OTL and Extra - pasted and attached

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Go down

Roguekiller/avg questions

Post by etrdave on Mon 03 Sep 2012, 2:29 am

First topic message reminder :

After running roguekiller, i have 6 SSDT's:
111 Nt notify change key
112 Nt notify change multiple keys
122 Nt open process
257 Nt terminate process
257 Nt terminate thread
258 Nt write virtual memory

I also have 4 S_SSDT's listed as unknown:
383, 414, 416, and 549

Is this a normal finding? What about the MBR finding?

RK 1 report is pasted below, followed by RK 9 report.
I have AVG, Spybot, and Malwarebytes:
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: [You must be registered and logged in to see this link.]
Blog: [You must be registered and logged in to see this link.]

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : David [Admin rights]
Mode : Scan -- Date : 09/01/2012 12:09:25

Bad processes : 0

Registry Entries : 2
[HJ SMENU] HKLM\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver : [LOADED]

Infection :

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 008k.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 032439.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 1001namen.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 100888290cs.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 [You must be registered and logged in to see this link.]
[...]


MBR Check:

+++++ PhysicalDrive0: Hitachi HTS543216L9A300 +++++
--- User ---
[MBR] 7cb3943294ecd87e39cd94dc8f24b530
[BSP] 0639599f9f10526a8845373803eb7b9b : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4996 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10233405 | Size: 147628 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: [You must be registered and logged in to see this link.]
Blog: [You must be registered and logged in to see this link.]

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : David [Admin rights]
Mode : Scan -- Date : 09/02/2012 08:02:08

Bad processes : 0

Registry Entries : 0

Particular Files / Folders:

Driver : [LOADED]

Infection :

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: Hitachi HTS543216L9A300 +++++
--- User ---
[MBR] 7cb3943294ecd87e39cd94dc8f24b530
[BSP] 0639599f9f10526a8845373803eb7b9b : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4996 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10233405 | Size: 147628 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SanDisk U3 Cruzer Micro USB Device +++++
--- User ---
[MBR] 36f0ad908b28843bd8a944b854b09a62
[BSP] 096ca65415799301792a33c93b5e78da : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 971 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[9].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt








etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down


MBAM log was from Netbook

Post by etrdave on Mon 10 Sep 2012, 3:10 pm

I just realized that you meant for me to post the desktop machine's infected mbam log.

Before I do that, I wanted to ask if you could check my logs and give me a link for the HOST files I need for this machine, or, just tell me which of the many downloads on that page are the right ones. Thanks!

etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down

Infected Desktop Machine MBAM log

Post by etrdave on Mon 10 Sep 2012, 3:15 pm

My Desktop pc's MBAM log will be posted next, along with the quarantine list from AVG.
MBAM has zeroaccess quarantined, and AVG has
Agent_r.BMS and Backdoor.Generic15.BIXF quarantined.

Please advise. Thanks.

etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down

Desktop MBAM / AVG / RK

Post by etrdave on Mon 10 Sep 2012, 4:16 pm

Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 4051

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

4/29/2010 8:29:14 AM
mbam-log-2010-04-29 (08-29-14).txt

Scan type: Full scan (A:\|C:\|)
Objects scanned: 207385
Time elapsed: 23 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lbcamiyd (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lbcamiyd (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Application Data\xrovqpfof\eeenncntssd.exe (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\RaaH.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\yCVO.exe (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CEZD4KV5\n002102304801r0409J11000601R83a99fdaW046d99ddX9c4de30dYd79ec259Z03009f350[1] (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WK60Y5LU\n002102304801r0409J11000601R83a99fdaW046d99ddX9430cb2fYdfe815a9Z03009f350[1] (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Here are quarantine notes in AVG:
Malware Win32/Adware.Toolbar.Dealio C:\PROGRAMFILES\PDFFORGETOOLBAR\IE\4.5\PDFFORGETOOLBARIE.DLL
Malware Win32/Adware.Toolbar.Dealio C:\PROGRAMFILES\COMMONFILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE
Malware UNKNOWN C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\F4D55F3B0001836367169D4ED151FC84\F4D55F3B0001836367169D4ED151FC84.EXE
Corrupted executable file C:\Documents and Settings\Owner\Local Settings\Temp\SkypeSetup.exe
Infection Trojan horse Agent_r.BMS C:\Documents and Settings\Administrator\Desktop\RK_Quarantine\80000032.@.vir
Infection Trojan horse Backdoor.Generic15.BIXF C:\Documents and Settings\Administrator\Desktop\RK_Quarantine\000000cb.@.vir

And a Quarantine Report:


Time : 01/09/2012 19:43:26
--------------------------
[LaunchPad.exe.vir] -> C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.


Time : 01/09/2012 19:48:38
--------------------------
[LaunchPad.exe.vir] -> C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.


Time : 01/09/2012 19:49:12
--------------------------
[LaunchPad.exe.vir] -> C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.


Time : 01/09/2012 19:57:51
--------------------------
[LaunchPad.exe.vir] -> C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.


Time : 01/09/2012 21:16:58
--------------------------


Time : 01/09/2012 21:25:50
--------------------------


Time : 05/09/2012 00:22:53
--------------------------


etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Mon 10 Sep 2012, 4:19 pm

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: [You must be registered and logged in to see this link.]
Blog: [You must be registered and logged in to see this link.]

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 09/01/2012 19:43:27

Bad processes : 1
[SUSP PATH] LaunchPad.exe -- C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe -> KILLED [TermProc]

Registry Entries : 2
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.) -> FOUND

Particular Files / Folders:

Driver : [LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD2500AAKS-22VSA0 +++++
--- User ---
[MBR] d1dd1b46542915a868a86177a5d1c98b
[BSP] dc1586e26c5e2a65ee56087b0c6cae52 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt




etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Mon 10 Sep 2012, 4:21 pm

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: [You must be registered and logged in to see this link.]
Blog: [You must be registered and logged in to see this link.]

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 09/05/2012 00:22:53

Bad processes : 0

Registry Entries : 0

Particular Files / Folders:

Driver : [LOADED]

Infection :

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD2500AAKS-22VSA0 +++++
--- User ---
[MBR] d1dd1b46542915a868a86177a5d1c98b
[BSP] dc1586e26c5e2a65ee56087b0c6cae52 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[7].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt

System is currently not connected to the internet.


etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by DragonMaster Jay on Tue 11 Sep 2012, 2:20 am

Why is this last MBAM log posted, when it's from 4/29/2010 8:29:14 AM ?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Most recent MBAM log

Post by etrdave on Tue 11 Sep 2012, 2:54 am

I posted the old one because it showed what was shown as infected. I have not updated MBAM in 5 days as I have disconnected pc from the internet. AVG is showing something that appears to be reinstallers.
MBAM is below:
Malwarebytes Anti-Malware 1.62.0.1300
[You must be registered and logged in to see this link.]

Database version: v2012.09.05.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OWNER-1EFEC9199 [administrator]

9/9/2012 10:11:28 PM
mbam-log-2012-09-09 (22-11-28).txt

Scan type: Full scan (A:\|C:\|E:\|F:\|G:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 376969
Time elapsed: 1 hour(s), 20 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Administrator\Desktop\RK_Quarantine\00000008.@.vir (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\RK_Quarantine\80000000.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by DragonMaster Jay on Tue 11 Sep 2012, 8:48 pm

Let's look over a couple more things, then honestly I believe this PC is very clean!

AdwCleaner Scan
Please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.



Please download aswMBR from here


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Shall I reconnect my pc to internet?

Post by etrdave on Wed 12 Sep 2012, 12:12 am

I am currently disconnected. I ran the first program from the desktop.
Report is below. I put aswMBR on a stick and copied it to desktop.
When I clicked on it, it says "This application can use the Avast Free Antivirus for scanning. It is recommended to download it for better detection results. Would you like to download latest Avast virus definitions?

This will require reconnecting, unless I just click NO.

Please advise if it is safe for me to reconnect pc to internet.

# AdwCleaner v2.000 - Logfile created 09/02/2012 at 14:40:28
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - OWNER-1EFEC9199
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Application Updater

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
File Found : C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
Folder Found : C:\Documents and Settings\Owner\Application Data\pdfforge

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\pdfforge
Key Found : HKCU\Software\Search Settings
Key Found : HKLM\Software\pdfforge
Key Found : HKLM\Software\Search Settings

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\18uaxcra.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\duw4v4k6.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1447 octets] - [02/09/2012 14:40:28]

########## EOF - C:\AdwCleaner[R1].txt - [1507 octets] ##########

etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Wed 12 Sep 2012, 1:10 am

I ran the aswMBR that I had saved to the desktop from my stick/not as downloaded with updates. Here are the results.
I am still waiting to hear if it is ok to reconnect the LAN cable to my pc.
Let me know if you'd like me to reconnect the LAN cable and then to
download aswMBR directly to the desktop, then to click on the YES button to update definitions and run it again.


Results follow:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-11 07:00:54
-----------------------------
07:00:54.906 OS Version: Windows 5.1.2600 Service Pack 3
07:00:54.906 Number of processors: 2 586 0x170A
07:00:54.906 ComputerName: OWNER-1EFEC9199 UserName: Owner
07:00:55.421 Initialize success
07:01:02.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
07:01:02.656 Disk 0 Vendor: WDC_WD2500AAKS-22VSA0 01.01B01 Size: 238475MB BusType: 3
07:01:02.687 Disk 0 MBR read successfully
07:01:02.687 Disk 0 MBR scan
07:01:02.687 Disk 0 Windows XP default MBR code
07:01:02.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
07:01:02.687 Disk 0 scanning sectors +488376000
07:01:02.734 Disk 0 scanning C:\WINDOWS\system32\drivers
07:01:07.343 Service scanning
07:01:16.593 Modules scanning
07:01:18.906 Disk 0 trace - called modules:
07:01:18.921 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:01:18.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b3abab8]
07:01:18.921 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000066[0x8b3b2f18]
07:01:18.921 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8b3add98]
07:01:18.921 Scan finished successfully
07:04:19.250 Disk 0 MBR has been saved successfully to "J:\Reports from Desktop Computer September 2012\New Folder\MBR.dat"
07:04:19.250 The log file has been saved successfully to "J:\Reports from Desktop Computer September 2012\New Folder\aswMBR.txt"



etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by DragonMaster Jay on Thu 13 Sep 2012, 4:27 am

Okie dokie. All clean!

Do this, and we'll be done:

AdwCleaner Fix

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Thu 13 Sep 2012, 1:29 pm

# AdwCleaner v2.000 - Logfile created 09/12/2012 at 18:53:22
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - OWNER-1EFEC9199
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

Deleted on reboot : C:\Program FilesC:\Program Files\Software
Deleted on reboot : C:\Program FilesC:\Program Files\Software
Folder Deleted : C:\Documents and Settings\Owner\Application Data\pdfforge

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\pdfforge
Key Deleted : HKLM\Software\Search Settings

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\18uaxcra.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\duw4v4k6.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1576 octets] - [02/09/2012 14:40:28]
AdwCleaner[R2].txt - [1636 octets] - [11/09/2012 05:26:26]
AdwCleaner[S1].txt - [1887 octets] - [12/09/2012 18:53:22]

########## EOF - C:\AdwCleaner[S1].txt - [1947 octets] ##########

etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Thu 13 Sep 2012, 3:10 pm

What about the files that MBAM has identified?
C:\RECYCLER, for example???
HKCR\CLSID....?

Can I empty AVG Virus Vault?
Currently holding 2 Malware, 1 corrupted Skype exe file, , an Unknown application/data exe, and 2 trojans.

And what about the things RK has quarantined?
SHALL I DELETE THEM?
Or, is there a reason for keeping launchpad.exe.vir???


etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Thu 13 Sep 2012, 6:33 pm

One more question...
when I open Windows Security Center,
Security Essentials will not open and I cannot
view firewall settings when I click on it.

Is that virus related or a registry problem caused
by ccleaner?

And, when connected to the internet, IE wasn't able to check updates...and I know there is a new update.

etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by DragonMaster Jay on Thu 13 Sep 2012, 9:26 pm

What c:\RECYCLER?

Yes, you can empty the quarantine and virus vault.

Please list all problems and error messages.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Fri 14 Sep 2012, 12:50 am

Recycler is listed as a zero access file.
Everything mbam shows is labelled either zeroaccess trojan or 0access file.

Windows does not allow the security center to start.
When I open it manually, security essentials are not available.

etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Fri 14 Sep 2012, 1:10 am

Due to an unidentified problem, Windows cannot display firewall settings.

etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Fri 14 Sep 2012, 1:27 am

I cannot connect to the internet as an administrator.
I have limited connectivity.
I can connect to the internet as a guest.
I cannot update Windows with the new service pack.

AVG Resident Shield shows Trojan horse Backdoor.Generic15.BYSQ in C:\Program Files\Malwarebytes Anti Malware\mbam.exe

etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Fri 14 Sep 2012, 1:28 am

That was found on 9/9. I don't know how Resident Shield works. The file is C:\system volume information\_restore ().ini

etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by DragonMaster Jay on Fri 14 Sep 2012, 9:16 pm

I wouldn't doubt the possibility that you keep reinfecting the computer.

Please delete the old copy of TDSSKiller, download a new copy, run a scan, and post a new log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Sat 15 Sep 2012, 1:24 am

Be aware that we still have all of the old system restore points on this pc.

We have not yet reconnected to the internet to run
ESET as we did with the Acer netbook.

Here is the TDSS log:
07:10:01.0703 2544 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
07:10:01.0718 2544 ============================================================
07:10:01.0718 2544 Current date / time: 2012/09/14 07:10:01.0718
07:10:01.0718 2544 SystemInfo:
07:10:01.0718 2544
07:10:01.0718 2544 OS Version: 5.1.2600 ServicePack: 3.0
07:10:01.0718 2544 Product type: Workstation
07:10:01.0718 2544 ComputerName: OWNER-1EFEC9199
07:10:01.0718 2544 UserName: Owner
07:10:01.0718 2544 Windows directory: C:\WINDOWS
07:10:01.0718 2544 System windows directory: C:\WINDOWS
07:10:01.0718 2544 Processor architecture: Intel x86
07:10:01.0718 2544 Number of processors: 2
07:10:01.0718 2544 Page size: 0x1000
07:10:01.0718 2544 Boot type: Normal boot
07:10:01.0718 2544 ============================================================
07:10:02.0984 2544 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:10:03.0000 2544 ============================================================
07:10:03.0000 2544 \Device\Harddisk0\DR0:
07:10:03.0000 2544 MBR partitions:
07:10:03.0000 2544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
07:10:03.0000 2544 ============================================================
07:10:03.0031 2544 C: <-> \Device\Harddisk0\DR0\Partition1
07:10:03.0031 2544 ============================================================
07:10:03.0031 2544 Initialize success
07:10:03.0031 2544 ============================================================
07:10:33.0203 4044 ============================================================
07:10:33.0203 4044 Scan started
07:10:33.0203 4044 Mode: Manual; SigCheck; TDLFS;
07:10:33.0203 4044 ============================================================
07:10:33.0328 4044 ================ Scan system memory ========================
07:10:33.0328 4044 System memory - ok
07:10:33.0328 4044 ================ Scan services =============================
07:10:33.0468 4044 Abiosdsk - ok
07:10:33.0468 4044 abp480n5 - ok
07:10:33.0593 4044 [ 769DB4F484957CC98153B3C1B5D1162F ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
07:10:33.0671 4044 ACDaemon - ok
07:10:33.0703 4044 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:10:33.0859 4044 ACPI - ok
07:10:33.0890 4044 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
07:10:33.0984 4044 ACPIEC - ok
07:10:34.0078 4044 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:10:34.0078 4044 AdobeFlashPlayerUpdateSvc - ok
07:10:34.0093 4044 adpu160m - ok
07:10:34.0093 4044 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
07:10:34.0156 4044 aec - ok
07:10:34.0187 4044 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
07:10:34.0187 4044 Afc - ok
07:10:34.0250 4044 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
07:10:34.0359 4044 AFD - ok
07:10:34.0375 4044 Aha154x - ok
07:10:34.0375 4044 aic78u2 - ok
07:10:34.0375 4044 aic78xx - ok
07:10:34.0390 4044 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
07:10:34.0484 4044 Alerter - ok
07:10:34.0500 4044 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
07:10:34.0546 4044 ALG - ok
07:10:34.0546 4044 AliIde - ok
07:10:34.0546 4044 amsint - ok
07:10:34.0546 4044 AppMgmt - ok
07:10:34.0562 4044 [ 35A6A419D7526F5CF824AFB23AFA08D6 ] ArcSoftKsUFilter C:\WINDOWS\system32\DRIVERS\ArcSoftKsUFilter.sys
07:10:34.0562 4044 ArcSoftKsUFilter - ok
07:10:34.0562 4044 asc - ok
07:10:34.0578 4044 asc3350p - ok
07:10:34.0578 4044 asc3550 - ok
07:10:34.0671 4044 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:10:34.0687 4044 aspnet_state - ok
07:10:34.0718 4044 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:10:34.0781 4044 AsyncMac - ok
07:10:34.0812 4044 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
07:10:34.0875 4044 atapi - ok
07:10:34.0875 4044 Atdisk - ok
07:10:34.0875 4044 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:10:34.0937 4044 Atmarpc - ok
07:10:34.0968 4044 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
07:10:35.0046 4044 AudioSrv - ok
07:10:35.0062 4044 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
07:10:35.0125 4044 audstub - ok
07:10:35.0593 4044 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
07:10:35.0750 4044 AVGIDSAgent - ok
07:10:35.0781 4044 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
07:10:35.0796 4044 AVGIDSDriver - ok
07:10:35.0828 4044 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
07:10:35.0828 4044 AVGIDSFilter - ok
07:10:35.0859 4044 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
07:10:35.0859 4044 AVGIDSHX - ok
07:10:35.0890 4044 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
07:10:35.0906 4044 AVGIDSShim - ok
07:10:35.0921 4044 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
07:10:35.0937 4044 Avgldx86 - ok
07:10:35.0953 4044 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
07:10:35.0968 4044 Avgmfx86 - ok
07:10:35.0968 4044 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
07:10:35.0984 4044 Avgrkx86 - ok
07:10:36.0015 4044 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
07:10:36.0031 4044 Avgtdix - ok
07:10:36.0078 4044 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
07:10:36.0093 4044 avgwd - ok
07:10:36.0140 4044 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:10:36.0203 4044 Beep - ok
07:10:36.0265 4044 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
07:10:36.0328 4044 Browser - ok
07:10:36.0343 4044 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
07:10:36.0437 4044 cbidf2k - ok
07:10:36.0468 4044 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:10:36.0562 4044 CCDECODE - ok
07:10:36.0562 4044 cd20xrnt - ok
07:10:36.0609 4044 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
07:10:36.0687 4044 Cdaudio - ok
07:10:36.0703 4044 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
07:10:36.0765 4044 Cdfs - ok
07:10:36.0796 4044 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:10:36.0859 4044 Cdrom - ok
07:10:36.0859 4044 Changer - ok
07:10:36.0890 4044 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
07:10:36.0953 4044 CiSvc - ok
07:10:36.0968 4044 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
07:10:37.0031 4044 ClipSrv - ok
07:10:37.0062 4044 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:10:37.0062 4044 clr_optimization_v2.0.50727_32 - ok
07:10:37.0125 4044 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:10:37.0140 4044 clr_optimization_v4.0.30319_32 - ok
07:10:37.0140 4044 CmdIde - ok
07:10:37.0140 4044 COMSysApp - ok
07:10:37.0140 4044 Cpqarray - ok
07:10:37.0203 4044 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
07:10:37.0265 4044 CryptSvc - ok
07:10:37.0281 4044 dac2w2k - ok
07:10:37.0281 4044 dac960nt - ok
07:10:37.0343 4044 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:10:37.0421 4044 DcomLaunch - ok
07:10:37.0484 4044 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
07:10:37.0562 4044 Dhcp - ok
07:10:37.0562 4044 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
07:10:37.0625 4044 Disk - ok
07:10:37.0625 4044 dmadmin - ok
07:10:37.0671 4044 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
07:10:37.0796 4044 dmboot - ok
07:10:37.0828 4044 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
07:10:37.0921 4044 dmio - ok
07:10:37.0953 4044 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
07:10:38.0015 4044 dmload - ok
07:10:38.0031 4044 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
07:10:38.0093 4044 dmserver - ok
07:10:38.0140 4044 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
07:10:38.0203 4044 DMusic - ok
07:10:38.0250 4044 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:10:38.0359 4044 Dnscache - ok
07:10:38.0375 4044 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
07:10:38.0437 4044 Dot3svc - ok
07:10:38.0437 4044 dpti2o - ok
07:10:38.0437 4044 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
07:10:38.0531 4044 drmkaud - ok
07:10:38.0562 4044 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:10:38.0625 4044 EapHost - ok
07:10:38.0656 4044 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
07:10:38.0718 4044 ERSvc - ok
07:10:38.0781 4044 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
07:10:38.0796 4044 Eventlog - ok
07:10:38.0859 4044 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
07:10:38.0906 4044 EventSystem - ok
07:10:38.0906 4044 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
07:10:39.0000 4044 Fastfat - ok
07:10:39.0046 4044 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:10:39.0093 4044 FastUserSwitchingCompatibility - ok
07:10:39.0125 4044 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
07:10:39.0187 4044 Fdc - ok
07:10:39.0203 4044 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
07:10:39.0265 4044 Fips - ok
07:10:39.0281 4044 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:10:39.0328 4044 Flpydisk - ok
07:10:39.0375 4044 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:10:39.0437 4044 FltMgr - ok
07:10:39.0468 4044 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:10:39.0468 4044 FontCache3.0.0.0 - ok
07:10:39.0484 4044 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:10:39.0562 4044 Fs_Rec - ok
07:10:39.0578 4044 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:10:39.0640 4044 Ftdisk - ok
07:10:39.0687 4044 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:10:39.0750 4044 Gpc - ok
07:10:39.0875 4044 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:10:39.0875 4044 gupdate - ok
07:10:39.0890 4044 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:10:39.0890 4044 gupdatem - ok
07:10:39.0937 4044 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:10:39.0937 4044 gusvc - ok
07:10:39.0968 4044 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:10:40.0031 4044 HDAudBus - ok
07:10:40.0093 4044 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:10:40.0156 4044 helpsvc - ok
07:10:40.0156 4044 HidServ - ok
07:10:40.0187 4044 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:10:40.0250 4044 HidUsb - ok
07:10:40.0265 4044 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
07:10:40.0328 4044 hkmsvc - ok
07:10:40.0343 4044 hpn - ok
07:10:40.0375 4044 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
07:10:40.0421 4044 HTTP - ok
07:10:40.0453 4044 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
07:10:40.0546 4044 HTTPFilter - ok
07:10:40.0546 4044 i2omgmt - ok
07:10:40.0546 4044 i2omp - ok
07:10:40.0562 4044 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:10:40.0640 4044 i8042prt - ok
07:10:40.0812 4044 [ CD32607F1CC8AC67224334AE123F7B98 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
07:10:41.0109 4044 ialm - ok
07:10:41.0156 4044 [ 16E441DC4DAF703FB0B0FE474830FF53 ] IcRecUsb C:\WINDOWS\system32\Drivers\IcRecUsb.sys
07:10:41.0203 4044 IcRecUsb - ok
07:10:41.0281 4044 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
07:10:41.0296 4044 IDriverT ( UnsignedFile.Multi.Generic ) - warning
07:10:41.0296 4044 IDriverT - detected UnsignedFile.Multi.Generic (1)
07:10:41.0359 4044 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:10:41.0390 4044 idsvc - ok
07:10:41.0390 4044 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
07:10:41.0453 4044 Imapi - ok
07:10:41.0500 4044 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
07:10:41.0578 4044 ImapiService - ok
07:10:41.0578 4044 ini910u - ok
07:10:41.0578 4044 IntelIde - ok
07:10:41.0593 4044 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:10:41.0656 4044 intelppm - ok
07:10:41.0750 4044 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
07:10:41.0750 4044 IntuitUpdateService - ok
07:10:41.0812 4044 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
07:10:41.0828 4044 IntuitUpdateServiceV4 - ok
07:10:41.0859 4044 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:10:41.0937 4044 Ip6Fw - ok
07:10:41.0968 4044 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:10:42.0031 4044 IpFilterDriver - ok
07:10:42.0046 4044 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:10:42.0140 4044 IpInIp - ok
07:10:42.0156 4044 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:10:42.0218 4044 IpNat - ok
07:10:42.0281 4044 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:10:42.0343 4044 IPSec - ok
07:10:42.0390 4044 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
07:10:42.0437 4044 IRENUM - ok
07:10:42.0500 4044 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:10:42.0562 4044 isapnp - ok
07:10:42.0640 4044 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
07:10:42.0640 4044 JavaQuickStarterService - ok
07:10:42.0671 4044 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:10:42.0734 4044 Kbdclass - ok
07:10:42.0765 4044 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
07:10:42.0828 4044 kmixer - ok
07:10:42.0859 4044 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
07:10:42.0953 4044 KSecDD - ok
07:10:42.0984 4044 [ 93E64BAB9DEE162CA0CA5258D132A047 ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
07:10:43.0031 4044 L1e - ok
07:10:43.0062 4044 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
07:10:43.0109 4044 LanmanServer - ok
07:10:43.0140 4044 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:10:43.0203 4044 lanmanworkstation - ok
07:10:43.0203 4044 lbrtfdc - ok
07:10:43.0281 4044 [ 31D8B705DCD5F2366186E731F87C7A71 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
07:10:43.0296 4044 LightScribeService - ok
07:10:43.0343 4044 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
07:10:43.0421 4044 LmHosts - ok
07:10:43.0453 4044 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
07:10:43.0515 4044 Messenger - ok
07:10:43.0562 4044 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
07:10:43.0625 4044 mnmdd - ok
07:10:43.0640 4044 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
07:10:43.0703 4044 mnmsrvc - ok
07:10:43.0734 4044 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
07:10:43.0796 4044 Modem - ok
07:10:43.0859 4044 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] monfilt C:\WINDOWS\system32\drivers\monfilt.sys
07:10:44.0000 4044 monfilt - ok
07:10:44.0046 4044 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:10:44.0125 4044 Mouclass - ok
07:10:44.0125 4044 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:10:44.0203 4044 mouhid - ok
07:10:44.0250 4044 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
07:10:44.0328 4044 MountMgr - ok
07:10:44.0375 4044 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:10:44.0390 4044 MozillaMaintenance - ok
07:10:44.0390 4044 mraid35x - ok
07:10:44.0390 4044 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:10:44.0453 4044 MRxDAV - ok
07:10:44.0500 4044 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:10:44.0546 4044 MRxSmb - ok
07:10:44.0562 4044 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
07:10:44.0625 4044 MSDTC - ok
07:10:44.0640 4044 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:10:44.0703 4044 Msfs - ok
07:10:44.0703 4044 MSIServer - ok
07:10:44.0703 4044 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:10:44.0765 4044 MSKSSRV - ok
07:10:44.0781 4044 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:10:44.0843 4044 MSPCLOCK - ok
07:10:44.0843 4044 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
07:10:44.0906 4044 MSPQM - ok
07:10:44.0937 4044 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:10:45.0000 4044 mssmbios - ok
07:10:45.0031 4044 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
07:10:45.0093 4044 MSTEE - ok
07:10:45.0140 4044 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
07:10:45.0171 4044 MTsensor - ok
07:10:45.0203 4044 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
07:10:45.0234 4044 Mup - ok
07:10:45.0265 4044 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:10:45.0359 4044 NABTSFEC - ok
07:10:45.0390 4044 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
07:10:45.0468 4044 napagent - ok
07:10:45.0500 4044 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
07:10:45.0562 4044 NDIS - ok
07:10:45.0593 4044 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:10:45.0656 4044 NdisIP - ok
07:10:45.0703 4044 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:10:45.0750 4044 NdisTapi - ok
07:10:45.0781 4044 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:10:45.0843 4044 Ndisuio - ok
07:10:45.0843 4044 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:10:45.0921 4044 NdisWan - ok
07:10:45.0953 4044 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
07:10:46.0015 4044 NDProxy - ok
07:10:46.0031 4044 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
07:10:46.0078 4044 NetBIOS - ok
07:10:46.0109 4044 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:10:46.0171 4044 NetBT - ok
07:10:46.0218 4044 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
07:10:46.0312 4044 NetDDE - ok
07:10:46.0312 4044 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
07:10:46.0375 4044 NetDDEdsdm - ok
07:10:46.0437 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
07:10:46.0500 4044 Netlogon - ok
07:10:46.0515 4044 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
07:10:46.0578 4044 Netman - ok
07:10:46.0625 4044 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:10:46.0625 4044 NetTcpPortSharing - ok
07:10:46.0671 4044 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
07:10:46.0687 4044 Nla - ok
07:10:46.0812 4044 [ DBB5F7B1A4F109CD7A1ABD3AC7A10D39 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
07:10:46.0828 4044 NMIndexingService - ok
07:10:46.0828 4044 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:10:46.0890 4044 Npfs - ok
07:10:46.0937 4044 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
07:10:47.0000 4044 Ntfs - ok
07:10:47.0000 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
07:10:47.0062 4044 NtLmSsp - ok
07:10:47.0093 4044 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
07:10:47.0156 4044 NtmsSvc - ok
07:10:47.0187 4044 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
07:10:47.0250 4044 Null - ok
07:10:47.0296 4044 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:10:47.0359 4044 NwlnkFlt - ok
07:10:47.0359 4044 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:10:47.0421 4044 NwlnkFwd - ok
07:10:47.0500 4044 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:10:47.0515 4044 ose - ok
07:10:47.0531 4044 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
07:10:47.0593 4044 Parport - ok
07:10:47.0609 4044 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
07:10:47.0656 4044 PartMgr - ok
07:10:47.0703 4044 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
07:10:47.0765 4044 ParVdm - ok
07:10:47.0828 4044 [ CC91E0E369DF4A052EBDD1EA86AF999B ] PcaSp50 C:\WINDOWS\system32\DRIVERS\PcaSp50.sys
07:10:47.0859 4044 PcaSp50 ( UnsignedFile.Multi.Generic ) - warning
07:10:47.0859 4044 PcaSp50 - detected UnsignedFile.Multi.Generic (1)
07:10:47.0875 4044 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
07:10:47.0937 4044 PCI - ok
07:10:47.0953 4044 PCIDump - ok
07:10:47.0953 4044 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
07:10:48.0015 4044 PCIIde - ok
07:10:48.0015 4044 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
07:10:48.0078 4044 Pcmcia - ok
07:10:48.0093 4044 PDCOMP - ok
07:10:48.0093 4044 PDFRAME - ok
07:10:48.0093 4044 PDRELI - ok
07:10:48.0093 4044 PDRFRAME - ok
07:10:48.0093 4044 perc2 - ok
07:10:48.0093 4044 perc2hib - ok
07:10:48.0125 4044 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
07:10:48.0140 4044 PlugPlay - ok
07:10:48.0140 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
07:10:48.0203 4044 PolicyAgent - ok
07:10:48.0218 4044 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:10:48.0281 4044 PptpMiniport - ok
07:10:48.0281 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:10:48.0343 4044 ProtectedStorage - ok
07:10:48.0359 4044 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
07:10:48.0421 4044 PSched - ok
07:10:48.0421 4044 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:10:48.0484 4044 Ptilink - ok
07:10:48.0500 4044 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:10:48.0515 4044 PxHelp20 - ok
07:10:48.0546 4044 [ FDDD1AEB9F81EF1E6E48AE1EDC2A97D6 ] QCDonner C:\WINDOWS\system32\DRIVERS\OVCD.sys
07:10:48.0593 4044 QCDonner - ok
07:10:48.0609 4044 ql1080 - ok
07:10:48.0609 4044 Ql10wnt - ok
07:10:48.0609 4044 ql12160 - ok
07:10:48.0609 4044 ql1240 - ok
07:10:48.0609 4044 ql1280 - ok
07:10:48.0625 4044 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:10:48.0671 4044 RasAcd - ok
07:10:48.0718 4044 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:10:48.0781 4044 RasAuto - ok
07:10:48.0812 4044 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:10:48.0859 4044 Rasl2tp - ok
07:10:48.0890 4044 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
07:10:48.0953 4044 RasMan - ok
07:10:48.0953 4044 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:10:49.0015 4044 RasPppoe - ok
07:10:49.0015 4044 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
07:10:49.0078 4044 Raspti - ok
07:10:49.0125 4044 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:10:49.0187 4044 Rdbss - ok
07:10:49.0187 4044 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:10:49.0250 4044 RDPCDD - ok
07:10:49.0296 4044 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
07:10:49.0328 4044 RDPWD - ok
07:10:49.0343 4044 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
07:10:49.0406 4044 RDSessMgr - ok
07:10:49.0421 4044 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
07:10:49.0484 4044 redbook - ok
07:10:49.0515 4044 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:10:49.0578 4044 RemoteAccess - ok
07:10:49.0578 4044 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
07:10:49.0640 4044 RpcLocator - ok
07:10:49.0703 4044 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
07:10:49.0718 4044 RpcSs - ok
07:10:49.0781 4044 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
07:10:49.0843 4044 RSVP - ok
07:10:49.0843 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
07:10:49.0906 4044 SamSs - ok
07:10:49.0921 4044 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
07:10:50.0015 4044 SCardSvr - ok
07:10:50.0078 4044 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:10:50.0140 4044 Schedule - ok
07:10:50.0171 4044 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:10:50.0234 4044 Secdrv - ok
07:10:50.0281 4044 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
07:10:50.0343 4044 seclogon - ok
07:10:50.0359 4044 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
07:10:50.0437 4044 SENS - ok
07:10:50.0437 4044 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
07:10:50.0500 4044 serenum - ok
07:10:50.0500 4044 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
07:10:50.0562 4044 Serial - ok
07:10:50.0578 4044 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
07:10:50.0640 4044 Sfloppy - ok
07:10:50.0703 4044 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:10:50.0718 4044 ShellHWDetection - ok
07:10:50.0718 4044 Simbad - ok
07:10:50.0968 4044 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
07:10:51.0046 4044 Skype C2C Service - ok
07:10:51.0156 4044 [ DB0405D9AAD62F0762E0876AC142B7E1 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
07:10:51.0156 4044 SkypeUpdate - ok
07:10:51.0203 4044 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
07:10:51.0265 4044 SLIP - ok
07:10:51.0265 4044 Sparrow - ok
07:10:51.0296 4044 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
07:10:51.0375 4044 splitter - ok
07:10:51.0406 4044 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
07:10:51.0406 4044 Spooler - ok
07:10:51.0437 4044 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
07:10:51.0484 4044 sr - ok
07:10:51.0500 4044 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
07:10:51.0531 4044 srservice - ok
07:10:51.0546 4044 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:10:51.0625 4044 Srv - ok
07:10:51.0656 4044 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:10:51.0718 4044 SSDPSRV - ok
07:10:51.0750 4044 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
07:10:51.0828 4044 stisvc - ok
07:10:51.0828 4044 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:10:51.0906 4044 streamip - ok
07:10:51.0921 4044 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
07:10:52.0000 4044 swenum - ok
07:10:52.0000 4044 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
07:10:52.0062 4044 swmidi - ok
07:10:52.0062 4044 SwPrv - ok
07:10:52.0062 4044 symc810 - ok
07:10:52.0062 4044 symc8xx - ok
07:10:52.0078 4044 sym_hi - ok
07:10:52.0078 4044 sym_u3 - ok
07:10:52.0093 4044 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
07:10:52.0140 4044 sysaudio - ok
07:10:52.0171 4044 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
07:10:52.0265 4044 SysmonLog - ok
07:10:52.0296 4044 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:10:52.0359 4044 TapiSrv - ok
07:10:52.0406 4044 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:10:52.0437 4044 Tcpip - ok
07:10:52.0484 4044 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
07:10:52.0546 4044 TDPIPE - ok
07:10:52.0562 4044 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
07:10:52.0640 4044 TDTCP - ok
07:10:52.0703 4044 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
07:10:52.0781 4044 TermDD - ok
07:10:52.0828 4044 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
07:10:52.0890 4044 TermService - ok
07:10:52.0921 4044 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
07:10:52.0921 4044 Themes - ok
07:10:52.0937 4044 TosIde - ok
07:10:52.0984 4044 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
07:10:53.0046 4044 TrkWks - ok
07:10:53.0078 4044 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
07:10:53.0140 4044 Udfs - ok
07:10:53.0156 4044 ultra - ok
07:10:53.0171 4044 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
07:10:53.0234 4044 Update - ok
07:10:53.0281 4044 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
07:10:53.0328 4044 upnphost - ok
07:10:53.0359 4044 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
07:10:53.0421 4044 UPS - ok
07:10:53.0453 4044 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
07:10:53.0531 4044 usbaudio - ok
07:10:53.0578 4044 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:10:53.0640 4044 usbccgp - ok
07:10:53.0703 4044 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:10:53.0765 4044 usbehci - ok
07:10:53.0812 4044 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:10:53.0875 4044 usbhub - ok
07:10:53.0906 4044 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:10:54.0000 4044 usbscan - ok
07:10:54.0031 4044 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:10:54.0125 4044 USBSTOR - ok
07:10:54.0140 4044 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:10:54.0187 4044 usbuhci - ok
07:10:54.0218 4044 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
07:10:54.0281 4044 usbvideo - ok
07:10:54.0296 4044 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
07:10:54.0375 4044 VgaSave - ok
07:10:54.0437 4044 [ 51B24990850076F659D1D1DAEFBED6F1 ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
07:10:54.0531 4044 VIAHdAudAddService - ok
07:10:54.0531 4044 ViaIde - ok
07:10:54.0546 4044 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
07:10:54.0609 4044 VolSnap - ok
07:10:54.0640 4044 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
07:10:54.0671 4044 VSS - ok
07:10:54.0734 4044 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
07:10:54.0781 4044 W32Time - ok
07:10:54.0828 4044 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:10:54.0890 4044 Wanarp - ok
07:10:54.0890 4044 WDICA - ok
07:10:54.0906 4044 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
07:10:54.0968 4044 wdmaud - ok
07:10:54.0984 4044 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
07:10:55.0046 4044 WebClient - ok
07:10:55.0156 4044 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:10:55.0218 4044 winmgmt - ok
07:10:55.0265 4044 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
07:10:55.0296 4044 WmdmPmSN - ok
07:10:55.0359 4044 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:10:55.0437 4044 WmiApSrv - ok
07:10:55.0546 4044 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
07:10:55.0578 4044 WMPNetworkSvc - ok
07:10:55.0703 4044 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:10:55.0734 4044 WPFFontCache_v0400 - ok
07:10:55.0765 4044 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:10:55.0843 4044 WSTCODEC - ok
07:10:55.0890 4044 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:10:55.0953 4044 WudfPf - ok
07:10:55.0953 4044 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:10:55.0968 4044 WudfRd - ok
07:10:55.0984 4044 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
07:10:56.0000 4044 WudfSvc - ok
07:10:56.0031 4044 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
07:10:56.0109 4044 WZCSVC - ok
07:10:56.0125 4044 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
07:10:56.0203 4044 xmlprov - ok
07:10:56.0203 4044 ================ Scan global ===============================
07:10:56.0265 4044 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
07:10:56.0328 4044 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:10:56.0328 4044 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:10:56.0343 4044 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
07:10:56.0343 4044 [Global] - ok
07:10:56.0343 4044 ================ Scan MBR ==================================
07:10:56.0375 4044 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
07:10:56.0640 4044 \Device\Harddisk0\DR0 - ok
07:10:56.0640 4044 ================ Scan VBR ==================================
07:10:56.0640 4044 [ 0A2DC48A81E4668FF5F279776514A3EC ] \Device\Harddisk0\DR0\Partition1
07:10:56.0640 4044 \Device\Harddisk0\DR0\Partition1 - ok
07:10:56.0640 4044 ============================================================
07:10:56.0640 4044 Scan finished
07:10:56.0640 4044 ============================================================
07:10:56.0734 3140 Detected object count: 2
07:10:56.0734 3140 Actual detected object count: 2
07:11:49.0343 3140 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
07:11:49.0343 3140 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:11:49.0343 3140 PcaSp50 ( UnsignedFile.Multi.Generic ) - skipped by user
07:11:49.0343 3140 PcaSp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:13:17.0531 2276 Deinitialize success

etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by DragonMaster Jay on Sat 15 Sep 2012, 4:27 am

Okay. Clear a few things up here...

1. The Acer Netbook is fine now?

2. Are the same issues on this other computer you're showing me logs for now?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Sat 15 Sep 2012, 12:48 pm

The Acer netbook APPEARS to be fine. I am able to update and run AVG, Spybot,
and Malwarebytes. It let me update Windows to the new security pack.
I need to know which HOST files to download from the website you provided...I'm not sure if I need to
download more than one file from there.

I think the pc is still infected. It had more of a problem than the Acer did. I can't get in
to change firewall settings.
The logs I sent yesterday and today are from the pc,
which is still not connected to the internet.

etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Sat 15 Sep 2012, 4:33 pm

I had tried to start a new thread for the pc the other day, but it ended up in the trash incinerator.

etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by etrdave on Sat 15 Sep 2012, 5:53 pm

This is today's Security Check log for the pc:
Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG 2012
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
JavaFX 2.1.1
Java 7 Update 7
Adobe Flash Player 11.3.300.271
Adobe Reader X (10.1.4)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````

etrdave

Newbie Surfer
Newbie Surfer

Posts : 40
Joined : 2012-09-02
Operating System : xp home edition 2002 sp3

View user profile

Back to top Go down

Re: OTL and Extra - pasted and attached

Post by Sponsored content Today at 7:41 pm


Sponsored content


Back to top Go down

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum