Jump to content
Chanta153

redirects and random ad audio even when computer is idle

Recommended Posts

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by colton at 22:07:34 on 2012-07-30

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File

BHO: {687578b9-7132-4a7a-80e4-30ee31099e03} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - c:\progra~1\winzip~1\wzwmcie.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - Ask Toolbar

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SMTTB2009: {fcbccb87-9224-4b8d-b117-f56d924beb18} - SMTTB2009 Class

TB: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File

TB: Hyperionics DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} -

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -

TB: {687578b9-7132-4a7a-80e4-30ee31099e03} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\colton\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [iTunesHelper] "d:\games\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: Free YouTube to iPod Converter - c:\documents and settings\colton\application data\dvdvideosoftiehelpers\freeyoutubetoipodconverter.htm

IE: Free YouTube to MP3 Converter - c:\documents and settings\colton\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

LSP: mswsock.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341537885859

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab

DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{0DF223A0-5DC9-408B-99EA-52921A497DDD} : DhcpNameServer = 192.168.2.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs: c:\windows\system32\guard32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-07-31 04:48:06 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4889875b-f10e-4a6b-8922-e76a4a2b821a}\offreg.dll

2012-07-31 04:48:06 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4889875b-f10e-4a6b-8922-e76a4a2b821a}\MpKsl111059d0.sys

2012-07-31 04:20:56 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4889875b-f10e-4a6b-8922-e76a4a2b821a}\mpengine.dll

2012-07-31 00:44:19 -------- d-----w- c:\documents and settings\colton\application data\Malwarebytes

2012-07-31 00:44:04 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-07-31 00:44:02 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-31 00:44:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-30 02:18:28 -------- d-----w- c:\program files\TeamSpeak 3 Client

2012-07-30 00:16:30 6891424 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-07-18 20:30:19 -------- d-----w- c:\program files\EndlessOnline

2012-07-17 00:05:05 -------- d-----w- c:\documents and settings\colton\application data\GetRightToGo

2012-07-12 02:15:37 -------- d-----w- c:\program files\Microsoft Security Client

2012-07-11 06:06:40 653745 ----a-w- c:\windows\system32\drivers\sfi.dat

2012-07-11 06:02:33 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA

2012-07-11 05:59:55 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-07-11 05:59:55 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2012-07-11 05:59:55 1060864 ----a-w- c:\windows\system32\mfc71.dll

2012-07-11 05:46:09 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2012-07-06 21:53:48 -------- d-----w- c:\documents and settings\colton\local settings\application data\Skyrim

2012-07-01 20:23:39 -------- d-----w- c:\program files\ATITool

2012-07-01 20:10:35 -------- d-----w- c:\program files\IObit

2012-07-01 20:10:35 -------- d-----w- c:\documents and settings\all users\application data\IObit

.

==================== Find3M ====================

.

2012-07-30 00:52:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-30 00:52:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-13 00:13:40 405144 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll

2012-07-05 18:38:13 138992 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2012-07-05 18:38:02 281288 ----a-w- c:\windows\system32\PnkBstrB.xtr

2012-07-05 18:38:02 281288 ----a-w- c:\windows\system32\PnkBstrB.exe

2012-07-05 08:14:29 281288 ----a-w- c:\windows\system32\PnkBstrB.ex0

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-05 00:35:26 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 20:40:17 138904 ----a-w- c:\documents and settings\colton\application data\PnkBstrK.sys

2012-06-02 20:39:57 76888 ----a-w- c:\windows\system32\PnkBstrA.exe

2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-26 14:49:58 21840 ----atw- c:\windows\system32\SIntfNT.dll

2012-05-26 14:49:58 17212 ----atw- c:\windows\system32\SIntf32.dll

2012-05-26 14:49:58 12067 ----atw- c:\windows\system32\SIntf16.dll

2012-05-23 22:28:07 319488 ----a-w- c:\windows\HideWin.exe

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec

2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2008-03-09 14:25:10 236 ----a-w- c:\program files\common files\dx.reg

.

============= FINISH: 22:09:12.23 ===============

attach.zip

Share this post


Link to post
Share on other sites

Hello Chanta153! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall the following applications:

µTorrent

Ask Toolbar

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log

Share this post


Link to post
Share on other sites

Thanks for the reply maniac, i appriecate the help. i unistalled utorrent and Ask toolbar, used the TDSS Killer... One more thing ive been noticing is that my firewall (Comodo firewall) has been randomly say a message reading Opps! you found an error and comodo Firewall needs to close... but it never closes and i cant accually send the report.... And malwarebytes Anti-Malware has been blocking randon ip's from website claiming there malicous is this normal? (Here are the logs)(TTDS First)

------------------------------------------------------------

12:34:50.0718 2928 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

12:34:51.0015 2928 ============================================================

12:34:51.0015 2928 Current date / time: 2012/07/31 12:34:51.0015

12:34:51.0015 2928 SystemInfo:

12:34:51.0015 2928

12:34:51.0015 2928 OS Version: 5.1.2600 ServicePack: 3.0

12:34:51.0015 2928 Product type: Workstation

12:34:51.0015 2928 ComputerName: COLTON-68A0AE49

12:34:51.0015 2928 UserName: colton

12:34:51.0015 2928 Windows directory: C:\WINDOWS

12:34:51.0015 2928 System windows directory: C:\WINDOWS

12:34:51.0015 2928 Processor architecture: Intel x86

12:34:51.0015 2928 Number of processors: 2

12:34:51.0015 2928 Page size: 0x1000

12:34:51.0015 2928 Boot type: Normal boot

12:34:51.0015 2928 ============================================================

12:34:52.0218 2928 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058

12:34:52.0296 2928 Drive \Device\Harddisk1\DR3 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

12:34:52.0296 2928 ============================================================

12:34:52.0296 2928 \Device\Harddisk0\DR0:

12:34:52.0296 2928 MBR partitions:

12:34:52.0296 2928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC7FF53F

12:34:52.0312 2928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC7FF5BD, BlocksNum 0x109C4FC4

12:34:52.0312 2928 \Device\Harddisk1\DR3:

12:34:52.0312 2928 MBR partitions:

12:34:52.0312 2928 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x12A18A82

12:34:52.0312 2928 ============================================================

12:34:52.0312 2928 F: <-> \Device\Harddisk1\DR3\Partition0

12:34:52.0343 2928 C: <-> \Device\Harddisk0\DR0\Partition0

12:34:52.0390 2928 L: <-> \Device\Harddisk0\DR0\Partition1

12:34:52.0390 2928 ============================================================

12:34:52.0390 2928 Initialize success

12:34:52.0390 2928 ============================================================

12:35:05.0468 2596 ============================================================

12:35:05.0468 2596 Scan started

12:35:05.0468 2596 Mode: Manual;

12:35:05.0468 2596 ============================================================

12:35:05.0593 2596 Abiosdsk - ok

12:35:05.0593 2596 abp480n5 - ok

12:35:05.0640 2596 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

12:35:05.0640 2596 ACPI - ok

12:35:05.0671 2596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

12:35:05.0671 2596 ACPIEC - ok

12:35:05.0734 2596 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

12:35:05.0734 2596 AdobeFlashPlayerUpdateSvc - ok

12:35:05.0750 2596 adpu160m - ok

12:35:05.0781 2596 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

12:35:05.0781 2596 aec - ok

12:35:05.0812 2596 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

12:35:05.0812 2596 AFD - ok

12:35:05.0828 2596 Aha154x - ok

12:35:05.0828 2596 aic78u2 - ok

12:35:05.0828 2596 aic78xx - ok

12:35:05.0859 2596 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

12:35:05.0859 2596 Alerter - ok

12:35:05.0875 2596 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

12:35:05.0875 2596 ALG - ok

12:35:05.0875 2596 AliIde - ok

12:35:05.0968 2596 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

12:35:06.0015 2596 Ambfilt - ok

12:35:06.0078 2596 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

12:35:06.0078 2596 AmdPPM - ok

12:35:06.0078 2596 amsint - ok

12:35:06.0140 2596 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

12:35:06.0156 2596 Apple Mobile Device - ok

12:35:06.0187 2596 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

12:35:06.0187 2596 AppMgmt - ok

12:35:06.0187 2596 asc - ok

12:35:06.0187 2596 asc3350p - ok

12:35:06.0187 2596 asc3550 - ok

12:35:06.0218 2596 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\WINDOWS\system32\drivers\AsIO.sys

12:35:06.0218 2596 AsIO - ok

12:35:06.0328 2596 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

12:35:06.0359 2596 aspnet_state - ok

12:35:06.0375 2596 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

12:35:06.0375 2596 AsyncMac - ok

12:35:06.0406 2596 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

12:35:06.0406 2596 atapi - ok

12:35:06.0406 2596 Atdisk - ok

12:35:06.0421 2596 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\WINDOWS\system32\DRIVERS\ATITool.sys

12:35:06.0421 2596 ATITool - ok

12:35:06.0437 2596 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

12:35:06.0437 2596 Atmarpc - ok

12:35:06.0468 2596 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

12:35:06.0468 2596 AudioSrv - ok

12:35:06.0515 2596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

12:35:06.0515 2596 audstub - ok

12:35:06.0546 2596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

12:35:06.0546 2596 Beep - ok

12:35:06.0562 2596 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys

12:35:06.0578 2596 BIOS - ok

12:35:06.0656 2596 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

12:35:06.0687 2596 BITS - ok

12:35:06.0750 2596 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

12:35:06.0750 2596 Bonjour Service - ok

12:35:06.0796 2596 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

12:35:06.0796 2596 Bridge - ok

12:35:06.0796 2596 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

12:35:06.0796 2596 BridgeMP - ok

12:35:06.0828 2596 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

12:35:06.0828 2596 Browser - ok

12:35:06.0859 2596 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys

12:35:06.0859 2596 BrScnUsb - ok

12:35:06.0890 2596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

12:35:06.0890 2596 cbidf2k - ok

12:35:06.0906 2596 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

12:35:06.0906 2596 CCDECODE - ok

12:35:06.0906 2596 cd20xrnt - ok

12:35:06.0937 2596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

12:35:06.0937 2596 Cdaudio - ok

12:35:06.0953 2596 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

12:35:06.0953 2596 Cdfs - ok

12:35:06.0953 2596 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

12:35:06.0953 2596 Cdrom - ok

12:35:06.0953 2596 Changer - ok

12:35:07.0000 2596 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

12:35:07.0000 2596 CiSvc - ok

12:35:07.0015 2596 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

12:35:07.0015 2596 ClipSrv - ok

12:35:07.0109 2596 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:35:07.0156 2596 clr_optimization_v2.0.50727_32 - ok

12:35:07.0234 2596 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:35:07.0234 2596 clr_optimization_v4.0.30319_32 - ok

12:35:07.0406 2596 cmdAgent (907324001ae25ac5959c91eaa34cabae) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

12:35:07.0406 2596 cmdAgent - ok

12:35:07.0515 2596 cmdGuard (bee235831f8e3f0baaca18b39d285cf5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys

12:35:07.0593 2596 cmdGuard - ok

12:35:07.0640 2596 cmdHlp (de548946f36cab62fec2e6aa0149a619) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys

12:35:07.0671 2596 cmdHlp - ok

12:35:07.0671 2596 CmdIde - ok

12:35:07.0687 2596 COMSysApp - ok

12:35:07.0687 2596 Cpqarray - ok

12:35:07.0718 2596 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

12:35:07.0718 2596 CryptSvc - ok

12:35:07.0718 2596 dac2w2k - ok

12:35:07.0734 2596 dac960nt - ok

12:35:07.0781 2596 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

12:35:07.0781 2596 DcomLaunch - ok

12:35:07.0812 2596 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

12:35:07.0828 2596 Dhcp - ok

12:35:07.0828 2596 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

12:35:07.0828 2596 Disk - ok

12:35:07.0828 2596 dmadmin - ok

12:35:07.0875 2596 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

12:35:07.0890 2596 dmboot - ok

12:35:07.0906 2596 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

12:35:07.0906 2596 dmio - ok

12:35:07.0921 2596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

12:35:07.0921 2596 dmload - ok

12:35:07.0953 2596 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

12:35:07.0953 2596 dmserver - ok

12:35:07.0953 2596 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

12:35:07.0953 2596 DMusic - ok

12:35:08.0000 2596 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

12:35:08.0000 2596 Dnscache - ok

12:35:08.0031 2596 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

12:35:08.0031 2596 Dot3svc - ok

12:35:08.0031 2596 dpti2o - ok

12:35:08.0062 2596 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

12:35:08.0062 2596 drmkaud - ok

12:35:08.0062 2596 EagleNT - ok

12:35:08.0078 2596 EagleXNt - ok

12:35:08.0093 2596 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

12:35:08.0093 2596 EapHost - ok

12:35:08.0125 2596 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

12:35:08.0125 2596 ERSvc - ok

12:35:08.0156 2596 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

12:35:08.0156 2596 Eventlog - ok

12:35:08.0203 2596 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

12:35:08.0203 2596 EventSystem - ok

12:35:08.0218 2596 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

12:35:08.0218 2596 Fastfat - ok

12:35:08.0265 2596 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

12:35:08.0265 2596 FastUserSwitchingCompatibility - ok

12:35:08.0281 2596 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

12:35:08.0281 2596 Fdc - ok

12:35:08.0312 2596 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

12:35:08.0312 2596 Fips - ok

12:35:08.0312 2596 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

12:35:08.0312 2596 Flpydisk - ok

12:35:08.0328 2596 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

12:35:08.0328 2596 FltMgr - ok

12:35:08.0437 2596 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

12:35:08.0437 2596 FontCache3.0.0.0 - ok

12:35:08.0468 2596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

12:35:08.0468 2596 Fs_Rec - ok

12:35:08.0468 2596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

12:35:08.0484 2596 Ftdisk - ok

12:35:08.0515 2596 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

12:35:08.0515 2596 GEARAspiWDM - ok

12:35:08.0546 2596 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

12:35:08.0546 2596 Gpc - ok

12:35:08.0578 2596 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

12:35:08.0578 2596 HDAudBus - ok

12:35:08.0656 2596 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

12:35:08.0656 2596 helpsvc - ok

12:35:08.0671 2596 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

12:35:08.0671 2596 HidServ - ok

12:35:08.0703 2596 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

12:35:08.0703 2596 hidusb - ok

12:35:08.0734 2596 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

12:35:08.0734 2596 hkmsvc - ok

12:35:08.0734 2596 hpn - ok

12:35:08.0765 2596 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

12:35:08.0781 2596 HTTP - ok

12:35:08.0796 2596 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

12:35:08.0812 2596 HTTPFilter - ok

12:35:08.0812 2596 i2omgmt - ok

12:35:08.0812 2596 i2omp - ok

12:35:08.0843 2596 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

12:35:08.0843 2596 i8042prt - ok

12:35:08.0906 2596 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

12:35:08.0921 2596 IDriverT - ok

12:35:08.0984 2596 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

12:35:09.0031 2596 idsvc - ok

12:35:09.0046 2596 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

12:35:09.0046 2596 Imapi - ok

12:35:09.0078 2596 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

12:35:09.0078 2596 ImapiService - ok

12:35:09.0078 2596 ini910u - ok

12:35:09.0125 2596 Inspect (f89849cf13805ef49da64a8a63193af7) C:\WINDOWS\system32\DRIVERS\inspect.sys

12:35:09.0187 2596 Inspect - ok

12:35:09.0406 2596 IntcAzAudAddService (a799e941c3d19bcf6f93cbe12b55bc17) C:\WINDOWS\system32\drivers\RtkHDAud.sys

12:35:09.0421 2596 IntcAzAudAddService - ok

12:35:09.0484 2596 IntelIde - ok

12:35:09.0515 2596 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

12:35:09.0515 2596 Ip6Fw - ok

12:35:09.0531 2596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

12:35:09.0531 2596 IpFilterDriver - ok

12:35:09.0546 2596 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

12:35:09.0546 2596 IpInIp - ok

12:35:09.0578 2596 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

12:35:09.0578 2596 IpNat - ok

12:35:09.0703 2596 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe

12:35:09.0718 2596 iPod Service - ok

12:35:09.0734 2596 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

12:35:09.0734 2596 IPSec - ok

12:35:09.0750 2596 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

12:35:09.0750 2596 IRENUM - ok

12:35:09.0781 2596 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

12:35:09.0781 2596 isapnp - ok

12:35:09.0828 2596 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe

12:35:09.0828 2596 JavaQuickStarterService - ok

12:35:09.0875 2596 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

12:35:09.0875 2596 Kbdclass - ok

12:35:09.0875 2596 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

12:35:09.0875 2596 kbdhid - ok

12:35:09.0890 2596 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

12:35:09.0890 2596 kmixer - ok

12:35:09.0937 2596 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys

12:35:09.0937 2596 KMWDFILTER - ok

12:35:09.0968 2596 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

12:35:09.0968 2596 KSecDD - ok

12:35:10.0000 2596 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

12:35:10.0000 2596 lanmanserver - ok

12:35:10.0046 2596 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

12:35:10.0046 2596 lanmanworkstation - ok

12:35:10.0046 2596 lbrtfdc - ok

12:35:10.0093 2596 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

12:35:10.0093 2596 LmHosts - ok

12:35:10.0125 2596 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys

12:35:10.0125 2596 MBAMProtector - ok

12:35:10.0171 2596 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

12:35:10.0171 2596 MBAMService - ok

12:35:10.0187 2596 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

12:35:10.0187 2596 Messenger - ok

12:35:10.0218 2596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

12:35:10.0218 2596 mnmdd - ok

12:35:10.0250 2596 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

12:35:10.0265 2596 mnmsrvc - ok

12:35:10.0281 2596 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

12:35:10.0281 2596 Modem - ok

12:35:10.0343 2596 monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\monfilt.sys

12:35:10.0375 2596 monfilt - ok

12:35:10.0390 2596 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

12:35:10.0390 2596 Mouclass - ok

12:35:10.0421 2596 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

12:35:10.0421 2596 mouhid - ok

12:35:10.0453 2596 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

12:35:10.0453 2596 MountMgr - ok

12:35:10.0484 2596 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

12:35:10.0500 2596 MpFilter - ok

12:35:10.0562 2596 MpKslf6cb42fe (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9203D9E2-B2B7-48C5-91EF-65217EECE86E}\MpKslf6cb42fe.sys

12:35:10.0562 2596 MpKslf6cb42fe - ok

12:35:10.0578 2596 mraid35x - ok

12:35:10.0593 2596 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

12:35:10.0593 2596 MRxDAV - ok

12:35:10.0640 2596 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

12:35:10.0640 2596 MRxSmb - ok

12:35:10.0687 2596 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

12:35:10.0687 2596 MSDTC - ok

12:35:10.0703 2596 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

12:35:10.0703 2596 Msfs - ok

12:35:10.0703 2596 MSIServer - ok

12:35:10.0718 2596 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

12:35:10.0718 2596 MSKSSRV - ok

12:35:10.0796 2596 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe

12:35:10.0796 2596 MsMpSvc - ok

12:35:10.0796 2596 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

12:35:10.0796 2596 MSPCLOCK - ok

12:35:10.0812 2596 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

12:35:10.0812 2596 MSPQM - ok

12:35:10.0812 2596 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

12:35:10.0812 2596 mssmbios - ok

12:35:10.0843 2596 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

12:35:10.0843 2596 MSTEE - ok

12:35:10.0890 2596 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

12:35:10.0890 2596 MTsensor - ok

12:35:10.0921 2596 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

12:35:10.0921 2596 Mup - ok

12:35:10.0953 2596 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

12:35:10.0953 2596 NABTSFEC - ok

12:35:11.0000 2596 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

12:35:11.0000 2596 napagent - ok

12:35:11.0031 2596 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

12:35:11.0031 2596 NDIS - ok

12:35:11.0062 2596 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

12:35:11.0062 2596 NdisIP - ok

12:35:11.0093 2596 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

12:35:11.0093 2596 NdisTapi - ok

12:35:11.0109 2596 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

12:35:11.0109 2596 Ndisuio - ok

12:35:11.0109 2596 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

12:35:11.0109 2596 NdisWan - ok

12:35:11.0156 2596 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

12:35:11.0156 2596 NDProxy - ok

12:35:11.0171 2596 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

12:35:11.0171 2596 NetBIOS - ok

12:35:11.0171 2596 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

12:35:11.0187 2596 NetBT - ok

12:35:11.0203 2596 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

12:35:11.0218 2596 NetDDE - ok

12:35:11.0218 2596 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

12:35:11.0218 2596 NetDDEdsdm - ok

12:35:11.0218 2596 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:35:11.0218 2596 Netlogon - ok

12:35:11.0250 2596 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

12:35:11.0250 2596 Netman - ok

12:35:11.0328 2596 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:35:11.0328 2596 NetTcpPortSharing - ok

12:35:11.0375 2596 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

12:35:11.0375 2596 Nla - ok

12:35:11.0406 2596 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

12:35:11.0406 2596 Npfs - ok

12:35:11.0437 2596 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

12:35:11.0453 2596 Ntfs - ok

12:35:11.0453 2596 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:35:11.0453 2596 NtLmSsp - ok

12:35:11.0500 2596 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

12:35:11.0500 2596 NtmsSvc - ok

12:35:11.0531 2596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

12:35:11.0531 2596 Null - ok

12:35:12.0125 2596 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

12:35:12.0281 2596 nv - ok

12:35:12.0359 2596 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

12:35:12.0359 2596 NVENETFD - ok

12:35:12.0375 2596 nvgts (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys

12:35:12.0375 2596 nvgts - ok

12:35:12.0390 2596 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

12:35:12.0390 2596 nvnetbus - ok

12:35:12.0421 2596 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe

12:35:12.0421 2596 NVSvc - ok

12:35:12.0593 2596 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

12:35:12.0625 2596 nvUpdatusService - ok

12:35:12.0703 2596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

12:35:12.0718 2596 NwlnkFlt - ok

12:35:12.0718 2596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

12:35:12.0718 2596 NwlnkFwd - ok

12:35:12.0750 2596 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

12:35:12.0750 2596 NwlnkIpx - ok

12:35:12.0750 2596 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

12:35:12.0750 2596 NwlnkNb - ok

12:35:12.0750 2596 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

12:35:12.0765 2596 NwlnkSpx - ok

12:35:12.0765 2596 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

12:35:12.0765 2596 Parport - ok

12:35:12.0781 2596 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

12:35:12.0781 2596 PartMgr - ok

12:35:12.0812 2596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

12:35:12.0812 2596 ParVdm - ok

12:35:12.0843 2596 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

12:35:12.0843 2596 PCI - ok

12:35:12.0843 2596 PCIDump - ok

12:35:12.0859 2596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

12:35:12.0859 2596 PCIIde - ok

12:35:12.0890 2596 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

12:35:12.0890 2596 Pcmcia - ok

12:35:12.0890 2596 PDCOMP - ok

12:35:12.0906 2596 PDFRAME - ok

12:35:12.0906 2596 PDRELI - ok

12:35:12.0906 2596 PDRFRAME - ok

12:35:12.0906 2596 perc2 - ok

12:35:12.0921 2596 perc2hib - ok

12:35:12.0953 2596 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

12:35:12.0953 2596 PlugPlay - ok

12:35:13.0000 2596 PnkBstrA (3a2e85f7d90d15460c337ce80c2e3b29) C:\WINDOWS\system32\PnkBstrA.exe

12:35:13.0000 2596 PnkBstrA - ok

12:35:13.0031 2596 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:35:13.0031 2596 PolicyAgent - ok

12:35:13.0062 2596 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

12:35:13.0062 2596 PptpMiniport - ok

12:35:13.0078 2596 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

12:35:13.0078 2596 Processor - ok

12:35:13.0078 2596 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:35:13.0093 2596 ProtectedStorage - ok

12:35:13.0093 2596 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

12:35:13.0093 2596 PSched - ok

12:35:13.0109 2596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

12:35:13.0109 2596 Ptilink - ok

12:35:13.0109 2596 ql1080 - ok

12:35:13.0125 2596 Ql10wnt - ok

12:35:13.0125 2596 ql12160 - ok

12:35:13.0125 2596 ql1240 - ok

12:35:13.0125 2596 ql1280 - ok

12:35:13.0156 2596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

12:35:13.0156 2596 RasAcd - ok

12:35:13.0171 2596 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

12:35:13.0187 2596 RasAuto - ok

12:35:13.0203 2596 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

12:35:13.0203 2596 Rasl2tp - ok

12:35:13.0234 2596 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

12:35:13.0234 2596 RasMan - ok

12:35:13.0234 2596 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

12:35:13.0234 2596 RasPppoe - ok

12:35:13.0250 2596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

12:35:13.0250 2596 Raspti - ok

12:35:13.0265 2596 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

12:35:13.0265 2596 Rdbss - ok

12:35:13.0281 2596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

12:35:13.0281 2596 RDPCDD - ok

12:35:13.0296 2596 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

12:35:13.0296 2596 rdpdr - ok

12:35:13.0328 2596 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

12:35:13.0328 2596 RDPWD - ok

12:35:13.0359 2596 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

12:35:13.0359 2596 RDSessMgr - ok

12:35:13.0406 2596 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

12:35:13.0406 2596 redbook - ok

12:35:13.0437 2596 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

12:35:13.0437 2596 RemoteAccess - ok

12:35:13.0468 2596 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

12:35:13.0468 2596 RemoteRegistry - ok

12:35:13.0484 2596 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

12:35:13.0500 2596 RpcLocator - ok

12:35:13.0546 2596 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

12:35:13.0546 2596 RpcSs - ok

12:35:13.0593 2596 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

12:35:13.0593 2596 RSVP - ok

12:35:13.0640 2596 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys

12:35:13.0640 2596 RT61 - ok

12:35:13.0671 2596 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:35:13.0671 2596 SamSs - ok

12:35:13.0718 2596 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

12:35:13.0718 2596 SCardSvr - ok

12:35:13.0734 2596 SCDEmu (9feb2026a460916d1a1198b460632630) C:\WINDOWS\system32\drivers\SCDEmu.sys

12:35:13.0796 2596 SCDEmu - ok

12:35:13.0843 2596 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

12:35:13.0859 2596 Schedule - ok

12:35:13.0875 2596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

12:35:13.0875 2596 Secdrv - ok

12:35:13.0906 2596 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

12:35:13.0906 2596 seclogon - ok

12:35:13.0906 2596 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

12:35:13.0921 2596 SENS - ok

12:35:13.0921 2596 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

12:35:13.0921 2596 Serenum - ok

12:35:13.0921 2596 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

12:35:13.0937 2596 Serial - ok

12:35:13.0968 2596 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys

12:35:14.0000 2596 sfdrv01 - ok

12:35:14.0000 2596 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys

12:35:14.0000 2596 sfhlp02 - ok

12:35:14.0078 2596 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

12:35:14.0093 2596 Sfloppy - ok

12:35:14.0109 2596 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys

12:35:14.0140 2596 sfvfs02 - ok

12:35:14.0171 2596 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

12:35:14.0171 2596 ShellHWDetection - ok

12:35:14.0171 2596 Simbad - ok

12:35:14.0250 2596 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe

12:35:14.0265 2596 SkypeUpdate - ok

12:35:14.0281 2596 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

12:35:14.0296 2596 SLIP - ok

12:35:14.0296 2596 Sparrow - ok

12:35:14.0328 2596 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

12:35:14.0328 2596 splitter - ok

12:35:14.0375 2596 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

12:35:14.0375 2596 Spooler - ok

12:35:14.0390 2596 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

12:35:14.0390 2596 sr - ok

12:35:14.0406 2596 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

12:35:14.0406 2596 srservice - ok

12:35:14.0453 2596 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

12:35:14.0453 2596 Srv - ok

12:35:14.0468 2596 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

12:35:14.0468 2596 SSDPSRV - ok

12:35:14.0500 2596 Steam Client Service - ok

12:35:14.0531 2596 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

12:35:14.0546 2596 stisvc - ok

12:35:14.0562 2596 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

12:35:14.0562 2596 streamip - ok

12:35:14.0593 2596 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

12:35:14.0593 2596 swenum - ok

12:35:14.0593 2596 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

12:35:14.0593 2596 swmidi - ok

12:35:14.0609 2596 SwPrv - ok

12:35:14.0609 2596 symc810 - ok

12:35:14.0609 2596 symc8xx - ok

12:35:14.0609 2596 sym_hi - ok

12:35:14.0625 2596 sym_u3 - ok

12:35:14.0625 2596 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

12:35:14.0625 2596 sysaudio - ok

12:35:14.0656 2596 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

12:35:14.0656 2596 SysmonLog - ok

12:35:14.0687 2596 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

12:35:14.0687 2596 TapiSrv - ok

12:35:14.0750 2596 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

12:35:14.0750 2596 Tcpip - ok

12:35:14.0781 2596 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

12:35:14.0781 2596 TDPIPE - ok

12:35:14.0796 2596 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

12:35:14.0796 2596 TDTCP - ok

12:35:14.0812 2596 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

12:35:14.0812 2596 TermDD - ok

12:35:14.0843 2596 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

12:35:14.0843 2596 TermService - ok

12:35:14.0875 2596 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

12:35:14.0875 2596 Themes - ok

12:35:14.0906 2596 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

12:35:14.0906 2596 TlntSvr - ok

12:35:14.0921 2596 TosIde - ok

12:35:14.0953 2596 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

12:35:14.0953 2596 TrkWks - ok

12:35:14.0984 2596 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

12:35:14.0984 2596 Udfs - ok

12:35:14.0984 2596 ultra - ok

12:35:15.0031 2596 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

12:35:15.0046 2596 Update - ok

12:35:15.0078 2596 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

12:35:15.0078 2596 upnphost - ok

12:35:15.0093 2596 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

12:35:15.0093 2596 UPS - ok

12:35:15.0109 2596 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys

12:35:15.0125 2596 USBAAPL - ok

12:35:15.0140 2596 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

12:35:15.0140 2596 usbaudio - ok

12:35:15.0171 2596 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

12:35:15.0171 2596 usbccgp - ok

12:35:15.0171 2596 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

12:35:15.0171 2596 usbehci - ok

12:35:15.0218 2596 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

12:35:15.0218 2596 usbhub - ok

12:35:15.0218 2596 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

12:35:15.0218 2596 usbohci - ok

12:35:15.0250 2596 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

12:35:15.0250 2596 usbprint - ok

12:35:15.0281 2596 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

12:35:15.0281 2596 usbscan - ok

12:35:15.0281 2596 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

12:35:15.0281 2596 USBSTOR - ok

12:35:15.0312 2596 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

12:35:15.0312 2596 usbvideo - ok

12:35:15.0312 2596 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

12:35:15.0312 2596 VgaSave - ok

12:35:15.0390 2596 VIAHdAudAddService (1c43d4c8818dcbd8814e7c260744bcc4) C:\WINDOWS\system32\drivers\viahduaa.sys

12:35:15.0406 2596 VIAHdAudAddService - ok

12:35:15.0421 2596 ViaIde - ok

12:35:15.0453 2596 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

12:35:15.0453 2596 VolSnap - ok

12:35:15.0500 2596 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

12:35:15.0500 2596 VSS - ok

12:35:15.0515 2596 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

12:35:15.0515 2596 W32Time - ok

12:35:15.0546 2596 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

12:35:15.0562 2596 Wanarp - ok

12:35:15.0562 2596 WDICA - ok

12:35:15.0562 2596 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

12:35:15.0562 2596 wdmaud - ok

12:35:15.0609 2596 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

12:35:15.0609 2596 WebClient - ok

12:35:15.0687 2596 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

12:35:15.0687 2596 winmgmt - ok

12:35:15.0796 2596 WinRing0_1_2_0 (845af1ba23c8d5e64def61bcc441604c) C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys

12:35:15.0812 2596 WinRing0_1_2_0 - ok

12:35:15.0875 2596 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll

12:35:15.0921 2596 WinRM - ok

12:35:16.0031 2596 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:35:16.0062 2596 wlidsvc - ok

12:35:16.0156 2596 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

12:35:16.0156 2596 WmdmPmSN - ok

12:35:16.0218 2596 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

12:35:16.0218 2596 Wmi - ok

12:35:16.0250 2596 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

12:35:16.0265 2596 WmiApSrv - ok

12:35:16.0390 2596 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

12:35:16.0437 2596 WMPNetworkSvc - ok

12:35:16.0578 2596 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

12:35:16.0593 2596 WPFFontCache_v0400 - ok

12:35:16.0687 2596 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

12:35:16.0687 2596 WS2IFSL - ok

12:35:16.0703 2596 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

12:35:16.0703 2596 WSTCODEC - ok

12:35:16.0750 2596 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

12:35:16.0750 2596 wuauserv - ok

12:35:16.0781 2596 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

12:35:16.0781 2596 WudfPf - ok

12:35:16.0796 2596 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

12:35:16.0796 2596 WudfRd - ok

12:35:16.0812 2596 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

12:35:16.0843 2596 WudfSvc - ok

12:35:16.0890 2596 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

12:35:16.0906 2596 WZCSVC - ok

12:35:16.0906 2596 XDva390 - ok

12:35:16.0984 2596 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

12:35:17.0015 2596 xmlprov - ok

12:35:17.0031 2596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

12:35:17.0062 2596 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

12:35:17.0062 2596 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

12:35:17.0062 2596 MBR (0x1B8) (aac4f0d2ae484abe318cbd52270c0a6e) \Device\Harddisk1\DR3

12:35:17.0218 2596 \Device\Harddisk1\DR3 - ok

12:35:17.0218 2596 Boot (0x1200) (3e11779a10b8db3758f3ba4dc4d2d48a) \Device\Harddisk0\DR0\Partition0

12:35:17.0218 2596 \Device\Harddisk0\DR0\Partition0 - ok

12:35:17.0234 2596 Boot (0x1200) (c163deef373f0bef5442a54abc7f7e2b) \Device\Harddisk0\DR0\Partition1

12:35:17.0234 2596 \Device\Harddisk0\DR0\Partition1 - ok

12:35:17.0234 2596 Boot (0x1200) (685b48152fe5b6ce026342d5af742671) \Device\Harddisk1\DR3\Partition0

12:35:17.0250 2596 \Device\Harddisk1\DR3\Partition0 - ok

12:35:17.0250 2596 ============================================================

12:35:17.0250 2596 Scan finished

12:35:17.0250 2596 ============================================================

12:35:17.0250 1932 Detected object count: 1

12:35:17.0250 1932 Actual detected object count: 1

12:35:43.0265 1932 \Device\Harddisk0\DR0\# - copied to quarantine

12:35:43.0265 1932 \Device\Harddisk0\DR0 - copied to quarantine

12:35:43.0328 1932 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

12:35:43.0343 1932 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

12:35:43.0406 1932 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

12:35:43.0421 1932 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

12:35:43.0453 1932 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

12:35:43.0500 1932 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

12:35:43.0562 1932 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

12:35:43.0625 1932 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

12:35:43.0640 1932 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

12:35:43.0640 1932 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

12:35:43.0843 1932 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

12:35:43.0875 1932 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

12:35:43.0890 1932 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

12:35:43.0890 1932 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

12:35:43.0953 1932 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

12:35:43.0953 1932 \Device\Harddisk0\DR0 - ok

12:35:43.0953 1932 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

12:35:50.0156 3864 Deinitialize success

-------------------------------------------------------------------------------------

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.31.10

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

colton :: COLTON-68A0AE49 [administrator]

Protection: Enabled

7/31/2012 12:43:38 PM

mbam-log-2012-07-31 (12-43-38).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 237865

Time elapsed: 12 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

This is the due to the rootkit which your system is infected with. Now:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Share this post


Link to post
Share on other sites

no problems runing combofix (heres the log)

-------------------------------------------------------

ComboFix 12-07-31.03 - colton 08/02/2012 12:48:01.1.2 - x86

Running from: c:\documents and settings\colton\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\colton\Application Data\384bfcd

c:\documents and settings\colton\Application Data\40ad97e

c:\documents and settings\colton\Application Data\8f490aa6

c:\documents and settings\colton\Application Data\8fe1b1c3

c:\documents and settings\colton\Application Data\99f60910

c:\documents and settings\colton\Application Data\9a7b710e

c:\documents and settings\colton\Application Data\bdafb9f2

c:\documents and settings\colton\Application Data\be5ba6b0

c:\documents and settings\colton\Application Data\c3136afd

c:\documents and settings\colton\Application Data\c38c1e5a

c:\documents and settings\colton\Application Data\c41b62fc

c:\documents and settings\colton\Application Data\c46b1c5b

c:\documents and settings\colton\Application Data\d18b3bc6

c:\documents and settings\colton\Application Data\d20473b5

c:\documents and settings\colton\Application Data\d3d49827

c:\documents and settings\colton\Application Data\d82852a0

c:\documents and settings\colton\Application Data\d8c77d55

c:\documents and settings\colton\Application Data\d957f491

c:\documents and settings\colton\Application Data\da0a08a9

c:\documents and settings\colton\Application Data\da93da8f

c:\documents and settings\colton\Application Data\PriceGong

c:\documents and settings\colton\Application Data\PriceGong\Data\1.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\2229.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\4489.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\450.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\946.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\a.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\b.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\c.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\d.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\e.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\f.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\g.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\h.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\i.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\j.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\k.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\l.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\m.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\colton\Application Data\PriceGong\Data\n.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\o.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\p.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\q.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\r.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\s.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\t.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\u.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\v.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\w.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\wlu.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\x.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\y.txt

c:\documents and settings\colton\Application Data\PriceGong\Data\z.txt

c:\documents and settings\colton\Application Data\Toolbar4

c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0a4f35b626016d8cd6d5731fa5e2aad7

c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0b64ffa009d9e3d1236fb2b575bd953d

c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0d53f0a9a42a5167b78657f1fc9488f1

c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\1df1df47b49e8b3090bc211048795c5a

c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\27c746d432b7a753a0af8d7c033b46fe

c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2b4ad282984708f7b89800e17a257476

c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2f51f062108c7f20a67770bbdf546004

c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\31dca3ca44f44956ffde9959067d1093

c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\521788680d3595d05d274f3713057765

c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\593abe4ad021a7ca3002ccb2dca1969d

c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\757a20d7a75ae93435ac64a6095eab39

c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\7afabe4e3af1a66103f629a38d90558a

c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9956734e872eec3ea3e17f52e84dc6cc

c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9d810aab3f7bcbacb07c241f8d726714

c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9fc2051aee76f9ef060973477300788d

c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c48c9e27c16419ab995d48b077a802ff

c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\d1a2c0b23b2d4e91acf26940533c64f0

c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\dcd16c0f4842bc19d648b261e3cf263d

c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\1e6d0a92883b25f29523edfaccfcde3b

c:\documents and settings\colton\Local Settings\Application Data\Minibar

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\background.html

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\cached_http_request.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\extension_info.json

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\icons\icon128.png

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\icons\icon19.png

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\icons\icon32.png

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\icons\icon48.png

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\includes\content.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\includes\content_kango.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\includes\content_messaging.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\includes\content_userscript.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango-ui\button.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango-ui\ui.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\browser.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\console.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\event_listener.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\initialize.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\io.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\jsonstorage.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\kango.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\lang.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\messaging.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\userscript_engine.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\xhr.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\main.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\manifest.json

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\minibar\actions.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\minibar\cachedxhr.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\minibar\config.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\minibar\macros.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\minibar\minibar.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\popup.html

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\popup.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\tab.html

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\tab.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome_installer.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\common.js

c:\documents and settings\colton\Local Settings\Application Data\Minibar\install.json

c:\documents and settings\colton\Local Settings\Application Data\Minibar\minibar.crx

c:\documents and settings\colton\Local Settings\Application Data\Minibar\sqlite3.exe

c:\documents and settings\colton\Local Settings\Application Data\Minibar\Uninstall.exe

c:\windows\system32\NEW16.tmp

c:\windows\system32\NEWC.tmp

c:\windows\system32\tmp103.tmp

c:\windows\system32\tmp104.tmp

c:\windows\system32\tmp188.tmp

c:\windows\system32\tmp189.tmp

c:\windows\system32\tmpBD.tmp

c:\windows\system32\tmpBE.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

F:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))

.

.

2012-08-02 19:43 . 2012-08-02 19:43 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4432710-3A41-4AF9-AD7B-417638D150FC}\MpKslc5b82ed1.sys

2012-08-02 19:41 . 2012-08-02 19:41 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4432710-3A41-4AF9-AD7B-417638D150FC}\offreg.dll

2012-08-01 20:18 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4432710-3A41-4AF9-AD7B-417638D150FC}\mpengine.dll

2012-07-31 19:35 . 2012-07-31 19:35 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-31 08:35 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-31 06:54 . 2012-07-31 07:05 -------- d-----w- C:\i386

2012-07-31 00:44 . 2012-07-31 00:44 -------- d-----w- c:\documents and settings\colton\Application Data\Malwarebytes

2012-07-31 00:44 . 2012-07-31 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-07-31 00:44 . 2012-07-31 00:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-31 00:44 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-30 02:18 . 2012-07-30 02:18 -------- d-----w- c:\program files\TeamSpeak 3 Client

2012-07-18 20:30 . 2012-07-19 20:08 -------- d-----w- c:\program files\EndlessOnline

2012-07-17 00:05 . 2012-07-17 00:06 -------- d-----w- c:\documents and settings\colton\Application Data\GetRightToGo

2012-07-12 02:15 . 2012-07-12 02:16 -------- d-----w- c:\program files\Microsoft Security Client

2012-07-11 23:11 . 2012-07-11 23:22 -------- d-----w- c:\documents and settings\Administrator

2012-07-11 06:06 . 2012-07-12 02:11 653745 ----a-w- c:\windows\system32\drivers\sfi.dat

2012-07-11 06:02 . 2012-07-11 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA

2012-07-11 05:59 . 2012-07-11 05:59 1060864 ----a-w- c:\windows\system32\mfc71.dll

2012-07-11 05:59 . 2012-07-11 05:59 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-07-11 05:59 . 2012-07-11 05:59 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2012-07-11 05:46 . 2012-07-11 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-07-11 04:33 . 2012-07-11 04:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-07-06 21:53 . 2012-07-06 21:53 -------- d-----w- c:\documents and settings\colton\Local Settings\Application Data\Skyrim

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-30 00:52 . 2012-04-05 03:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-30 00:52 . 2011-07-04 06:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-13 00:13 . 2012-05-10 23:06 405144 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll

2012-07-05 18:38 . 2011-07-05 01:50 138992 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2012-07-05 18:38 . 2011-08-11 03:29 281288 ----a-w- c:\windows\system32\PnkBstrB.xtr

2012-07-05 18:38 . 2011-07-05 01:50 281288 ----a-w- c:\windows\system32\PnkBstrB.exe

2012-07-05 08:14 . 2011-07-05 01:50 281288 ----a-w- c:\windows\system32\PnkBstrB.ex0

2012-06-25 03:28 . 2012-06-25 03:28 3584 ----a-r- c:\documents and settings\colton\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2012-06-13 13:19 . 2006-03-15 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2006-03-15 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-05 00:35 . 2011-07-04 23:33 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32 . 2006-03-15 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19 . 2011-07-03 05:22 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 22:19 . 2011-07-03 05:22 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 22:19 . 2011-07-03 05:22 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19 . 2011-07-03 05:22 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2011-07-03 05:22 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2009-08-07 02:24 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19 . 2006-03-15 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 22:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:19 . 2011-07-03 05:22 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2011-07-03 05:22 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:18 . 2011-07-04 23:33 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 22:18 . 2011-07-04 23:33 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 20:40 . 2011-07-05 01:50 138904 ----a-w- c:\documents and settings\colton\Application Data\PnkBstrK.sys

2012-06-02 20:39 . 2011-07-05 01:50 76888 ----a-w- c:\windows\system32\PnkBstrA.exe

2012-05-31 19:25 . 2011-07-04 06:06 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-31 13:22 . 2006-03-15 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-26 14:49 . 2012-05-26 04:00 21840 ----atw- c:\windows\system32\SIntfNT.dll

2012-05-26 14:49 . 2012-05-26 04:00 17212 ----atw- c:\windows\system32\SIntf32.dll

2012-05-26 14:49 . 2012-05-26 04:00 12067 ----atw- c:\windows\system32\SIntf16.dll

2012-05-23 22:28 . 2012-05-23 22:28 319488 ----a-w- c:\windows\HideWin.exe

2012-05-16 15:08 . 2006-03-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:42 . 2006-03-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2006-03-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2006-03-15 12:00 385024 ------w- c:\windows\system32\html.iec

2008-03-09 14:25 . 2011-07-20 20:52 236 ----a-w- c:\program files\Common Files\dx.reg

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]

"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]

"RTHDCPL"="RTHDCPL.EXE" [2007-05-11 16342528]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-18 53248]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-12 6749512]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk

backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-02-29 15:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"RemoteRegistry"=2 (0x2)

"RasAuto"=3 (0x3)

"FastUserSwitchingCompatibility"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"Steam Client Service"=3 (0x3)

"MsMpSvc"=2 (0x2)

"iPod Service"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

"wlidsvc"=2 (0x2)

"WZCSVC"=2 (0x2)

"helpsvc"=2 (0x2)

"CLPSLS"=2 (0x2)

"SkypeUpdate"=2 (0x2)

"sdCoreService"=3 (0x3)

"sdAuxService"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

.

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [x]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]

R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]

R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]

S1 MpKslc5b82ed1;MpKslc5b82ed1;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4432710-3A41-4AF9-AD7B-417638D150FC}\MpKslc5b82ed1.sys [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLC5B82ED1

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 00:52]

.

2012-07-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]

.

2012-07-15 c:\windows\Tasks\Crysis Wars® Updates.job

- c:\windows\Installer\Crysis Wars® Updates for All Users.lnk [2011-07-05 02:38]

.

2012-08-02 c:\windows\Tasks\Game_Booster_AutoUpdate.job

- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-07-01 00:57]

.

2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1220945662-725345543-1003Core.job

- c:\documents and settings\colton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-27 02:09]

.

2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1220945662-725345543-1003UA.job

- c:\documents and settings\colton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-27 02:09]

.

2012-08-02 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube to iPod Converter - c:\documents and settings\colton\Application Data\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm

IE: Free YouTube to MP3 Converter - c:\documents and settings\colton\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)

URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)

URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

BHO-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)

BHO-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Toolbar-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

HKLM-Run-iTunesHelper - d:\games\iTunesHelper.exe

MSConfigStartUp-Comrade - c:\program files\GameSpy\Comrade\Comrade.exe

AddRemove-APB Reloaded - j:\games\APB\APB Reloaded\Uninstall.exe

AddRemove-Dark Age of Camelot - j:\games\Electronic Arts\Dark Age of Camelot\uninstDAOC.exe

AddRemove-Halo - j:\games\Halo\UNINSTAL.EXE

AddRemove-JDiskReport 1.4.0 - j:\games\Comp ideas\JDisk Report\uninstall.exe

AddRemove-uTorrent - f:\games\Utorrent\uTorrent.exe

AddRemove-{5EC86106-2B0A-4595-B03C-15E2241C1AC5}_is1 - j:\games\Neverwinter Nights\unins000.exe

AddRemove-A Handful Of Audiosurf Addons - j:\games\Audiosurf\Uninstall.exe

AddRemove-{87686C21-8A15-4b4d-A3F1-11141D9BE094} - c:\program files\EA Games\Battlefield Play4Free\uninstaller.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-02 12:56

Windows 5.1.2600 Service Pack 3 NTFS

.

detected NTDLL code modification:

ZwClose

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-343818398-1220945662-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-343818398-1220945662-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:b5,45,24,39,f4,8b,f6,aa,72,f8,b2,24,7b,d6,f5,03,32,06,94,30,6a,5c,1d,

f6,1f,b5,41,8c,04,9a,17,82,7a,23,2b,f3,de,c5,32,a3,20,16,a5,56,f0,bb,ed,b1,\

"??"=hex:00,0c,dd,3a,a7,06,65,85,5d,61,22,27,2c,0a,1c,94

.

[HKEY_USERS\S-1-5-21-343818398-1220945662-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:d3,b1,4c,f1,b1,d8,de,da,54,6f,a2,1c,df,c0,43,93,dd,26,fd,98,f1,

52,fb,cb,a2,19,f5,7b,de,a7,80,4c,31,14,ad,3a,6e,17,65,79,68,2d,d2,3c,2a,5d,\

"rkeysecu"=hex:25,dc,c0,6c,15,00,b9,91,ad,5e,71,35,a0,2b,57,d6

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(936)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'lsass.exe'(992)

c:\windows\system32\guard32.dll

.

Completion time: 2012-08-02 12:58:37

ComboFix-quarantined-files.txt 2012-08-02 19:58

.

Pre-Run: 50,446,012,416 bytes free

Post-Run: 51,611,865,088 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - 0039CBB81EEC19A9E22E7D4CC3F7740F

Share this post


Link to post
Share on other sites

Good! :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=bbef6fd4e2103346b3a3e7275f8dd09f

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-08-04 02:26:34

# local_time=2012-08-03 07:26:34 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=3073 16777213 80 71 1052272 18769868 0 0

# compatibility_mode=5891 16776533 42 93 0 10811198 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=239549

# found=12

# cleaned=12

# scan_time=12963

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\colton\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadhdagcdfgcgcdedadjdhdgdegededg\background.html Win32/BHO.OEI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F627A58D-F9C4-4287-AB5C-9ED46C74F98F}\RP354\A0212357.dll Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F627A58D-F9C4-4287-AB5C-9ED46C74F98F}\RP451\A0255369.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F627A58D-F9C4-4287-AB5C-9ED46C74F98F}\RP464\A0274842.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F627A58D-F9C4-4287-AB5C-9ED46C74F98F}\RP470\A0276299.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\31.07.2012_12.34.51\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\31.07.2012_12.34.51\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\31.07.2012_12.34.51\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\31.07.2012_12.34.51\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

F:\Games\APB\APB_Reloaded_Installer.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

F:\System Volume Information\_restore{F627A58D-F9C4-4287-AB5C-9ED46C74F98F}\RP470\A0276300.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Share this post


Link to post
Share on other sites

there a little better, but i still got like.. one blacked outgoing connection to a "malicous website"

Share this post


Link to post
Share on other sites

I will as soon as i see it again

Share this post


Link to post
Share on other sites

i havent seen it again so i believe it is gone thanks for the help Maniac! :D

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.