HELP!!!

View previous topic View next topic Go down

HELP!!!

Post by Deejay kace on Fri Nov 30, 2012 2:57 pm

Hey guys, im brand new here, didnt read any rules because Im stressing out REAL bad about what is going on with my laptop, Im going to try explain as best I can, the urgency in the message is due to the fact that I cant access files I need to use for my job NOW

someone plugged in a flash into my comp and i transferred some files. im guessing this is how I got the virus.

Next, my folder icons changed from the windows 7 standard to resemble those of xp, and opening them would open a new window. I got an antivirus to scan the folders and remove what it says were trojans, but now the folders are gone. The files are still there (can see by the discspace) and even when I show hidden files I cant seem to see these folders. To be clear, these folders were on my external harddrive.

Also, on my browser (firefox) new windows keep opening to some ipad or other promotion, so it must be a virus or malware, I just dont know what to do. Kaspersky is currently running a scan (downloaded it after this happend, was inbetween trials) but it isnt really helping, and the file icons are still missing

also, I could be wrong, but I think this thing is taking up disc space, though I dont know how or if that was just another issue of disc space seemingly disapearing (this now on the C: directory).

PLEASE HELP and tell me what I can do ASAP, I am kind of panicking like crazy. Many internets in return Sad tearing

Deejay kace
Novice
Novice

Posts Posts : 12
Joined Joined : 2012-11-30
OS OS : Windows 7 Ultimate
Points Points : 14838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP!!!

Post by Gabethebabe on Fri Nov 30, 2012 3:13 pm

Hi there Deejay kace and welcome to GeekPolice!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

Please download OTL by OldTimer from [You must be registered and logged in to see this link.] and save it to your desktop.
  • Close all windows and double click OTL.exe.
  • The Extra Registry setting should be Use Safelist
  • Copy and paste the following text into the Custom Scans/Fixes box:

Code:
%APPDATA%\Microsoft\*.*
%systemroot%\system32\config\systemprofile\*.dat /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\winn32\*.*
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\TinyProxy.
%systemroot%\system32\*.* /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.* /lockedfiles
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
user32.dll
services.exe
svchost.exe
userinit.exe
wininit.exe
winlogon.exe
atapi.sys
iastor.sys
ndis.sys
volsnap.sys
*.xpi
/md5stop
CREATERESTOREPOINT
hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
hkcu\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
hklm\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
  • Click the Run Scan button and allow it to run.
  • It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  • You may need multiple posts to get it all.

====================

  • Download TDSSKiller by Kaspersky from [You must be registered and logged in to see this link.] and save it to your desktop
  • Doubleclick TDSSKiller.exe to run the tool
  • Click Change parameters
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button
  • If threats are detected, you will need to choose options before clicking Continue
  • For Suspicious objects choose the Skip action
  • For Malicious objects choose the Cure action. If Cure is not available, choose Skip instead, never choose Delete.
  • Click the Report button and copy/paste the contents of it into your next reply
  • The report can also be found in the root of your Windows drive (most likely C:\).


Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38218
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP!!!

Post by Deejay kace on Fri Nov 30, 2012 3:22 pm

18:18:04.0158 3456 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:18:04.0728 3456 ============================================================
18:18:04.0728 3456 Current date / time: 2012/11/30 18:18:04.0728
18:18:04.0728 3456 SystemInfo:
18:18:04.0728 3456
18:18:04.0728 3456 OS Version: 6.1.7600 ServicePack: 0.0
18:18:04.0728 3456 Product type: Workstation
18:18:04.0728 3456 ComputerName: AMANI-PC
18:18:04.0728 3456 UserName: Amani
18:18:04.0728 3456 Windows directory: C:\Windows
18:18:04.0728 3456 System windows directory: C:\Windows
18:18:04.0728 3456 Processor architecture: Intel x86
18:18:04.0728 3456 Number of processors: 2
18:18:04.0728 3456 Page size: 0x1000
18:18:04.0728 3456 Boot type: Normal boot
18:18:04.0728 3456 ============================================================
18:18:06.0658 3456 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:18:06.0668 3456 Drive \Device\Harddisk1\DR1 - Size: 0x7470C05E00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:18:06.0968 3456 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1115E00 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:18:06.0998 3456 ============================================================
18:18:06.0998 3456 \Device\Harddisk0\DR0:
18:18:07.0018 3456 MBR partitions:
18:18:07.0018 3456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:18:07.0018 3456 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x9C0E000
18:18:07.0018 3456 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x9C40800, BlocksNum 0x4353000
18:18:07.0018 3456 \Device\Harddisk1\DR1:
18:18:07.0018 3456 MBR partitions:
18:18:07.0018 3456 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
18:18:07.0018 3456 \Device\Harddisk2\DR2:
18:18:07.0028 3456 MBR partitions:
18:18:07.0028 3456 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
18:18:07.0028 3456 ============================================================
18:18:07.0108 3456 C: <-> \Device\Harddisk0\DR0\Partition2
18:18:07.0328 3456 D: <-> \Device\Harddisk0\DR0\Partition3
18:18:07.0418 3456 F: <-> \Device\Harddisk1\DR1\Partition1
18:18:07.0458 3456 G: <-> \Device\Harddisk2\DR2\Partition1
18:18:07.0458 3456 ============================================================
18:18:07.0458 3456 Initialize success
18:18:07.0458 3456 ============================================================
18:19:05.0848 1532 ============================================================
18:19:05.0848 1532 Scan started
18:19:05.0848 1532 Mode: Manual; SigCheck; TDLFS;
18:19:05.0848 1532 ============================================================
18:19:07.0408 1532 ================ Scan system memory ========================
18:19:07.0408 1532 System memory - ok
18:19:07.0408 1532 ================ Scan services =============================
18:19:07.0918 1532 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
18:19:08.0188 1532 1394ohci - ok
18:19:08.0238 1532 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
18:19:08.0288 1532 ACPI - ok
18:19:08.0338 1532 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
18:19:08.0388 1532 AcpiPmi - ok
18:19:08.0548 1532 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:19:08.0578 1532 AdobeARMservice - ok
18:19:08.0728 1532 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:19:08.0758 1532 AdobeFlashPlayerUpdateSvc - ok
18:19:08.0838 1532 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:19:08.0878 1532 adp94xx - ok
18:19:08.0938 1532 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:19:08.0978 1532 adpahci - ok
18:19:08.0988 1532 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:19:09.0018 1532 adpu320 - ok
18:19:09.0068 1532 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:19:09.0168 1532 AeLookupSvc - ok
18:19:09.0278 1532 [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD C:\Windows\system32\drivers\afd.sys
18:19:09.0458 1532 AFD - ok
18:19:09.0488 1532 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
18:19:09.0508 1532 agp440 - ok
18:19:09.0538 1532 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
18:19:09.0558 1532 aic78xx - ok
18:19:09.0608 1532 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
18:19:09.0688 1532 ALG - ok
18:19:09.0748 1532 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
18:19:09.0768 1532 aliide - ok
18:19:09.0818 1532 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
18:19:09.0838 1532 amdagp - ok
18:19:09.0848 1532 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
18:19:09.0878 1532 amdide - ok
18:19:09.0898 1532 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:19:09.0938 1532 AmdK8 - ok
18:19:09.0948 1532 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:19:10.0058 1532 AmdPPM - ok
18:19:10.0098 1532 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
18:19:10.0118 1532 amdsata - ok
18:19:10.0138 1532 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:19:10.0168 1532 amdsbs - ok
18:19:10.0178 1532 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
18:19:10.0198 1532 amdxata - ok
18:19:10.0228 1532 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
18:19:10.0358 1532 AppID - ok
18:19:10.0388 1532 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:19:10.0438 1532 AppIDSvc - ok
18:19:10.0468 1532 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
18:19:10.0538 1532 Appinfo - ok
18:19:10.0588 1532 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
18:19:10.0618 1532 AppMgmt - ok
18:19:10.0658 1532 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:19:10.0698 1532 arc - ok
18:19:10.0708 1532 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:19:10.0728 1532 arcsas - ok
18:19:10.0768 1532 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:19:10.0818 1532 AsyncMac - ok
18:19:10.0848 1532 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
18:19:10.0858 1532 atapi - ok
18:19:10.0908 1532 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:19:10.0978 1532 AudioEndpointBuilder - ok
18:19:11.0018 1532 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:19:11.0078 1532 Audiosrv - ok
18:19:11.0268 1532 [ F1CA8ED683D6945EFDC4492AB60B1460 ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
18:19:11.0308 1532 AVP - ok
18:19:11.0358 1532 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:19:11.0408 1532 AxInstSV - ok
18:19:11.0458 1532 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
18:19:11.0558 1532 b06bdrv - ok
18:19:11.0598 1532 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:19:11.0628 1532 b57nd60x - ok
18:19:11.0678 1532 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:19:11.0708 1532 BDESVC - ok
18:19:11.0728 1532 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:19:11.0828 1532 Beep - ok
18:19:11.0908 1532 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
18:19:11.0988 1532 BFE - ok
18:19:12.0038 1532 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
18:19:12.0148 1532 BITS - ok
18:19:12.0168 1532 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:19:12.0208 1532 blbdrive - ok
18:19:12.0238 1532 [ FCAFAEF6798D7B51FF029F99A9898961 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:19:12.0338 1532 bowser - ok
18:19:12.0348 1532 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:19:12.0388 1532 BrFiltLo - ok
18:19:12.0418 1532 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:19:12.0458 1532 BrFiltUp - ok
18:19:12.0488 1532 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
18:19:12.0538 1532 Browser - ok
18:19:12.0608 1532 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:19:12.0648 1532 Brserid - ok
18:19:12.0658 1532 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:19:12.0718 1532 BrSerWdm - ok
18:19:12.0728 1532 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:19:12.0808 1532 BrUsbMdm - ok
18:19:12.0808 1532 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:19:12.0848 1532 BrUsbSer - ok
18:19:12.0858 1532 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:19:12.0898 1532 BTHMODEM - ok
18:19:12.0948 1532 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:19:13.0028 1532 bthserv - ok
18:19:13.0088 1532 [ AB6E3EB5C419F4671F9181FC93022091 ] Bulk C:\Windows\system32\Drivers\HDJBulk.sys
18:19:13.0118 1532 Bulk - ok
18:19:13.0158 1532 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:19:13.0228 1532 cdfs - ok
18:19:13.0278 1532 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:19:13.0318 1532 cdrom - ok
18:19:13.0368 1532 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
18:19:13.0428 1532 CertPropSvc - ok
18:19:13.0458 1532 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:19:13.0488 1532 circlass - ok
18:19:13.0518 1532 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:19:13.0548 1532 CLFS - ok
18:19:13.0728 1532 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:19:13.0738 1532 clr_optimization_v2.0.50727_32 - ok
18:19:13.0798 1532 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:19:13.0818 1532 CmBatt - ok
18:19:13.0828 1532 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
18:19:13.0848 1532 cmdide - ok
18:19:13.0868 1532 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys
18:19:13.0918 1532 CNG - ok
18:19:13.0938 1532 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:19:13.0958 1532 Compbatt - ok
18:19:13.0968 1532 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:19:13.0998 1532 CompositeBus - ok
18:19:14.0028 1532 COMSysApp - ok
18:19:14.0058 1532 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:19:14.0068 1532 crcdisk - ok
18:19:14.0118 1532 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:19:14.0168 1532 CryptSvc - ok
18:19:14.0218 1532 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
18:19:14.0268 1532 CSC - ok
18:19:14.0308 1532 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
18:19:14.0368 1532 CscService - ok
18:19:14.0408 1532 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
18:19:14.0478 1532 DcomLaunch - ok
18:19:14.0518 1532 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:19:14.0578 1532 defragsvc - ok
18:19:14.0608 1532 [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:19:14.0678 1532 DfsC - ok
18:19:14.0738 1532 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:19:14.0768 1532 Dhcp - ok
18:19:14.0818 1532 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:19:14.0878 1532 discache - ok
18:19:14.0908 1532 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:19:14.0928 1532 Disk - ok
18:19:14.0958 1532 [ D0722E963D3C6145446874241401B209 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:19:15.0018 1532 Dnscache - ok
18:19:15.0048 1532 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
18:19:15.0118 1532 dot3svc - ok
18:19:15.0128 1532 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
18:19:15.0228 1532 DPS - ok
18:19:15.0268 1532 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:19:15.0328 1532 drmkaud - ok
18:19:15.0388 1532 [ 39806CFEDDCC55E686A49BCCD2972F23 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:19:15.0468 1532 DXGKrnl - ok
18:19:15.0498 1532 [ 20DE769B84960606D8DBB2AEC123021A ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
18:19:15.0548 1532 E100B - ok
18:19:15.0578 1532 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:19:15.0638 1532 EapHost - ok
18:19:15.0808 1532 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
18:19:16.0048 1532 ebdrv - ok
18:19:16.0098 1532 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe
18:19:16.0128 1532 EFS - ok
18:19:16.0208 1532 [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:19:16.0338 1532 ehRecvr - ok
18:19:16.0348 1532 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
18:19:16.0438 1532 ehSched - ok
18:19:16.0508 1532 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:19:16.0548 1532 elxstor - ok
18:19:16.0558 1532 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
18:19:16.0588 1532 ErrDev - ok
18:19:16.0658 1532 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:19:16.0758 1532 EventSystem - ok
18:19:16.0788 1532 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:19:16.0838 1532 exfat - ok
18:19:16.0868 1532 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:19:16.0928 1532 fastfat - ok
18:19:16.0978 1532 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
18:19:17.0028 1532 Fax - ok
18:19:17.0048 1532 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:19:17.0088 1532 fdc - ok
18:19:17.0128 1532 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:19:17.0188 1532 fdPHost - ok
18:19:17.0198 1532 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:19:17.0278 1532 FDResPub - ok
18:19:17.0338 1532 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:19:17.0358 1532 FileInfo - ok
18:19:17.0368 1532 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:19:17.0408 1532 Filetrace - ok
18:19:17.0418 1532 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:19:17.0468 1532 flpydisk - ok
18:19:17.0488 1532 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:19:17.0518 1532 FltMgr - ok
18:19:17.0578 1532 [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache C:\Windows\system32\FntCache.dll
18:19:17.0688 1532 FontCache - ok
18:19:17.0738 1532 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:19:17.0758 1532 FontCache3.0.0.0 - ok
18:19:17.0798 1532 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:19:17.0808 1532 FsDepends - ok
18:19:17.0838 1532 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:19:17.0858 1532 Fs_Rec - ok
18:19:17.0878 1532 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:19:17.0908 1532 fvevol - ok
18:19:17.0928 1532 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:19:17.0948 1532 gagp30kx - ok
18:19:17.0998 1532 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
18:19:18.0068 1532 gpsvc - ok
18:19:18.0098 1532 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:19:18.0138 1532 hcw85cir - ok
18:19:18.0178 1532 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:19:18.0278 1532 HdAudAddService - ok
18:19:18.0368 1532 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:19:18.0418 1532 HDAudBus - ok
18:19:18.0508 1532 [ 149D6E6DB20FE17C1EECF222294F60E3 ] HDJAsioK C:\Windows\system32\Drivers\HDJAsioK.sys
18:19:18.0548 1532 HDJAsioK - ok
18:19:18.0608 1532 [ 2EBF0234B5BE8B51DABC9EAF250182A7 ] HDJMidi C:\Windows\system32\DRIVERS\HDJMidi.sys
18:19:18.0628 1532 HDJMidi - ok
18:19:18.0858 1532 [ 0533F6C618DC146DC2A3572FE2F589A5 ] HerculesDJControlMP3 C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE
18:19:18.0868 1532 HerculesDJControlMP3 ( UnsignedFile.Multi.Generic ) - warning
18:19:18.0868 1532 HerculesDJControlMP3 - detected UnsignedFile.Multi.Generic (1)
18:19:18.0888 1532 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:19:18.0928 1532 HidBatt - ok
18:19:18.0938 1532 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:19:18.0988 1532 HidBth - ok
18:19:19.0008 1532 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:19:19.0038 1532 HidIr - ok
18:19:19.0068 1532 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
18:19:19.0128 1532 hidserv - ok
18:19:19.0178 1532 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:19:19.0218 1532 HidUsb - ok
18:19:19.0258 1532 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:19:19.0318 1532 hkmsvc - ok
18:19:19.0338 1532 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:19:19.0368 1532 HomeGroupListener - ok
18:19:19.0408 1532 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:19:19.0448 1532 HomeGroupProvider - ok
18:19:19.0488 1532 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
18:19:19.0508 1532 HpSAMD - ok
18:19:19.0538 1532 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:19:19.0608 1532 HTTP - ok
18:19:19.0618 1532 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:19:19.0638 1532 hwpolicy - ok
18:19:19.0678 1532 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:19:19.0718 1532 i8042prt - ok
18:19:19.0738 1532 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
18:19:19.0758 1532 iaStorV - ok
18:19:19.0858 1532 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:19:19.0928 1532 idsvc - ok
18:19:20.0138 1532 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:19:20.0538 1532 igfx - ok
18:19:20.0588 1532 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:19:20.0618 1532 iirsp - ok
18:19:20.0678 1532 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
18:19:20.0758 1532 IKEEXT - ok
18:19:20.0778 1532 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
18:19:20.0798 1532 intelide - ok
18:19:20.0818 1532 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:19:20.0848 1532 intelppm - ok
18:19:20.0888 1532 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:19:20.0938 1532 IPBusEnum - ok
18:19:20.0948 1532 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:19:21.0028 1532 IpFilterDriver - ok
18:19:21.0088 1532 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:19:21.0158 1532 iphlpsvc - ok
18:19:21.0188 1532 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:19:21.0208 1532 IPMIDRV - ok
18:19:21.0228 1532 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:19:21.0288 1532 IPNAT - ok
18:19:21.0308 1532 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:19:21.0338 1532 IRENUM - ok
18:19:21.0348 1532 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
18:19:21.0368 1532 isapnp - ok
18:19:21.0388 1532 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:19:21.0408 1532 iScsiPrt - ok
18:19:21.0428 1532 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:19:21.0448 1532 kbdclass - ok
18:19:21.0498 1532 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:19:21.0548 1532 kbdhid - ok
18:19:21.0568 1532 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe
18:19:21.0598 1532 KeyIso - ok
18:19:21.0648 1532 [ EA26CB00F83686856F2C79673C00C686 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
18:19:21.0668 1532 kl1 - ok
18:19:21.0778 1532 [ 654BDF113971B6DFAEA21D5554EBF5F6 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
18:19:21.0818 1532 KLIF - ok
18:19:21.0878 1532 [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
18:19:21.0888 1532 KLIM6 - ok
18:19:21.0938 1532 [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
18:19:22.0008 1532 klkbdflt - ok
18:19:22.0048 1532 [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
18:19:22.0108 1532 klmouflt - ok
18:19:22.0138 1532 [ B20DB17BC4E54B78EAB16D15B058E75B ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
18:19:22.0148 1532 kltdi - ok
18:19:22.0228 1532 [ 71A38C123600172511C26BFABD0EF579 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
18:19:22.0268 1532 kneps - ok
18:19:22.0308 1532 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:19:22.0328 1532 KSecDD - ok
18:19:22.0338 1532 [ 26C046977E85B95036453D7B88BA1820 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:19:22.0358 1532 KSecPkg - ok
18:19:22.0398 1532 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:19:22.0448 1532 KtmRm - ok
18:19:22.0498 1532 [ BCA92CB047A4326925ECEF759DBAA233 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:19:22.0568 1532 LanmanServer - ok
18:19:22.0608 1532 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation

Deejay kace
Novice
Novice

Posts Posts : 12
Joined Joined : 2012-11-30
OS OS : Windows 7 Ultimate
Points Points : 14838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP!!!

Post by Deejay kace on Fri Nov 30, 2012 3:25 pm

C:\Windows\System32\wkssvc.dll
18:19:22.0658 1532 LanmanWorkstation - ok
18:19:22.0728 1532 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:19:22.0778 1532 lltdio - ok
18:19:22.0828 1532 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:19:22.0878 1532 lltdsvc - ok
18:19:22.0888 1532 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:19:22.0948 1532 lmhosts - ok
18:19:22.0998 1532 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:19:23.0028 1532 LSI_FC - ok
18:19:23.0058 1532 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:19:23.0078 1532 LSI_SAS - ok
18:19:23.0098 1532 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:19:23.0118 1532 LSI_SAS2 - ok
18:19:23.0178 1532 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:19:23.0188 1532 LSI_SCSI - ok
18:19:23.0198 1532 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:19:23.0288 1532 luafv - ok
18:19:23.0308 1532 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:19:23.0358 1532 Mcx2Svc - ok
18:19:23.0448 1532 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
18:19:23.0498 1532 MDM ( UnsignedFile.Multi.Generic ) - warning
18:19:23.0498 1532 MDM - detected UnsignedFile.Multi.Generic (1)
18:19:23.0558 1532 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:19:23.0568 1532 megasas - ok
18:19:23.0598 1532 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:19:23.0628 1532 MegaSR - ok
18:19:23.0718 1532 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:19:23.0788 1532 MMCSS - ok
18:19:23.0798 1532 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:19:23.0868 1532 Modem - ok
18:19:23.0898 1532 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:19:23.0938 1532 monitor - ok
18:19:23.0948 1532 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:19:23.0968 1532 mouclass - ok
18:19:23.0978 1532 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:19:24.0048 1532 mouhid - ok
18:19:24.0058 1532 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:19:24.0078 1532 mountmgr - ok
18:19:24.0148 1532 [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:19:24.0168 1532 MozillaMaintenance - ok
18:19:24.0198 1532 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
18:19:24.0218 1532 mpio - ok
18:19:24.0238 1532 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:19:24.0298 1532 mpsdrv - ok
18:19:24.0338 1532 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
18:19:24.0418 1532 MpsSvc - ok
18:19:24.0428 1532 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:19:24.0448 1532 MRxDAV - ok
18:19:24.0458 1532 [ F4A054BE78AF7F410129C4B64B07DC9B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:19:24.0548 1532 mrxsmb - ok
18:19:24.0588 1532 [ DEFFA295BD1895C6ED8E3078412AC60B ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:19:24.0648 1532 mrxsmb10 - ok
18:19:24.0658 1532 [ 24D76ABE5DCAD22F19D105F76FDF0CE1 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:19:24.0718 1532 mrxsmb20 - ok
18:19:24.0768 1532 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
18:19:24.0788 1532 msahci - ok
18:19:24.0808 1532 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
18:19:24.0828 1532 msdsm - ok
18:19:24.0848 1532 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:19:24.0898 1532 MSDTC - ok
18:19:24.0928 1532 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:19:24.0978 1532 Msfs - ok
18:19:24.0998 1532 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:19:25.0088 1532 mshidkmdf - ok
18:19:25.0088 1532 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
18:19:25.0128 1532 msisadrv - ok
18:19:25.0168 1532 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:19:25.0308 1532 MSiSCSI - ok
18:19:25.0328 1532 msiserver - ok
18:19:25.0368 1532 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:19:25.0408 1532 MSKSSRV - ok
18:19:25.0428 1532 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:19:25.0498 1532 MSPCLOCK - ok
18:19:25.0518 1532 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:19:25.0568 1532 MSPQM - ok
18:19:25.0598 1532 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:19:25.0618 1532 MsRPC - ok
18:19:25.0638 1532 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:19:25.0658 1532 mssmbios - ok
18:19:25.0688 1532 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:19:25.0748 1532 MSTEE - ok
18:19:25.0758 1532 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:19:25.0798 1532 MTConfig - ok
18:19:25.0808 1532 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:19:25.0828 1532 Mup - ok
18:19:25.0868 1532 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
18:19:25.0938 1532 napagent - ok
18:19:26.0008 1532 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:19:26.0058 1532 NativeWifiP - ok
18:19:26.0098 1532 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:19:26.0148 1532 NDIS - ok
18:19:26.0188 1532 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:19:26.0228 1532 NdisCap - ok
18:19:26.0248 1532 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:19:26.0308 1532 NdisTapi - ok
18:19:26.0338 1532 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:19:26.0388 1532 Ndisuio - ok
18:19:26.0398 1532 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:19:26.0448 1532 NdisWan - ok
18:19:26.0458 1532 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:19:26.0548 1532 NDProxy - ok
18:19:26.0558 1532 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:19:26.0608 1532 NetBIOS - ok
18:19:26.0618 1532 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:19:26.0678 1532 NetBT - ok
18:19:26.0698 1532 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe
18:19:26.0728 1532 Netlogon - ok
18:19:26.0808 1532 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:19:26.0878 1532 Netman - ok
18:19:26.0898 1532 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:19:26.0958 1532 netprofm - ok
18:19:26.0988 1532 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:19:26.0998 1532 NetTcpPortSharing - ok
18:19:27.0178 1532 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
18:19:27.0448 1532 netw5v32 - ok
18:19:27.0488 1532 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:19:27.0508 1532 nfrd960 - ok
18:19:27.0558 1532 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
18:19:27.0678 1532 NlaSvc - ok
18:19:27.0688 1532 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:19:27.0738 1532 Npfs - ok
18:19:27.0768 1532 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:19:27.0828 1532 nsi - ok
18:19:27.0848 1532 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:19:27.0908 1532 nsiproxy - ok
18:19:27.0958 1532 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:19:28.0048 1532 Ntfs - ok
18:19:28.0068 1532 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:19:28.0128 1532 Null - ok
18:19:28.0138 1532 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
18:19:28.0158 1532 nvraid - ok
18:19:28.0188 1532 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
18:19:28.0208 1532 nvstor - ok
18:19:28.0228 1532 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
18:19:28.0248 1532 nv_agp - ok
18:19:28.0328 1532 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:19:28.0358 1532 odserv - ok
18:19:28.0378 1532 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:19:28.0408 1532 ohci1394 - ok
18:19:28.0478 1532 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:19:28.0498 1532 ose - ok
18:19:28.0548 1532 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:19:28.0588 1532 p2pimsvc - ok
18:19:28.0738 1532 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:19:28.0888 1532 p2psvc - ok
18:19:28.0948 1532 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:19:28.0968 1532 Parport - ok
18:19:28.0978 1532 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:19:28.0998 1532 partmgr - ok
18:19:29.0038 1532 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:19:29.0068 1532 Parvdm - ok
18:19:29.0078 1532 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:19:29.0118 1532 PcaSvc - ok
18:19:29.0138 1532 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
18:19:29.0158 1532 pci - ok
18:19:29.0178 1532 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:19:29.0198 1532 pciide - ok
18:19:29.0228 1532 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:19:29.0248 1532 pcmcia - ok
18:19:29.0258 1532 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:19:29.0278 1532 pcw - ok
18:19:29.0308 1532 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:19:29.0408 1532 PEAUTH - ok
18:19:29.0488 1532 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:19:29.0578 1532 PeerDistSvc - ok
18:19:29.0718 1532 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
18:19:29.0858 1532 pla - ok
18:19:29.0908 1532 [ 2CC2008F1296968FBA162ED9F9AFE328 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:19:30.0138 1532 PlugPlay - ok
18:19:30.0148 1532 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:19:30.0188 1532 PNRPAutoReg - ok
18:19:30.0198 1532 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:19:30.0228 1532 PNRPsvc - ok
18:19:30.0278 1532 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:19:30.0348 1532 PolicyAgent - ok
18:19:30.0398 1532 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
18:19:30.0458 1532 Power - ok
18:19:30.0508 1532 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:19:30.0588 1532 PptpMiniport - ok
18:19:30.0608 1532 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:19:30.0638 1532 Processor - ok
18:19:30.0688 1532 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
18:19:30.0748 1532 ProfSvc - ok
18:19:30.0808 1532 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:19:30.0828 1532 ProtectedStorage - ok
18:19:30.0858 1532 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:19:30.0948 1532 Psched - ok
18:19:31.0038 1532 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:19:31.0118 1532 ql2300 - ok
18:19:31.0128 1532 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:19:31.0148 1532 ql40xx - ok
18:19:31.0178 1532 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:19:31.0218 1532 QWAVE - ok
18:19:31.0238 1532 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:19:31.0258 1532 QWAVEdrv - ok
18:19:31.0278 1532 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:19:31.0338 1532 RasAcd - ok
18:19:31.0368 1532 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:19:31.0438 1532 RasAgileVpn - ok
18:19:31.0468 1532 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:19:31.0518 1532 RasAuto - ok
18:19:31.0548 1532 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:19:31.0628 1532 Rasl2tp - ok
18:19:31.0688 1532 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
18:19:31.0758 1532 RasMan - ok
18:19:31.0808 1532 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:19:31.0848 1532 RasPppoe - ok
18:19:31.0868 1532 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:19:31.0968 1532 RasSstp - ok
18:19:31.0988 1532 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:19:32.0138 1532 rdbss - ok
18:19:32.0228 1532 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:19:32.0258 1532 rdpbus - ok
18:19:32.0278 1532 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:19:32.0318 1532 RDPCDD - ok
18:19:32.0358 1532 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:19:32.0398 1532 RDPDR - ok
18:19:32.0448 1532 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:19:32.0498 1532 RDPENCDD - ok
18:19:32.0508 1532 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:19:32.0608 1532 RDPREFMP - ok
18:19:32.0648 1532 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:19:32.0698 1532 RDPWD - ok
18:19:32.0738 1532 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:19:32.0768 1532 rdyboost - ok
18:19:32.0818 1532 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:19:32.0898 1532 RemoteAccess - ok
18:19:32.0938 1532 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:19:32.0998 1532 RemoteRegistry - ok
18:19:33.0038 1532 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:19:33.0158 1532 RpcEptMapper - ok
18:19:33.0208 1532 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:19:33.0248 1532 RpcLocator - ok
18:19:33.0278 1532 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
18:19:33.0328 1532 RpcSs - ok
18:19:33.0398 1532 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:19:33.0448 1532 rspndr - ok
18:19:33.0478 1532 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
18:19:33.0498 1532 s3cap - ok
18:19:33.0518 1532 [ F42309C4191C506B71DB5D1126D26318 ] SamSs

Deejay kace
Novice
Novice

Posts Posts : 12
Joined Joined : 2012-11-30
OS OS : Windows 7 Ultimate
Points Points : 14838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP!!!

Post by Deejay kace on Fri Nov 30, 2012 3:26 pm

C:\Windows\system32\lsass.exe
18:19:33.0548 1532 SamSs - ok
18:19:33.0588 1532 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
18:19:33.0608 1532 sbp2port - ok
18:19:33.0648 1532 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:19:33.0718 1532 SCardSvr - ok
18:19:33.0728 1532 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:19:33.0808 1532 scfilter - ok
18:19:33.0868 1532 [ 3E8B0C453E25613A1F59762A5C42AA75 ] Schedule C:\Windows\system32\schedsvc.dll
18:19:34.0028 1532 Schedule - ok
18:19:34.0068 1532 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:19:34.0148 1532 SCPolicySvc - ok
18:19:34.0228 1532 [ 7B48CFF3A475FE849DEA65EC4D35C425 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
18:19:34.0268 1532 sdbus - ok
18:19:34.0298 1532 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:19:34.0348 1532 SDRSVC - ok
18:19:34.0408 1532 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:19:34.0468 1532 secdrv - ok
18:19:34.0488 1532 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:19:34.0548 1532 seclogon - ok
18:19:34.0588 1532 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
18:19:34.0678 1532 SENS - ok
18:19:34.0718 1532 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:19:34.0788 1532 SensrSvc - ok
18:19:34.0848 1532 [ 5E28961C1C26C01F2D9C9256AA194E85 ] SeratoUsb C:\Windows\system32\Drivers\SeratoUsb.sys
18:19:34.0898 1532 SeratoUsb - ok
18:19:34.0928 1532 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:19:34.0958 1532 Serenum - ok
18:19:34.0968 1532 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:19:35.0008 1532 Serial - ok
18:19:35.0018 1532 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:19:35.0058 1532 sermouse - ok
18:19:35.0138 1532 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
18:19:35.0228 1532 SessionEnv - ok
18:19:35.0258 1532 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
18:19:35.0308 1532 sffdisk - ok
18:19:35.0328 1532 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:19:35.0368 1532 sffp_mmc - ok
18:19:35.0378 1532 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
18:19:35.0418 1532 sffp_sd - ok
18:19:35.0448 1532 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:19:35.0518 1532 sfloppy - ok
18:19:35.0718 1532 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:19:35.0868 1532 SharedAccess - ok
18:19:35.0938 1532 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:19:36.0068 1532 ShellHWDetection - ok
18:19:36.0098 1532 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
18:19:36.0138 1532 sisagp - ok
18:19:36.0188 1532 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:19:36.0218 1532 SiSRaid2 - ok
18:19:36.0338 1532 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:19:36.0398 1532 SiSRaid4 - ok
18:19:36.0438 1532 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:19:36.0548 1532 Smb - ok
18:19:36.0608 1532 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:19:36.0648 1532 SNMPTRAP - ok
18:19:36.0708 1532 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:19:36.0738 1532 spldr - ok
18:19:36.0828 1532 [ 49B6DD6AB3715B7A67965F17194E98A9 ] Spooler C:\Windows\System32\spoolsv.exe
18:19:36.0888 1532 Spooler - ok
18:19:37.0088 1532 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
18:19:37.0208 1532 sppsvc - ok
18:19:37.0248 1532 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:19:37.0338 1532 sppuinotify - ok
18:19:37.0418 1532 [ 2BA4EBC7DFBA845A1EDBE1F75913BE33 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:19:37.0498 1532 srv - ok
18:19:37.0518 1532 [ DCE7E10FEAABD4CAE95948B3DE5340BB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:19:37.0588 1532 srv2 - ok
18:19:37.0638 1532 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:19:37.0668 1532 SrvHsfHDA - ok
18:19:37.0758 1532 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
18:19:37.0858 1532 SrvHsfV92 - ok
18:19:37.0898 1532 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
18:19:37.0968 1532 SrvHsfWinac - ok
18:19:37.0978 1532 [ B5665BAA2120B8A54E22E9CD07C05106 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:19:38.0038 1532 srvnet - ok
18:19:38.0068 1532 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:19:38.0138 1532 SSDPSRV - ok
18:19:38.0148 1532 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:19:38.0218 1532 SstpSvc - ok
18:19:38.0248 1532 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:19:38.0268 1532 stexstor - ok
18:19:38.0328 1532 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
18:19:38.0378 1532 StiSvc - ok
18:19:38.0408 1532 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
18:19:38.0438 1532 storflt - ok
18:19:38.0448 1532 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
18:19:38.0468 1532 storvsc - ok
18:19:38.0498 1532 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:19:38.0518 1532 swenum - ok
18:19:38.0588 1532 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:19:38.0658 1532 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
18:19:38.0658 1532 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
18:19:38.0708 1532 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:19:38.0828 1532 swprv - ok
18:19:38.0888 1532 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
18:19:39.0068 1532 SysMain - ok
18:19:39.0108 1532 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:19:39.0168 1532 TabletInputService - ok
18:19:39.0208 1532 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
18:19:39.0458 1532 TapiSrv - ok
18:19:39.0468 1532 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:19:39.0558 1532 TBS - ok
18:19:39.0708 1532 [ 2CC3D75488ABD3EC628BBB9A4FC84EFC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:19:39.0828 1532 Tcpip - ok
18:19:39.0908 1532 [ 2CC3D75488ABD3EC628BBB9A4FC84EFC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:19:39.0988 1532 TCPIP6 - ok
18:19:40.0018 1532 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:19:40.0098 1532 tcpipreg - ok
18:19:40.0148 1532 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:19:40.0208 1532 TDPIPE - ok
18:19:40.0218 1532 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:19:40.0478 1532 TDTCP - ok
18:19:40.0518 1532 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:19:40.0628 1532 tdx - ok
18:19:40.0648 1532 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:19:40.0668 1532 TermDD - ok
18:19:40.0728 1532 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
18:19:40.0808 1532 TermService - ok
18:19:40.0838 1532 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
18:19:40.0888 1532 Themes - ok
18:19:40.0908 1532 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:19:40.0968 1532 THREADORDER - ok
18:19:41.0018 1532 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:19:41.0098 1532 TrkWks - ok
18:19:41.0178 1532 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:19:41.0208 1532 TrustedInstaller - ok
18:19:41.0248 1532 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:19:41.0328 1532 tssecsrv - ok
18:19:41.0348 1532 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:19:41.0418 1532 tunnel - ok
18:19:41.0448 1532 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:19:41.0468 1532 uagp35 - ok
18:19:41.0498 1532 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:19:41.0668 1532 udfs - ok
18:19:41.0728 1532 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:19:41.0928 1532 UI0Detect - ok
18:19:41.0978 1532 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
18:19:42.0038 1532 uliagpkx - ok
18:19:42.0068 1532 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:19:42.0148 1532 umbus - ok
18:19:42.0158 1532 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:19:42.0218 1532 UmPass - ok
18:19:42.0278 1532 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
18:19:42.0318 1532 UmRdpService - ok
18:19:42.0368 1532 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:19:42.0418 1532 upnphost - ok
18:19:42.0468 1532 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:19:42.0508 1532 usbaudio - ok
18:19:42.0538 1532 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:19:42.0568 1532 usbccgp - ok
18:19:42.0588 1532 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
18:19:42.0628 1532 usbcir - ok
18:19:42.0638 1532 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:19:42.0678 1532 usbehci - ok
18:19:42.0718 1532 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:19:42.0758 1532 usbhub - ok
18:19:42.0788 1532 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:19:42.0818 1532 usbohci - ok
18:19:42.0838 1532 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:19:42.0868 1532 usbprint - ok
18:19:42.0888 1532 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:19:42.0928 1532 USBSTOR - ok
18:19:42.0958 1532 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:19:42.0998 1532 usbuhci - ok
18:19:43.0028 1532 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:19:43.0088 1532 UxSms - ok
18:19:43.0168 1532 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe
18:19:43.0218 1532 VaultSvc - ok
18:19:43.0268 1532 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
18:19:43.0308 1532 vdrvroot - ok
18:19:43.0388 1532 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
18:19:43.0458 1532 vds - ok
18:19:43.0508 1532 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:19:43.0538 1532 vga - ok
18:19:43.0568 1532 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:19:43.0618 1532 VgaSave - ok
18:19:43.0638 1532 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
18:19:43.0658 1532 vhdmp - ok
18:19:43.0688 1532 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
18:19:43.0708 1532 viaagp - ok
18:19:43.0718 1532 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
18:19:43.0788 1532 ViaC7 - ok
18:19:43.0808 1532 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
18:19:43.0858 1532 viaide - ok
18:19:43.0948 1532 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
18:19:43.0968 1532 vmbus - ok
18:19:43.0968 1532 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
18:19:44.0018 1532 VMBusHID - ok
18:19:44.0058 1532 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
18:19:44.0078 1532 volmgr - ok
18:19:44.0158 1532 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:19:44.0218 1532 volmgrx - ok
18:19:44.0288 1532 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
18:19:44.0308 1532 volsnap - ok
18:19:44.0368 1532 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:19:44.0388 1532 vsmraid - ok
18:19:44.0458 1532 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
18:19:44.0578 1532 VSS - ok
18:19:44.0608 1532 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:19:44.0668 1532 vwifibus - ok
18:19:44.0698 1532 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:19:44.0828 1532 W32Time - ok
18:19:44.0878 1532 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:19:44.0938 1532 WacomPen - ok
18:19:44.0998 1532 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:19:45.0118 1532 WANARP - ok
18:19:45.0148 1532 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:19:45.0248 1532 Wanarpv6 - ok
18:19:45.0358 1532 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:19:45.0358 1532 Suspicious file (NoAccess): C:\Windows\system32\Wat\WatAdminSvc.exe. md5: 353A04C273EC58475D8633E75CCD5604
18:19:45.0368 1532 WatAdminSvc ( LockedFile.Multi.Generic ) - warning
18:19:45.0368 1532 WatAdminSvc - detected LockedFile.Multi.Generic (1)
18:19:45.0438 1532 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
18:19:45.0558 1532 wbengine - ok
18:19:45.0588 1532 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:19:45.0818 1532 WbioSrvc - ok
18:19:45.0878 1532 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:19:45.0978 1532 wcncsvc - ok
18:19:46.0008 1532 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:19:46.0058 1532 WcsPlugInService - ok
18:19:46.0098 1532 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:19:46.0128 1532 Wd - ok
18:19:46.0158 1532 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:19:46.0218 1532 Wdf01000 - ok
18:19:46.0258 1532 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:19:46.0318 1532 WdiServiceHost - ok
18:19:46.0338 1532 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:19:46.0388 1532 WdiSystemHost - ok
18:19:46.0408 1532 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll
18:19:46.0458 1532 WebClient - ok
18:19:46.0478 1532 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:19:46.0568 1532 Wecsvc - ok
18:19:46.0588 1532 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:19:46.0678 1532 wercplsupport - ok
18:19:46.0708 1532 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:19:46.0798 1532 WerSvc - ok
18:19:46.0838 1532 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:19:46.0958 1532 WfpLwf - ok
18:19:46.0998 1532 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:19:47.0038 1532 WIMMount - ok
18:19:47.0118 1532 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:19:47.0208 1532 WinDefend - ok
18:19:47.0228 1532 WinHttpAutoProxySvc - ok
18:19:47.0388 1532 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:19:47.0608 1532 Winmgmt - ok
18:19:47.0898 1532 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
18:19:48.0168 1532 WinRM - ok
18:19:48.0258 1532 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:19:48.0448 1532 Wlansvc - ok
18:19:48.0488 1532 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:19:48.0568 1532 WmiAcpi - ok
18:19:48.0628 1532 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:19:48.0668 1532 wmiApSrv - ok
18:19:48.0788 1532 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:19:48.0928 1532 WMPNetworkSvc - ok
18:19:48.0958 1532 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:19:49.0008 1532 WPCSvc - ok
18:19:49.0018 1532 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:19:49.0058 1532 WPDBusEnum - ok
18:19:49.0088 1532 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:19:49.0158 1532 ws2ifsl - ok
18:19:49.0238 1532 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
18:19:49.0778 1532 wscsvc - ok
18:19:49.0808 1532 WSearch - ok
18:19:50.0258 1532 [ A33408CC036F9C08142B11BE5E93F0A1 ] wuauserv C:\Windows\system32\wuaueng.dll
18:19:50.0588 1532 wuauserv - ok
18:19:50.0688 1532 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:19:50.0878 1532 WudfPf - ok
18:19:50.0948 1532 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:19:51.0098 1532 WUDFRd - ok
18:19:51.0128 1532 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:19:51.0208 1532 wudfsvc - ok
18:19:51.0238 1532 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:19:51.0318 1532 WwanSvc - ok
18:19:51.0388 1532 ================ Scan global ===============================
18:19:51.0448 1532 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
18:19:51.0488 1532 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
18:19:51.0518 1532 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
18:19:51.0568 1532 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:19:51.0608 1532 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:19:51.0628 1532 [Global] - ok
18:19:51.0628 1532 ================ Scan MBR ==================================
18:19:51.0658 1532 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:19:52.0758 1532 \Device\Harddisk0\DR0 - ok
18:19:52.0778 1532 [ 180DBDE3AF7EA48B3DB3AC27B1DDF401 ] \Device\Harddisk1\DR1
18:19:52.0998 1532 \Device\Harddisk1\DR1 - ok
18:19:53.0008 1532 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
18:19:53.0158 1532 \Device\Harddisk2\DR2 - ok
18:19:53.0158 1532 ================ Scan VBR ==================================
18:19:53.0178 1532 [ 30BB791A6FB075DF0CFB72859AD9D479 ] \Device\Harddisk0\DR0\Partition1
18:19:53.0178 1532 \Device\Harddisk0\DR0\Partition1 - ok
18:19:53.0198 1532 [ 5C124ADE6423C02D3A9BE6AEFAD26492 ] \Device\Harddisk0\DR0\Partition2
18:19:53.0198 1532 \Device\Harddisk0\DR0\Partition2 - ok
18:19:53.0238 1532 [ DD2654322B1BF13E5F574785B9772EAF ] \Device\Harddisk0\DR0\Partition3
18:19:53.0248 1532 \Device\Harddisk0\DR0\Partition3 - ok
18:19:53.0248 1532 [ F8EF4FA9F9A6D68EF71E4152DE19E02B ] \Device\Harddisk1\DR1\Partition1
18:19:53.0258 1532 \Device\Harddisk1\DR1\Partition1 - ok
18:19:53.0268 1532 [ 96BA39D7B599D66E968C92713F8DB9CC ] \Device\Harddisk2\DR2\Partition1
18:19:53.0278 1532 \Device\Harddisk2\DR2\Partition1 - ok
18:19:53.0278 1532 ============================================================
18:19:53.0278 1532 Scan finished
18:19:53.0278 1532 ============================================================
18:19:53.0328 0388 Detected object count: 4
18:19:53.0328 0388 Actual detected object count: 4
18:20:40.0028 0388 HerculesDJControlMP3 ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:40.0028 0388 HerculesDJControlMP3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:40.0028 0388 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:40.0028 0388 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:40.0048 0388 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:40.0048 0388 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:40.0058 0388 WatAdminSvc ( LockedFile.Multi.Generic ) - skipped by user
18:20:40.0058 0388 WatAdminSvc ( LockedFile.Multi.Generic ) - User select action: Skip

Deejay kace
Novice
Novice

Posts Posts : 12
Joined Joined : 2012-11-30
OS OS : Windows 7 Ultimate
Points Points : 14838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP!!!

Post by Deejay kace on Fri Nov 30, 2012 3:31 pm

Thats from Kaspersky, OTL seems to have stopped working :/

Deejay kace
Novice
Novice

Posts Posts : 12
Joined Joined : 2012-11-30
OS OS : Windows 7 Ultimate
Points Points : 14838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP!!!

Post by Deejay kace on Fri Nov 30, 2012 3:38 pm

OTL Extras logfile created on: 11/30/2012 6:16:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amani\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 33.88% Memory free
3.98 Gb Paging File | 2.62 Gb Available in Paging File | 65.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.03 Gb Total Space | 6.49 Gb Free Space | 8.32% Space Free | Partition Type: NTFS
Drive D: | 33.66 Gb Total Space | 11.13 Gb Free Space | 33.06% Space Free | Partition Type: NTFS
Drive F: | 465.65 Gb Total Space | 429.88 Gb Free Space | 92.32% Space Free | Partition Type: FAT32
Drive G: | 1863.01 Gb Total Space | 1725.36 Gb Free Space | 92.61% Space Free | Partition Type: NTFS

Computer Name: AMANI-PC | User Name: Amani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0510898D-7207-4AAF-8F59-5E553A91BE3D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F4F10DF-CAB9-479E-B72A-2A630C51E8CA}" = rport=138 | protocol=17 | dir=out | app=system |
"{36C70909-73C2-49DB-9D8D-334CF63DA31E}" = rport=139 | protocol=6 | dir=out | app=system |
"{3DFB24CA-D06C-4613-AEBA-E485D63327E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4297074E-B39F-403E-B625-90161D41DEB3}" = lport=138 | protocol=17 | dir=in | app=system |
"{49185583-52AD-4B9E-A20C-DE594F5B8D11}" = lport=445 | protocol=6 | dir=in | app=system |
"{7400BE01-4C47-476E-AA12-514C56DA54C4}" = rport=445 | protocol=6 | dir=out | app=system |
"{97E61201-0385-48C7-ADAC-1B6D21793E68}" = lport=137 | protocol=17 | dir=in | app=system |
"{9891BE19-0EA8-473A-B6A6-73B01E0EB08F}" = rport=137 | protocol=17 | dir=out | app=system |
"{AFDC6D84-55BA-4A8C-815C-8C6112D7AE82}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C58C4E64-EC08-4512-BF2D-A5B9FA846AB4}" = lport=139 | protocol=6 | dir=in | app=system |
"{CDD76D11-A99A-490C-BFCB-848A25B69340}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D34320BA-0892-486F-8F98-C6F52507D424}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0754B85E-CF5C-43FF-AA5E-91AE3F385EA0}" = dir=out | app=%programfiles%\adobe\adobe photoshop cs5\photoshop.exe |
"{2BC32946-6984-4C23-B522-C9CC52B7F7C4}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4E396598-AFCF-417C-ADF3-E8CA017B0772}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5B5789E3-1476-4265-B85A-8A1D166E2EBE}" = protocol=17 | dir=in | app=g:\cnet2_usb_asio_zip.exe |
"{7C90CF44-6422-4055-81DD-287E7DC03F49}" = dir=in | app=%programfiles%\virtualdj\virtualdj_pro.exe |
"{8B0FE97B-5B3E-42CC-94CF-28B7D085E46D}" = protocol=6 | dir=in | app=g:\cnet2_usb_asio_zip.exe |
"{945E6147-EEBA-4303-A8A8-556D33E6F2C1}" = dir=out | app=%programfiles%\virtualdj\virtualdj_pro.exe |
"{A0A25C84-E211-4C3C-AB81-E678054BF3F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B26D8FC8-90C8-4549-8533-7E256A71BC8E}" = dir=in | app=%programfiles%\adobe\adobe photoshop cs5\photoshop.exe |
"{CBEB28F8-A014-4286-9705-E14E7C709A1E}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F3F3E436-9E8C-4C1A-8265-67DC8EA88882}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F4161D2A-8A8F-43C5-87EC-A1CFED7EB2C7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{306C4404-240E-42BC-B95E-D6C6D7697DA6}" = Scratch Live 2.3.3 (18)
"{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{56D00E87-45BA-4146-AB6E-21D7DFDF136A}" =
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E8178AD9-8146-4752-A006-A972CB9EDB8E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{28D35F0B-E32F-4926-8E67-03B027A31A97}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{28D35F0B-E32F-4926-8E67-03B027A31A97}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{28D35F0B-E32F-4926-8E67-03B027A31A97}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{28D35F0B-E32F-4926-8E67-03B027A31A97}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{28D35F0B-E32F-4926-8E67-03B027A31A97}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{28D35F0B-E32F-4926-8E67-03B027A31A97}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{DFA3D010-7486-49A4-B926-DE6D5CCCD7BA}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{2017B6D6-D85A-4492-83D8-86ADAD606350}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{E4638990-BE6C-4DFF-A855-8E1B0DEA8E4C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{28D35F0B-E32F-4926-8E67-03B027A31A97}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{4E5233AD-9B61-4EBE-80F7-9BFCDA29B0D7}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{4E5233AD-9B61-4EBE-80F7-9BFCDA29B0D7}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{28D35F0B-E32F-4926-8E67-03B027A31A97}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"ASIO4ALL" = ASIO4ALL
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Mozilla Firefox 17.0 (x86 en-US)" = Mozilla Firefox 17.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROPLUS" = Microsoft Office Professional Plus 2007
"uTorrent" = µTorrent
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/29/2012 3:14:15 AM | Computer Name = Amani-PC | Source = MsiInstaller | ID = 11711
Description =

Error - 10/30/2012 3:44:12 PM | Computer Name = Amani-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 11/16/2012 4:13:44 AM | Computer Name = Amani-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ScratchLive.exe, version: 2.3.3.7, time
stamp: 0x4edc2f6f Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0002fc47 Faulting process
id: 0x307dc Faulting application start time: 0x01cdc3d19992fb73 Faulting application
path: C:\Program Files\Serato\ScratchLIVE\ScratchLive.exe Faulting module path:
C:\Windows\SYSTEM32\ntdll.dll Report Id: 899263ec-2fc5-11e2-8404-001b24834ddf

Error - 11/16/2012 7:55:46 AM | Computer Name = Amani-PC | Source = Application Hang | ID = 1002
Description = The program ScratchLive.exe version 2.3.3.7 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 31c94 Start
Time: 01cdc3d24e207f7e Termination Time: 741 Application Path: C:\Program Files\Serato\ScratchLIVE\ScratchLive.exe

Report
Id: 77254000-2fe4-11e2-8404-001b24834ddf

Error - 11/30/2012 9:24:43 AM | Computer Name = Amani-PC | Source = System Restore | ID = 8193
Description =

Error - 11/30/2012 9:25:13 AM | Computer Name = Amani-PC | Source = System Restore | ID = 8193
Description =

Error - 11/30/2012 9:25:51 AM | Computer Name = Amani-PC | Source = System Restore | ID = 8193
Description =

Error - 11/30/2012 9:26:11 AM | Computer Name = Amani-PC | Source = System Restore | ID = 8193
Description =

Error - 11/30/2012 9:26:52 AM | Computer Name = Amani-PC | Source = System Restore | ID = 8193
Description =

Error - 11/30/2012 9:27:07 AM | Computer Name = Amani-PC | Source = System Restore | ID = 8193
Description =

[ OSession Events ]
Error - 9/7/2012 6:54:10 AM | Computer Name = Amani-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6416.1000, Microsoft Office Version: 12.0.6416.1000. This session lasted 927
seconds with 540 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/23/2012 6:19:20 PM | Computer Name = Amani-PC | Source = Bulk | ID = 458775
Description = Device failed cont reader callback, status:status:c0000001, usbsStatus:0.

Error - 11/24/2012 12:19:32 AM | Computer Name = Amani-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 11/26/2012 10:58:58 PM | Computer Name = Amani-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 11/27/2012 10:17:05 AM | Computer Name = Amani-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 11/27/2012 4:53:47 PM | Computer Name = Amani-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WinDefend service.

Error - 11/29/2012 5:34:06 AM | Computer Name = Amani-PC | Source = DCOM | ID = 10010
Description =

Error - 11/30/2012 8:56:33 AM | Computer Name = Amani-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:54:52 PM on ?11/?30/?2012 was unexpected.

Error - 11/30/2012 9:03:25 AM | Computer Name = Amani-PC | Source = Bulk | ID = 458775
Description = Device failed cont reader callback, status:status:c0000001, usbsStatus:0.

Error - 11/30/2012 9:06:55 AM | Computer Name = Amani-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 11/30/2012 10:22:29 AM | Computer Name = Amani-PC | Source = DCOM | ID = 10000
Description =


< End of report >

Deejay kace
Novice
Novice

Posts Posts : 12
Joined Joined : 2012-11-30
OS OS : Windows 7 Ultimate
Points Points : 14838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP!!!

Post by Deejay kace on Fri Nov 30, 2012 3:39 pm

OTL logfile created on: 11/30/2012 6:16:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amani\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 33.88% Memory free
3.98 Gb Paging File | 2.62 Gb Available in Paging File | 65.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.03 Gb Total Space | 6.49 Gb Free Space | 8.32% Space Free | Partition Type: NTFS
Drive D: | 33.66 Gb Total Space | 11.13 Gb Free Space | 33.06% Space Free | Partition Type: NTFS
Drive F: | 465.65 Gb Total Space | 429.88 Gb Free Space | 92.32% Space Free | Partition Type: FAT32
Drive G: | 1863.01 Gb Total Space | 1725.36 Gb Free Space | 92.61% Space Free | Partition Type: NTFS

Computer Name: AMANI-PC | User Name: Amani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/30 18:14:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amani\Desktop\OTL.exe
PRC - [2012/11/21 07:18:52 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/09 13:48:09 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/09/10 09:44:18 | 000,896,912 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2012/04/10 09:53:42 | 000,016,896 | ---- | M] (Hercules®) -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE
PRC - [2012/04/04 18:00:50 | 002,695,024 | ---- | M] (Hercules®) -- C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/07/14 04:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 04:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 04:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/21 07:18:52 | 002,400,224 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/10/09 13:48:09 | 009,814,968 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2012/11/21 07:18:52 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 13:48:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/07 13:58:09 | 001,343,400 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012/04/10 09:53:42 | 000,016,896 | ---- | M] (Hercules®) [Auto | Running] -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/10/25 14:49:26 | 000,587,096 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/10/25 14:49:26 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012/10/25 14:49:26 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012/08/13 16:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2012/08/02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2012/06/08 11:38:12 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2012/04/10 10:18:08 | 000,258,384 | ---- | M] (© Guillemot R&D, 2012. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJAsioK.sys -- (HDJAsioK)
DRV - [2012/04/10 10:18:08 | 000,194,384 | ---- | M] (© Guillemot R&D, 2012. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJBulk.sys -- (Bulk)
DRV - [2012/04/10 10:18:06 | 000,221,520 | ---- | M] (© Guillemot R&D, 2011. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJMidi.sys -- (HDJMidi)
DRV - [2011/09/13 12:48:42 | 000,040,056 | ---- | M] (Cristalink Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SeratoUsb.sys -- (SeratoUsb)
DRV - [2009/07/14 04:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 04:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 04:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 02:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 01:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 44 9B EC B1 C0 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = [You must be registered and logged in to see this link.]

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B7473b6bd-4691-4744-a82b-7854eb3d70b6%7D:10.13.40.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.unon.org/proxydef.pac"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012/11/30 17:11:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012/11/30 17:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012/11/30 17:11:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\anti_banner@kaspersky.com [2012/11/30 17:11:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\online_banking@kaspersky.com [2012/11/30 17:11:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/21 07:18:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/21 07:18:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/09/07 13:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amani\AppData\Roaming\Mozilla\Extensions
[2012/11/20 19:57:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amani\AppData\Roaming\Mozilla\Firefox\Profiles\ywry3t58.default\extensions
[2012/11/20 19:57:07 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Amani\AppData\Roaming\Mozilla\Firefox\Profiles\ywry3t58.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2012/11/30 16:27:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/21 07:18:44 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2012/11/21 07:18:44 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012/11/21 07:18:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/13 19:47:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/19 15:39:10 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Amani\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Amani\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Amani\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Amani\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Amani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Amani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Amani\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Amani\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Kaspersky URL Advisor = C:\Users\Amani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: uTorrentControl_v2 = C:\Users\Amani\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\
CHR - Extension: Virtual Keyboard = C:\Users\Amani\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Anti-Banner = C:\Users\Amani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2009/06/11 00:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ie_banner_deny.htm ()
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16566F40-6F6A-4A88-AB07-31E2432485FB}: NameServer = 196.200.16.7,196.200.16.27
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{652FF097-1F15-4DE8-B969-9DBBC1D9126E}: DhcpNameServer = 10.106.106.59 10.106.106.60 157.150.112.44
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/08/16 18:25:46 | 000,000,095 | ---- | M] () - F:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Deejay kace
Novice
Novice

Posts Posts : 12
Joined Joined : 2012-11-30
OS OS : Windows 7 Ultimate
Points Points : 14838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP!!!

Post by Deejay kace on Fri Nov 30, 2012 3:40 pm

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/30 18:14:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Amani\Desktop\OTL.exe
[2012/11/30 17:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2012/11/30 17:11:44 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2012/11/30 17:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/11/30 17:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/11/30 17:11:19 | 000,587,096 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/11/30 17:11:19 | 000,075,096 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klflt.sys
[2012/11/30 15:10:50 | 000,000,000 | RHSD | C] -- C:\Users\Amani\AppData\Local\Start
[2012/11/21 07:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/16 11:09:44 | 000,040,056 | ---- | C] (Cristalink Ltd) -- C:\Windows\System32\drivers\SeratoUsb.sys
[2012/11/16 11:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Serato
[2012/11/16 11:06:54 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

========== Files - Modified Within 30 Days ==========

[2012/11/30 18:14:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amani\Desktop\OTL.exe
[2012/11/30 17:49:30 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/30 17:49:30 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/30 17:41:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/30 17:38:41 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/30 17:38:41 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/30 17:32:52 | 000,002,227 | ---- | M] () -- C:\Users\Amani\Desktop\Safe Money.lnk
[2012/11/30 17:30:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/30 17:30:23 | 1602,789,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/30 17:12:23 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2012/11/30 15:59:38 | 003,775,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/29 15:02:35 | 000,321,580 | ---- | M] () -- C:\Users\Amani\Desktop\Effect2.wav
[2012/11/16 11:08:15 | 000,002,116 | ---- | M] () -- C:\Users\Amani\Desktop\Scratch Live.lnk

========== Files Created - No Company Name ==========

[2012/11/30 17:32:52 | 000,002,227 | ---- | C] () -- C:\Users\Amani\Desktop\Safe Money.lnk
[2012/11/30 17:22:29 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2012/11/30 15:08:24 | 001,938,841 | ---- | C] () -- C:\Users\Amani\Desktop\kanye_west_mercy_ft._big_sean_pusha_t_2_chainz_explicit_mp3_23092.mp3
[2012/11/29 15:00:57 | 000,321,580 | ---- | C] () -- C:\Users\Amani\Desktop\Effect2.wav
[2012/11/16 11:08:15 | 000,002,116 | ---- | C] () -- C:\Users\Amani\Desktop\Scratch Live.lnk
[2012/11/02 21:16:03 | 033,287,312 | ---- | C] () -- C:\Users\Amani\Desktop\move beat.wav
[2012/11/02 21:15:07 | 038,353,740 | ---- | C] () -- C:\Users\Amani\Desktop\aha beat.wav
[2012/11/02 21:14:29 | 028,098,368 | ---- | C] () -- C:\Users\Amani\Desktop\chances beat.wav
[2012/10/05 10:03:54 | 000,004,608 | ---- | C] () -- C:\Users\Amani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/25 13:07:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/09/07 13:30:44 | 000,017,408 | ---- | C] () -- C:\Users\Amani\AppData\Local\WebpageIcons.db

========== ZeroAccess Check ==========

[2009/07/14 07:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 04:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 04:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 04:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/11/30 18:14:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amani\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

Deejay kace
Novice
Novice

Posts Posts : 12
Joined Joined : 2012-11-30
OS OS : Windows 7 Ultimate
Points Points : 14838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP!!!

Post by Deejay kace on Fri Nov 30, 2012 3:41 pm

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2012/11/21 07:18:52 | 000,116,192 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2012/11/21 07:18:52 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2012/11/21 07:18:52 | 000,115,168 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\maintenanceservice.exe
[2012/11/21 07:18:52 | 000,192,720 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
[2012/11/21 07:18:51 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2012/11/21 07:18:51 | 000,270,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe
[2012/11/21 07:18:51 | 000,157,272 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\webapp-uninstaller.exe
[2012/11/21 07:18:51 | 000,096,224 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\webapprt-stub.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2012/09/13 09:58:48 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2012/09/13 09:51:15 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2012/10/16 14:11:40 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2012/09/07 13:09:29 | 000,000,000 | ---D | M] -- C:\Program Files\Ashampoo
[2012/09/10 11:36:11 | 000,000,000 | ---D | M] -- C:\Program Files\ASIO4ALL v2
[2012/11/30 16:26:17 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/09/07 13:54:05 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2009/07/14 10:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2012/09/07 16:20:35 | 000,000,000 | ---D | M] -- C:\Program Files\Guillemot
[2012/09/12 16:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Hercules
[2012/09/12 16:07:54 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/07/14 07:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/11/30 17:11:35 | 000,000,000 | ---D | M] -- C:\Program Files\Kaspersky Lab
[2009/07/14 10:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2012/09/07 13:14:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/09/07 13:14:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2012/09/07 13:12:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2012/09/07 13:19:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2012/09/07 13:13:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2012/11/21 07:18:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/11/30 15:56:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/07 13:14:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2012/09/07 13:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/07/14 07:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012/11/16 11:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\Serato
[2012/10/08 13:54:49 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Setup
[2009/07/14 07:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2012/09/10 09:44:18 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2012/09/07 13:27:09 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2012/09/10 11:24:54 | 000,000,000 | ---D | M] -- C:\Program Files\VirtualDJ
[2009/07/14 07:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/07/14 10:50:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/07/14 07:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/07/14 07:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 07:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/14 07:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/14 07:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/07/14 07:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2012/09/07 13:27:47 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR

< MD5 for: ATAPI.SYS >
[2009/07/14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: NDIS.SYS >
[2009/07/14 04:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009/07/14 04:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< MD5 for: SERVICES.EXE >
[2009/07/14 04:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 04:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USER32.DLL >
[2009/07/14 04:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2012/09/07 13:57:28 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=7BD7F45FF37FA0669CD32CA0EF46E22C -- C:\Windows\System32\user32.dll

< MD5 for: USERINIT.EXE >
[2009/07/14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2009/07/14 04:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\drivers\volsnap.sys
[2009/07/14 04:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys
[2009/07/14 04:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 04:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009/07/14 04:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/11/21 07:18:51 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/11/21 07:18:51 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/11/21 07:18:51 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/11/21 07:18:52 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/11/21 07:18:52 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/11/21 07:18:52 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/14 04:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/14 04:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/14 04:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/07/14 04:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/07/14 04:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/11/21 07:18:51 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/11/21 07:18:51 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/11/21 07:18:51 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/11/21 07:18:52 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/11/21 07:18:52 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/11/21 07:18:52 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/14 04:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/14 04:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/14 04:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/07/14 04:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/07/14 04:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)

< hkcu\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >

< hklm\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >
"" = Microsoft WBEM New Event Subsystem
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 04:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Deejay kace
Novice
Novice

Posts Posts : 12
Joined Joined : 2012-11-30
OS OS : Windows 7 Ultimate
Points Points : 14838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP!!!

Post by Gabethebabe on Fri Nov 30, 2012 3:50 pm

At first glance that appears to be clean. I have to go now and will be back later - in the mean time please run another scan:

Time to use ComboFix by sUBs, a powerful tool that you are advised not to run without supervision of a trained malware helper. Please visit [You must be registered and logged in to see this link.] and read the tutorial on using ComboFix very carefully. After that download the tool and save it to your desktop.

Doubleclick ComboFix.exe to run the tool. Please post its log back here.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38218
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP!!!

Post by Deejay kace on Fri Nov 30, 2012 4:17 pm

ComboFix 12-11-30.02 - Amani 11/30/2012 19:02:36.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1090 [GMT 3:00]
Running from: c:\users\Amani\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Amani\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Usb 2.0 Driver\S-1-5-31-1286970278978-5713669491-166975984-320\tlsr
c:\users\Amani\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Usb 2.0 Driver\S-1-5-31-1286970278978-5713669491-166975984-320\tlsr\tlsr .exe
c:\users\Amani\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\tlsr
c:\users\Amani\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\tlsr\tlsr .exe
F:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-30 )))))))))))))))))))))))))))))))
.
.
2012-11-30 16:12 . 2012-11-30 16:12 -------- d-----w- c:\users\Amani\AppData\Local\temp
2012-11-30 16:12 . 2012-11-30 16:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-30 14:11 . 2012-11-30 14:11 -------- d-----w- c:\windows\ELAMBKUP
2012-11-30 14:11 . 2012-11-30 14:11 -------- d-----w- c:\program files\Kaspersky Lab
2012-11-30 14:11 . 2012-11-30 14:46 -------- d-----w- c:\programdata\Kaspersky Lab
2012-11-30 14:11 . 2012-08-13 15:24 75096 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-11-30 12:10 . 2012-11-30 14:30 -------- d-sh--r- c:\users\Amani\AppData\Local\Start
2012-11-16 08:09 . 2011-09-13 09:48 40056 ----a-w- c:\windows\system32\drivers\SeratoUsb.sys
2012-11-16 08:08 . 2012-11-16 08:08 61440 ----a-r- c:\users\Amani\AppData\Roaming\Microsoft\Installer\{306C4404-240E-42BC-B95E-D6C6D7697DA6}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
2012-11-16 08:08 . 2012-11-16 08:08 61440 ----a-r- c:\users\Amani\AppData\Roaming\Microsoft\Installer\{306C4404-240E-42BC-B95E-D6C6D7697DA6}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe
2012-11-16 08:07 . 2012-11-16 08:08 -------- d-----w- c:\program files\Serato
2012-11-16 08:06 . 2012-11-16 08:06 -------- d-----w- c:\windows\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-25 11:49 . 2012-10-25 11:49 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-10-25 11:49 . 2012-10-25 11:49 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-10-09 10:48 . 2012-09-07 10:24 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 10:48 . 2012-09-07 10:24 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-09 20:42 . 2012-09-09 20:42 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9776345C-5541-47BC-A8BD-0882DE18E4B8}\offreg.dll
2012-09-07 10:58 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2012-09-07 10:58 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2012-09-07 10:57 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2012-11-21 04:18 . 2012-11-21 04:18 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-09-07 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-09-10 896912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2012-04-04 2695024]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-08-17 218880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [x]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [x]
R3 HDJMidi;Hercules DJ Console 4-Mx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 45541632
*Deregistered* - 45541632
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 10:48]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{16566F40-6F6A-4A88-AB07-31E2432485FB}: NameServer = 196.200.16.7,196.200.16.27
FF - ProfilePath - c:\users\Amani\AppData\Roaming\Mozilla\Firefox\Profiles\ywry3t58.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-30 17:11; [You must be registered and logged in to see this link.]; c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2012-11-30 17:11; [You must be registered and logged in to see this link.]; c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2012-11-30 17:11; [You must be registered and logged in to see this link.]; c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2012-11-30 17:11; [You must be registered and logged in to see this link.]; c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2012-11-30 17:11; [You must be registered and logged in to see this link.]; c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-30 19:16:52
ComboFix-quarantined-files.txt 2012-11-30 16:16
.
Pre-Run: 6,469,140,480 bytes free
Post-Run: 6,999,699,456 bytes free
.
- - End Of File - - 269EFFBC0E10C3DE4FB6E4C50CC9BC72

Deejay kace
Novice
Novice

Posts Posts : 12
Joined Joined : 2012-11-30
OS OS : Windows 7 Ultimate
Points Points : 14838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP!!!

Post by Deejay kace on Fri Nov 30, 2012 4:19 pm

the computer itself seems to be fine, the issue now is that my external harddrice (Seagate) with all my important files on it is not showing any of the folders in it. Like the information is still on the drive (as i can see by the allocated amount of disc space taken), but I cant access it, like even if i show hidden files its just not there

Deejay kace
Novice
Novice

Posts Posts : 12
Joined Joined : 2012-11-30
OS OS : Windows 7 Ultimate
Points Points : 14838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP!!!

Post by Deejay kace on Fri Nov 30, 2012 4:27 pm

FIXED Big Grin Big Grin Big Grin

Gabe I cant thank you enough for your help, if there is anything I can do for you please say so. I am a DJ who plays hiphop, reggae, and dancehall, if that could aid you in anyway, be it a mix or a show (though I am located in Africa lol) please let me know.

Bless you,

Kevin

Deejay kace
Novice
Novice

Posts Posts : 12
Joined Joined : 2012-11-30
OS OS : Windows 7 Ultimate
Points Points : 14838
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum