republican-creole
site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security Cleanup > [RESOLVED]virus help on other computer

Search Topic:
 Uniqs:
2015		 Share Topic
Posting?
Links: ·SCU FAQ ·Pre-Clean ·Site IMs ·VundoFix ·Zlob/Smitfraud ·SCU Helpers
AuthorAll Replies

DarthSaruman
Before Me You Tremble

join:2002-06-28
Warren, MI
1 edit

[RESOLVED]virus help on other computer

I ran mbam just for spite and it found a virus...so I ran all the other scans and now when I search through google the results are not correct...very weird...

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.31.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
slayerman :: MASTER [administrator]

8/31/2012 12:59:29 PM
mbam-log-2012-08-31 (12-59-29).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229777
Time elapsed: 50 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\slayerman\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\34\6bd482a2-7e642c92 (Trojan.Downloader) -> Quarantined and deleted successfully.

(end)
to forum · permalink · 2012-08-31 17:22:19 · (locked)

DarthSaruman
Before Me You Tremble

join:2002-06-28
Warren, MI

Re: virus help on other computer

OTL logfile created on: 8/31/2012 1:59:33 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\slayerman\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.49 Mb Total Physical Memory | 719.34 Mb Available Physical Memory | 70.28% Memory free
2.40 Gb Paging File | 2.12 Gb Available in Paging File | 88.25% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 66.66 Gb Free Space | 89.45% Space Free | Partition Type: NTFS
Drive D: | 129.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MASTER | User Name: slayerman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/08/31 13:59:17 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\slayerman\Desktop\OTL.exe
PRC - [2012/07/18 18:05:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/07/18 18:04:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/07/18 18:05:02 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvc.sys -- (LVUVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvrs.sys -- (LVRS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/18 18:05:10 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/07/18 18:05:10 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/07/18 18:05:10 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/11/09 22:46:28 | 000,020,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002/08/28 18:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2002/07/24 13:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/19 10:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 10:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 10:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 10:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/19 10:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2002/07/19 10:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2001/08/17 08:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman)
DRV - [2001/08/17 08:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1)
DRV - [2001/08/17 08:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k)
DRV - [2001/08/17 08:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »search.live.com/results.aspx?q={···source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.google.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »search.live.com/results.aspx?q={···m=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} »download.microsoft.com/download/···trol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} »quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} »windowsupdate.microsoft.com/wind···60845126 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.233.217.3 64.233.217.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FF9129F-35A8-468D-8900-D8C9F24C72E6}: DhcpNameServer = 64.233.217.3 64.233.217.5
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/06/01 21:02:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/22 18:54:07 | 000,000,075 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/08/31 13:59:15 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\slayerman\Desktop\OTL.exe
[2012/08/31 13:57:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\slayerman\Recent
[2012/08/30 19:50:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2012/08/30 19:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/08/30 19:45:59 | 000,203,120 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/08/30 19:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/08/30 19:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/08/30 19:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\slayerman\Application Data\TestApp
[2012/08/13 16:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\slayerman\Application Data\Skype
[2012/08/13 15:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\slayerman\Application Data\Avira
[2012/08/13 15:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/08/13 15:24:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/08/13 15:24:33 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/08/13 15:24:33 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/08/13 15:24:33 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/08/13 15:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/08/13 15:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/08/10 12:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\slayerman\Application Data\QuickScan
[2012/08/10 11:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\slayerman\Application Data\Malwarebytes
[2012/08/10 11:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/10 11:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/10 11:04:11 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/10 11:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/10 10:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/10 10:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\slayerman\Desktop\tdsskiller

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/08/31 13:59:22 | 000,854,124 | ---- | M] () -- C:\Documents and Settings\slayerman\Desktop\SecurityCheck.exe
[2012/08/31 13:59:17 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\slayerman\Desktop\OTL.exe
[2012/08/31 13:56:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/31 13:54:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/31 13:53:57 | 000,029,808 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000F-00001102-00000002-80641102}.rfx
[2012/08/31 13:53:57 | 000,029,808 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000F-00001102-00000002-80641102}.rfx
[2012/08/31 13:53:57 | 000,017,500 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000F-00001102-00000002-80641102}.rfx
[2012/08/31 13:53:57 | 000,017,500 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000F-00001102-00000002-80641102}.rfx
[2012/08/31 13:53:57 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/08/31 13:53:57 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/08/31 13:53:57 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000F-00001102-00000002-80641102}.dat
[2012/08/31 13:53:57 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000F-00001102-00000002-80641102}.dat
[2012/08/30 19:46:40 | 000,583,670 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/08/30 08:03:16 | 000,810,799 | ---- | M] () -- C:\Documents and Settings\slayerman\Desktop\MasterReferenceToHTML4.pdf
[2012/08/22 17:08:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/15 16:25:04 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/08/13 16:44:53 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/08/13 15:24:55 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/08/13 14:48:49 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2012/08/11 12:12:57 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\slayerman\Local Settings\Application Data\dt.dat
[2012/08/10 11:04:28 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\slayerman\Desktop\Malwarebytes Anti-Malware (2).lnk
[2012/08/10 11:04:14 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\slayerman\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/08/31 13:59:21 | 000,854,124 | ---- | C] () -- C:\Documents and Settings\slayerman\Desktop\SecurityCheck.exe
[2012/08/30 19:46:10 | 000,583,670 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/08/30 08:03:16 | 000,810,799 | ---- | C] () -- C:\Documents and Settings\slayerman\Desktop\MasterReferenceToHTML4.pdf
[2012/08/13 15:24:55 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/08/13 14:48:49 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2012/08/11 12:12:57 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\slayerman\Local Settings\Application Data\dt.dat
[2012/08/10 11:04:28 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\slayerman\Desktop\Malwarebytes Anti-Malware (2).lnk
[2012/08/10 11:04:14 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\slayerman\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/02 16:46:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/06/02 16:17:01 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2012/06/02 16:12:50 | 000,105,070 | ---- | C] () -- C:\WINDOWS\HPFins09.dat
[2012/06/02 16:12:50 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat
[2012/06/02 14:29:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/01 21:36:35 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000F-00001102-00000002-80641102}.dat
[2012/06/01 21:36:35 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000F-00001102-00000002-80641102}.dat
[2012/06/01 21:34:10 | 000,000,128 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2012/06/01 21:34:09 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2012/06/01 21:34:09 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2012/06/01 21:33:50 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2012/06/01 21:33:50 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2012/06/01 21:33:49 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2012/06/01 21:33:49 | 000,164,044 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2012/06/01 21:33:49 | 000,113,373 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2012/06/01 21:33:49 | 000,113,273 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2012/06/01 21:33:49 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2012/06/01 21:33:49 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2012/06/01 21:33:48 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2012/06/01 21:33:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2012/06/01 21:33:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2012/06/01 21:33:48 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2012/06/01 21:05:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/06/01 20:59:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/06/01 16:53:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[color=#E56717]========== LOP Check ==========[/color]

[2012/06/03 08:32:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/08/30 21:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/11 19:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/04 16:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\slayerman\Application Data\Auslogics
[2012/07/12 19:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\slayerman\Application Data\Catalina Marketing Corp
[2012/06/02 16:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\slayerman\Application Data\Oracle
[2012/08/10 12:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\slayerman\Application Data\QuickScan
[2012/08/30 19:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\slayerman\Application Data\TestApp
[2012/08/31 13:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\slayerman\Application Data\Wise Disk Cleaner
[2012/08/26 19:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\slayerman\Application Data\Wise Registry Cleaner

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
to forum · permalink · 2012-08-31 17:22:52 · (locked)

DarthSaruman
Before Me You Tremble

join:2002-06-28
Warren, MI

OTL Extras logfile created on: 8/31/2012 1:59:33 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\slayerman\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.49 Mb Total Physical Memory | 719.34 Mb Available Physical Memory | 70.28% Memory free
2.40 Gb Paging File | 2.12 Gb Available in Paging File | 88.25% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 66.66 Gb Free Space | 89.45% Space Free | Partition Type: NTFS
Drive D: | 129.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MASTER | User Name: slayerman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0F40754C-F1FD-43df-B73E-9DA38399CDD6}" = hpf_ProductContext
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}" = Sound Blaster Live! Web 2K/XP
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series
"{87F59A07-55EE-415E-A966-31F3D8B6B7AD}" = LP6940_Help
"{8DC6CA16-9B4E-4C10-95EE-2BD91EB0290C}" = LP6940Trb
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C209B30-F71F-4c53-8D26-453208EC8E91}" = dj6940
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Driver" = NVIDIA Display Driver
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 7.41
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.43
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 7/22/2012 8:26:18 AM | Computer Name = MASTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 7/22/2012 8:26:44 AM | Computer Name = MASTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash32_11_3_300_257.ocx, version 11.3.300.257, fault address 0x000cef25.

Error - 7/24/2012 8:18:21 AM | Computer Name = MASTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19222, fault address 0x001a0071.

Error - 7/24/2012 8:21:06 AM | Computer Name = MASTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash32_11_3_300_257.ocx, version 11.3.300.257, fault address 0x00470918.

Error - 7/24/2012 8:25:47 AM | Computer Name = MASTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x000108f3.

Error - 7/24/2012 8:49:28 AM | Computer Name = MASTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19222, fault address 0x001094f3.

Error - 7/27/2012 1:07:11 PM | Computer Name = MASTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19222, fault address 0x0027c105.

Error - 7/28/2012 2:58:38 PM | Computer Name = MASTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/30/2012 10:20:29 AM | Computer Name = MASTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/31/2012 9:47:51 AM | Computer Name = MASTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0003729b.

[ System Events ]
Error - 8/25/2012 4:51:42 PM | Computer Name = MASTER | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/26/2012 12:39:19 PM | Computer Name = MASTER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00045A5DC570 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 8/26/2012 1:30:39 PM | Computer Name = MASTER | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/26/2012 1:30:39 PM | Computer Name = MASTER | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/26/2012 8:24:31 PM | Computer Name = MASTER | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/26/2012 8:24:31 PM | Computer Name = MASTER | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/27/2012 9:38:10 AM | Computer Name = MASTER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00045A5DC570 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 8/30/2012 12:06:39 PM | Computer Name = MASTER | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/30/2012 12:06:39 PM | Computer Name = MASTER | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/31/2012 1:54:37 PM | Computer Name = MASTER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00045A5DC570 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
to forum · permalink · 2012-08-31 17:23:17 · (locked)

DarthSaruman
Before Me You Tremble

join:2002-06-28
Warren, MI

eset showed no threats...thanks again in advance

to forum · permalink · 2012-08-31 17:23:58 · (locked)

DarthSaruman
Before Me You Tremble

join:2002-06-28
Warren, MI

avira antivir just caught this one...I am posting the log

Avira Free Antivirus
Report file date: Friday, August 31, 2012 18:41

Scanning for 4200000 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MASTER

Version information:
BUILD.DAT : 12.0.0.1167 40870 Bytes 7/18/2012 20:07:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 7/18/2012 22:04:51
AVSCAN.DLL : 12.3.0.15 54736 Bytes 7/18/2012 22:05:06
LUKE.DLL : 12.3.0.15 68304 Bytes 7/18/2012 22:04:59
AVSCPLR.DLL : 12.3.0.27 97064 Bytes 7/18/2012 22:04:51
AVREG.DLL : 12.3.0.33 232232 Bytes 7/18/2012 22:04:51
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 05:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 15:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 04:38:13
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 22:05:05
VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 22:05:05
VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 22:05:05
VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 22:05:05
VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 22:05:05
VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 22:05:05
VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 22:05:05
VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 22:05:05
VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 22:05:05
VBASE014.VDF : 7.11.38.18 2554880 Bytes 7/30/2012 19:26:30
VBASE015.VDF : 7.11.38.70 556032 Bytes 7/31/2012 19:26:32
VBASE016.VDF : 7.11.38.143 171008 Bytes 8/2/2012 19:26:33
VBASE017.VDF : 7.11.38.221 178176 Bytes 8/6/2012 19:26:33
VBASE018.VDF : 7.11.39.37 168448 Bytes 8/8/2012 19:26:34
VBASE019.VDF : 7.11.39.89 131072 Bytes 8/9/2012 19:26:35
VBASE020.VDF : 7.11.39.145 142336 Bytes 8/11/2012 19:26:35
VBASE021.VDF : 7.11.39.207 165888 Bytes 8/14/2012 19:26:21
VBASE022.VDF : 7.11.40.9 156160 Bytes 8/16/2012 19:48:25
VBASE023.VDF : 7.11.40.49 133120 Bytes 8/17/2012 19:48:12
VBASE024.VDF : 7.11.40.95 156160 Bytes 8/20/2012 00:19:30
VBASE025.VDF : 7.11.40.155 181760 Bytes 8/22/2012 00:19:31
VBASE026.VDF : 7.11.40.205 203264 Bytes 8/23/2012 12:03:16
VBASE027.VDF : 7.11.41.29 188416 Bytes 8/27/2012 11:52:57
VBASE028.VDF : 7.11.41.87 250368 Bytes 8/30/2012 11:52:58
VBASE029.VDF : 7.11.41.88 2048 Bytes 8/30/2012 11:52:58
VBASE030.VDF : 7.11.41.89 2048 Bytes 8/30/2012 11:52:58
VBASE031.VDF : 7.11.41.112 132608 Bytes 8/31/2012 11:52:56
Engine version : 8.2.10.150
AEVDF.DLL : 8.1.2.10 102772 Bytes 8/13/2012 19:26:47
AESCRIPT.DLL : 8.1.4.46 455034 Bytes 8/24/2012 12:03:29
AESCN.DLL : 8.1.8.2 131444 Bytes 2/16/2012 22:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 7/18/2012 22:04:48
AERDL.DLL : 8.1.9.15 639348 Bytes 1/21/2012 05:22:40
AEPACK.DLL : 8.3.0.32 811382 Bytes 8/24/2012 12:03:28
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 8/13/2012 19:26:45
AEHEUR.DLL : 8.1.4.94 5230967 Bytes 8/30/2012 11:53:04
AEHELP.DLL : 8.1.23.2 258422 Bytes 7/18/2012 22:04:45
AEGEN.DLL : 8.1.5.36 434549 Bytes 8/24/2012 12:03:18
AEEXP.DLL : 8.1.0.84 90485 Bytes 8/30/2012 11:53:04
AEEMU.DLL : 8.1.3.2 393587 Bytes 8/13/2012 19:26:39
AECORE.DLL : 8.1.27.4 201078 Bytes 8/13/2012 19:26:39
AEBB.DLL : 8.1.1.0 53618 Bytes 1/21/2012 05:22:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 7/18/2012 22:04:53
AVPREF.DLL : 12.3.0.15 51920 Bytes 7/18/2012 22:04:51
AVREP.DLL : 12.3.0.15 179208 Bytes 7/18/2012 22:04:51
AVARKT.DLL : 12.3.0.15 211408 Bytes 7/18/2012 22:04:49
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 7/18/2012 22:04:50
SQLITE3.DLL : 3.7.0.1 398288 Bytes 7/18/2012 22:05:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 7/18/2012 22:04:52
NETNT.DLL : 12.3.0.15 17104 Bytes 7/18/2012 22:04:59
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 7/18/2012 22:05:09
RCTEXT.DLL : 12.3.0.31 97784 Bytes 7/18/2012 22:05:09

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_504125fc\guard_slideup.avp
Logging.............................: default
Primary action......................: Repair
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Friday, August 31, 2012 18:41

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ipoint.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VC88AE1G\myport[1].htm'
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VC88AE1G\myport[1].htm
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen3 HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '52eb9f3f.qua'.

End of the scan: Friday, August 31, 2012 18:42
Used time: 01:16 Minute(s)

The scan has been done completely.

0 Scanned directories
24 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
23 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes

to forum · permalink · 2012-08-31 18:46:48 · (locked)


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

reply to DarthSaruman

Download ComboFix from one of these locations:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.infospyware.net/antimalware/combofix/
* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it at least 20-30 minutes to finish if needed.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum
to forum · permalink · 2012-09-01 17:45:14 · (locked)

DarthSaruman
Before Me You Tremble

join:2002-06-28
Warren, MI

last night after I posted what Avira Antivir found I shut down my computer...when I turned it on today it wasn't acting stupid...and I didn't run any other scans...I checked google and its not redirecting anymore...kinda weird...here is combofix

ComboFix 12-08-31.08 - slayerman 09/01/2012 18:08:13.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.725 [GMT -4:00]
Running from: c:\documents and settings\slayerman\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
.
.
2012-08-31 21:18 . 2012-08-31 21:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-08-31 20:22 . 2012-08-31 20:22 -------- d-----w- c:\documents and settings\bratzdoll\Local Settings\Application Data\Sun
2012-08-31 01:13 . 2012-08-31 01:13 -------- d-----w- c:\documents and settings\bratzdoll\Local Settings\Application Data\Threat Expert
2012-08-30 23:49 . 2012-08-31 01:37 -------- d-----w- c:\program files\PC Tools
2012-08-30 23:45 . 2012-08-31 01:37 -------- d-----w- c:\program files\Common Files\PC Tools
2012-08-30 23:45 . 2012-06-22 19:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-08-30 23:45 . 2012-08-31 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-08-30 23:45 . 2012-08-30 23:45 -------- d-----w- c:\documents and settings\slayerman\Application Data\TestApp
2012-08-22 00:22 . 2012-08-22 00:22 -------- d-----w- c:\documents and settings\bratzdoll\Application Data\Avira
2012-08-13 20:44 . 2012-08-13 20:45 -------- d-----w- c:\documents and settings\slayerman\Application Data\Skype
2012-08-13 19:30 . 2012-08-13 19:30 -------- d-----w- c:\documents and settings\slayerman\Application Data\Avira
2012-08-13 19:24 . 2012-07-18 22:05 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-13 19:24 . 2012-07-18 22:05 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-13 19:24 . 2012-07-18 22:05 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-13 19:24 . 2012-08-13 19:24 -------- d-----w- c:\program files\Avira
2012-08-13 19:24 . 2012-08-13 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-08-10 16:26 . 2012-08-10 16:26 -------- d-----w- c:\documents and settings\slayerman\Application Data\QuickScan
2012-08-10 15:04 . 2012-08-10 15:04 -------- d-----w- c:\documents and settings\slayerman\Application Data\Malwarebytes
2012-08-10 15:04 . 2012-08-10 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-10 15:04 . 2012-08-10 15:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-10 15:04 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-10 14:13 . 2012-08-10 14:13 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 15:26 . 2012-06-02 20:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-10 15:26 . 2012-06-02 20:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-09-20 2899968]
"nwiz"="nwiz.exe" [2005-09-20 782336]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-09-20 46080]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [8/13/2012 3:24 PM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/13/2012 3:24 PM 86224]
S0 92370155;92370155;c:\windows\system32\drivers\68963222.sys --> c:\windows\system32\drivers\68963222.sys [?]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [11/9/2010 10:46 PM 20704]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [6/19/2012 5:32 PM 3048136]
S3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/7/2012 7:12 PM 160944]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.233.217.3 64.233.217.5
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-92370155.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2012-09-01 18:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2904)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-09-01 18:14:47
ComboFix-quarantined-files.txt 2012-09-01 22:14
.
Pre-Run: 71,497,334,784 bytes free
Post-Run: 71,457,517,568 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 5C95377E01F2146BBD3C69E0DCE70A8B
to forum · permalink · 2012-09-01 18:19:37 · (locked)


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

reply to DarthSaruman
Please go to »www.virustotal.com/

Press the 'Browse' button to the right of the yellow box.

Navigate to the file(s) listed below, one at a time (if more than one file). Press the 'Open' button in the file dialog box or double click on the file name. The file name and path should appear in the yellow box.


c:\windows\system32\drivers\68963222.sys


Click on the Send File button

Note: If you can't find the file, let me know in your next post.

Once the Scan is completed, a Web page will open with the scan results. Copy and paste the address of that webpage from the address bar of your browser into your next post in this thread. Note that you can also copy and paste the contents of the webpage if you find that easier.

If the file has been previously scanned, the results webpage will show:
"File has already been submitted:"

Press the "View Last Report" button then copy and paste the address of that webpage from the address bar of your browser into your next post in this thread.

If there is more than one file listed for scanning, press the Another File button at the bottom of the page. Repeat this procedure until all files listed have been scanned.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-09-02 10:37:38 · (locked)

DarthSaruman
Before Me You Tremble

join:2002-06-28
Warren, MI

I can't find the file

to forum · permalink · 2012-09-02 10:46:22 · (locked)


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

reply to DarthSaruman
Thanks, we'll skip that file for the time. The logs are ok, but I want to a specific redirect check.

Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected.

You'll find the link(s) and instruction(s) here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-09-02 11:42:41 · (locked)

DarthSaruman
Before Me You Tremble

join:2002-06-28
Warren, MI

here you go

11:44:08.0300 3680 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
11:44:08.0570 3680 ============================================================
11:44:08.0570 3680 Current date / time: 2012/09/02 11:44:08.0570
11:44:08.0570 3680 SystemInfo:
11:44:08.0570 3680
11:44:08.0570 3680 OS Version: 5.1.2600 ServicePack: 3.0
11:44:08.0570 3680 Product type: Workstation
11:44:08.0570 3680 ComputerName: MASTER
11:44:08.0570 3680 UserName: slayerman
11:44:08.0570 3680 Windows directory: C:\WINDOWS
11:44:08.0570 3680 System windows directory: C:\WINDOWS
11:44:08.0570 3680 Processor architecture: Intel x86
11:44:08.0570 3680 Number of processors: 1
11:44:08.0570 3680 Page size: 0x1000
11:44:08.0570 3680 Boot type: Normal boot
11:44:08.0570 3680 ============================================================
11:44:10.0563 3680 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:44:10.0563 3680 ============================================================
11:44:10.0563 3680 \Device\Harddisk0\DR0:
11:44:10.0563 3680 MBR partitions:
11:44:10.0563 3680 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
11:44:10.0563 3680 ============================================================
11:44:10.0593 3680 C: \Device\Harddisk0\DR0\Partition1
11:44:10.0593 3680 ============================================================
11:44:10.0593 3680 Initialize success
11:44:10.0593 3680 ============================================================
11:44:12.0446 3700 ============================================================
11:44:12.0446 3700 Scan started
11:44:12.0446 3700 Mode: Manual;
11:44:12.0446 3700 ============================================================
11:44:13.0137 3700 ================ Scan system memory ========================
11:44:13.0147 3700 System memory - ok
11:44:13.0157 3700 ================ Scan services =============================
11:44:13.0257 3700 92370155 - ok
11:44:13.0297 3700 Abiosdsk - ok
11:44:13.0327 3700 abp480n5 - ok
11:44:13.0397 3700 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:44:13.0397 3700 ACPI - ok
11:44:13.0467 3700 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:44:13.0467 3700 ACPIEC - ok
11:44:13.0507 3700 adpu160m - ok
11:44:13.0557 3700 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:44:13.0597 3700 aec - ok
11:44:13.0677 3700 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:44:13.0677 3700 AFD - ok
11:44:13.0717 3700 Aha154x - ok
11:44:13.0757 3700 aic78u2 - ok
11:44:13.0787 3700 aic78xx - ok
11:44:13.0848 3700 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:44:13.0858 3700 Alerter - ok
11:44:13.0898 3700 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:44:13.0898 3700 ALG - ok
11:44:13.0918 3700 AliIde - ok
11:44:13.0998 3700 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
11:44:13.0998 3700 AmdK7 - ok
11:44:14.0048 3700 amsint - ok
11:44:14.0118 3700 [ 116BFF96077A4A724E0AAB800525CEB5 ] AN983 C:\WINDOWS\system32\DRIVERS\AN983.sys
11:44:14.0128 3700 AN983 - ok
11:44:14.0288 3700 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:44:14.0308 3700 AntiVirSchedulerService - ok
11:44:14.0378 3700 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:44:14.0398 3700 AntiVirService - ok
11:44:14.0488 3700 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:44:14.0508 3700 Apple Mobile Device - ok
11:44:14.0599 3700 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:44:14.0619 3700 AppMgmt - ok
11:44:14.0659 3700 asc - ok
11:44:14.0699 3700 asc3350p - ok
11:44:14.0729 3700 asc3550 - ok
11:44:14.0939 3700 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:44:14.0939 3700 AsyncMac - ok
11:44:14.0979 3700 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:44:14.0989 3700 atapi - ok
11:44:15.0019 3700 Atdisk - ok
11:44:15.0089 3700 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:44:15.0099 3700 Atmarpc - ok
11:44:15.0169 3700 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:44:15.0179 3700 AudioSrv - ok
11:44:15.0250 3700 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:44:15.0260 3700 audstub - ok
11:44:15.0340 3700 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:44:15.0350 3700 avgntflt - ok
11:44:15.0390 3700 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:44:15.0420 3700 avipbb - ok
11:44:15.0470 3700 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
11:44:15.0490 3700 avkmgr - ok
11:44:15.0570 3700 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:44:15.0580 3700 Beep - ok
11:44:15.0680 3700 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:44:15.0740 3700 BITS - ok
11:44:15.0850 3700 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:44:15.0900 3700 Bonjour Service - ok
11:44:15.0971 3700 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
11:44:15.0991 3700 Browser - ok
11:44:16.0131 3700 catchme - ok
11:44:16.0201 3700 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:44:16.0211 3700 cbidf2k - ok
11:44:16.0271 3700 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:44:16.0281 3700 CCDECODE - ok
11:44:16.0311 3700 cd20xrnt - ok
11:44:16.0391 3700 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:44:16.0401 3700 Cdaudio - ok
11:44:16.0451 3700 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:44:16.0451 3700 Cdfs - ok
11:44:16.0531 3700 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:44:16.0541 3700 Cdrom - ok
11:44:16.0581 3700 Changer - ok
11:44:16.0662 3700 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:44:16.0662 3700 CiSvc - ok
11:44:16.0722 3700 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:44:16.0722 3700 ClipSrv - ok
11:44:16.0752 3700 CmdIde - ok
11:44:16.0812 3700 [ 216F2C5CD4B5858D9A80A09A5479562B ] CompFilter C:\WINDOWS\system32\DRIVERS\lvbusflt.sys
11:44:16.0832 3700 CompFilter - ok
11:44:16.0882 3700 COMSysApp - ok
11:44:16.0952 3700 Cpqarray - ok
11:44:17.0012 3700 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:44:17.0032 3700 CryptSvc - ok
11:44:17.0112 3700 [ 4B6096745F72B4FD36514617E2EA5D37 ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
11:44:17.0152 3700 ctac32k - ok
11:44:17.0222 3700 [ 3576EC792347ED15699F6D830E0F5437 ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
11:44:17.0303 3700 ctaud2k - ok
11:44:17.0363 3700 [ 71007BD2E1E26927FE3E4EB00C0BEEDF ] ctljystk C:\WINDOWS\system32\DRIVERS\ctljystk.sys
11:44:17.0373 3700 ctljystk - ok
11:44:17.0473 3700 [ 097D42574E3C6D98CD5A2EE7647FA6BF ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
11:44:17.0483 3700 ctprxy2k - ok
11:44:17.0523 3700 [ C58A2507EF62B20B9BD670C666088B50 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
11:44:17.0553 3700 ctsfm2k - ok
11:44:17.0583 3700 dac2w2k - ok
11:44:17.0623 3700 dac960nt - ok
11:44:17.0723 3700 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:44:17.0733 3700 DcomLaunch - ok
11:44:17.0803 3700 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:44:17.0823 3700 Dhcp - ok
11:44:17.0873 3700 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:44:17.0873 3700 Disk - ok
11:44:17.0893 3700 dmadmin - ok
11:44:17.0993 3700 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:44:18.0054 3700 dmboot - ok
11:44:18.0114 3700 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:44:18.0114 3700 dmio - ok
11:44:18.0184 3700 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:44:18.0184 3700 dmload - ok
11:44:18.0264 3700 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:44:18.0274 3700 dmserver - ok
11:44:18.0324 3700 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:44:18.0334 3700 DMusic - ok
11:44:18.0414 3700 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:44:18.0444 3700 Dnscache - ok
11:44:18.0504 3700 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:44:18.0524 3700 Dot3svc - ok
11:44:18.0564 3700 dpti2o - ok
11:44:18.0634 3700 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:44:18.0644 3700 drmkaud - ok
11:44:18.0705 3700 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:44:18.0715 3700 EapHost - ok
11:44:18.0775 3700 [ 01F83E1B5DCE05F5CB7D99113CA9E890 ] emu10k C:\WINDOWS\system32\drivers\emu10k1m.sys
11:44:18.0825 3700 emu10k - ok
11:44:18.0865 3700 [ 7FFA171CCE6A8BFC774862A578BA39A2 ] emu10k1 C:\WINDOWS\system32\drivers\ctlfacem.sys
11:44:18.0865 3700 emu10k1 - ok
11:44:18.0935 3700 [ A9D94B89372F3F9609A1A5EEC631A260 ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
11:44:18.0965 3700 emupia - ok
11:44:19.0035 3700 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:44:19.0055 3700 ERSvc - ok
11:44:19.0135 3700 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:44:19.0135 3700 Eventlog - ok
11:44:19.0245 3700 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
11:44:19.0275 3700 EventSystem - ok
11:44:19.0335 3700 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:44:19.0355 3700 Fastfat - ok
11:44:19.0436 3700 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:44:19.0476 3700 FastUserSwitchingCompatibility - ok
11:44:19.0546 3700 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:44:19.0556 3700 Fdc - ok
11:44:19.0606 3700 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:44:19.0616 3700 Fips - ok
11:44:19.0656 3700 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:44:19.0656 3700 Flpydisk - ok
11:44:19.0726 3700 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:44:19.0726 3700 FltMgr - ok
11:44:19.0766 3700 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:44:19.0776 3700 Fs_Rec - ok
11:44:19.0816 3700 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:44:19.0816 3700 Ftdisk - ok
11:44:19.0856 3700 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
11:44:19.0866 3700 gameenum - ok
11:44:19.0926 3700 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:44:19.0936 3700 GEARAspiWDM - ok
11:44:20.0016 3700 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:44:20.0026 3700 Gpc - ok
11:44:20.0137 3700 [ DC9847CDC43665ED4CC780947516209C ] ha10kx2k C:\WINDOWS\system32\drivers\ha10kx2k.sys
11:44:20.0237 3700 ha10kx2k - ok
11:44:20.0327 3700 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:44:20.0337 3700 helpsvc - ok
11:44:20.0377 3700 HidServ - ok
11:44:20.0427 3700 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:44:20.0437 3700 hidusb - ok
11:44:20.0517 3700 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:44:20.0537 3700 hkmsvc - ok
11:44:20.0637 3700 [ C5F00D15AA15CB7F55A027FF75E44BB7 ] HP Port Resolver C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
11:44:20.0657 3700 HP Port Resolver - ok
11:44:20.0697 3700 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
11:44:20.0717 3700 HP Status Server - ok
11:44:20.0767 3700 hpn - ok
11:44:20.0818 3700 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:44:20.0818 3700 HPZid412 - ok
11:44:20.0868 3700 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:44:20.0878 3700 HPZipr12 - ok
11:44:20.0928 3700 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:44:20.0938 3700 HPZius12 - ok
11:44:21.0018 3700 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:44:21.0018 3700 HTTP - ok
11:44:21.0088 3700 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:44:21.0108 3700 HTTPFilter - ok
11:44:21.0138 3700 i2omgmt - ok
11:44:21.0158 3700 i2omp - ok
11:44:21.0208 3700 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:44:21.0228 3700 i8042prt - ok
11:44:21.0318 3700 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:44:21.0328 3700 Imapi - ok
11:44:21.0408 3700 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:44:21.0418 3700 ImapiService - ok
11:44:21.0468 3700 ini910u - ok
11:44:21.0539 3700 IntelIde - ok
11:44:21.0599 3700 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:44:21.0619 3700 ip6fw - ok
11:44:21.0849 3700 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:44:21.0859 3700 IpFilterDriver - ok
11:44:21.0909 3700 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:44:21.0919 3700 IpInIp - ok
11:44:21.0979 3700 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:44:21.0979 3700 IpNat - ok
11:44:22.0079 3700 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:44:22.0159 3700 iPod Service - ok
11:44:22.0220 3700 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:44:22.0230 3700 IPSec - ok
11:44:22.0300 3700 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:44:22.0310 3700 IRENUM - ok
11:44:22.0390 3700 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:44:22.0390 3700 isapnp - ok
11:44:22.0430 3700 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:44:22.0440 3700 Kbdclass - ok
11:44:22.0490 3700 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:44:22.0540 3700 kmixer - ok
11:44:22.0610 3700 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:44:22.0610 3700 KSecDD - ok
11:44:22.0690 3700 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:44:22.0720 3700 lanmanserver - ok
11:44:22.0800 3700 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:44:22.0830 3700 lanmanworkstation - ok
11:44:22.0871 3700 lbrtfdc - ok
11:44:22.0981 3700 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:44:22.0991 3700 LmHosts - ok
11:44:23.0051 3700 [ 8BE71D7EDB8C7494913722059F760DD0 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
11:44:23.0081 3700 LVPr2Mon - ok
11:44:23.0131 3700 LVRS - ok
11:44:23.0161 3700 LVUVC - ok
11:44:23.0281 3700 [ 178ED7E763F4868196DDB791646FCD4D ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
11:44:23.0321 3700 MDM - ok
11:44:23.0391 3700 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:44:23.0401 3700 Messenger - ok
11:44:23.0481 3700 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:44:23.0491 3700 mnmdd - ok
11:44:23.0562 3700 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
11:44:23.0562 3700 mnmsrvc - ok
11:44:23.0662 3700 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:44:23.0672 3700 Modem - ok
11:44:23.0752 3700 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:44:23.0762 3700 Mouclass - ok
11:44:23.0802 3700 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:44:23.0812 3700 mouhid - ok
11:44:23.0882 3700 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:44:23.0882 3700 MountMgr - ok
11:44:23.0912 3700 mraid35x - ok
11:44:23.0962 3700 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:44:23.0972 3700 MRxDAV - ok
11:44:24.0062 3700 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:44:24.0082 3700 MRxSmb - ok
11:44:24.0162 3700 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
11:44:24.0162 3700 MSDTC - ok
11:44:24.0212 3700 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:44:24.0212 3700 Msfs - ok
11:44:24.0252 3700 MSIServer - ok
11:44:24.0303 3700 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:44:24.0313 3700 MSKSSRV - ok
11:44:24.0353 3700 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:44:24.0353 3700 MSPCLOCK - ok
11:44:24.0423 3700 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:44:24.0433 3700 MSPQM - ok
11:44:24.0483 3700 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:44:24.0483 3700 mssmbios - ok
11:44:24.0543 3700 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
11:44:24.0553 3700 MSTEE - ok
11:44:24.0633 3700 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:44:24.0633 3700 Mup - ok
11:44:24.0693 3700 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:44:24.0713 3700 NABTSFEC - ok
11:44:24.0783 3700 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:44:24.0823 3700 napagent - ok
11:44:24.0873 3700 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:44:24.0893 3700 NDIS - ok
11:44:24.0964 3700 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:44:24.0974 3700 NdisIP - ok
11:44:25.0034 3700 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:44:25.0044 3700 NdisTapi - ok
11:44:25.0104 3700 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:44:25.0114 3700 Ndisuio - ok
11:44:25.0174 3700 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:44:25.0194 3700 NdisWan - ok
11:44:25.0264 3700 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:44:25.0274 3700 NDProxy - ok
11:44:25.0314 3700 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:44:25.0314 3700 NetBIOS - ok
11:44:25.0394 3700 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:44:25.0424 3700 NetBT - ok
11:44:25.0504 3700 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:44:25.0504 3700 NetDDE - ok
11:44:25.0544 3700 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:44:25.0544 3700 NetDDEdsdm - ok
11:44:25.0614 3700 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:44:25.0614 3700 Netlogon - ok
11:44:25.0685 3700 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:44:25.0715 3700 Netman - ok
11:44:25.0795 3700 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:44:25.0805 3700 Nla - ok
11:44:25.0845 3700 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:44:25.0845 3700 Npfs - ok
11:44:25.0945 3700 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:44:25.0965 3700 Ntfs - ok
11:44:26.0015 3700 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
11:44:26.0015 3700 NtLmSsp - ok
11:44:26.0105 3700 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:44:26.0165 3700 NtmsSvc - ok
11:44:26.0175 3700 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:44:26.0185 3700 Null - ok
11:44:26.0315 3700 [ F7C498B494988A2666F283F174118D3A ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:44:26.0446 3700 nv - ok
11:44:26.0496 3700 [ FEF864D834C391A13E4B1EEFCD9C67C9 ] NVSvc C:\WINDOWS\System32\nvsvc32.exe
11:44:26.0496 3700 NVSvc - ok
11:44:26.0566 3700 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:44:26.0576 3700 NwlnkFlt - ok
11:44:26.0616 3700 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:44:26.0626 3700 NwlnkFwd - ok
11:44:26.0696 3700 [ F29184BDC81C398B6027A67FF6A19895 ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
11:44:26.0716 3700 ossrv - ok
11:44:26.0776 3700 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:44:26.0796 3700 Parport - ok
11:44:26.0866 3700 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:44:26.0876 3700 PartMgr - ok
11:44:26.0946 3700 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:44:26.0956 3700 ParVdm - ok
11:44:27.0006 3700 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:44:27.0006 3700 PCI - ok
11:44:27.0026 3700 PciCon - ok
11:44:27.0057 3700 PCIDump - ok
11:44:27.0097 3700 PCIIde - ok
11:44:27.0157 3700 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:44:27.0177 3700 Pcmcia - ok
11:44:27.0217 3700 PDCOMP - ok
11:44:27.0267 3700 PDFRAME - ok
11:44:27.0287 3700 PDRELI - ok
11:44:27.0317 3700 PDRFRAME - ok
11:44:27.0357 3700 perc2 - ok
11:44:27.0397 3700 perc2hib - ok
11:44:27.0517 3700 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:44:27.0517 3700 PlugPlay - ok
11:44:27.0587 3700 [ A38B3CE68E7F126190CDE4AA3FDF050F ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
11:44:27.0587 3700 Pml Driver HPZ12 - ok
11:44:27.0667 3700 [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
11:44:27.0687 3700 Point32 - ok
11:44:27.0727 3700 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:44:27.0738 3700 PolicyAgent - ok
11:44:27.0798 3700 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:44:27.0818 3700 PptpMiniport - ok
11:44:27.0848 3700 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:44:27.0858 3700 ProtectedStorage - ok
11:44:27.0898 3700 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:44:27.0908 3700 PSched - ok
11:44:27.0978 3700 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:44:27.0988 3700 Ptilink - ok
11:44:28.0028 3700 ql1080 - ok
11:44:28.0058 3700 Ql10wnt - ok
11:44:28.0088 3700 ql12160 - ok
11:44:28.0128 3700 ql1240 - ok
11:44:28.0168 3700 ql1280 - ok
11:44:28.0208 3700 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:44:28.0228 3700 RasAcd - ok
11:44:28.0278 3700 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:44:28.0298 3700 RasAuto - ok
11:44:28.0348 3700 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:44:28.0358 3700 Rasl2tp - ok
11:44:28.0439 3700 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:44:28.0469 3700 RasMan - ok
11:44:28.0509 3700 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:44:28.0519 3700 RasPppoe - ok
11:44:28.0549 3700 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:44:28.0569 3700 Raspti - ok
11:44:28.0619 3700 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:44:28.0629 3700 Rdbss - ok
11:44:28.0679 3700 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:44:28.0689 3700 RDPCDD - ok
11:44:28.0749 3700 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:44:28.0779 3700 rdpdr - ok
11:44:28.0879 3700 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:44:28.0899 3700 RDPWD - ok
11:44:28.0969 3700 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:44:28.0969 3700 RDSessMgr - ok
11:44:29.0049 3700 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:44:29.0079 3700 redbook - ok
11:44:29.0160 3700 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:44:29.0180 3700 RemoteAccess - ok
11:44:29.0250 3700 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:44:29.0270 3700 RemoteRegistry - ok
11:44:29.0310 3700 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
11:44:29.0320 3700 RpcLocator - ok
11:44:29.0370 3700 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:44:29.0380 3700 RpcSs - ok
11:44:29.0440 3700 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
11:44:29.0440 3700 RSVP - ok
11:44:29.0500 3700 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:44:29.0500 3700 SamSs - ok
11:44:29.0580 3700 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:44:29.0580 3700 SCardSvr - ok
11:44:29.0670 3700 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:44:29.0700 3700 Schedule - ok
11:44:29.0770 3700 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:44:29.0780 3700 Secdrv - ok
11:44:29.0821 3700 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:44:29.0831 3700 seclogon - ok
11:44:29.0881 3700 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:44:29.0891 3700 SENS - ok
11:44:29.0931 3700 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:44:29.0931 3700 serenum - ok
11:44:29.0971 3700 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:44:29.0991 3700 Serial - ok
11:44:30.0061 3700 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:44:30.0071 3700 Sfloppy - ok
11:44:30.0141 3700 [ 0B1A5E9CACB5CDD54A2815107BD7C772 ] sfman C:\WINDOWS\system32\drivers\sfmanm.sys
11:44:30.0151 3700 sfman - ok
11:44:30.0221 3700 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:44:30.0231 3700 SharedAccess - ok
11:44:30.0281 3700 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:44:30.0291 3700 ShellHWDetection - ok
11:44:30.0321 3700 Simbad - ok
11:44:30.0572 3700 [ 2A99850C2A6EDD6C6602E822C716EDAF ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:44:30.0742 3700 Skype C2C Service - ok
11:44:30.0822 3700 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
11:44:30.0962 3700 SkypeUpdate - ok
11:44:31.0012 3700 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:44:31.0022 3700 SLIP - ok
11:44:31.0062 3700 Sparrow - ok
11:44:31.0112 3700 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:44:31.0122 3700 splitter - ok
11:44:31.0213 3700 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:44:31.0223 3700 Spooler - ok
11:44:31.0273 3700 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:44:31.0273 3700 sr - ok
11:44:31.0353 3700 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:44:31.0383 3700 srservice - ok
11:44:31.0473 3700 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:44:31.0483 3700 Srv - ok
11:44:31.0533 3700 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:44:31.0553 3700 SSDPSRV - ok
11:44:31.0623 3700 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:44:31.0643 3700 ssmdrv - ok
11:44:31.0693 3700 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:44:31.0733 3700 stisvc - ok
11:44:31.0803 3700 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:44:31.0813 3700 streamip - ok
11:44:31.0873 3700 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:44:31.0883 3700 swenum - ok
11:44:31.0934 3700 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:44:31.0964 3700 swmidi - ok
11:44:31.0994 3700 SwPrv - ok
11:44:32.0054 3700 symc810 - ok
11:44:32.0084 3700 symc8xx - ok
11:44:32.0124 3700 sym_hi - ok
11:44:32.0164 3700 sym_u3 - ok
11:44:32.0214 3700 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:44:32.0224 3700 sysaudio - ok
11:44:32.0294 3700 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:44:32.0304 3700 SysmonLog - ok
11:44:32.0364 3700 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:44:32.0414 3700 TapiSrv - ok
11:44:32.0484 3700 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:44:32.0534 3700 Tcpip - ok
11:44:32.0594 3700 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:44:32.0605 3700 TDPIPE - ok
11:44:32.0665 3700 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:44:32.0675 3700 TDTCP - ok
11:44:32.0745 3700 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:44:32.0765 3700 TermDD - ok
11:44:32.0865 3700 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:44:32.0905 3700 TermService - ok
11:44:32.0955 3700 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:44:32.0965 3700 Themes - ok
11:44:33.0055 3700 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
11:44:33.0055 3700 TlntSvr - ok
11:44:33.0095 3700 TosIde - ok
11:44:33.0165 3700 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:44:33.0195 3700 TrkWks - ok
11:44:33.0275 3700 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:44:33.0285 3700 Udfs - ok
11:44:33.0306 3700 ultra - ok
11:44:33.0376 3700 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:44:33.0436 3700 Update - ok
11:44:33.0506 3700 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:44:33.0546 3700 upnphost - ok
11:44:33.0586 3700 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:44:33.0596 3700 UPS - ok
11:44:33.0646 3700 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
11:44:33.0666 3700 usbaudio - ok
11:44:33.0726 3700 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:44:33.0746 3700 usbccgp - ok
11:44:33.0796 3700 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:44:33.0796 3700 usbehci - ok
11:44:33.0876 3700 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:44:33.0896 3700 usbhub - ok
11:44:33.0926 3700 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:44:33.0946 3700 usbprint - ok
11:44:34.0007 3700 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:44:34.0017 3700 usbscan - ok
11:44:34.0077 3700 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:44:34.0087 3700 USBSTOR - ok
11:44:34.0127 3700 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:44:34.0137 3700 usbuhci - ok
11:44:34.0187 3700 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
11:44:34.0207 3700 usbvideo - ok
11:44:34.0277 3700 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:44:34.0287 3700 VgaSave - ok
11:44:34.0327 3700 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:44:34.0327 3700 viaagp - ok
11:44:34.0367 3700 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
11:44:34.0367 3700 ViaIde - ok
11:44:34.0417 3700 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:44:34.0417 3700 VolSnap - ok
11:44:34.0517 3700 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:44:34.0527 3700 VSS - ok
11:44:34.0607 3700 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:44:34.0627 3700 W32Time - ok
11:44:34.0708 3700 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:44:34.0728 3700 Wanarp - ok
11:44:34.0788 3700 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
11:44:34.0848 3700 Wdf01000 - ok
11:44:34.0888 3700 WDICA - ok
11:44:34.0938 3700 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:44:34.0948 3700 wdmaud - ok
11:44:35.0018 3700 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:44:35.0048 3700 WebClient - ok
11:44:35.0158 3700 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:44:35.0178 3700 winmgmt - ok
11:44:35.0308 3700 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:44:35.0318 3700 WmdmPmSN - ok
11:44:35.0378 3700 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:44:35.0399 3700 Wmi - ok
11:44:35.0479 3700 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
11:44:35.0509 3700 WmiApSrv - ok
11:44:35.0659 3700 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
11:44:35.0769 3700 WMPNetworkSvc - ok
11:44:35.0859 3700 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:44:35.0869 3700 WS2IFSL - ok
11:44:35.0949 3700 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:44:35.0969 3700 wscsvc - ok
11:44:36.0029 3700 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:44:36.0059 3700 WSTCODEC - ok
11:44:36.0110 3700 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:44:36.0120 3700 wuauserv - ok
11:44:36.0190 3700 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:44:36.0210 3700 WudfPf - ok
11:44:36.0270 3700 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:44:36.0280 3700 WudfRd - ok
11:44:36.0320 3700 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:44:36.0360 3700 WudfSvc - ok
11:44:36.0450 3700 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:44:36.0510 3700 WZCSVC - ok
11:44:36.0620 3700 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:44:36.0650 3700 xmlprov - ok
11:44:36.0710 3700 ================ Scan global ===============================
11:44:36.0791 3700 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:44:36.0871 3700 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:44:36.0961 3700 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:44:37.0001 3700 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:44:37.0001 3700 [Global] - ok
11:44:37.0021 3700 ================ Scan MBR ==================================
11:44:37.0051 3700 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:44:37.0281 3700 \Device\Harddisk0\DR0 - ok
11:44:37.0301 3700 ================ Scan VBR ==================================
11:44:37.0311 3700 [ 3E12CDFE3D3FACE22C97AB12E8396C42 ] \Device\Harddisk0\DR0\Partition1
11:44:37.0321 3700 \Device\Harddisk0\DR0\Partition1 - ok
11:44:37.0331 3700 ============================================================
11:44:37.0331 3700 Scan finished
11:44:37.0331 3700 ============================================================
11:44:37.0371 3696 Detected object count: 0
11:44:37.0371 3696 Actual detected object count: 0

to forum · permalink · 2012-09-02 11:45:28 · (locked)


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

reply to DarthSaruman
Nothng here and definetly no zero access trojan. Time to cleanup.

First:
Click Start, then Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

(Note: There is a SPACE between ComboFix and /uninstall)


Second:
Cleaning Up:

Delete TFC:

  • Delete the TFC icon on your Desktop

Delete OTL:
  • Double click the OTL icon on your Desktop
  • Press the 'Cleanup' button

Delete Security Check:
  • Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:
  • We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Delete Sophos AntiRootkit
  • If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.

Other Programs:
  • If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum
to forum · permalink · 2012-09-03 10:40:35 · (locked)

DarthSaruman
Before Me You Tremble

join:2002-06-28
Warren, MI

One more question...when I ran combofix it said I had AVG antivirus 2012 installed and I uninstalled that about a month ago cause it was slowing down my computer...any ideas why?...thanks for the help on both computers!!!!

Have a great day
DS

to forum · permalink · 2012-09-03 11:16:33 · (locked)


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

reply to DarthSaruman
Combofix obtains installed AV information from the registry. If a partial or incomplete, or sloppy removal was performed, then the info will remain.

I don't recall if AVG has a removal program. If it does, download and run it. That should cleanup the stragglers.

Note: You can download and run Security Check (see Mandatory Steps) to get the installed AV info. along with info on currency of some programs.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-09-03 11:22:33 · (locked)
Forums > Broadband Tech > Security > Security Cleanup

Saturday, 25-May 14:34:56 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics