ () C:\WINDOWS\KB2914368.log
2014-01-15 19:54 - 2010-10-27 09:43 - 02119932 _____ () C:\WINDOWS\FaxSetup.log
2014-01-15 19:54 - 2010-10-27 09:43 - 01019477 _____ () C:\WINDOWS\ocgen.log
2014-01-15 19:54 - 2010-10-27 09:43 - 00971215 _____ () C:\WINDOWS\tsoc.log
2014-01-15 19:54 - 2010-10-27 09:43 - 00660492 _____ () C:\WINDOWS\msmqinst.log
2014-01-15 19:54 - 2010-10-27 09:43 - 00602971 _____ () C:\WINDOWS\comsetup.log
2014-01-15 19:54 - 2010-10-27 09:43 - 00371767 _____ () C:\WINDOWS\netfxocm.log
2014-01-15 19:54 - 2010-10-27 09:43 - 00363567 _____ () C:\WINDOWS\ntdtcsetup.log
2014-01-15 19:54 - 2010-10-27 09:43 - 00334950 _____ () C:\WINDOWS\iis6.log
2014-01-15 19:54 - 2010-10-27 09:43 - 00146369 _____ () C:\WINDOWS\MedCtrOC.log
2014-01-15 19:54 - 2010-10-27 09:43 - 00107501 _____ () C:\WINDOWS\tabletoc.log
2014-01-15 19:54 - 2010-10-27 09:43 - 00106084 _____ () C:\WINDOWS\msgsocm.log
2014-01-15 19:54 - 2010-10-27 09:43 - 00098174 _____ () C:\WINDOWS\ocmsn.log
2014-01-15 19:54 - 2010-10-27 09:43 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-01-15 19:53 - 2014-01-15 19:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-11 11:33 - 2014-01-11 11:33 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-01-11 11:33 - 2014-01-11 11:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-01-11 11:33 - 2014-01-11 11:32 - 00004705 _____ () C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2014-01-11 11:33 - 2012-10-23 17:11 - 00000000 ____D () C:\Program Files\Java
2014-01-10 17:50 - 2014-01-10 17:50 - 00000000 ____D () C:\Documents and Settings\Turk\My Documents\Moje prejete datoteke
2014-01-10 16:52 - 2014-01-10 16:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2014-01-10 16:51 - 2014-01-10 16:51 - 00001556 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
2014-01-10 16:51 - 2014-01-10 16:51 - 00000000 ____D () C:\Program Files\CDBurnerXP
2014-01-10 16:51 - 2014-01-10 16:51 - 00000000 ____D () C:\Documents and Settings\Turk\Application Data\Canneverbe Limited
2014-01-10 16:45 - 2010-10-27 09:41 - 00171232 _____ () C:\WINDOWS\setupact.log

Some content of TEMP:
====================
C:\Documents and Settings\Turk\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Turk\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-02-2014
Ran by Turk at 2014-02-07 19:28:14
Running from C:\Documents and Settings\Turk\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: COMODO Antivirus (Disabled - Up to date) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall (Disabled) {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

==================== Installed Programs ======================

  (Version: 1.00.0000 - Naziv vašega podjetja) Hidden
µTorrent (HKCU Version: 3.3.2.30488 - BitTorrent Inc.)
Adobe AIR (Version: 2.5.0.16600 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.0.16600 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.01) (Version: 11.0.01 - Adobe Systems Incorporated)
Apple Application Support (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ATI - Software Uninstall Utility (Version: 6.14.10.1022 - )
ATI Catalyst Control Center (Version: 2.010.0210.2338 - )
ATI Display Driver (Version: 8.593.100-100210a-095952E-ATI - )
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Casper Skrivnostni grad (Version: 1.00.0000 - Naziv vašega podjetja)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Localization All (Version: 2010.0210.2339.42455 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Czech (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Danish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Dutch (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help English (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Finnish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help French (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help German (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Greek (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Hungarian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Italian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Japanese (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Korean (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Norwegian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Polish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Russian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Spanish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Swedish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Thai (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Turkish (Version: 2010.0210.2338.42455 - ATI) Hidden
ccc-core-preinstall (Version: 2010.0210.2339.42455 - ATI) Hidden
ccc-core-static (Version: 2010.0210.2339.42455 - ATI) Hidden
ccc-utility (Version: 2010.0210.2339.42455 - ATI) Hidden
CDBurnerXP (Version: 4.5.2.4478 - CDBurnerXP)
Codec-TS SDK (Version:  - ArcSoft)
COMODO Internet Security (Version: 5.0.32580.1142 - COMODO Group Inc.)
De-interlace SDK (Version:  - ArcSoft)
Destinations (Version: 53.0.13.000 - Hewlett-Packard) Hidden
DeviceFunctionQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000 - Microsoft Corporation)
HP Deskjet 3900 series (Version: 5.0 - HP)
HP Imaging Device Functions 5.0 (Version: 5.0 - HP)
HP Software Update (Version: 3.0.5.001 - HEWLET~1|Hewlett-Packard) Hidden
HP Solution Center & Imaging Support Tools 5.0 (Version: 5.0 - HP)
HPDeskjet3900Series (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Intel® Network Connections 15.6.25.0 (Version: 15.6.25.0 - Intel)
iPhone Configuration Utility (Version: 3.6.2.300 - Apple Inc.)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware različica 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
MKVToolNix 6.7.0 [20140102-565] (Version: 6.7.0 - Moritz Bunkus)
Mozilla Firefox 26.0 (x86 sl) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
Octoshape - pretočne storitve (HKCU Version:  - Octoshape ApS)
REALTEK GbE & FE Ethernet PCI NIC Driver (Version: 1.11.0000 - Realtek)
Realtek High Definition Audio Driver (Version: 5.10.0.5618 - Realtek Semiconductor Corp.)
Skins (Version: 2010.0210.2339.42455 - ATI) Hidden
SolutionCenter (Version: 50.0.152.000 - Hewlett-Packard) Hidden
SopCast 3.5.0 (Version: 3.5.0 - www.sopcast.com)
Status (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Subtitle Workshop 6.0b (Version:  - )
TrayApp (Version: 53.0.13.000 - Hewlett-Packard) Hidden
TT-SB SDK (Version:  - ArcSoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
USB Video Driver (Version: 1.00 - EETI)
Veetle TV (Version: 0.9.19 - Veetle, Inc)
VLC media player 1.1.11 (Version: 1.1.11 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media  (08/31/2007 5.7.0831.0) (Version: 08/31/2007 5.7.0831.0 - Advanced Micro Devices, Inc.)
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA  (08/31/2007 5.7.0831.0) (Version: 08/31/2007 5.7.0831.0 - eMPIA Technology Inc,)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)
WinFast Multimedia Driver Installation  (Version:  - Multimedia)
WinFast PVR2 (HKCU Version: 2.0.3.49 - Leadtek)

==================== Restore Points  =========================

11-01-2014 10:32:20 Installed Java 7 Update 45
12-01-2014 11:58:14 Točka preverjanja sistema
13-01-2014 12:04:02 Točka preverjanja sistema
14-01-2014 19:42:59 Točka preverjanja sistema
15-01-2014 18:52:43 Software Distribution Service 3.0
16-01-2014 18:56:52 Točka preverjanja sistema
17-01-2014 19:13:21 Točka preverjanja sistema
19-01-2014 09:20:31 Točka preverjanja sistema
20-01-2014 18:20:58 Točka preverjanja sistema
22-01-2014 14:05:03 Točka preverjanja sistema
23-01-2014 20:38:53 Točka preverjanja sistema
25-01-2014 11:49:34 Točka preverjanja sistema
26-01-2014 12:04:22 Točka preverjanja sistema
27-01-2014 12:46:34 Točka preverjanja sistema
28-01-2014 12:51:37 Točka preverjanja sistema
29-01-2014 13:43:43 Točka preverjanja sistema
30-01-2014 15:02:01 Točka preverjanja sistema
01-02-2014 09:17:47 Točka preverjanja sistema
02-02-2014 11:39:31 Točka preverjanja sistema
03-02-2014 12:53:35 Točka preverjanja sistema
04-02-2014 16:29:47 Točka preverjanja sistema
05-02-2014 17:15:14 Točka preverjanja sistema
06-02-2014 14:06:20 Konfigurirano  
06-02-2014 14:06:51 Konfigurirano  
06-02-2014 14:09:20 Removed Apple Application Support
06-02-2014 14:11:31 Removed Apple Mobile Device Support
06-02-2014 14:12:00 Removed Apple Software Update
06-02-2014 14:13:13 Removed iPhone Configuration Utility
06-02-2014 14:14:40 Removed iTunes
06-02-2014 14:22:23 Installed iTunes
06-02-2014 15:48:08 Operacija obnovitve
07-02-2014 16:24:00 Točka preverjanja sistema

==================== Hosts content: ==========================

2007-07-27 13:00 - 2007-07-27 13:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-10-31 20:33 - 2012-10-05 01:33 - 00070352 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-02-06 15:09 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 15:09 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-31 15:40 - 2009-04-01 14:07 - 00303188 _____ () C:\Program Files\WinFast\WFDTV\RTL283XACCESS.dll
2012-10-31 15:40 - 2008-12-02 11:04 - 00007680 _____ () C:\Program Files\WinFast\WFDTV\WIZLANGENG.dll
2007-07-27 13:00 - 2008-04-14 01:12 - 00192512 _____ () C:\WINDOWS\system32\qcap.dll
2007-07-27 13:00 - 2013-01-02 07:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2007-07-27 13:00 - 2008-04-14 01:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2007-07-27 13:00 - 2008-04-14 01:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2012-10-31 15:40 - 2010-11-15 11:05 - 00073728 _____ () C:\Program Files\WinFast\WFDTV\RCConfig\RCKeysInfoIO.dll
2010-10-27 11:51 - 2010-10-27 11:51 - 00014848 _____ () C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-11-24 12:36 - 2009-11-24 12:36 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-12-11 10:03 - 2013-12-11 10:04 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Intel® PRO/1000 PM Network Connection
Description: Intel® PRO/1000 PM Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: e1express
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2014 06:21:53 PM) (Source: crypt32) (User: )
Description: Ni uspelo pridobivanje samodejne posodobitve zaporedne številke na seznamu korenov neodvisnih izdelovalcev iz: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: Operacija vrnjena, ker je časovna omejitev potekla.

Error: (02/04/2014 05:11:23 PM) (Source: crypt32) (User: )
Description: Ni uspelo pridobivanje samodejne posodobitve zaporedne številke na seznamu korenov neodvisnih izdelovalcev iz: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (02/03/2014 08:03:14 AM) (Source: crypt32) (User: )
Description: Ni uspelo pridobivanje samodejne posodobitve zaporedne številke na seznamu korenov neodvisnih izdelovalcev iz: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: Operacija vrnjena, ker je časovna omejitev potekla.

Error: (02/02/2014 10:55:37 AM) (Source: crypt32) (User: )
Description: Ni uspelo pridobivanje samodejne posodobitve zaporedne številke na seznamu korenov neodvisnih izdelovalcev iz: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: Operacija vrnjena, ker je časovna omejitev potekla.

Error: (02/01/2014 09:47:17 AM) (Source: crypt32) (User: )
Description: Ni uspelo pridobivanje samodejne posodobitve zaporedne številke na seznamu korenov neodvisnih izdelovalcev iz: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: Operacija vrnjena, ker je časovna omejitev potekla.

Error: (02/01/2014 08:27:39 AM) (Source: crypt32) (User: )
Description: Ni uspelo pridobivanje samodejne posodobitve zaporedne številke na seznamu korenov neodvisnih izdelovalcev iz: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: Operacija vrnjena, ker je časovna omejitev potekla.

Error: (01/31/2014 08:13:13 PM) (Source: crypt32) (User: )
Description: Ni uspelo pridobivanje samodejne posodobitve zaporedne številke na seznamu korenov neodvisnih izdelovalcev iz: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: Operacija vrnjena, ker je časovna omejitev potekla.

Error: (01/31/2014 01:46:23 PM) (Source: crypt32) (User: )
Description: Ni uspelo pridobivanje samodejne posodobitve zaporedne številke na seznamu korenov neodvisnih izdelovalcev iz: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: Operacija vrnjena, ker je časovna omejitev potekla.

Error: (01/25/2014 03:10:53 PM) (Source: Application Hang) (User: )
Description: Neodzivajoča se aplikacija WINWORD.EXE, različica 11.0.5604.0, Neodzivajoči se modul hungapp, različica 0.0.0.0, neodzivajoči se naslov 0x00000000.

Error: (01/25/2014 03:10:52 PM) (Source: Application Hang) (User: )
Description: Neodzivajoča se aplikacija WINWORD.EXE, različica 11.0.5604.0, Neodzivajoči se modul hungapp, različica 0.0.0.0, neodzivajoči se naslov 0x00000000.


System errors:
=============
Error: (02/06/2014 08:41:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM je prejel sporočilo o napaki »%%1084« pri poskusu zagona storitve EventSystem z argumenti »«
da bi se strežnik lahko zagnal:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/06/2014 08:35:10 PM) (Source: Service Control Manager) (User: )
Description: Ti zagonski ali sistemski gonilniki se niso uspeli naložiti:
cmdGuard
Fips
intelppm

Error: (02/06/2014 08:34:09 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM je prejel sporočilo o napaki »%%1084« pri poskusu zagona storitve EventSystem z argumenti »«
da bi se strežnik lahko zagnal:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/05/2014 01:40:43 PM) (Source: Dhcp) (User: )
Description: Zakup 192.168.1.68 IP naslova za omrežno kartico z omrežnim naslovom 00142AEA65BE je bil
zavrnjen od DHCP strežnika 192.168.1.254 (DHCP strežnik je poslal DHCPNACK sporočilo).

Error: (02/03/2014 08:02:52 AM) (Source: Dhcp) (User: )
Description: Zakup 192.168.1.69 IP naslova za omrežno kartico z omrežnim naslovom 00142AEA65BE je bil
zavrnjen od DHCP strežnika 192.168.1.254 (DHCP strežnik je poslal DHCPNACK sporočilo).

Error: (01/21/2014 09:20:52 AM) (Source: Dhcp) (User: )
Description: Zakup 192.168.1.67 IP naslova za omrežno kartico z omrežnim naslovom 00142AEA65BE je bil
zavrnjen od DHCP strežnika 192.168.1.254 (DHCP strežnik je poslal DHCPNACK sporočilo).


Microsoft Office Sessions:
=========================
Error: (02/04/2014 06:21:53 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtOperacija vrnjena, ker je časovna omejitev potekla.

Error: (02/04/2014 05:11:23 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (02/03/2014 08:03:14 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtOperacija vrnjena, ker je časovna omejitev potekla.

Error: (02/02/2014 10:55:37 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtOperacija vrnjena, ker je časovna omejitev potekla.

Error: (02/01/2014 09:47:17 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtOperacija vrnjena, ker je časovna omejitev potekla.

Error: (02/01/2014 08:27:39 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtOperacija vrnjena, ker je časovna omejitev potekla.

Error: (01/31/2014 08:13:13 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtOperacija vrnjena, ker je časovna omejitev potekla.

Error: (01/31/2014 01:46:23 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtOperacija vrnjena, ker je časovna omejitev potekla.

Error: (01/25/2014 03:10:53 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE11.0.5604.0hungapp0.0.0.000000000

Error: (01/25/2014 03:10:52 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE11.0.5604.0hungapp0.0.0.000000000


==================== Memory info ===========================

Percentage of memory in use: 58%
Total physical RAM: 2047.29 MB
Available physical RAM: 855.99 MB
Total Pagefile: 3943.79 MB
Available Pagefile: 2888.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1954.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:39.06 GB) (Free:3.18 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 76 GB) (Disk ID: 6E9D6E9D)
Partition 1: (Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=37 GB) - (Type=OF Extended)

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 AM

Posted 10 February 2014 - 04:14 AM

Sorry for the delay.


Please download TDSSKiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.


#5 Tayy

Tayy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 10 February 2014 - 06:06 AM

Hello aharonov

 

Below is the TDSSkiller log file:

 

12:03:54.0875 0x0e7c  TDSS rootkit removing tool 3.0.0.22 Feb  3 2014 16:45:35
12:03:58.0406 0x0e7c  ============================================================
12:03:58.0406 0x0e7c  Current date / time: 2014/02/10 12:03:58.0406
12:03:58.0406 0x0e7c  SystemInfo:
12:03:58.0406 0x0e7c  
12:03:58.0406 0x0e7c  OS Version: 5.1.2600 ServicePack: 3.0
12:03:58.0406 0x0e7c  Product type: Workstation
12:03:58.0406 0x0e7c  ComputerName: TURK-PC
12:03:58.0406 0x0e7c  UserName: Turk
12:03:58.0406 0x0e7c  Windows directory: C:\WINDOWS
12:03:58.0406 0x0e7c  System windows directory: C:\WINDOWS
12:03:58.0406 0x0e7c  Processor architecture: Intel x86
12:03:58.0406 0x0e7c  Number of processors: 2
12:03:58.0406 0x0e7c  Page size: 0x1000
12:03:58.0406 0x0e7c  Boot type: Normal boot
12:03:58.0406 0x0e7c  ============================================================
12:04:01.0968 0x0e7c  KLMD registered as C:\WINDOWS\system32\drivers\23239107.sys
12:04:02.0453 0x0e7c  System UUID: {3F8DB822-0B11-C6F2-5F50-0C25E53293B5}
12:04:03.0984 0x0e7c  Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x14ADD, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000054
12:04:04.0000 0x0e7c  ============================================================
12:04:04.0000 0x0e7c  \Device\Harddisk0\DR0:
12:04:04.0000 0x0e7c  MBR partitions:
12:04:04.0000 0x0e7c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE, BlocksNum 0x4E20092
12:04:04.0015 0x0e7c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xE, StartLBA 0x4E200AE, BlocksNum 0x4A8AB8A
12:04:04.0015 0x0e7c  ============================================================
12:04:04.0031 0x0e7c  C: <-> \Device\Harddisk0\DR0\Partition1
12:04:04.0031 0x0e7c  ============================================================
12:04:04.0031 0x0e7c  Initialize success
12:04:04.0031 0x0e7c  ============================================================
12:04:32.0375 0x0210  ============================================================
12:04:32.0375 0x0210  Scan started
12:04:32.0375 0x0210  Mode: Manual; SigCheck; TDLFS;
12:04:32.0375 0x0210  ============================================================
12:04:32.0375 0x0210  KSN ping started
12:04:34.0906 0x0210  KSN ping finished: true
12:04:35.0640 0x0210  ================ Scan system memory ========================
12:04:35.0640 0x0210  System memory - ok
12:04:35.0640 0x0210  ================ Scan services =============================
12:04:35.0718 0x0210  Abiosdsk - ok
12:04:35.0734 0x0210  abp480n5 - ok
12:04:35.0796 0x0210  [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:04:35.0953 0x0210  ACDaemon - ok
12:04:36.0031 0x0210  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:04:37.0046 0x0210  ACPI - ok
12:04:37.0078 0x0210  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
12:04:37.0218 0x0210  ACPIEC - ok
12:04:37.0281 0x0210  [ C8C6C0D659734FDBF63F6F421A5416BC, 11C452D77D0A8A5E430D0D0C9949797FFC03D2E3DADB8FBB9B63EDA868AFF83C ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:04:37.0312 0x0210  AdobeFlashPlayerUpdateSvc - ok
12:04:37.0312 0x0210  adpu160m - ok
12:04:37.0343 0x0210  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:04:37.0484 0x0210  aec - ok
12:04:37.0515 0x0210  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:04:37.0593 0x0210  AFD - ok
12:04:37.0593 0x0210  Aha154x - ok
12:04:37.0609 0x0210  aic78u2 - ok
12:04:37.0609 0x0210  aic78xx - ok
12:04:37.0640 0x0210  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:04:37.0765 0x0210  Alerter - ok
12:04:37.0781 0x0210  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
12:04:37.0921 0x0210  ALG - ok
12:04:37.0921 0x0210  AliIde - ok
12:04:37.0937 0x0210  amsint - ok
12:04:38.0015 0x0210  [ F518545E5B7623AD49ABE7F8776EFA46, CD39B6EC0D80C6DB857F34D4AC5C31085271B51B8851A56FEFC052B20B7CC40C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:04:38.0031 0x0210  Apple Mobile Device - ok
12:04:38.0062 0x0210  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
12:04:38.0203 0x0210  AppMgmt - ok
12:04:38.0203 0x0210  asc - ok
12:04:38.0203 0x0210  asc3350p - ok
12:04:38.0218 0x0210  asc3550 - ok
12:04:38.0296 0x0210  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:04:38.0406 0x0210  aspnet_state - ok
12:04:38.0437 0x0210  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:04:38.0562 0x0210  AsyncMac - ok
12:04:38.0578 0x0210  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:04:38.0718 0x0210  atapi - ok
12:04:38.0734 0x0210  Atdisk - ok
12:04:38.0781 0x0210  [ 471087B5E1E01CC82604E81EA14781D8, DA6AAFE65232AF3DA3D0D5F399730A1117B0DBBCB6AA2A9BD0D1ADA22A1198B8 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
12:04:38.0843 0x0210  Ati HotKey Poller - detected UnsignedFile.Multi.Generic ( 1 )
12:04:41.0343 0x0210  Detect skipped due to KSN trusted
12:04:41.0343 0x0210  Ati HotKey Poller - ok
12:04:41.0406 0x0210  [ B979BA0120B6DB757196A8E2E873FE3C, 4F4CCD1D07485A53CA3ECEB10E029102BBE9946A15C7B67840E64D352808A0CA ] ATI Smart       C:\WINDOWS\system32\ati2sgag.exe
12:04:41.0453 0x0210  ATI Smart - detected UnsignedFile.Multi.Generic ( 1 )
12:04:43.0937 0x0210  Detect skipped due to KSN trusted
12:04:43.0937 0x0210  ATI Smart - ok
12:04:44.0093 0x0210  [ C0B86ECB324E50F6BBD529F9D5C6B24B, 6B6E58CBDE1010FF13740DA91482E8A40D7B31CD808C16B524BE012C0EADB0D1 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:04:44.0625 0x0210  ati2mtag - detected UnsignedFile.Multi.Generic ( 1 )
12:04:47.0187 0x0210  Detect skipped due to KSN trusted
12:04:47.0187 0x0210  ati2mtag - ok
12:04:47.0218 0x0210  [ BEFB648D5A40B816D66283B571BBE38A, CC5C12216D90EA1442A70B96AB0EBCA638A0F750D3B578A7F0949A59CDFD0710 ] ATIAVAIW        C:\WINDOWS\system32\DRIVERS\atinavt2.sys
12:04:47.0250 0x0210  ATIAVAIW - detected UnsignedFile.Multi.Generic ( 1 )
12:04:49.0796 0x0210  Detect skipped due to KSN trusted
12:04:49.0796 0x0210  ATIAVAIW - ok
12:04:49.0812 0x0210  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:04:49.0953 0x0210  Atmarpc - ok
12:04:49.0984 0x0210  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:04:50.0109 0x0210  AudioSrv - ok
12:04:50.0125 0x0210  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:04:50.0250 0x0210  audstub - ok
12:04:50.0265 0x0210  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:04:50.0406 0x0210  Beep - ok
12:04:50.0453 0x0210  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
12:04:50.0640 0x0210  BITS - ok
12:04:50.0703 0x0210  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:04:50.0734 0x0210  Bonjour Service - ok
12:04:50.0765 0x0210  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
12:04:50.0906 0x0210  Browser - ok
12:04:50.0937 0x0210  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:04:51.0078 0x0210  cbidf2k - ok
12:04:51.0093 0x0210  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:04:51.0218 0x0210  CCDECODE - ok
12:04:51.0234 0x0210  cd20xrnt - ok
12:04:51.0250 0x0210  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:04:51.0375 0x0210  Cdaudio - ok
12:04:51.0390 0x0210  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:04:51.0531 0x0210  Cdfs - ok
12:04:51.0546 0x0210  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:04:51.0671 0x0210  Cdrom - ok
12:04:51.0687 0x0210  Changer - ok
12:04:51.0703 0x0210  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
12:04:51.0843 0x0210  CiSvc - ok
12:04:51.0875 0x0210  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:04:52.0000 0x0210  ClipSrv - ok
12:04:52.0015 0x0210  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:04:52.0093 0x0210  clr_optimization_v2.0.50727_32 - ok
12:04:52.0218 0x0210  [ 2A2D72271844C52F004901A60312B96A, A7782E78EE6797A100410C997B77C95B1D991E57C0E5025FC17324EF54C54F0F ] cmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
12:04:52.0312 0x0210  cmdAgent - ok
12:04:52.0343 0x0210  [ 26F9E72754B2DBC53977E92B647A6ABA, EBA41F8657B54AAA16B1ED66128EA5682DBB5EF4F6F9F8DFDA7DE595605FCAE2 ] cmderd          C:\WINDOWS\system32\DRIVERS\cmderd.sys
12:04:52.0359 0x0210  cmderd - ok
12:04:52.0375 0x0210  [ 9181CC4D007ADBE21DB9A11BFECAFEF5, 06B5FDD33D5EE99659DF772CAB38A187166A7F9662B43B1DFC786E0DEFF013B8 ] cmdGuard        C:\WINDOWS\system32\DRIVERS\cmdguard.sys
12:04:52.0406 0x0210  cmdGuard - ok
12:04:52.0421 0x0210  [ C5A9FB50E8CA7FD99F256255FEE71580, 98A826550D7960A3605F67EBA84B721881B7F7D5B7F8445AA6F8790FE2DA05F2 ] cmdHlp          C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
12:04:52.0437 0x0210  cmdHlp - ok
12:04:52.0453 0x0210  CmdIde - ok
12:04:52.0453 0x0210  COMSysApp - ok
12:04:52.0453 0x0210  Cpqarray - ok
12:04:52.0484 0x0210  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:04:52.0625 0x0210  CryptSvc - ok
12:04:52.0625 0x0210  dac2w2k - ok
12:04:52.0625 0x0210  dac960nt - ok
12:04:52.0671 0x0210  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:04:52.0812 0x0210  DcomLaunch - ok
12:04:52.0843 0x0210  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:04:52.0984 0x0210  Dhcp - ok
12:04:53.0000 0x0210  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:04:53.0140 0x0210  Disk - ok
12:04:53.0140 0x0210  dmadmin - ok
12:04:53.0203 0x0210  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:04:53.0375 0x0210  dmboot - ok
12:04:53.0406 0x0210  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:04:53.0531 0x0210  dmio - ok
12:04:53.0562 0x0210  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:04:53.0687 0x0210  dmload - ok
12:04:53.0718 0x0210  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:04:53.0843 0x0210  dmserver - ok
12:04:53.0875 0x0210  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:04:54.0000 0x0210  DMusic - ok
12:04:54.0031 0x0210  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:04:54.0171 0x0210  Dnscache - ok
12:04:54.0203 0x0210  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:04:54.0328 0x0210  Dot3svc - ok
12:04:54.0328 0x0210  dpti2o - ok
12:04:54.0359 0x0210  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:04:54.0484 0x0210  drmkaud - ok
12:04:54.0531 0x0210  [ 6DE32A9123EF60F9D423E9163AF0E305, 2C11222D998F6D8D870879BB50E85C4929BF51903118DD8A991B9A02FF84B79E ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
12:04:54.0640 0x0210  e1express - ok
12:04:54.0671 0x0210  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
12:04:54.0796 0x0210  EapHost - ok
12:04:54.0828 0x0210  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:04:54.0953 0x0210  ERSvc - ok
12:04:54.0984 0x0210  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
12:04:55.0031 0x0210  Eventlog - ok
12:04:55.0078 0x0210  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
12:04:55.0140 0x0210  EventSystem - ok
12:04:55.0171 0x0210  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:04:55.0296 0x0210  Fastfat - ok
12:04:55.0328 0x0210  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:04:55.0390 0x0210  FastUserSwitchingCompatibility - ok
12:04:55.0421 0x0210  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
12:04:55.0546 0x0210  Fdc - ok
12:04:55.0562 0x0210  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:04:55.0703 0x0210  Fips - ok
12:04:55.0703 0x0210  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:04:55.0812 0x0210  Flpydisk - ok
12:04:55.0843 0x0210  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
12:04:55.0984 0x0210  FltMgr - ok
12:04:56.0031 0x0210  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:04:56.0046 0x0210  FontCache3.0.0.0 - ok
12:04:56.0062 0x0210  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:04:56.0187 0x0210  Fs_Rec - ok
12:04:56.0218 0x0210  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:04:56.0343 0x0210  Ftdisk - ok
12:04:56.0375 0x0210  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:04:56.0390 0x0210  GEARAspiWDM - ok
12:04:56.0421 0x0210  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:04:56.0531 0x0210  Gpc - ok
12:04:56.0562 0x0210  [ 2A013E7530BEAB6E569FAA83F517E836, 481390EE00AF49BB54B8C885801FCAC0F87F4EF3D935ABBBA42B7C063EFDDB8F ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
12:04:56.0625 0x0210  HdAudAddService - ok
12:04:56.0656 0x0210  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:04:56.0781 0x0210  HDAudBus - ok
12:04:56.0828 0x0210  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:04:56.0953 0x0210  helpsvc - ok
12:04:56.0984 0x0210  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
12:04:57.0109 0x0210  HidServ - ok
12:04:57.0125 0x0210  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:04:57.0265 0x0210  HidUsb - ok
12:04:57.0281 0x0210  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
12:04:57.0421 0x0210  hkmsvc - ok
12:04:57.0421 0x0210  hpn - ok
12:04:57.0453 0x0210  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:04:57.0500 0x0210  HTTP - ok
12:04:57.0531 0x0210  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:04:57.0656 0x0210  HTTPFilter - ok
12:04:57.0656 0x0210  i2omgmt - ok
12:04:57.0656 0x0210  i2omp - ok
12:04:57.0687 0x0210  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:04:57.0812 0x0210  i8042prt - ok
12:04:57.0921 0x0210  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:04:57.0984 0x0210  idsvc - ok
12:04:58.0015 0x0210  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:04:58.0140 0x0210  Imapi - ok
12:04:58.0171 0x0210  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:04:58.0296 0x0210  ImapiService - ok
12:04:58.0296 0x0210  ini910u - ok
12:04:58.0328 0x0210  [ E1DF634BEC066B3D4FFE437BCB78C282, 974278CA606DF7C0332997E4339EA2AFE017E04C596CE69F47FED798E57D52FB ] Inspect         C:\WINDOWS\system32\DRIVERS\inspect.sys
12:04:58.0343 0x0210  Inspect - ok
12:04:58.0546 0x0210  [ 12CD9F66B64B25CBE18F1BB2C6F54832, EA4CABD18125E14A6BACAD0033CDD4D2942CD68DD0CE78EEAC2ECFB8B1CF1F5A ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:04:58.0921 0x0210  IntcAzAudAddService - ok
12:04:58.0937 0x0210  IntelIde - ok
12:04:58.0968 0x0210  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:04:59.0093 0x0210  intelppm - ok
12:04:59.0109 0x0210  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
12:04:59.0234 0x0210  Ip6Fw - ok
12:04:59.0265 0x0210  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:04:59.0406 0x0210  IpFilterDriver - ok
12:04:59.0421 0x0210  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:04:59.0531 0x0210  IpInIp - ok
12:04:59.0578 0x0210  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:04:59.0703 0x0210  IpNat - ok
12:04:59.0750 0x0210  [ 9AE882A67F019CF30E8C9D7D60B05DDA, FB5D71F94529F37C8B45A5B4FBD15C66AECBFABB7E51C3B9BF63AEAFBE89F8BC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:04:59.0890 0x0210  iPod Service - ok
12:04:59.0906 0x0210  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:05:00.0015 0x0210  IPSec - ok
12:05:00.0031 0x0210  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:05:00.0156 0x0210  IRENUM - ok
12:05:00.0171 0x0210  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:05:00.0296 0x0210  isapnp - ok
12:05:00.0375 0x0210  [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:05:00.0390 0x0210  JavaQuickStarterService - ok
12:05:00.0421 0x0210  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:05:00.0546 0x0210  Kbdclass - ok
12:05:00.0562 0x0210  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:05:00.0687 0x0210  kbdhid - ok
12:05:00.0718 0x0210  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:05:00.0843 0x0210  kmixer - ok
12:05:00.0890 0x0210  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:05:00.0984 0x0210  KSecDD - ok
12:05:01.0031 0x0210  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
12:05:01.0171 0x0210  lanmanserver - ok
12:05:01.0203 0x0210  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:05:01.0250 0x0210  lanmanworkstation - ok
12:05:01.0250 0x0210  lbrtfdc - ok
12:05:01.0281 0x0210  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:05:01.0406 0x0210  LmHosts - ok
12:05:01.0437 0x0210  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
12:05:01.0453 0x0210  MBAMProtector - ok
12:05:01.0515 0x0210  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:05:01.0531 0x0210  MBAMScheduler - ok
12:05:01.0578 0x0210  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:05:01.0609 0x0210  MBAMService - ok
12:05:01.0640 0x0210  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:05:01.0750 0x0210  Messenger - ok
12:05:01.0781 0x0210  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:05:01.0906 0x0210  mnmdd - ok
12:05:01.0921 0x0210  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
12:05:02.0062 0x0210  mnmsrvc - ok
12:05:02.0078 0x0210  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:05:02.0203 0x0210  Modem - ok
12:05:02.0234 0x0210  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:05:02.0343 0x0210  Mouclass - ok
12:05:02.0359 0x0210  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:05:02.0484 0x0210  mouhid - ok
12:05:02.0500 0x0210  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:05:02.0625 0x0210  MountMgr - ok
12:05:02.0687 0x0210  [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:05:02.0703 0x0210  MozillaMaintenance - ok
12:05:02.0734 0x0210  [ C0F8E0C2C3C0437CF37C6781896DC3EC, 12196EF5A94BD011B5D578E755B51424E3238437A028CC1EDFB53138C00D3339 ] MPE             C:\WINDOWS\system32\DRIVERS\MPE.sys
12:05:02.0859 0x0210  MPE - ok
12:05:02.0875 0x0210  mraid35x - ok
12:05:02.0890 0x0210  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:05:03.0015 0x0210  MRxDAV - ok
12:05:03.0062 0x0210  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:05:03.0171 0x0210  MRxSmb - ok
12:05:03.0203 0x0210  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
12:05:03.0328 0x0210  MSDTC - ok
12:05:03.0343 0x0210  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:05:03.0468 0x0210  Msfs - ok
12:05:03.0468 0x0210  MSIServer - ok
12:05:03.0484 0x0210  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:05:03.0640 0x0210  MSKSSRV - ok
12:05:03.0656 0x0210  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:05:03.0781 0x0210  MSPCLOCK - ok
12:05:03.0796 0x0210  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:05:03.0921 0x0210  MSPQM - ok
12:05:03.0937 0x0210  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:05:04.0062 0x0210  mssmbios - ok
12:05:04.0078 0x0210  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
12:05:04.0203 0x0210  MSTEE - ok
12:05:04.0234 0x0210  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:05:04.0375 0x0210  Mup - ok
12:05:04.0390 0x0210  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:05:04.0531 0x0210  NABTSFEC - ok
12:05:04.0562 0x0210  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
12:05:04.0703 0x0210  napagent - ok
12:05:04.0718 0x0210  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:05:04.0843 0x0210  NDIS - ok
12:05:04.0875 0x0210  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:05:05.0000 0x0210  NdisIP - ok
12:05:05.0031 0x0210  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:05:05.0093 0x0210  NdisTapi - ok
12:05:05.0109 0x0210  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:05:05.0234 0x0210  Ndisuio - ok
12:05:05.0250 0x0210  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:05:05.0375 0x0210  NdisWan - ok
12:05:05.0406 0x0210  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:05:05.0531 0x0210  NDProxy - ok
12:05:05.0562 0x0210  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:05:05.0687 0x0210  NetBIOS - ok
12:05:05.0703 0x0210  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:05:05.0843 0x0210  NetBT - ok
12:05:05.0890 0x0210  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:05:06.0015 0x0210  NetDDE - ok
12:05:06.0015 0x0210  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:05:06.0140 0x0210  NetDDEdsdm - ok
12:05:06.0171 0x0210  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:05:06.0296 0x0210  Netlogon - ok
12:05:06.0312 0x0210  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
12:05:06.0453 0x0210  Netman - ok
12:05:06.0515 0x0210  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:05:06.0546 0x0210  NetTcpPortSharing - ok
12:05:06.0562 0x0210  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:05:06.0625 0x0210  Nla - ok
12:05:06.0656 0x0210  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:05:06.0796 0x0210  Npfs - ok
12:05:06.0828 0x0210  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:05:07.0000 0x0210  Ntfs - ok
12:05:07.0015 0x0210  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
12:05:07.0125 0x0210  NtLmSsp - ok
12:05:07.0171 0x0210  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:05:07.0328 0x0210  NtmsSvc - ok
12:05:07.0343 0x0210  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:05:07.0468 0x0210  Null - ok
12:05:07.0500 0x0210  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:05:07.0609 0x0210  NwlnkFlt - ok
12:05:07.0609 0x0210  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:05:07.0765 0x0210  NwlnkFwd - ok
12:05:07.0812 0x0210  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:05:07.0828 0x0210  ose - ok
12:05:07.0875 0x0210  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
12:05:08.0000 0x0210  Parport - ok
12:05:08.0015 0x0210  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:05:08.0140 0x0210  PartMgr - ok
12:05:08.0156 0x0210  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:05:08.0281 0x0210  ParVdm - ok
12:05:08.0296 0x0210  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:05:08.0421 0x0210  PCI - ok
12:05:08.0437 0x0210  PCIDump - ok
12:05:08.0453 0x0210  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:05:08.0578 0x0210  PCIIde - ok
12:05:08.0625 0x0210  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:05:08.0750 0x0210  Pcmcia - ok
12:05:08.0750 0x0210  PDCOMP - ok
12:05:08.0765 0x0210  PDFRAME - ok
12:05:08.0765 0x0210  PDRELI - ok
12:05:08.0765 0x0210  PDRFRAME - ok
12:05:08.0765 0x0210  perc2 - ok
12:05:08.0781 0x0210  perc2hib - ok
12:05:08.0812 0x0210  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
12:05:08.0859 0x0210  PlugPlay - ok
12:05:08.0875 0x0210  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:05:08.0984 0x0210  PolicyAgent - ok
12:05:09.0015 0x0210  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:05:09.0140 0x0210  PptpMiniport - ok
12:05:09.0156 0x0210  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:05:09.0265 0x0210  ProtectedStorage - ok
12:05:09.0296 0x0210  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:05:09.0406 0x0210  PSched - ok
12:05:09.0421 0x0210  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:05:09.0546 0x0210  Ptilink - ok
12:05:09.0562 0x0210  ql1080 - ok
12:05:09.0562 0x0210  Ql10wnt - ok
12:05:09.0562 0x0210  ql12160 - ok
12:05:09.0578 0x0210  ql1240 - ok
12:05:09.0578 0x0210  ql1280 - ok
12:05:09.0593 0x0210  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:05:09.0703 0x0210  RasAcd - ok
12:05:09.0750 0x0210  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:05:09.0859 0x0210  RasAuto - ok
12:05:09.0890 0x0210  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:05:10.0015 0x0210  Rasl2tp - ok
12:05:10.0046 0x0210  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:05:10.0187 0x0210  RasMan - ok
12:05:10.0203 0x0210  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:05:10.0328 0x0210  RasPppoe - ok
12:05:10.0343 0x0210  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:05:10.0453 0x0210  Raspti - ok
12:05:10.0484 0x0210  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:05:10.0609 0x0210  Rdbss - ok
12:05:10.0625 0x0210  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:05:10.0750 0x0210  RDPCDD - ok
12:05:10.0781 0x0210  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:05:10.0906 0x0210  rdpdr - ok
12:05:10.0937 0x0210  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:05:11.0093 0x0210  RDPWD - ok
12:05:11.0140 0x0210  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:05:11.0281 0x0210  RDSessMgr - ok
12:05:11.0296 0x0210  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:05:11.0421 0x0210  redbook - ok
12:05:11.0437 0x0210  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:05:11.0562 0x0210  RemoteAccess - ok
12:05:11.0593 0x0210  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
12:05:11.0718 0x0210  RemoteRegistry - ok
12:05:11.0750 0x0210  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:05:11.0875 0x0210  RpcLocator - ok
12:05:11.0906 0x0210  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
12:05:11.0984 0x0210  RpcSs - ok
12:05:12.0031 0x0210  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
12:05:12.0156 0x0210  RSVP - ok
12:05:12.0187 0x0210  [ CF84B1F0E8B14D4120AAF9CF35CBB265, 3F9B0E70DFD96B822A21A3D5E0438DCB3E08EF6A516756CE58CBDB2F52D09604 ] RTL8023xp       C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
12:05:12.0281 0x0210  RTL8023xp - ok
12:05:12.0296 0x0210  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:05:12.0406 0x0210  SamSs - ok
12:05:12.0437 0x0210  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:05:12.0562 0x0210  SCardSvr - ok
12:05:12.0609 0x0210  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:05:12.0734 0x0210  Schedule - ok
12:05:12.0765 0x0210  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:05:12.0890 0x0210  Secdrv - ok
12:05:12.0906 0x0210  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:05:13.0046 0x0210  seclogon - ok
12:05:13.0062 0x0210  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
12:05:13.0187 0x0210  SENS - ok
12:05:13.0218 0x0210  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
12:05:13.0343 0x0210  serenum - ok
12:05:13.0359 0x0210  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
12:05:13.0500 0x0210  Serial - ok
12:05:13.0515 0x0210  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:05:13.0640 0x0210  Sfloppy - ok
12:05:13.0671 0x0210  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:05:13.0828 0x0210  SharedAccess - ok
12:05:13.0859 0x0210  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:05:13.0890 0x0210  ShellHWDetection - ok
12:05:13.0890 0x0210  Simbad - ok
12:05:13.0921 0x0210  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:05:14.0046 0x0210  SLIP - ok
12:05:14.0046 0x0210  Sparrow - ok
12:05:14.0078 0x0210  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:05:14.0203 0x0210  splitter - ok
12:05:14.0234 0x0210  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:05:14.0250 0x0210  Spooler - ok
12:05:14.0265 0x0210  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:05:14.0390 0x0210  sr - ok
12:05:14.0437 0x0210  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:05:14.0562 0x0210  srservice - ok
12:05:14.0593 0x0210  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:05:14.0703 0x0210  Srv - ok
12:05:14.0718 0x0210  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:05:14.0843 0x0210  SSDPSRV - ok
12:05:14.0875 0x0210  [ 1F730FDDC8E4602ECFD8D143F970CF82, 71CCC206C7C15DAD420F8AFDC08EEB5525ACD509350636197E3373D778A5559D ] StarOpen        C:\WINDOWS\system32\drivers\StarOpen.sys
12:05:14.0890 0x0210  StarOpen - ok
12:05:14.0937 0x0210  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:05:15.0093 0x0210  stisvc - ok
12:05:15.0125 0x0210  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:05:15.0250 0x0210  streamip - ok
12:05:15.0250 0x0210  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:05:15.0390 0x0210  swenum - ok
12:05:15.0406 0x0210  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:05:15.0531 0x0210  swmidi - ok
12:05:15.0531 0x0210  SwPrv - ok
12:05:15.0531 0x0210  symc810 - ok
12:05:15.0531 0x0210  symc8xx - ok
12:05:15.0546 0x0210  sym_hi - ok
12:05:15.0546 0x0210  sym_u3 - ok
12:05:15.0578 0x0210  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:05:15.0703 0x0210  sysaudio - ok
12:05:15.0734 0x0210  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:05:15.0875 0x0210  SysmonLog - ok
12:05:15.0906 0x0210  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:05:16.0031 0x0210  TapiSrv - ok
12:05:16.0078 0x0210  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:05:16.0156 0x0210  Tcpip - ok
12:05:16.0187 0x0210  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:05:16.0312 0x0210  TDPIPE - ok
12:05:16.0328 0x0210  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:05:16.0453 0x0210  TDTCP - ok
12:05:16.0453 0x0210  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:05:16.0593 0x0210  TermDD - ok
12:05:16.0640 0x0210  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
12:05:16.0796 0x0210  TermService - ok
12:05:16.0812 0x0210  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:05:16.0843 0x0210  Themes - ok
12:05:16.0859 0x0210  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
12:05:17.0000 0x0210  TlntSvr - ok
12:05:17.0015 0x0210  TosIde - ok
12:05:17.0031 0x0210  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:05:17.0171 0x0210  TrkWks - ok
12:05:17.0203 0x0210  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:05:17.0312 0x0210  Udfs - ok
12:05:17.0359 0x0210  [ 332D341D92B933600D41953B08360DFB, 213A5C84ABB0D627C05B355084A26A5081645D4EC398FF19EF6BBCB690B10055 ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
12:05:17.0375 0x0210  UleadBurningHelper - detected UnsignedFile.Multi.Generic ( 1 )
12:05:19.0875 0x0210  Detect skipped due to KSN trusted
12:05:19.0875 0x0210  UleadBurningHelper - ok
12:05:19.0875 0x0210  ultra - ok
12:05:19.0937 0x0210  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:05:20.0093 0x0210  Update - ok
12:05:20.0125 0x0210  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:05:20.0265 0x0210  upnphost - ok
12:05:20.0281 0x0210  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
12:05:20.0406 0x0210  UPS - ok
12:05:20.0437 0x0210  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
12:05:20.0484 0x0210  USBAAPL - detected UnsignedFile.Multi.Generic ( 1 )
12:05:23.0046 0x0210  Detect skipped due to KSN trusted
12:05:23.0046 0x0210  USBAAPL - ok
12:05:23.0093 0x0210  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
12:05:23.0265 0x0210  usbaudio - ok
12:05:23.0281 0x0210  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:05:23.0406 0x0210  usbccgp - ok
12:05:23.0421 0x0210  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:05:23.0531 0x0210  usbehci - ok
12:05:23.0562 0x0210  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:05:23.0687 0x0210  usbhub - ok
12:05:23.0718 0x0210  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:05:23.0843 0x0210  usbprint - ok
12:05:23.0890 0x0210  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:05:23.0921 0x0210  usbscan - ok
12:05:23.0968 0x0210  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:05:24.0093 0x0210  USBSTOR - ok
12:05:24.0109 0x0210  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:05:24.0234 0x0210  usbuhci - ok
12:05:24.0250 0x0210  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:05:24.0375 0x0210  VgaSave - ok
12:05:24.0375 0x0210  ViaIde - ok
12:05:24.0406 0x0210  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:05:24.0531 0x0210  VolSnap - ok
12:05:24.0578 0x0210  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
12:05:24.0703 0x0210  VSS - ok
12:05:24.0750 0x0210  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
12:05:24.0859 0x0210  W32Time - ok
12:05:24.0890 0x0210  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:05:25.0015 0x0210  Wanarp - ok
12:05:25.0015 0x0210  WDICA - ok
12:05:25.0046 0x0210  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:05:25.0171 0x0210  wdmaud - ok
12:05:25.0218 0x0210  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:05:25.0343 0x0210  WebClient - ok
12:05:25.0375 0x0210  [ E5094B53B2F2931D6557A0C4CE599870, 092F07D6CFC04F6B5E0971DA576B40F58A500BEA9C45920437697D3026CE10B7 ] WFFALCON        C:\WINDOWS\system32\drivers\wffalcon.sys
12:05:25.0531 0x0210  WFFALCON - ok
12:05:25.0578 0x0210  [ 319828CB5E92CD4A134340871B71BC15, FB50E9CAC70774F0DA09C6445D8AC7E7AE084E46508FEEC893748CC28248BC87 ] WFLR6654        C:\WINDOWS\system32\drivers\wfeaglxt.sys
12:05:25.0812 0x0210  WFLR6654 - ok
12:05:25.0875 0x0210  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:05:26.0015 0x0210  winmgmt - ok
12:05:26.0062 0x0210  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
12:05:26.0187 0x0210  WmdmPmSN - ok
12:05:26.0234 0x0210  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
12:05:26.0343 0x0210  Wmi - ok
12:05:26.0359 0x0210  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:05:26.0500 0x0210  WmiApSrv - ok
12:05:26.0531 0x0210  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:05:26.0656 0x0210  wscsvc - ok
12:05:26.0671 0x0210  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:05:26.0796 0x0210  WSTCODEC - ok
12:05:26.0828 0x0210  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:05:26.0984 0x0210  wuauserv - ok
12:05:27.0031 0x0210  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:05:27.0203 0x0210  WZCSVC - ok
12:05:27.0234 0x0210  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:05:27.0375 0x0210  xmlprov - ok
12:05:27.0375 0x0210  ================ Scan global ===============================
12:05:27.0406 0x0210  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
12:05:27.0437 0x0210  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
12:05:27.0578 0x0210  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
12:05:27.0593 0x0210  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
12:05:27.0593 0x0210  [ Global ] - ok
12:05:27.0593 0x0210  ================ Scan MBR ==================================
12:05:27.0609 0x0210  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:05:27.0890 0x0210  \Device\Harddisk0\DR0 - ok
12:05:27.0890 0x0210  ================ Scan VBR ==================================
12:05:27.0890 0x0210  [ A7AB1E78B52934D0EB11DAD4BD54694E ] \Device\Harddisk0\DR0\Partition1
12:05:27.0890 0x0210  \Device\Harddisk0\DR0\Partition1 - ok
12:05:27.0890 0x0210  [ 1C0FFF937133136556A9A75C92D98216 ] \Device\Harddisk0\DR0\Partition2
12:05:27.0890 0x0210  \Device\Harddisk0\DR0\Partition2 - ok
12:05:27.0890 0x0210  Waiting for KSN requests completion. In queue: 218
12:05:28.0890 0x0210  Waiting for KSN requests completion. In queue: 218
12:05:29.0890 0x0210  Waiting for KSN requests completion. In queue: 218
12:05:30.0968 0x0210  AV detected via SS1: COMODO Antivirus, 3.9, enabled, updated
12:05:30.0968 0x0210  FW detected via SS1: COMODO Firewall, 3.9, enabled
12:05:33.0421 0x0210  ============================================================
12:05:33.0421 0x0210  Scan finished
12:05:33.0421 0x0210  ============================================================
12:05:33.0421 0x08b4  Detected object count: 0
12:05:33.0421 0x08b4  Actual detected object count: 0
 



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 AM

Posted 10 February 2014 - 09:49 AM

Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#7 Tayy

Tayy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 10 February 2014 - 11:29 AM

Hello

 

Here is the log file:

 

ComboFix 14-02-05.02 - Turk 10.02.2014  17:12:52.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.386.1033.18.2047.1088 [GMT 1:00]
Running from: c:\documents and settings\Turk\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Dvbpws.dll
c:\windows\system32\MUI\0424\tourstart.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-10 to 2014-02-10  )))))))))))))))))))))))))))))))
.
.
2014-02-10 14:38 . 2008-11-07 17:55    16928    ------w-    c:\windows\system32\spmsgXP_2k3.dll
2014-02-10 14:29 . 2014-02-10 15:59    --------    d-----w-    c:\documents and settings\Turk\Application Data\DiskAid
2014-02-10 14:29 . 2014-02-10 14:29    --------    d-----w-    c:\documents and settings\Turk\Local Settings\Application Data\DigiDNA
2014-02-10 14:21 . 2014-02-10 14:21    --------    d-----w-    c:\program files\DigiDNA
2014-02-10 13:55 . 2014-02-10 13:55    --------    d-----w-    c:\documents and settings\Turk\Application Data\WindSolutions
2014-02-10 13:55 . 2014-02-10 13:55    --------    d-----w-    c:\documents and settings\All Users\Application Data\WindSolutions
2014-02-10 13:44 . 2012-08-21 12:01    26840    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2014-02-10 13:42 . 2014-02-10 13:42    --------    d-----w-    c:\program files\iPod
2014-02-10 13:42 . 2014-02-10 13:44    --------    d-----w-    c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-10 13:42 . 2014-02-10 13:44    --------    d-----w-    c:\program files\iTunes
2014-02-07 18:26 . 2014-02-07 18:29    --------    d-----w-    C:\FRST
2014-02-06 19:33 . 2014-02-06 19:34    --------    d-----w-    c:\documents and settings\Administrator
2014-02-06 17:26 . 2014-02-06 17:26    5556104    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2014-02-06 16:06 . 2014-02-06 16:06    --------    d-----w-    c:\documents and settings\Turk\Application Data\Malwarebytes
2014-02-06 16:06 . 2014-02-06 16:06    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-02-06 16:06 . 2014-02-06 16:06    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2014-02-06 16:06 . 2013-04-04 13:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-02-06 15:56 . 2014-02-06 15:56    --------    d-----w-    c:\windows\system32\wbem\Repository
2014-02-06 15:50 . 2014-02-06 15:50    --------    d-----w-    c:\documents and settings\All Users\Application Data\Cas1
2014-02-06 15:49 . 2014-02-06 15:49    --------    d-----w-    c:\program files\Apple Software Update
2014-02-06 15:49 . 2014-02-06 15:49    --------    d-----w-    c:\program files\iPhone Configuration Utility
2014-02-06 14:10 . 2014-02-06 14:10    --------    d-----w-    c:\windows\SxsCaPendDel
2014-01-25 14:03 . 2014-01-25 14:10    --------    d-----w-    c:\program files\MKVToolNix
2014-01-24 21:32 . 2014-01-24 21:34    --------    d-----w-    c:\program files\Subtitle Workshop
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-06 17:27 . 2012-05-01 08:51    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-06 17:27 . 2012-05-01 08:51    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-27 20:21 . 2007-07-27 12:00    40960    ----a-w-    c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59 . 2007-07-27 12:00    150528    ----a-w-    c:\windows\system32\imagehlp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2012-08-28 2916352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2010-10-27 16862208]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2012-09-10 101888]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-01-20 152392]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-10-27 81997]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\Turk\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Documents and Settings\\Turk\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [10.9.2010 22:40 18096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10.9.2010 22:40 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.9.2010 22:40 32640]
R3 WFFALCON;Leadtek WinFast PVR3000 Series Driver;c:\windows\system32\drivers\wffalcon.sys [31.10.2012 15:38 134016]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [6.2.2014 17:06 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6.2.2014 17:06 701512]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6.2.2014 17:06 22856]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [3.1.2014 18:40 18944]
S3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [23.10.2012 17:02 433920]
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 17:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.yahoo.com?fr=fp-comodo
uInternet Settings,ProxyOverride = *.local
IE: I&zvoz v Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Turk\Application Data\Mozilla\Firefox\Profiles\b9xsuu7k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.najdi.si/
FF - ExtSQL: !HIDDEN! 2010-10-30 20:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-10 17:24
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\guard32.dll
.
Completion time: 2014-02-10  17:26:53
ComboFix-quarantined-files.txt  2014-02-10 16:26
.
Pre-Run: 6.020.943.872 bytes free
Post-Run: 6.840.438.784 prosto bajtov
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8AED41DC0DA6368A520CFA6E685A9232
8F558EB6672622401DA993E1E865C861
 



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 AM

Posted 25 February 2014 - 05:55 AM

I'm sorry I missed your reply.


Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"


#9 Tayy

Tayy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 27 February 2014 - 10:42 AM

Hello aharonov

 

No problem.

Below are both log files:

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.27.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
 :: TURK-PC [administrator]

27.2.2014 15:58:57
mbar-log-2014-02-27 (15-58-57).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 235584
Time elapsed: 36 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.215000 GHz
Memory total: 2146742272, free: 1347424256

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.215000 GHz
Memory total: 2146742272, free: 1400664064

Downloaded database version: v2014.02.27.05
Downloaded database version: v2014.02.20.01
Initializing...
=======================================
------------ Kernel report ------------
     02/27/2014 15:58:46
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
inspect.sys
\WINDOWS\System32\DRIVERS\NDIS.SYS
\WINDOWS\System32\DRIVERS\TDI.SYS
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\wffalcon.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\Rtnicxp.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\DRIVERS\cmderd.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\DRIVERS\cmdguard.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\system32\DRIVERS\atinavt2.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\MSPQM.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a603ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T1L0-e\
Lower Device Object: 0xffffffff8a5fbd98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a603ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a602e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a603ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a5d19e8, DeviceName: \Device\00000064\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a5fbd98, DeviceName: \Device\Ide\IdeDeviceP1T1L0-e\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sfi.dat (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6E9D6E9D

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 14  Numsec = 81920146
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 81920160  Numsec = 78162840

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 81964302336 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-13-160066528-160086528)...
Done!
Read File: File "C:\WINDOWS\system32\config\software" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-14-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

 



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 AM

Posted 27 February 2014 - 10:46 AM

Hello,

we need a fresh FRST log.
How is the situation now? Which problems and symptoms are still present?


Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.

Edited by aharonov, 27 February 2014 - 10:47 AM.


#11 Tayy

Tayy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 28 February 2014 - 01:04 PM

Hello

 

It seems there aren't any serious problems anymore but I don't have MalwareBytes installed anymore because it was a trial version so I don't know for sure.

I guess it's probably ok. Is there anything in my log files that might suggest about the problems?

Thanks for your help.

 

Below is a FRST log file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2014 02
Ran by Turk (administrator) on TURK-PC on 28-02-2014 18:57:18
Running from C:\Documents and Settings\Turk\My Documents\DAVID\Malware feb 14
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\WFWIZ.exe
() C:\Program Files\USB TV\EM28XX\BDARemote.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [High Definition Audio Property Page Shortcut] - C:\WINDOWS\system32\HDAShCut.exe [61952 2005-01-07] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16862208 2010-10-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-08] (COMODO)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-05-11] (Hewlett-Packard Co.)
HKLM\...\Run: [WinFastDTV] - C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [101888 2012-09-10] (Leadtek Research Inc.)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-790525478-839522115-725345543-1003\...\Run: [WinFast Schedule] - C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2916352 2012-08-28] (Leadtek Research Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk
ShortcutTarget: BDARemote.lnk -> C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Turk\Application Data\Mozilla\Firefox\Profiles\b9xsuu7k.default
FF Homepage: hxxp://www.najdi.si/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Documents and Settings\Turk\Application Data\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Turk\Application Data\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ceneji.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\najdi-si.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\odpiralni.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Turk\Application Data\Mozilla\Firefox\Profiles\b9xsuu7k.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] ()
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

R3 ATIAVAIW; C:\WINDOWS\System32\DRIVERS\atinavt2.sys [170496 2009-02-04] (ATI Technologies Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [18096 2012-11-08] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [497952 2012-11-08] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [32640 2012-11-08] (COMODO)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider)
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [99080 2012-11-08] (COMODO)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
R3 WFFALCON; C:\WINDOWS\System32\drivers\wffalcon.sys [134016 2009-11-23] (Leadtek Research Inc.)
S3 WFLR6654; C:\WINDOWS\System32\drivers\wfeaglxt.sys [433920 2009-10-21] (Leadtek Research Inc.)
S3 catchme; \??\C:\DOCUME~1\Turk\LOCALS~1\Temp\catchme.sys [X]
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [26840 2012-08-21] (GEAR Software Inc.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-27 15:58 - 2014-02-27 16:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-27 15:58 - 2014-02-27 15:58 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-02-27 15:58 - 2014-02-27 15:58 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-21 15:26 - 2014-02-21 15:26 - 17858952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-02-15 14:58 - 2014-02-15 14:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-13 08:21 - 2014-02-13 08:21 - 00000000 ____D () C:\9828aa79debc913f0e
2014-02-13 07:41 - 2014-02-13 07:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 22:16 - 2014-02-12 22:16 - 00000000 ____D () C:\5843b13a06b9cda50d
2014-02-12 22:15 - 2014-02-12 22:16 - 00011149 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-12 22:14 - 2014-02-12 22:15 - 00004279 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 22:08 - 2014-02-27 19:50 - 00000002 _____ () C:\WINDOWS\system32\Dvbpws.dll
2014-02-12 11:38 - 2014-02-13 07:42 - 00088566 _____ () C:\WINDOWS\KB2916036.log
2014-02-10 17:34 - 2014-02-10 17:34 - 00156978 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-790525478-839522115-725345543-1003-0.dat
2014-02-10 17:10 - 2010-10-27 07:51 - 00000211 _____ () C:\Boot.bak
2014-02-10 17:10 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-02-10 17:09 - 2014-02-10 17:10 - 00000000 _RSHD () C:\cmdcons
2014-02-10 17:07 - 2014-02-10 17:26 - 00000000 ____D () C:\Qoobox
2014-02-10 17:07 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-02-10 17:07 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-02-10 17:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-02-10 17:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-02-10 17:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-02-10 17:07 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-02-10 17:07 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-02-10 17:07 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-02-10 17:07 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-02-10 17:06 - 2014-02-10 17:25 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-10 15:38 - 2014-02-10 15:38 - 00004127 _____ () C:\WINDOWS\Wdf01009Inst.log
2014-02-10 15:38 - 2014-02-10 15:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$
2014-02-10 15:38 - 2014-02-10 15:38 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2014-02-10 15:38 - 2014-02-10 15:38 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-02-10 15:38 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2014-02-10 15:32 - 2014-02-10 17:34 - 00156978 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-02-10 15:29 - 2014-02-10 16:59 - 00000000 ____D () C:\Documents and Settings\Turk\Application Data\DiskAid
2014-02-10 15:29 - 2014-02-10 15:29 - 00000000 ____D () C:\Documents and Settings\Turk\Local Settings\Application Data\DigiDNA
2014-02-10 15:21 - 2014-02-10 15:21 - 00000000 ____D () C:\Program Files\DigiDNA
2014-02-10 15:21 - 2014-02-10 15:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DiskAid
2014-02-10 14:55 - 2014-02-10 14:55 - 00000000 ____D () C:\Documents and Settings\Turk\Application Data\WindSolutions
2014-02-10 14:55 - 2014-02-10 14:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WindSolutions
2014-02-10 14:46 - 2014-02-10 14:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-02-10 14:44 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-02-10 14:42 - 2014-02-10 14:44 - 00000000 ____D () C:\Program Files\iTunes
2014-02-10 14:42 - 2014-02-10 14:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-10 14:42 - 2014-02-10 14:42 - 00000000 ____D () C:\Program Files\iPod
2014-02-07 19:26 - 2014-02-28 18:57 - 00000000 ____D () C:\FRST
2014-02-06 20:37 - 2014-02-06 20:37 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-02-06 20:35 - 2014-02-06 20:36 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Prenosi
2014-02-06 20:34 - 2014-02-06 20:34 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-02-06 20:34 - 2014-02-06 20:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2014-02-06 20:34 - 2014-02-06 20:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-02-06 20:33 - 2014-02-06 20:41 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-06 20:33 - 2014-02-06 20:34 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-02-06 20:33 - 2014-02-06 20:33 - 00000000 ____D () C:\WINDOWS\CSC
2014-02-06 20:33 - 2010-10-27 16:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-02-06 20:33 - 2010-10-27 07:57 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-02-06 20:33 - 2010-10-27 07:57 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-02-06 20:33 - 2010-10-27 07:57 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-02-06 17:06 - 2014-02-06 17:06 - 00000000 ____D () C:\Documents and Settings\Turk\Application Data\Malwarebytes
2014-02-06 17:06 - 2014-02-06 17:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-02-06 16:50 - 2014-02-06 16:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Cas1
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Program Files\iPhone Configuration Utility
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iPhone Configuration Utility
2014-02-06 15:22 - 2014-02-06 16:49 - 00000000 ____D () C:\Program Files\iTunes(2)
2014-02-06 15:22 - 2014-02-06 16:49 - 00000000 ____D () C:\Program Files\iPod(2)
2014-02-06 15:22 - 2014-02-06 16:49 - 00000000 ____D () C:\Program Files\Apple Software Update(2)
2014-02-06 15:22 - 2014-02-06 16:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1(2)
2014-02-06 15:10 - 2014-02-06 15:10 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel

==================== One Month Modified Files and Folders =======

2014-02-28 18:57 - 2014-02-07 19:26 - 00000000 ____D () C:\FRST
2014-02-28 18:55 - 2010-10-27 12:07 - 01474832 _____ () C:\WINDOWS\system32\Drivers\sfi.dat
2014-02-28 18:26 - 2012-05-01 09:51 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-28 08:18 - 2010-10-27 07:56 - 01362114 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-28 08:15 - 2010-10-27 09:45 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-28 08:15 - 2010-10-27 09:45 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-28 08:15 - 2010-10-27 08:05 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-28 08:15 - 2007-07-27 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-27 21:27 - 2010-10-27 11:52 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-02-27 21:27 - 2010-10-27 08:06 - 00000178 ___SH () C:\Documents and Settings\Turk\ntuser.ini
2014-02-27 21:27 - 2010-10-27 08:05 - 00032480 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-27 19:50 - 2014-02-12 22:08 - 00000002 _____ () C:\WINDOWS\system32\Dvbpws.dll
2014-02-27 16:54 - 2013-08-09 18:23 - 00000000 ____D () C:\Documents and Settings\Turk\Application Data\uTorrent
2014-02-27 16:39 - 2014-02-27 15:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-27 15:58 - 2014-02-27 15:58 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-02-27 15:58 - 2014-02-27 15:58 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-27 15:55 - 2010-10-27 16:29 - 00000000 ____D () C:\Documents and Settings\Turk\My Documents\Prenosi
2014-02-21 15:26 - 2014-02-21 15:26 - 17858952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-02-21 15:26 - 2012-05-01 09:51 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-21 15:26 - 2012-05-01 09:51 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-21 12:53 - 2011-09-23 20:25 - 00000000 ____D () C:\Documents and Settings\Turk\Application Data\vlc
2014-02-16 18:48 - 2010-10-31 10:22 - 00018944 _____ () C:\Documents and Settings\Turk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-16 09:05 - 2012-04-26 13:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-15 14:59 - 2014-02-15 14:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-13 19:40 - 2010-10-27 11:44 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-13 17:22 - 2010-10-27 09:43 - 00558444 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-13 08:21 - 2014-02-13 08:21 - 00000000 ____D () C:\9828aa79debc913f0e
2014-02-13 07:42 - 2014-02-12 11:38 - 00088566 _____ () C:\WINDOWS\KB2916036.log
2014-02-13 07:42 - 2010-10-27 09:43 - 02144661 _____ () C:\WINDOWS\FaxSetup.log
2014-02-13 07:42 - 2010-10-27 09:43 - 01031301 _____ () C:\WINDOWS\ocgen.log
2014-02-13 07:42 - 2010-10-27 09:43 - 00982500 _____ () C:\WINDOWS\tsoc.log
2014-02-13 07:42 - 2010-10-27 09:43 - 00611256 _____ () C:\WINDOWS\comsetup.log
2014-02-13 07:42 - 2010-10-27 09:43 - 00376099 _____ () C:\WINDOWS\netfxocm.log
2014-02-13 07:42 - 2010-10-27 09:43 - 00368587 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-13 07:42 - 2010-10-27 09:43 - 00361694 _____ () C:\WINDOWS\iis6.log
2014-02-13 07:42 - 2010-10-27 09:43 - 00148069 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-13 07:42 - 2010-10-27 09:43 - 00108745 _____ () C:\WINDOWS\tabletoc.log
2014-02-13 07:42 - 2010-10-27 09:43 - 00107320 _____ () C:\WINDOWS\msgsocm.log
2014-02-13 07:42 - 2010-10-27 09:43 - 00099542 _____ () C:\WINDOWS\ocmsn.log
2014-02-13 07:42 - 2010-10-27 09:43 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-13 07:41 - 2014-02-13 07:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 07:41 - 2010-10-27 10:00 - 00253901 _____ () C:\WINDOWS\updspapi.log
2014-02-13 07:41 - 2010-10-27 09:43 - 00668050 _____ () C:\WINDOWS\msmqinst.log
2014-02-13 07:20 - 2013-08-14 09:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-13 07:19 - 2010-10-27 10:16 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-12 22:16 - 2014-02-12 22:16 - 00000000 ____D () C:\5843b13a06b9cda50d
2014-02-12 22:16 - 2014-02-12 22:15 - 00011149 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-12 22:16 - 2010-10-27 09:43 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-12 22:15 - 2014-02-12 22:14 - 00004279 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-10 17:37 - 2013-09-21 12:23 - 00000000 ____D () C:\Documents and Settings\Turk\My Documents\DAVID
2014-02-10 17:34 - 2014-02-10 17:34 - 00156978 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-790525478-839522115-725345543-1003-0.dat
2014-02-10 17:34 - 2014-02-10 15:32 - 00156978 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-02-10 17:26 - 2014-02-10 17:07 - 00000000 ____D () C:\Qoobox
2014-02-10 17:25 - 2014-02-10 17:06 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-10 17:24 - 2007-07-27 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-02-10 17:10 - 2014-02-10 17:09 - 00000000 _RSHD () C:\cmdcons
2014-02-10 17:10 - 2010-10-27 09:41 - 00000327 __RSH () C:\boot.ini
2014-02-10 16:59 - 2014-02-10 15:29 - 00000000 ____D () C:\Documents and Settings\Turk\Application Data\DiskAid
2014-02-10 15:38 - 2014-02-10 15:38 - 00004127 _____ () C:\WINDOWS\Wdf01009Inst.log
2014-02-10 15:38 - 2014-02-10 15:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$
2014-02-10 15:38 - 2014-02-10 15:38 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2014-02-10 15:38 - 2014-02-10 15:38 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-02-10 15:38 - 2010-10-27 09:42 - 00848255 _____ () C:\WINDOWS\setupapi.log
2014-02-10 15:38 - 2010-10-27 09:41 - 00172952 _____ () C:\WINDOWS\setupact.log
2014-02-10 15:29 - 2014-02-10 15:29 - 00000000 ____D () C:\Documents and Settings\Turk\Local Settings\Application Data\DigiDNA
2014-02-10 15:23 - 2010-10-27 12:55 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-02-10 15:21 - 2014-02-10 15:21 - 00000000 ____D () C:\Program Files\DigiDNA
2014-02-10 15:21 - 2014-02-10 15:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DiskAid
2014-02-10 14:55 - 2014-02-10 14:55 - 00000000 ____D () C:\Documents and Settings\Turk\Application Data\WindSolutions
2014-02-10 14:55 - 2014-02-10 14:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WindSolutions
2014-02-10 14:46 - 2014-02-10 14:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-02-10 14:44 - 2014-02-10 14:42 - 00000000 ____D () C:\Program Files\iTunes
2014-02-10 14:44 - 2014-02-10 14:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-10 14:42 - 2014-02-10 14:42 - 00000000 ____D () C:\Program Files\iPod
2014-02-10 14:42 - 2013-01-11 13:16 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-10 14:39 - 2013-01-11 15:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer
2014-02-06 20:41 - 2014-02-06 20:33 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-06 20:37 - 2014-02-06 20:37 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-02-06 20:36 - 2014-02-06 20:35 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Prenosi
2014-02-06 20:34 - 2014-02-06 20:34 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-02-06 20:34 - 2014-02-06 20:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2014-02-06 20:34 - 2014-02-06 20:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-02-06 20:34 - 2014-02-06 20:33 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-02-06 20:33 - 2014-02-06 20:33 - 00000000 ____D () C:\WINDOWS\CSC
2014-02-06 17:06 - 2014-02-06 17:06 - 00000000 ____D () C:\Documents and Settings\Turk\Application Data\Malwarebytes
2014-02-06 17:06 - 2014-02-06 17:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-02-06 16:56 - 2010-10-27 08:06 - 00000000 ____D () C:\Documents and Settings\Turk
2014-02-06 16:56 - 2010-10-27 08:05 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-02-06 16:56 - 2010-10-27 08:00 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-02-06 16:56 - 2010-10-27 07:54 - 00000000 ____D () C:\WINDOWS\Registration
2014-02-06 16:50 - 2014-02-06 16:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Cas1
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Program Files\iPhone Configuration Utility
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-02-06 16:49 - 2014-02-06 16:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iPhone Configuration Utility
2014-02-06 16:49 - 2014-02-06 15:22 - 00000000 ____D () C:\Program Files\iTunes(2)
2014-02-06 16:49 - 2014-02-06 15:22 - 00000000 ____D () C:\Program Files\iPod(2)
2014-02-06 16:49 - 2014-02-06 15:22 - 00000000 ____D () C:\Program Files\Apple Software Update(2)
2014-02-06 16:48 - 2014-02-06 15:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1(2)
2014-02-06 16:48 - 2010-10-27 07:55 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-02-06 15:21 - 2013-01-11 13:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple
2014-02-06 15:10 - 2014-02-06 15:10 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel
2014-02-06 15:06 - 2010-10-27 08:18 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-06 03:54 - 2007-07-27 13:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 03:54 - 2007-07-27 13:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-06 00:26 - 2012-06-14 11:36 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-06 00:26 - 2010-10-27 10:18 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-06 00:26 - 2010-10-27 10:18 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-06 00:26 - 2010-10-27 10:18 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-06 00:26 - 2010-10-27 10:18 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-06 00:26 - 2010-10-27 10:18 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-06 00:26 - 2010-10-27 10:18 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-06 00:26 - 2010-10-27 10:18 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-06 00:26 - 2010-10-27 07:55 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-06 00:26 - 2009-03-08 03:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-06 00:26 - 2009-03-08 03:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-06 00:26 - 2009-03-08 03:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-06 00:26 - 2009-03-08 03:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-06 00:26 - 2007-07-27 13:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-06 00:26 - 2007-07-27 13:00 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-06 00:26 - 2007-07-27 13:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 23:24 - 2007-07-27 13:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 AM

Posted 28 February 2014 - 01:42 PM

I don't see suspicious entries neither.

But let's do a final check up:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#13 Tayy

Tayy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 04 March 2014 - 02:30 PM

Log file:

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f2544609f99ae64eb548a4a90fe24e7a
# engine=17313
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-04 07:27:11
# local_time=2014-03-04 08:27:11 (+0100, Central Europe Standard Time)
# country="Slovenia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3074 16777213 100 100 24488 110965645 0 0
# scanned=77266
# found=0
# cleaned=0
# scan_time=3026
 



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 AM

Posted 04 March 2014 - 02:52 PM

Looking good so far.

Now I want to call your attention to Windows XP end-of-support and we're done.
 

You're still working on a Windows XP machine. It's a very old operating system and Microsoft will abandon it in April 2014 when it will reach end-of-support. This means that no more updates will be available and therefor newly discovered security holes will not be patched anymore.

It will become quite risky to surf the internet on a XP machine after April 2014! You'd better start planning now to move to a more recent operating system in time.

If your computer fullfills the system requirements you can install a more modern version of Windows on it, e.g. Windows 7 or Windows 8.1. Otherwise you should consider to purchase a new and contemporary computer.
(As an alternative, if a Windows operating system is not a must and you want to keep working on your old computer, you can also try to install a lightweight version of Linux, e.g. xubuntu or lubuntu.)

Also read through the information that Microsoft provides concerning this end-of-support: http://windows.microsoft.com/en-us/windows/end-support-help

 

 

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

 

 

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:


Adobe Reader XI (11.0.01)
Java 7 Update 45




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.



#15 Tayy

Tayy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 07 March 2014 - 09:47 AM

Thanks a lot for your help.

I made a small donation.

 

Bye






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users