Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slowed to almost a dead stop!


  • This topic is locked This topic is locked
10 replies to this topic

#1 tblighting

tblighting

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 08 August 2014 - 11:44 AM

Hello, hoping you can help me fix this workstation PC. I ran malwarebytes and it is showing multiple trojans that it quaranteens, but the problem still persists. I also ran CC Cleaner and spybot search and destroy. Anyway, here is the DDS log. Any help is much appreciated!

Attached Files



BC AdBot (Login to Remove)

 


#2 tblighting

tblighting
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 11 August 2014 - 10:55 AM

Still having problems with this, would appreciate any help! When I open the task manager, it looks like multiple invisible copies of internet explorer are being opened, and that is what is slowing down the pc. If I end task on them, it just opens new ones.



#3 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 AM

Posted 12 August 2014 - 01:30 PM

Hi there,

can you please post up the log file from Malwarebytes that shows what has been deleted?
And in addition also run the following scans:


Step 1

Please download TDSSKiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.


Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#4 tblighting

tblighting
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 13 August 2014 - 12:12 PM

Hi, thank you for helping! I unfortunately did not save a log for the Malwarebytes scan. But here are the three logs that you requested:

 

TDS:

 

15:33:57.0360 0x0ef0  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
15:34:01.0219 0x0ef0  ============================================================
15:34:01.0219 0x0ef0  Current date / time: 2014/08/12 15:34:01.0219
15:34:01.0219 0x0ef0  SystemInfo:
15:34:01.0219 0x0ef0 
15:34:01.0219 0x0ef0  OS Version: 5.1.2600 ServicePack: 3.0
15:34:01.0219 0x0ef0  Product type: Workstation
15:34:01.0219 0x0ef0  ComputerName: RECEPTION
15:34:01.0219 0x0ef0  UserName: Reception1
15:34:01.0219 0x0ef0  Windows directory: C:\WINDOWS
15:34:01.0219 0x0ef0  System windows directory: C:\WINDOWS
15:34:01.0219 0x0ef0  Processor architecture: Intel x86
15:34:01.0219 0x0ef0  Number of processors: 2
15:34:01.0219 0x0ef0  Page size: 0x1000
15:34:01.0219 0x0ef0  Boot type: Normal boot
15:34:01.0219 0x0ef0  ============================================================
15:34:04.0766 0x0ef0  KLMD registered as C:\WINDOWS\system32\drivers\39440252.sys
15:34:05.0532 0x0ef0  System UUID: {D3CB64CA-F4F0-0880-FE1D-C735A9F82DFF}
15:34:07.0579 0x0ef0  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:34:07.0579 0x0ef0  ============================================================
15:34:07.0579 0x0ef0  \Device\Harddisk0\DR0:
15:34:07.0579 0x0ef0  MBR partitions:
15:34:07.0579 0x0ef0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
15:34:07.0579 0x0ef0  ============================================================
15:34:07.0626 0x0ef0  C: <-> \Device\Harddisk0\DR0\Partition1
15:34:07.0626 0x0ef0  ============================================================
15:34:07.0626 0x0ef0  Initialize success
15:34:07.0626 0x0ef0  ============================================================
15:35:01.0219 0x1014  ============================================================
15:35:01.0219 0x1014  Scan started
15:35:01.0219 0x1014  Mode: Manual; SigCheck; TDLFS;
15:35:01.0219 0x1014  ============================================================
15:35:01.0219 0x1014  KSN ping started
15:35:06.0157 0x1014  KSN ping finished: true
15:35:07.0344 0x1014  ================ Scan system memory ========================
15:35:07.0360 0x1014  System memory - ok
15:35:07.0360 0x1014  ================ Scan services =============================
15:35:07.0610 0x1014  Abiosdsk - ok
15:35:07.0610 0x1014  abp480n5 - ok
15:35:07.0719 0x1014  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:35:10.0798 0x1014  ACPI - ok
15:35:10.0969 0x1014  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
15:35:11.0126 0x1014  ACPIEC - ok
15:35:11.0126 0x1014  adpu160m - ok
15:35:11.0204 0x1014  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
15:35:11.0391 0x1014  aec - ok
15:35:11.0469 0x1014  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
15:35:11.0594 0x1014  AFD - ok
15:35:11.0594 0x1014  Aha154x - ok
15:35:11.0610 0x1014  aic78u2 - ok
15:35:11.0610 0x1014  aic78xx - ok
15:35:11.0641 0x1014  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
15:35:11.0798 0x1014  Alerter - ok
15:35:11.0844 0x1014  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
15:35:12.0048 0x1014  ALG - ok
15:35:12.0063 0x1014  AliIde - ok
15:35:12.0063 0x1014  amsint - ok
15:35:12.0157 0x1014  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
15:35:12.0360 0x1014  AppMgmt - ok
15:35:12.0360 0x1014  asc - ok
15:35:12.0360 0x1014  asc3350p - ok
15:35:12.0376 0x1014  asc3550 - ok
15:35:12.0516 0x1014  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:35:12.0563 0x1014  aspnet_state - ok
15:35:12.0626 0x1014  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:35:12.0876 0x1014  AsyncMac - ok
15:35:12.0938 0x1014  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
15:35:13.0126 0x1014  atapi - ok
15:35:13.0126 0x1014  Atdisk - ok
15:35:13.0188 0x1014  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:35:13.0329 0x1014  Atmarpc - ok
15:35:13.0391 0x1014  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
15:35:13.0563 0x1014  AudioSrv - ok
15:35:13.0610 0x1014  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
15:35:13.0751 0x1014  audstub - ok
15:35:13.0829 0x1014  [ 241474D01380E9ED41D4C07F4F5FD401, 93CAD2FB0260C5CDDF014E16D8D99A63E8CA107BC2EE6D403CC7C877C3ADBD97 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:35:13.0923 0x1014  b57w2k - ok
15:35:13.0954 0x1014  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
15:35:14.0110 0x1014  Beep - ok
15:35:14.0282 0x1014  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
15:35:14.0673 0x1014  BITS - ok
15:35:14.0735 0x1014  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
15:35:14.0891 0x1014  Browser - ok
15:35:14.0938 0x1014  [ 92A964547B96D697E5E9ED43B4297F5A, 01A84802B68253FF093EAFED5B85DE716BB85EBD080D92D4814B6FB39286CD24 ] BrScnUsb        C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
15:35:15.0016 0x1014  BrScnUsb - ok
15:35:15.0048 0x1014  [ 1A5FC78E41840EDF79D65EC16EFF2787, 05BC4C07C88ADDE6D7FF01B821DDB944EEEC8035AC1B6D780E39FDBD12FCA885 ] BrSerIf         C:\WINDOWS\system32\Drivers\BrSerIf.sys
15:35:15.0110 0x1014  BrSerIf - ok
15:35:15.0126 0x1014  [ A24C7B39602218F8DBDB2B6704325FC7, B90A1BA412A33AD041A2CE47FBB73AE296AF07A2F3DF1F56D9FEE5B3B1E0BBD5 ] BrUsbSer        C:\WINDOWS\system32\Drivers\BrUsbSer.sys
15:35:15.0188 0x1014  BrUsbSer - ok
15:35:15.0219 0x1014  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
15:35:15.0360 0x1014  cbidf2k - ok
15:35:15.0360 0x1014  cd20xrnt - ok
15:35:15.0407 0x1014  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
15:35:15.0548 0x1014  Cdaudio - ok
15:35:15.0610 0x1014  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
15:35:15.0766 0x1014  Cdfs - ok
15:35:15.0813 0x1014  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:35:15.0985 0x1014  Cdrom - ok
15:35:16.0016 0x1014  [ 84853B3FD012251690570E9E7E43343F, 65CACFA643E52A0C0E6B2D901228A8A0AD4993CAFA3C287E65395F4B7C521089 ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
15:35:16.0048 0x1014  cercsr6 - detected UnsignedFile.Multi.Generic ( 1 )
15:35:20.0735 0x1014  Detect skipped due to KSN trusted
15:35:20.0735 0x1014  cercsr6 - ok
15:35:20.0735 0x1014  Changer - ok
15:35:20.0766 0x1014  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
15:35:20.0923 0x1014  CiSvc - ok
15:35:20.0969 0x1014  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
15:35:21.0110 0x1014  ClipSrv - ok
15:35:21.0141 0x1014  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:35:21.0219 0x1014  clr_optimization_v2.0.50727_32 - ok
15:35:21.0219 0x1014  CmdIde - ok
15:35:21.0235 0x1014  COMSysApp - ok
15:35:21.0235 0x1014  Cpqarray - ok
15:35:21.0266 0x1014  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
15:35:21.0423 0x1014  CryptSvc - ok
15:35:21.0423 0x1014  dac2w2k - ok
15:35:21.0438 0x1014  dac960nt - ok
15:35:21.0594 0x1014  [ 62C5151161BE843F59EB8A8A90E43E71, 3CC9C531A3387A7402D8383E4BB97B791C2046857942179D55433E6351FBB695 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
15:35:21.0641 0x1014  DcomLaunch - detected Trojan.Win32.Patched.pj ( 0 )
15:35:26.0704 0x1014  DcomLaunch ( Trojan.Win32.Patched.pj ) - infected
15:35:26.0704 0x1014  Force sending object to P2P due to detect: DcomLaunch
15:35:31.0719 0x1014  Object send P2P result: true
15:35:36.0548 0x1014  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
15:35:36.0829 0x1014  Dhcp - ok
15:35:36.0876 0x1014  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
15:35:37.0032 0x1014  Disk - ok
15:35:37.0032 0x1014  dmadmin - ok
15:35:37.0298 0x1014  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
15:35:37.0938 0x1014  dmboot - ok
15:35:37.0985 0x1014  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
15:35:38.0173 0x1014  dmio - ok
15:35:38.0188 0x1014  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
15:35:38.0329 0x1014  dmload - ok
15:35:38.0376 0x1014  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
15:35:38.0594 0x1014  dmserver - ok
15:35:38.0657 0x1014  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
15:35:38.0860 0x1014  DMusic - ok
15:35:38.0969 0x1014  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
15:35:39.0048 0x1014  Dnscache - ok
15:35:39.0141 0x1014  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
15:35:39.0329 0x1014  Dot3svc - ok
15:35:39.0329 0x1014  dpti2o - ok
15:35:39.0360 0x1014  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
15:35:39.0532 0x1014  drmkaud - ok
15:35:39.0657 0x1014  [ 3FB47D5AB2DE389888C8DB45D22202E6, 5DBB0E18818329F05F2E19BB44E8E03238C33574AFB09C959F09E46C71E4E3FD ] duezpsxq        C:\WINDOWS\system32\drivers\duezpsxq.sys
15:35:39.0688 0x1014  duezpsxq - ok
15:35:39.0782 0x1014  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
15:35:39.0938 0x1014  EapHost - ok
15:35:39.0969 0x1014  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
15:35:40.0126 0x1014  ERSvc - ok
15:35:40.0173 0x1014  [ 3FB47D5AB2DE389888C8DB45D22202E6, 5DBB0E18818329F05F2E19BB44E8E03238C33574AFB09C959F09E46C71E4E3FD ] eugbemwg        C:\WINDOWS\system32\drivers\eugbemwg.sys
15:35:40.0219 0x1014  eugbemwg - ok
15:35:40.0282 0x1014  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
15:35:40.0391 0x1014  Eventlog - ok
15:35:40.0532 0x1014  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
15:35:40.0735 0x1014  EventSystem - ok
15:35:40.0813 0x1014  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
15:35:40.0985 0x1014  Fastfat - ok
15:35:41.0063 0x1014  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:35:41.0188 0x1014  FastUserSwitchingCompatibility - ok
15:35:41.0219 0x1014  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
15:35:41.0360 0x1014  Fdc - ok
15:35:41.0407 0x1014  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
15:35:41.0579 0x1014  Fips - ok
15:35:41.0610 0x1014  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
15:35:41.0751 0x1014  Flpydisk - ok
15:35:41.0829 0x1014  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
15:35:42.0016 0x1014  FltMgr - ok
15:35:42.0110 0x1014  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:35:42.0157 0x1014  FontCache3.0.0.0 - ok
15:35:42.0173 0x1014  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:35:42.0313 0x1014  Fs_Rec - ok
15:35:42.0376 0x1014  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:35:42.0563 0x1014  Ftdisk - ok
15:35:42.0610 0x1014  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:35:42.0766 0x1014  Gpc - ok
15:35:42.0860 0x1014  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:35:43.0001 0x1014  helpsvc - ok
15:35:43.0016 0x1014  hhycumqw - ok
15:35:43.0063 0x1014  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
15:35:43.0204 0x1014  HidServ - ok
15:35:43.0251 0x1014  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:35:43.0407 0x1014  hidusb - ok
15:35:43.0469 0x1014  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
15:35:43.0626 0x1014  hkmsvc - ok
15:35:43.0626 0x1014  hpn - ok
15:35:43.0751 0x1014  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
15:35:43.0891 0x1014  HTTP - ok
15:35:43.0923 0x1014  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
15:35:44.0063 0x1014  HTTPFilter - ok
15:35:44.0063 0x1014  i2omgmt - ok
15:35:44.0079 0x1014  i2omp - ok
15:35:44.0110 0x1014  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
15:35:44.0266 0x1014  i8042prt - ok
15:35:44.0563 0x1014  [ 0294A30B302CA71A2C26E582DDA93486, FD7F3233F387A6CA0EF3719BEC354B679CF786112B05168E02AE0A0916010271 ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:35:45.0063 0x1014  ialm - ok
15:35:45.0469 0x1014  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:35:46.0032 0x1014  idsvc - ok
15:35:46.0094 0x1014  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
15:35:46.0251 0x1014  Imapi - ok
15:35:46.0329 0x1014  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
15:35:46.0516 0x1014  ImapiService - ok
15:35:46.0532 0x1014  ini910u - ok
15:35:46.0532 0x1014  IntelIde - ok
15:35:46.0579 0x1014  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:35:46.0704 0x1014  intelppm - ok
15:35:46.0751 0x1014  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
15:35:46.0938 0x1014  Ip6Fw - ok
15:35:46.0985 0x1014  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:35:47.0141 0x1014  IpFilterDriver - ok
15:35:47.0173 0x1014  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:35:47.0313 0x1014  IpInIp - ok
15:35:47.0376 0x1014  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:35:47.0563 0x1014  IpNat - ok
15:35:47.0610 0x1014  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:35:47.0798 0x1014  IPSec - ok
15:35:47.0829 0x1014  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
15:35:47.0954 0x1014  IRENUM - ok
15:35:47.0985 0x1014  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:35:48.0141 0x1014  isapnp - ok
15:35:48.0188 0x1014  [ 3FB47D5AB2DE389888C8DB45D22202E6, 5DBB0E18818329F05F2E19BB44E8E03238C33574AFB09C959F09E46C71E4E3FD ] jyybafld        C:\WINDOWS\system32\drivers\jyybafld.sys
15:35:48.0219 0x1014  jyybafld - ok
15:35:48.0251 0x1014  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:35:48.0391 0x1014  Kbdclass - ok
15:35:48.0407 0x1014  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:35:48.0532 0x1014  kbdhid - ok
15:35:48.0641 0x1014  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
15:35:48.0860 0x1014  kmixer - ok
15:35:48.0938 0x1014  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
15:35:49.0016 0x1014  KSecDD - ok
15:35:49.0079 0x1014  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
15:35:49.0173 0x1014  lanmanserver - ok
15:35:49.0251 0x1014  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:35:49.0360 0x1014  lanmanworkstation - ok
15:35:49.0376 0x1014  lbrtfdc - ok
15:35:49.0407 0x1014  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
15:35:49.0548 0x1014  LmHosts - ok
15:35:49.0735 0x1014  [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:35:49.0860 0x1014  MDM - ok
15:35:49.0907 0x1014  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
15:35:50.0063 0x1014  Messenger - ok
15:35:50.0110 0x1014  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
15:35:50.0251 0x1014  mnmdd - ok
15:35:50.0298 0x1014  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
15:35:50.0469 0x1014  mnmsrvc - ok
15:35:50.0485 0x1014  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
15:35:50.0626 0x1014  Modem - ok
15:35:50.0657 0x1014  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:35:50.0782 0x1014  Mouclass - ok
15:35:50.0829 0x1014  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:35:51.0001 0x1014  mouhid - ok
15:35:51.0032 0x1014  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
15:35:51.0188 0x1014  MountMgr - ok
15:35:51.0313 0x1014  [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:35:51.0391 0x1014  MpFilter - ok
15:35:51.0516 0x1014  [ 65C34426C83EFA32D48380A97717997B, CD7EB6BFBB0BE382BA21055460D9A72323F09AF3194A22D8EDB28D5DB3BAE8E7 ] MpKsl70f25130   c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12949E9D-1F44-4437-9717-9ABEC6A1A3C8}\MpKsl70f25130.sys
15:35:51.0548 0x1014  MpKsl70f25130 - ok
15:35:51.0563 0x1014  mraid35x - ok
15:35:51.0641 0x1014  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:35:51.0860 0x1014  MRxDAV - ok
15:35:52.0032 0x1014  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:35:52.0298 0x1014  MRxSmb - ok
15:35:52.0344 0x1014  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
15:35:52.0485 0x1014  MSDTC - ok
15:35:52.0516 0x1014  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
15:35:52.0657 0x1014  Msfs - ok
15:35:52.0657 0x1014  MSIServer - ok
15:35:52.0688 0x1014  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:35:52.0813 0x1014  MSKSSRV - ok
15:35:52.0938 0x1014  [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:35:52.0969 0x1014  MsMpSvc - ok
15:35:53.0001 0x1014  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:35:53.0141 0x1014  MSPCLOCK - ok
15:35:53.0157 0x1014  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
15:35:53.0282 0x1014  MSPQM - ok
15:35:53.0313 0x1014  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:35:53.0438 0x1014  mssmbios - ok
15:35:53.0516 0x1014  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
15:35:53.0594 0x1014  Mup - ok
15:35:53.0641 0x1014  [ 3FB47D5AB2DE389888C8DB45D22202E6, 5DBB0E18818329F05F2E19BB44E8E03238C33574AFB09C959F09E46C71E4E3FD ] mzgawszo        C:\WINDOWS\system32\drivers\mzgawszo.sys
15:35:53.0673 0x1014  mzgawszo - ok
15:35:53.0798 0x1014  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
15:35:54.0032 0x1014  napagent - ok
15:35:54.0110 0x1014  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
15:35:54.0298 0x1014  NDIS - ok
15:35:54.0344 0x1014  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:35:54.0391 0x1014  NdisTapi - ok
15:35:54.0438 0x1014  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:35:54.0579 0x1014  Ndisuio - ok
15:35:54.0626 0x1014  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:35:54.0829 0x1014  NdisWan - ok
15:35:54.0876 0x1014  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
15:35:54.0969 0x1014  NDProxy - ok
15:35:55.0016 0x1014  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
15:35:55.0173 0x1014  NetBIOS - ok
15:35:55.0235 0x1014  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
15:35:55.0438 0x1014  NetBT - ok
15:35:55.0516 0x1014  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
15:35:55.0688 0x1014  NetDDE - ok
15:35:55.0719 0x1014  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
15:35:55.0860 0x1014  NetDDEdsdm - ok
15:35:55.0891 0x1014  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
15:35:56.0048 0x1014  Netlogon - ok
15:35:56.0126 0x1014  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
15:35:56.0329 0x1014  Netman - ok
15:35:56.0407 0x1014  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:35:56.0454 0x1014  NetTcpPortSharing - ok
15:35:56.0563 0x1014  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
15:35:56.0657 0x1014  Nla - ok
15:35:56.0719 0x1014  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
15:35:56.0891 0x1014  Npfs - ok
15:35:57.0079 0x1014  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
15:35:57.0469 0x1014  Ntfs - ok
15:35:57.0501 0x1014  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
15:35:57.0626 0x1014  NtLmSsp - ok
15:35:57.0798 0x1014  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
15:35:58.0141 0x1014  NtmsSvc - ok
15:35:58.0157 0x1014  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
15:35:58.0298 0x1014  Null - ok
15:35:58.0329 0x1014  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:35:58.0469 0x1014  NwlnkFlt - ok
15:35:58.0485 0x1014  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:35:58.0626 0x1014  NwlnkFwd - ok
15:35:58.0704 0x1014  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:35:58.0735 0x1014  ose - ok
15:35:58.0813 0x1014  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
15:35:59.0048 0x1014  Parport - ok
15:35:59.0063 0x1014  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
15:35:59.0204 0x1014  PartMgr - ok
15:35:59.0251 0x1014  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
15:35:59.0391 0x1014  ParVdm - ok
15:35:59.0407 0x1014  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
15:35:59.0594 0x1014  PCI - ok
15:35:59.0594 0x1014  PCIDump - ok
15:35:59.0626 0x1014  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
15:35:59.0751 0x1014  PCIIde - ok
15:35:59.0813 0x1014  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
15:36:00.0016 0x1014  Pcmcia - ok
15:36:00.0016 0x1014  Scan was interrupted by user!
15:36:00.0016 0x1014  Waiting for KSN requests completion. In queue: 102
15:36:01.0016 0x1014  Waiting for KSN requests completion. In queue: 102
15:36:02.0016 0x1014  Waiting for KSN requests completion. In queue: 102
15:36:03.0016 0x1014  Waiting for KSN requests completion. In queue: 102
15:36:04.0016 0x1014  Waiting for KSN requests completion. In queue: 102
15:36:05.0094 0x1014  AV detected via SS1: Microsoft Security Essentials, 4.5.0216.0, enabled, updated
15:36:05.0173 0x1014  Win FW state via NFM: enabled
15:36:09.0923 0x1014  ============================================================
15:36:09.0923 0x1014  Scan finished
15:36:09.0923 0x1014  ============================================================
15:36:09.0923 0x1718  Detected object count: 1
15:36:09.0923 0x1718  Actual detected object count: 1
15:36:28.0657 0x1718  C:\WINDOWS\system32\rpcss.dll - copied to quarantine
15:36:31.0719 0x1718  Backup copy found through SCO, using it..
15:36:32.0032 0x1718  C:\WINDOWS\system32\rpcss.dll - will be cured on reboot
15:36:32.0032 0x1718  DcomLaunch ( Trojan.Win32.Patched.pj ) - User select action: Cure
15:36:33.0266 0x1718  KLMD registered as C:\WINDOWS\system32\drivers\26636435.sys
15:36:42.0829 0x0fd0  Deinitialize success
 

 

 

 

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-08-2014
Ran by Reception1 at 2014-08-13 13:07:25
Running from C:\Documents and Settings\Recept\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.10.07 - Broadcom Corporation)
Brother MFL-Pro Suite (HKLM\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.00 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4299 - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Basic Edition 2003 (HKLM\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
NETGEAR Print Server Software (HKLM\...\NETGEAR Print Server Software) (Version:  - )
QuickBooks Enterprise Solutions: Retail Edition 5.0 (HKLM\...\{14374640-0900-4056-BA06-C87C900AF9E6}) (Version:  - )
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.03.58.00(7/17/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM\...\Easy Wireless Setup) (Version: 3.60.40.0 - Samsung Electronics Co., Ltd.)
Samsung M332x 382x 402x Series (HKLM\...\Samsung M332x 382x 402x Series) (Version: 1.16 (12/7/2013) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
View User's Guide (HKLM\...\View User Guide) (Version: 3.60.43.0 - )
VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

05-05-2014 11:59:29 Software Distribution Service 3.0
05-05-2014 17:19:29 Software Distribution Service 3.0
05-05-2014 21:01:37 Software Distribution Service 3.0
06-05-2014 17:25:56 Software Distribution Service 3.0
07-05-2014 16:53:32 Software Distribution Service 3.0
08-05-2014 17:15:44 System Checkpoint
08-05-2014 17:19:12 Software Distribution Service 3.0
09-05-2014 17:06:23 Software Distribution Service 3.0
12-05-2014 12:02:25 Software Distribution Service 3.0
12-05-2014 16:40:08 Software Distribution Service 3.0
13-05-2014 16:49:48 Software Distribution Service 3.0
14-05-2014 16:35:48 Software Distribution Service 3.0
15-05-2014 16:51:17 System Checkpoint
15-05-2014 16:51:23 Software Distribution Service 3.0
15-05-2014 21:04:03 Software Distribution Service 3.0
16-05-2014 16:48:35 Software Distribution Service 3.0
19-05-2014 11:56:46 Software Distribution Service 3.0
19-05-2014 16:54:46 Software Distribution Service 3.0
20-05-2014 17:00:04 Software Distribution Service 3.0
21-05-2014 16:52:07 Software Distribution Service 3.0
22-05-2014 16:55:33 Software Distribution Service 3.0
23-05-2014 17:10:54 Software Distribution Service 3.0
27-05-2014 12:00:24 Software Distribution Service 3.0
27-05-2014 16:49:28 Software Distribution Service 3.0
28-05-2014 17:14:46 System Checkpoint
28-05-2014 17:19:30 Software Distribution Service 3.0
29-05-2014 17:11:29 Software Distribution Service 3.0
30-05-2014 16:45:35 Software Distribution Service 3.0
02-06-2014 11:55:23 Software Distribution Service 3.0
02-06-2014 16:49:40 Software Distribution Service 3.0
03-06-2014 12:20:14 Software Distribution Service 3.0
03-06-2014 12:48:56 Software Distribution Service 3.0
03-06-2014 13:26:23 Software Distribution Service 3.0
03-06-2014 16:05:53 Software Distribution Service 3.0
03-06-2014 17:13:05 Software Distribution Service 3.0
04-06-2014 11:49:04 Software Distribution Service 3.0
04-06-2014 11:57:11 Software Distribution Service 3.0
04-06-2014 12:12:30 Software Distribution Service 3.0
04-06-2014 12:46:56 Software Distribution Service 3.0
04-06-2014 15:23:25 Software Distribution Service 3.0
04-06-2014 17:05:15 Software Distribution Service 3.0
05-06-2014 11:54:07 Software Distribution Service 3.0
05-06-2014 12:11:28 Software Distribution Service 3.0
05-06-2014 12:49:30 Software Distribution Service 3.0
05-06-2014 14:02:29 Software Distribution Service 3.0
05-06-2014 14:40:44 Software Distribution Service 3.0
05-06-2014 15:01:14 Software Distribution Service 3.0
05-06-2014 15:45:43 Software Distribution Service 3.0
05-06-2014 17:06:07 Software Distribution Service 3.0
05-06-2014 18:19:51 Software Distribution Service 3.0
05-06-2014 21:09:22 Restore Operation
05-06-2014 21:13:43 Restore Operation
05-06-2014 21:16:41 Restore Operation
06-06-2014 11:54:09 Software Distribution Service 3.0
06-06-2014 12:09:56 Software Distribution Service 3.0
06-06-2014 12:43:30 Software Distribution Service 3.0
06-06-2014 15:18:08 Software Distribution Service 3.0
06-06-2014 16:49:40 Software Distribution Service 3.0
09-06-2014 12:27:59 System Checkpoint
09-06-2014 12:54:21 Software Distribution Service 3.0
09-06-2014 15:37:08 Software Distribution Service 3.0
09-06-2014 17:23:28 Software Distribution Service 3.0
10-06-2014 11:48:04 Software Distribution Service 3.0
10-06-2014 12:02:16 Software Distribution Service 3.0
10-06-2014 12:38:02 Software Distribution Service 3.0
10-06-2014 15:15:23 Software Distribution Service 3.0
10-06-2014 16:39:14 Software Distribution Service 3.0
11-06-2014 03:49:42 Software Distribution Service 3.0
11-06-2014 16:55:20 Software Distribution Service 3.0
11-06-2014 20:58:03 Software Distribution Service 3.0
12-06-2014 17:29:19 Software Distribution Service 3.0
13-06-2014 16:51:22 Software Distribution Service 3.0
16-06-2014 12:03:06 Software Distribution Service 3.0
16-06-2014 17:22:02 Software Distribution Service 3.0
17-06-2014 16:40:41 Software Distribution Service 3.0
18-06-2014 16:49:27 Software Distribution Service 3.0
19-06-2014 16:37:40 Software Distribution Service 3.0
20-06-2014 17:04:48 System Checkpoint
20-06-2014 17:13:01 Software Distribution Service 3.0
23-06-2014 11:56:46 Software Distribution Service 3.0
23-06-2014 16:33:27 Software Distribution Service 3.0
24-06-2014 16:51:04 Software Distribution Service 3.0
25-06-2014 17:12:14 System Checkpoint
25-06-2014 17:23:00 Software Distribution Service 3.0
26-06-2014 16:43:15 Software Distribution Service 3.0
27-06-2014 16:57:48 System Checkpoint
27-06-2014 17:26:22 Software Distribution Service 3.0
30-06-2014 11:58:09 Software Distribution Service 3.0
30-06-2014 16:37:20 Software Distribution Service 3.0
01-07-2014 16:56:08 System Checkpoint
01-07-2014 16:59:27 Software Distribution Service 3.0
02-07-2014 17:16:17 System Checkpoint
02-07-2014 17:31:53 Software Distribution Service 3.0
03-07-2014 17:17:07 Software Distribution Service 3.0
07-07-2014 12:02:23 Software Distribution Service 3.0
07-07-2014 16:55:51 Software Distribution Service 3.0
08-07-2014 16:31:50 Software Distribution Service 3.0
09-07-2014 17:01:03 System Checkpoint
09-07-2014 17:25:00 Software Distribution Service 3.0
10-07-2014 17:03:29 Software Distribution Service 3.0
10-07-2014 21:04:19 Software Distribution Service 3.0
11-07-2014 17:02:18 Software Distribution Service 3.0
14-07-2014 11:52:20 Software Distribution Service 3.0
15-07-2014 11:58:15 Software Distribution Service 3.0
15-07-2014 16:44:14 Software Distribution Service 3.0
16-07-2014 17:06:55 Software Distribution Service 3.0
17-07-2014 17:01:01 Software Distribution Service 3.0
18-07-2014 17:33:53 Software Distribution Service 3.0
21-07-2014 12:36:23 Software Distribution Service 3.0
21-07-2014 16:49:09 Software Distribution Service 3.0
22-07-2014 14:58:37 Restore Operation
22-07-2014 16:10:23 Installed %1 %2.
22-07-2014 16:51:32 Software Distribution Service 3.0
23-07-2014 16:44:11 Software Distribution Service 3.0
24-07-2014 16:41:16 Software Distribution Service 3.0
25-07-2014 17:11:42 Software Distribution Service 3.0
28-07-2014 12:03:43 Software Distribution Service 3.0
28-07-2014 17:34:37 Software Distribution Service 3.0
29-07-2014 17:52:08 Software Distribution Service 3.0
30-07-2014 17:08:04 Software Distribution Service 3.0
31-07-2014 16:44:10 Software Distribution Service 3.0
01-08-2014 17:04:07 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 08:00 - 2004-08-04 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Security Center Update - 3442903923.job => C:\Documents and Settings\Recept\Application Data\Basuraf\biadedu.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Security Center Update - 3885635341.job => C:\Documents and Settings\Recept\Application Data\Odivfyb\byvat.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-08-11 10:59 - 2014-08-11 10:59 - 00023552 _____ () C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\koflegw.dll
2014-02-20 11:37 - 2002-01-08 11:08 - 00051712 _____ () C:\WINDOWS\system32\ngprtserv.dll
2014-01-28 16:23 - 2012-11-22 09:49 - 00024064 _____ () C:\WINDOWS\system32\ssi5mlm.dll
2014-06-04 09:17 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-04 09:17 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-04 09:17 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-28 16:23 - 2013-02-14 10:31 - 00234032 _____ () c:\windows\system32\spool\drivers\w32x86\3\ssi5mpi.exe
2004-08-04 08:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 08:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\duezpsxq.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\eugbemwg.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\jyybafld.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mzgawszo.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdwbcwbm.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vtrutuih.sys:changelist

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/13/2014 01:04:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 13.8.2014.0, faulting module frst.exe, version 13.8.2014.0, fault address 0x0001f440.
Processing media-specific event for [frst.exe!ws!]

Error: (08/12/2014 02:25:19 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.10802.0, P3 1.179.2746.0, P4 1.179.2746.0, P5 pws_win32_zbot.gen!plock, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (08/12/2014 02:17:03 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.10802.0, P3 1.179.2746.0, P4 1.179.2746.0, P5 pws_win32_zbot.gen!plock, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (08/12/2014 01:27:40 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.10802.0, P3 1.179.2746.0, P4 1.179.2746.0, P5 pws_win32_zbot.gen!plock, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (08/12/2014 01:25:35 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.10802.0, P3 1.179.2746.0, P4 1.179.2746.0, P5 pws_win32_zbot.gen!plock, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (08/12/2014 00:15:59 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.10802.0, P3 1.179.2746.0, P4 1.179.2746.0, P5 000005558ad9e12b_b531488ae3a2af04e54fa422b4e1a53a3f964c7a, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (08/12/2014 07:24:16 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.10802.0, P3 1.179.2746.0, P4 1.179.2746.0, P5 pws_win32_zbot.gen!plock, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (08/11/2014 01:41:03 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.10802.0, P3 1.179.2746.0, P4 1.179.2746.0, P5 pws_win32_zbot.gen!plock, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (08/11/2014 01:35:52 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.10802.0, P3 1.179.2746.0, P4 1.179.2746.0, P5 pws_win32_zbot.gen!plock, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (08/11/2014 11:37:47 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.10802.0, P3 1.179.2746.0, P4 1.179.2746.0, P5 pws_win32_zbot.gen!plock, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

System errors:
=============
Error: (08/12/2014 03:30:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (08/12/2014 03:29:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (08/12/2014 03:27:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (08/12/2014 03:27:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Security Center Server - 3885635341 service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/12/2014 03:04:04 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort1

Error: (08/12/2014 02:21:20 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (08/12/2014 02:19:08 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort1

Error: (08/12/2014 02:15:30 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort1

Error: (08/12/2014 01:25:30 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: %Virus:DOS/Rovnix.gen!A60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Virus:DOS/Rovnix.gen!A603

 Name: Virus:DOS/Rovnix.gen!A

 ID: 2147686707

 Severity: %Virus:DOS/Rovnix.gen!A600

 Category: %Virus:DOS/Rovnix.gen!A602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %Virus:DOS/Rovnix.gen!A608

 User: {546979CE-AF00-4A64-BA1D-7C10FA7D116C}9

 Process Name: %Virus:DOS/Rovnix.gen!A609

 Action: {546979CE-AF00-4A64-BA1D-7C10FA7D116C}1

 Action Status:  {546979CE-AF00-4A64-BA1D-7C10FA7D116C}8

 Error Code: {546979CE-AF00-4A64-BA1D-7C10FA7D116C}3

 Error description: {546979CE-AF00-4A64-BA1D-7C10FA7D116C}4

 Signature Version: 2014-08-11T17:35:45.156Z1

 Engine Version: 2014-08-11T17:35:45.156Z2

Error: (08/12/2014 01:25:29 PM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

Microsoft Office Sessions:
=========================
Error: (08/13/2014 01:04:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst.exe13.8.2014.0frst.exe13.8.2014.00001f440

Error: (08/12/2014 02:25:19 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.10802.01.179.2746.01.179.2746.0pws_win32_zbot.gen!plockNILNILNILNILNIL

Error: (08/12/2014 02:17:03 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.10802.01.179.2746.01.179.2746.0pws_win32_zbot.gen!plockNILNILNILNILNIL

Error: (08/12/2014 01:27:40 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.10802.01.179.2746.01.179.2746.0pws_win32_zbot.gen!plockNILNILNILNILNIL

Error: (08/12/2014 01:25:35 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.10802.01.179.2746.01.179.2746.0pws_win32_zbot.gen!plockNILNILNILNILNIL

Error: (08/12/2014 00:15:59 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.10802.01.179.2746.01.179.2746.0000005558ad9e12b_b531488ae3a2af04e54fa422b4e1a53a3f964c7aNILNILNILNILNIL

Error: (08/12/2014 07:24:16 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.10802.01.179.2746.01.179.2746.0pws_win32_zbot.gen!plockNILNILNILNILNIL

Error: (08/11/2014 01:41:03 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.10802.01.179.2746.01.179.2746.0pws_win32_zbot.gen!plockNILNILNILNILNIL

Error: (08/11/2014 01:35:52 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.10802.01.179.2746.01.179.2746.0pws_win32_zbot.gen!plockNILNILNILNILNIL

Error: (08/11/2014 11:37:47 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.10802.01.179.2746.01.179.2746.0pws_win32_zbot.gen!plockNILNILNILNILNIL

==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 64%
Total physical RAM: 1013.96 MB
Available physical RAM: 364.85 MB
Total Pagefile: 2567.86 MB
Available Pagefile: 1857.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:131.22 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive q: () (Network) (Total:144.93 GB) (Free:141.49 GB)
Drive s: () (Network) (Total:144.93 GB) (Free:141.49 GB)
Drive z: () (Network) (Total:144.93 GB) (Free:141.49 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 5C525C52)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

FRST log came out blank:

 

==================== End Of Log ============================

 

 

 

Please let me know what to do next, thanks so much!



#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 AM

Posted 13 August 2014 - 12:17 PM

Hi,

FRST log came out blank:

can you please re-run FRST and check if you still get a blank log this time?

#6 tblighting

tblighting
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 13 August 2014 - 01:28 PM

Ok, FRST gave me a log this time:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014
Ran by Reception1 (administrator) on RECEPTION on 13-08-2014 14:22:01
Running from C:\Documents and Settings\Recept\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\WINDOWS\system32\spool\drivers\w32x86\3\ssi5mpi.exe
(Maskiseft Corporatien) C:\Documents and Settings\Recept\Application Data\Basuraf\biadedu.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Maskiseft Corporatien) C:\Documents and Settings\Recept\Application Data\Odivfyb\byvat.exe
(Maskiseft Corporatien) C:\Documents and Settings\Recept\Application Data\Odivfyb\byvat.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [{4E37DF1A-4CE6-46D0-81AE-01EBF3474FFB}] => cmd.exe /C start /D "C:\DOCUME~1\Recept\LOCALS~1\Temp" /B {4E37DF1A-4CE6-46D0-81AE-01EBF3474FFB}.exe -accepteula -accepteulaksn -postboot
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
Winlogon\Notify\irtvewq: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\irtvewq.dll [X]
Winlogon\Notify\koflegw: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\koflegw.dll ()
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 220 more characters). <==== ATTENTION!
HKLM\...99B7938DA9E4}\LocalServer32: [a] #@~^MHsAAA==n{F+2im'xh,)mDk-+or8%mYvEUmDb2ORUtVsJbIStrVc+e'*+* Y.zPhxlc3XwC NAx\bDKU:xO?DDrUT/ (the data entry has 31460 more characters). <==== ATTENTION!
InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTION
HKU\S-1-5-21-1004336348-1580436667-682003330-1003\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-1004336348-1580436667-682003330-1003\...\Run: [] => C:\Documents and Settings\Recept\Application Data                                                                                                                                                        (the data entry has 430 more characters). [0 2014-08-12] ()
HKU\S-1-5-21-1004336348-1580436667-682003330-1003\...\Run: [AsuvEnov] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\AsuvEnov\AsuvEnov.dat"
HKU\S-1-5-21-1004336348-1580436667-682003330-1003\...\Run: [ArsevSundi] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\ArsevSundi\ArsevSundi.dat"
HKU\S-1-5-21-1004336348-1580436667-682003330-1003\...\Run: [OqivIleya] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\OqivIleya\OqivIleya.dat"
HKU\S-1-5-21-1004336348-1580436667-682003330-1003\...\Run: [Dasyqyotl] => C:\Documents and Settings\Recept\Application Data\Odivfyb\byvat.exe [304677 2014-08-13] (Maskiseft Corporatien)
HKU\S-1-5-21-1004336348-1580436667-682003330-1003\...\Run: [Gyewiqweabkycaf] => C:\Documents and Settings\Recept\Application Data\Basuraf\biadedu.exe [305828 2014-08-12] (Maskiseft Corporatien)
HKU\S-1-5-21-1004336348-1580436667-682003330-1003\...\MountPoints2: E - E:\LaunchU3.exe -a
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\izusp.exe (Maskiseft Corporatien)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\reaquz.exe (Maskiseft Corporatien)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ymzo.exe (Maskiseft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Documents and Settings\Recept\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-22]
CHR Extension: (Google Drive) - C:\Documents and Settings\Recept\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-22]
CHR Extension: (YouTube) - C:\Documents and Settings\Recept\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-22]
CHR Extension: (Google Search) - C:\Documents and Settings\Recept\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-22]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Recept\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-22]
CHR Extension: (Gmail) - C:\Documents and Settings\Recept\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [407040 2009-02-09] (Microsoft Corporation) [File not signed]
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [407040 2009-02-09] (Microsoft Corporation) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SecurityCenterServer3885635341; C:\Documents and Settings\Recept\Application Data\Odivfyb\byvat.exe [304677 2014-08-13] (Maskiseft Corporatien) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U0 03219624; C:\WINDOWS\System32\drivers\26636435.sys [212064 2014-08-12] (Kaspersky Lab, Yury Parshin)
R3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2005-03-21] (Adaptec, Inc.) [File not signed]
S1 duezpsxq; C:\WINDOWS\system32\drivers\duezpsxq.sys [49088 2014-08-11] (Microsoft Corporation)
S1 eugbemwg; C:\WINDOWS\system32\drivers\eugbemwg.sys [49088 2014-08-12] (Microsoft Corporation)
S1 jyybafld; C:\WINDOWS\system32\drivers\jyybafld.sys [49088 2014-08-11] (Microsoft Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl70f25130; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12949E9D-1F44-4437-9717-9ABEC6A1A3C8}\MpKsl70f25130.sys [39464 2014-08-11] (Microsoft Corporation)
S1 mzgawszo; C:\WINDOWS\system32\drivers\mzgawszo.sys [49088 2014-08-12] (Microsoft Corporation)
S1 sdwbcwbm; C:\WINDOWS\system32\drivers\sdwbcwbm.sys [49088 2014-08-11] (Microsoft Corporation)
S1 vtrutuih; C:\WINDOWS\system32\drivers\vtrutuih.sys [49088 2014-08-12] (Microsoft Corporation)
S1 hhycumqw; \??\C:\WINDOWS\system32\drivers\hhycumqw.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 13:07 - 2014-08-13 14:22 - 00010247 _____ () C:\Documents and Settings\Recept\Desktop\FRST.txt
2014-08-13 13:03 - 2014-08-13 14:22 - 00000000 ____D () C:\FRST
2014-08-13 13:03 - 2014-08-13 13:03 - 01092096 _____ (Farbar) C:\Documents and Settings\Recept\Desktop\FRST.exe
2014-08-12 15:36 - 2014-08-12 15:45 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-08-12 15:36 - 2014-08-12 15:36 - 00407040 _____ () C:\WINDOWS\system32\Drivers\tsk3D8.tmp
2014-08-12 15:36 - 2014-08-12 15:36 - 00212064 _____ (Kaspersky Lab, Yury Parshin) C:\WINDOWS\system32\Drivers\26636435.sys
2014-08-12 15:32 - 2014-08-12 15:32 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Recept\Desktop\tdsskiller.exe
2014-08-12 14:23 - 2014-08-12 14:24 - 00049088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vtrutuih.sys
2014-08-12 14:16 - 2014-08-13 14:00 - 00000886 _____ () C:\WINDOWS\Tasks\Security Center Update - 3885635341.job
2014-08-12 14:16 - 2014-08-13 09:39 - 00000000 ____D () C:\Documents and Settings\Recept\Application Data\Odivfyb
2014-08-12 14:16 - 2014-01-18 11:50 - 00304677 _____ (Maskiseft Corporatien) C:\WINDOWS\system32\eqpeserasy.exe
2014-08-12 14:14 - 2014-08-12 14:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ImeluQxoca
2014-08-12 13:27 - 2014-08-12 13:27 - 00049088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\eugbemwg.sys
2014-08-12 13:25 - 2014-08-12 13:25 - 00049088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mzgawszo.sys
2014-08-11 21:58 - 2014-08-11 21:58 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{D2A7EC04-CF11-4F94-8104-FB93C41CF675}
2014-08-11 13:41 - 2014-08-11 13:41 - 00049088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\duezpsxq.sys
2014-08-11 13:35 - 2014-08-11 13:35 - 00049088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\jyybafld.sys
2014-08-11 11:35 - 2014-08-11 11:35 - 00049088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdwbcwbm.sys
2014-08-11 11:14 - 2014-08-13 14:00 - 00000890 _____ () C:\WINDOWS\Tasks\Security Center Update - 3442903923.job
2014-08-11 11:14 - 2014-08-12 15:29 - 00000000 ____D () C:\Documents and Settings\Recept\Application Data\Basuraf
2014-08-11 11:14 - 2014-01-06 15:25 - 00305828 _____ (Maskiseft Corporatien) C:\WINDOWS\system32\zakafiigek.exe
2014-08-11 11:12 - 2014-08-11 11:12 - 00008198 _____ () C:\Documents and Settings\Recept\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:12 - 2014-08-11 11:12 - 00004144 _____ () C:\Documents and Settings\Recept\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:12 - 2014-08-11 11:12 - 00000274 _____ () C:\Documents and Settings\Recept\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-11 11:11 - 2014-08-11 11:11 - 00008198 _____ () C:\Documents and Settings\LocalService\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:11 - 2014-08-11 11:11 - 00008198 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:11 - 2014-08-11 11:11 - 00008198 _____ () C:\Documents and Settings\LocalService\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:11 - 2014-08-11 11:11 - 00008198 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:11 - 2014-08-11 11:11 - 00004144 _____ () C:\Documents and Settings\LocalService\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:11 - 2014-08-11 11:11 - 00004144 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:11 - 2014-08-11 11:11 - 00004144 _____ () C:\Documents and Settings\LocalService\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:11 - 2014-08-11 11:11 - 00004144 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:11 - 2014-08-11 11:11 - 00000274 _____ () C:\Documents and Settings\LocalService\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-11 11:11 - 2014-08-11 11:11 - 00000274 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-11 11:11 - 2014-08-11 11:11 - 00000274 _____ () C:\Documents and Settings\LocalService\DECRYPT_INSTRUCTION.URL
2014-08-11 11:11 - 2014-08-11 11:11 - 00000274 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
2014-08-11 11:10 - 2014-08-11 11:10 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:10 - 2014-08-11 11:10 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:10 - 2014-08-11 11:10 - 00008198 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:10 - 2014-08-11 11:10 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:10 - 2014-08-11 11:10 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:10 - 2014-08-11 11:10 - 00004144 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:10 - 2014-08-11 11:10 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-11 11:10 - 2014-08-11 11:10 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-11 11:10 - 2014-08-11 11:10 - 00000274 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-11 11:09 - 2014-08-11 11:09 - 00008198 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:09 - 2014-08-11 11:09 - 00008198 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:09 - 2014-08-11 11:09 - 00004144 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:09 - 2014-08-11 11:09 - 00004144 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:09 - 2014-08-11 11:09 - 00000274 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-08-11 11:09 - 2014-08-11 11:09 - 00000274 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-11 11:03 - 2014-08-11 11:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\OqivIleya
2014-08-08 16:48 - 2014-08-08 16:48 - 00000060 _____ () C:\WINDOWS\setupact.log
2014-08-08 16:48 - 2014-08-08 16:48 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-08 15:58 - 2014-08-11 11:13 - 00000000 ____D () C:\Documents and Settings\Recept\Application Data\Xeivtu
2014-08-08 15:53 - 2014-08-08 15:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ArsevSundi
2014-08-08 12:27 - 2014-08-08 12:27 - 00688992 ____R (Swearware) C:\Documents and Settings\Recept\Desktop\dds.com
2014-08-08 11:59 - 2014-08-13 14:16 - 00039936 _____ () C:\WINDOWS\system32\pjsjj.fik
2014-08-08 10:55 - 2014-08-08 10:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\OtsaWane
2014-08-07 10:27 - 2014-08-08 17:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\UbzinIfdam
2014-08-06 14:52 - 2014-08-06 14:52 - 00000282 _____ () C:\Documents and Settings\Recept\Desktop\cc_20140806_145116.reg
2014-08-06 11:38 - 2014-08-06 14:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EgqeFalic
2014-08-05 11:42 - 2014-08-05 11:42 - 00000000 _____ () C:\WINDOWS\system32\seetla.dll
2014-08-05 08:56 - 2014-08-05 08:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\UlojUmer
2014-08-04 08:12 - 2014-08-06 11:38 - 00000000 ___HD () C:\d012ee0
2014-07-24 10:35 - 2014-07-24 10:35 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-07-24 10:35 - 2014-07-24 10:35 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-22 13:53 - 2014-08-11 11:11 - 00000000 ____D () C:\Documents and Settings\Recept\Application Data\G001
2014-07-22 12:43 - 2014-07-22 12:43 - 00000000 ____D () C:\Documents and Settings\Recept\Local Settings\Application Data\G001
2014-07-22 12:43 - 2014-07-22 12:43 - 00000000 ____D () C:\Documents and Settings\Recept\Application Data\Mozilla
2014-07-22 12:28 - 2014-07-22 16:44 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-07-22 12:13 - 2014-07-22 12:13 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-07-22 12:13 - 2014-07-22 12:13 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-07-22 12:11 - 2014-07-22 12:11 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-07-22 12:11 - 2014-07-22 12:11 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-07-22 12:11 - 2014-07-22 12:11 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2014-07-22 12:10 - 2014-07-22 12:13 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-07-22 12:09 - 2014-07-22 12:09 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-07-22 12:08 - 2014-07-24 10:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AsuvEnov
2014-07-22 11:10 - 2014-08-08 15:35 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 11:09 - 2014-08-08 17:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-22 11:09 - 2014-07-22 11:09 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-22 11:09 - 2014-07-22 11:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-22 11:09 - 2014-07-22 11:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-07-22 11:09 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-22 11:09 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-21 10:41 - 2014-07-21 10:41 - 00000000 ____D () C:\Documents and Settings\Recept\Local Settings\Application Data\Google
2014-07-18 10:29 - 2014-07-18 10:29 - 00000000 ____D () C:\Documents and Settings\Recept\Local Settings\Application Data\74eae3
2014-07-18 10:29 - 2014-07-18 10:29 - 00000000 ____D () C:\Documents and Settings\Recept\Application Data\74eae3
2014-07-18 10:27 - 2014-07-21 12:36 - 00000000 ____D () C:\Documents and Settings\Recept\Local Settings\Application Data\chrome-bin

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 14:23 - 2012-10-13 06:58 - 00000000 ____D () C:\Documents and Settings\Recept\Local Settings\Temp
2014-08-13 14:22 - 2014-08-13 13:07 - 00010247 _____ () C:\Documents and Settings\Recept\Desktop\FRST.txt
2014-08-13 14:22 - 2014-08-13 13:03 - 00000000 ____D () C:\FRST
2014-08-13 14:22 - 2014-05-30 09:43 - 00000082 _____ () C:\WINDOWS\system32\brvuv.dor
2014-08-13 14:16 - 2014-08-08 11:59 - 00039936 _____ () C:\WINDOWS\system32\pjsjj.fik
2014-08-13 14:16 - 2014-05-30 09:32 - 00000130 _____ () C:\WINDOWS\system32\pmibqh.kps
2014-08-13 14:00 - 2014-08-12 14:16 - 00000886 _____ () C:\WINDOWS\Tasks\Security Center Update - 3885635341.job
2014-08-13 14:00 - 2014-08-11 11:14 - 00000890 _____ () C:\WINDOWS\Tasks\Security Center Update - 3442903923.job
2014-08-13 13:57 - 2014-05-30 09:33 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-08-13 13:18 - 2012-10-13 06:53 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-08-13 13:14 - 2014-04-03 08:36 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-08-13 13:03 - 2014-08-13 13:03 - 01092096 _____ (Farbar) C:\Documents and Settings\Recept\Desktop\FRST.exe
2014-08-13 09:45 - 2012-10-13 08:31 - 00002521 _____ () C:\Documents and Settings\Recept\Desktop\Microsoft Office Outlook 2003.lnk
2014-08-13 09:39 - 2014-08-12 14:16 - 00000000 ____D () C:\Documents and Settings\Recept\Application Data\Odivfyb
2014-08-12 15:45 - 2014-08-12 15:36 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-08-12 15:36 - 2014-08-12 15:36 - 00407040 _____ () C:\WINDOWS\system32\Drivers\tsk3D8.tmp
2014-08-12 15:36 - 2014-08-12 15:36 - 00212064 _____ (Kaspersky Lab, Yury Parshin) C:\WINDOWS\system32\Drivers\26636435.sys
2014-08-12 15:32 - 2014-08-12 15:32 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Recept\Desktop\tdsskiller.exe
2014-08-12 15:29 - 2014-08-11 11:14 - 00000000 ____D () C:\Documents and Settings\Recept\Application Data\Basuraf
2014-08-12 14:24 - 2014-08-12 14:23 - 00049088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vtrutuih.sys
2014-08-12 14:14 - 2014-08-12 14:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ImeluQxoca
2014-08-12 13:27 - 2014-08-12 13:27 - 00049088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\eugbemwg.sys
2014-08-12 13:25 - 2014-08-12 13:25 - 00049088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mzgawszo.sys
2014-08-12 13:12 - 2012-10-13 06:49 - 01714391 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-11 23:00 - 2012-10-13 06:53 - 00032578 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-11 21:58 - 2014-08-11 21:58 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{D2A7EC04-CF11-4F94-8104-FB93C41CF675}
2014-08-11 13:41 - 2014-08-11 13:41 - 00049088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\duezpsxq.sys
2014-08-11 13:35 - 2014-08-11 13:35 - 00049088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\jyybafld.sys
2014-08-11 11:35 - 2014-08-11 11:35 - 00049088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdwbcwbm.sys
2014-08-11 11:15 - 2004-08-04 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-11 11:14 - 2014-03-28 07:47 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-08-11 11:14 - 2012-10-13 02:45 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-11 11:14 - 2012-10-13 02:45 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-08-11 11:13 - 2014-08-08 15:58 - 00000000 ____D () C:\Documents and Settings\Recept\Application Data\Xeivtu
2014-08-11 11:13 - 2012-10-13 06:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-11 11:12 - 2014-08-11 11:12 - 00008198 _____ () C:\Documents and Settings\Recept\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:12 - 2014-08-11 11:12 - 00004144 _____ () C:\Documents and Settings\Recept\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:12 - 2014-08-11 11:12 - 00000274 _____ () C:\Documents and Settings\Recept\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-11 11:12 - 2014-01-28 16:24 - 00000000 ____D () C:\Documents and Settings\Recept\Application Data\Samsung
2014-08-11 11:11 - 2014-08-11 11:11 - 00008198 _____ () C:\Documents and Settings\LocalService\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:11 - 2014-08-11 11:11 - 00008198 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:11 - 2014-08-11 11:11 - 00008198 _____ () C:\Documents and Settings\LocalService\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:11 - 2014-08-11 11:11 - 00008198 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:11 - 2014-08-11 11:11 - 00004144 _____ () C:\Documents and Settings\LocalService\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:11 - 2014-08-11 11:11 - 00004144 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:11 - 2014-08-11 11:11 - 00004144 _____ () C:\Documents and Settings\LocalService\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:11 - 2014-08-11 11:11 - 00004144 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:11 - 2014-08-11 11:11 - 00000274 _____ () C:\Documents and Settings\LocalService\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-11 11:11 - 2014-08-11 11:11 - 00000274 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-11 11:11 - 2014-08-11 11:11 - 00000274 _____ () C:\Documents and Settings\LocalService\DECRYPT_INSTRUCTION.URL
2014-08-11 11:11 - 2014-08-11 11:11 - 00000274 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
2014-08-11 11:11 - 2014-07-22 13:53 - 00000000 ____D () C:\Documents and Settings\Recept\Application Data\G001
2014-08-11 11:11 - 2012-10-13 06:58 - 00000278 ___SH () C:\Documents and Settings\Recept\ntuser.ini
2014-08-11 11:11 - 2012-10-13 06:53 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-08-11 11:10 - 2014-08-11 11:10 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:10 - 2014-08-11 11:10 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:10 - 2014-08-11 11:10 - 00008198 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:10 - 2014-08-11 11:10 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:10 - 2014-08-11 11:10 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:10 - 2014-08-11 11:10 - 00004144 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:10 - 2014-08-11 11:10 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-11 11:10 - 2014-08-11 11:10 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-11 11:10 - 2014-08-11 11:10 - 00000274 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-11 11:09 - 2014-08-11 11:09 - 00008198 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:09 - 2014-08-11 11:09 - 00008198 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-11 11:09 - 2014-08-11 11:09 - 00004144 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:09 - 2014-08-11 11:09 - 00004144 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-11 11:09 - 2014-08-11 11:09 - 00000274 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-08-11 11:09 - 2014-08-11 11:09 - 00000274 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-11 11:09 - 2014-06-04 09:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-08-11 11:03 - 2014-08-11 11:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\OqivIleya
2014-08-11 07:46 - 2012-10-13 08:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2347290$
2014-08-08 17:04 - 2014-02-19 17:56 - 00185448 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-08-08 17:03 - 2014-08-07 10:27 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\UbzinIfdam
2014-08-08 17:03 - 2014-07-22 11:09 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-08 16:48 - 2014-08-08 16:48 - 00000060 _____ () C:\WINDOWS\setupact.log
2014-08-08 16:48 - 2014-08-08 16:48 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-08 15:53 - 2014-08-08 15:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ArsevSundi
2014-08-08 15:35 - 2014-07-22 11:10 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-08 15:32 - 2012-10-16 08:40 - 00000000 __SHD () C:\WINDOWS\CSC
2014-08-08 15:00 - 2014-03-28 07:47 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-08-08 12:27 - 2014-08-08 12:27 - 00688992 ____R (Swearware) C:\Documents and Settings\Recept\Desktop\dds.com
2014-08-08 11:48 - 2012-10-14 07:00 - 00000000 ____D () C:\BkUp
2014-08-08 10:55 - 2014-08-08 10:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\OtsaWane
2014-08-06 16:52 - 2012-10-13 08:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2423089$
2014-08-06 15:08 - 2014-06-04 09:17 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-06 14:52 - 2014-08-06 14:52 - 00000282 _____ () C:\Documents and Settings\Recept\Desktop\cc_20140806_145116.reg
2014-08-06 14:22 - 2012-10-13 08:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979482$
2014-08-06 14:20 - 2014-08-06 11:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EgqeFalic
2014-08-06 11:38 - 2014-08-04 08:12 - 00000000 ___HD () C:\d012ee0
2014-08-05 11:42 - 2014-08-05 11:42 - 00000000 _____ () C:\WINDOWS\system32\seetla.dll
2014-08-05 08:56 - 2014-08-05 08:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\UlojUmer
2014-08-04 08:15 - 2014-02-20 11:23 - 00000000 ____D () C:\%PC ADMIN
2014-07-30 09:21 - 2013-04-10 17:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2014-07-29 09:27 - 2013-09-12 17:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2014-07-25 12:07 - 2013-04-10 17:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813170$
2014-07-24 10:56 - 2014-07-22 12:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AsuvEnov
2014-07-24 10:40 - 2012-10-13 06:58 - 00000000 ____D () C:\Documents and Settings\Recept
2014-07-24 10:35 - 2014-07-24 10:35 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-07-24 10:35 - 2014-07-24 10:35 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-24 10:17 - 2013-03-21 17:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2014-07-22 16:44 - 2014-07-22 12:28 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-07-22 12:43 - 2014-07-22 12:43 - 00000000 ____D () C:\Documents and Settings\Recept\Local Settings\Application Data\G001
2014-07-22 12:43 - 2014-07-22 12:43 - 00000000 ____D () C:\Documents and Settings\Recept\Application Data\Mozilla
2014-07-22 12:30 - 2012-10-15 09:19 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-07-22 12:24 - 2012-10-13 02:35 - 00000000 ____D () C:\WINDOWS\security
2014-07-22 12:18 - 2012-10-13 06:46 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-07-22 12:13 - 2014-07-22 12:13 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-07-22 12:13 - 2014-07-22 12:13 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-07-22 12:13 - 2014-07-22 12:10 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-07-22 12:13 - 2012-10-13 02:35 - 00000000 ____D () C:\WINDOWS\Help
2014-07-22 12:11 - 2014-07-22 12:11 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-07-22 12:11 - 2014-07-22 12:11 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-07-22 12:11 - 2014-07-22 12:11 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2014-07-22 12:09 - 2014-07-22 12:09 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-07-22 11:31 - 2012-10-13 06:49 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2014-07-22 11:09 - 2014-07-22 11:09 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-22 11:09 - 2014-07-22 11:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-22 11:09 - 2014-07-22 11:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-07-21 12:36 - 2014-07-18 10:27 - 00000000 ____D () C:\Documents and Settings\Recept\Local Settings\Application Data\chrome-bin
2014-07-21 10:41 - 2014-07-21 10:41 - 00000000 ____D () C:\Documents and Settings\Recept\Local Settings\Application Data\Google
2014-07-18 10:29 - 2014-07-18 10:29 - 00000000 ____D () C:\Documents and Settings\Recept\Local Settings\Application Data\74eae3
2014-07-18 10:29 - 2014-07-18 10:29 - 00000000 ____D () C:\Documents and Settings\Recept\Application Data\74eae3

Some content of TEMP:
====================
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-74584e8d.exe
C:\Documents and Settings\Recept\Local Settings\Temp\{4E37DF1A-4CE6-46D0-81AE-01EBF3474FFB}.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll
[2004-08-04 08:00] - [2009-02-09 08:10] - 0407040 ____A (Microsoft Corporation) 62c5151161be843f59eb8a8a90e43e71    

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================



#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 AM

Posted 14 August 2014 - 07:20 AM

Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#8 tblighting

tblighting
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 14 August 2014 - 11:41 AM

Hello, I tried to run this scan and closed all other programs, but it still caused the computer to freeze. I had to reboot, and now I am getting this message when windows starts (see attached jpg). I don't know how to fix this and now can't log in to windows without the computer restarting itself in 50 seconds.

Attached Files



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 AM

Posted 16 August 2014 - 08:28 AM

Sorry for the delay.
Can you open a command prompt and type "shutdown /a" when this message appears to prevent the restart?

#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 AM

Posted 03 September 2014 - 06:02 AM

Do you still need help?

#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 AM

Posted 19 September 2014 - 02:40 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users