PDA

View Full Version : Infected by ZBot.17604 & 18284



wmbeyer
2014-02-28, 17:14
My Trojan program tries to delete this infection, however to do so deletes explorer and so on. Please help.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Owner at 9:58:13 on 2014-02-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.920 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/home/x/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = localhost
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
BHO: _disabledByAcp - <orphaned>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.60.2 192.168.60.3 192.168.0.1
TCP: Interfaces\{60578A1D-F672-4C15-B767-65A2E2E0CF00} : DHCPNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-10-12 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-10-12 177864]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-10-22 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-26 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-26 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-26 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-12 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-26 46808]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2005-6-3 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2005-6-3 3904]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-27 418376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-27 22856]
S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs; [x]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-10-27 701512]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [2012-7-3 23040]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [2012-7-3 27776]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys [2012-7-4 70400]
S3 cpuz134;cpuz134;\??\c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-10-2 27064]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
.
=============== Created Last 30 ================
.
2014-02-28 01:31:28 -------- d-----w- c:\windows\system32\wbem\repository\FS
2014-02-28 01:31:28 -------- d-----w- c:\windows\system32\wbem\Repository
2014-02-27 03:57:49 -------- d-----w- C:\RECYCLER(2)
.
==================== Find3M ====================
.
2014-02-28 02:06:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-28 02:06:00 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 23:26:52 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26:43 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26:37 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24:05 385024 ------w- c:\windows\system32\html.iec
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-05 11:26:06 1172992 ----a-w- c:\windows\system32\msxml3.dll
2006-11-21 23:51:54 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 9:58:59.57 ===============

Juliet
2014-03-01, 00:09
Hi and welcome


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)


~~~~~~~~~~~~~~~~~~~

Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)

(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))
and Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/



Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

wmbeyer
2014-03-01, 07:56
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2014 02
Ran by Owner (administrator) on BILLSR on 01-03-2014 00:47:27
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\ALCXMNTR.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPNSCFG.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AlcxMonitor] - C:\WINDOWS\ALCXMNTR.EXE [57344 2004-09-07] (Realtek Semiconductor Corp.)
HKLM\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1730167982-1273179249-2621698179-1003\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1730167982-1273179249-2621698179-1003\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
HKU\S-1-5-21-1730167982-1273179249-2621698179-1003\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x01000000
HKU\S-1-5-21-1730167982-1273179249-2621698179-1003\...\Policies\Explorer: [NoRecentDocsHistory] 0x01000000
HKU\S-1-5-21-1730167982-1273179249-2621698179-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 0x01000000

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/home/x/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {A14D885F-DC23-4013-8516-C406D2E3CE50} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
Tcpip\Parameters: [DhcpNameServer] 192.168.60.2 192.168.60.3 192.168.0.1

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 ClipSrv; No ImagePath
S2 EPSON_PM_RPCV4_01; No ImagePath
S2 HOSTS Anti-PUPs; No ImagePath
S3 ImapiService; No ImagePath
S2 SDhelper; No ImagePath
S3 WmiApSrv; No ImagePath

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [43672 2004-06-03] (Oak Technology Inc.)
S3 ALCXSENS; C:\WINDOWS\System32\drivers\ALCXSENS.SYS [391424 2004-02-17] (Sensaura Ltd)
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2279424 2004-10-01] (Realtek Semiconductor Corp.)
S3 AndNetDiag; C:\WINDOWS\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
S3 andnetndis; C:\WINDOWS\System32\DRIVERS\lgandnetndis.sys [70400 2012-07-04] (LG Electronics Inc.)
R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [17005 2002-08-14] (Adaptec)
R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [18544 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R2 BCMNTIO; C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS [3744 2004-03-05] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [140800 2003-06-19] (Promise Technology, Inc.)
R3 ltmodem5; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [652689 2003-12-12] (Agere Systems)
R2 MAPMEM; C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS [3904 2004-03-05] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28352 2004-07-06] (MusicMatch, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 nvax; C:\WINDOWS\System32\drivers\nvax.sys [40832 2004-03-03] (NVIDIA Corporation)
S2 nvcap; C:\WINDOWS\System32\DRIVERS\nvcap.sys [126348 2003-07-30] ()
R3 NVENET; C:\WINDOWS\System32\DRIVERS\NVENET.sys [54784 2003-04-21] (NVIDIA Corporation)
S3 nvnforce; C:\WINDOWS\System32\drivers\nvapu.sys [320640 2004-03-03] (NVIDIA Corporation)
S2 NVXBAR; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [13006 2003-07-30] (NVIDIA Corporation)
R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [21120 2003-09-03] (NVIDIA Corporation)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-03] (Padus, Inc.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [46976 2002-10-04] (Realtek Semiconductor Corporation )
S3 S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [166912 2004-08-04] (S3 Graphics, Inc.)
S3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [394752 2003-05-06] (Silicon Integrated Systems Corporation)
R1 SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [10624 2003-04-11] (Silicon Integrated Systems Corporation)
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
S3 viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [265344 2003-08-11] (Copyright (C) VIA/S3 Graphics, Inc.)
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation)
S3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr;
U3 aswMBR; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\aswMBR.sys [X]
U3 mbr; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-01 00:47 - 2014-03-01 00:47 - 00009484 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-03-01 00:47 - 2014-03-01 00:47 - 00000000 ____D () C:\FRST
2014-03-01 00:46 - 2014-03-01 00:47 - 01143808 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-03-01 00:45 - 2014-03-01 00:45 - 00002216 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt
2014-02-28 09:54 - 2014-02-28 09:54 - 00688992 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\dds.scr
2014-02-27 08:27 - 2014-02-27 08:37 - 00000000 __SHD () C:\Documents and Settings\LocalService\Cookies(4)
2014-02-26 22:57 - 2014-02-27 20:15 - 00000000 ____D () C:\RECYCLER(2)
2014-02-26 22:57 - 2014-02-26 23:03 - 00000000 __SHD () C:\Documents and Settings\LocalService\Cookies(3)
2014-02-26 20:44 - 2014-02-26 20:44 - 00000000 ____D () C:\Documents and Settings\LocalService\Cookies(2)
2014-02-26 19:32 - 2014-02-26 19:32 - 00000597 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt
2014-02-26 19:20 - 2014-02-26 19:20 - 00009214 _____ () C:\ComboFix.txt
2014-02-17 21:15 - 2014-02-17 21:15 - 00019849 _____ () C:\Documents and Settings\Owner\Desktop\Nahunta.xlsx
2014-02-17 21:11 - 2014-02-17 21:11 - 00019875 _____ () C:\Documents and Settings\Owner\Desktop\Woodbine.xlsx
2014-02-17 20:57 - 2014-02-17 20:57 - 00019871 _____ () C:\Documents and Settings\Owner\Desktop\Hilliard.xlsx
2014-01-31 18:56 - 2013-10-12 17:00 - 00037061 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140131-185621.backup

==================== One Month Modified Files and Folders =======

2014-03-01 00:47 - 2014-03-01 00:47 - 00009484 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-03-01 00:47 - 2014-03-01 00:47 - 00000000 ____D () C:\FRST
2014-03-01 00:47 - 2014-03-01 00:46 - 01143808 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-03-01 00:45 - 2014-03-01 00:45 - 00002216 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt
2014-03-01 00:40 - 2013-10-08 16:52 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-01 00:05 - 2012-11-12 10:42 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-01 00:01 - 2011-10-01 20:33 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-03-01 00:01 - 2007-08-19 14:16 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2014-03-01 00:00 - 2003-10-11 05:18 - 00000000 ____D () C:\Documents and Settings\Owner
2014-02-28 21:54 - 2014-01-18 01:48 - 00000283 ____N () C:\WINDOWS\wiadebug.log
2014-02-28 20:40 - 2013-10-08 16:52 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-28 20:34 - 2012-10-22 21:05 - 00000316 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-02-28 18:05 - 2011-06-28 00:24 - 00032606 _____ () C:\WINDOWS\Tasks\SCHEDLGU.TXT
2014-02-28 14:23 - 2014-01-18 01:45 - 01809206 ____N () C:\WINDOWS\WindowsUpdate.log
2014-02-28 09:54 - 2014-02-28 09:54 - 00688992 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\dds.scr
2014-02-28 02:54 - 2010-04-20 22:03 - 00000000 ____D () C:\Program Files\TrojanHunter 5.3
2014-02-27 23:02 - 2014-01-18 01:47 - 00000049 ____N () C:\WINDOWS\wiaservc.log
2014-02-27 23:01 - 2003-10-11 05:15 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-27 22:59 - 2003-10-11 05:18 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-02-27 22:17 - 2003-10-11 05:44 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-27 21:06 - 2012-10-29 01:27 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-27 21:06 - 2012-10-29 01:27 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-27 20:55 - 2003-10-10 22:10 - 00618792 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-27 20:53 - 2013-07-28 02:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-27 20:48 - 2005-08-26 20:35 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-27 20:34 - 2012-11-12 10:16 - 00001697 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-02-27 20:34 - 2003-10-11 05:16 - 00002577 ____C () C:\WINDOWS\system32\CONFIG.NT
2014-02-27 20:31 - 2010-04-15 11:30 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-02-27 20:31 - 2003-10-11 05:18 - 00000000 ___SD () C:\Documents and Settings\NetworkService
2014-02-27 20:31 - 2003-10-11 05:18 - 00000000 ___SD () C:\Documents and Settings\LocalService
2014-02-27 20:31 - 2003-10-11 05:13 - 00000000 ____D () C:\WINDOWS\Registration
2014-02-27 20:30 - 2012-11-16 23:20 - 00000000 ____D () C:\Qoobox
2014-02-27 20:30 - 2004-04-02 15:14 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2014-02-27 20:29 - 2004-05-11 21:27 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Google
2014-02-27 20:28 - 2004-04-02 16:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-02-27 20:19 - 2013-08-24 19:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
2014-02-27 20:15 - 2014-02-26 22:57 - 00000000 ____D () C:\RECYCLER(2)
2014-02-27 08:37 - 2014-02-27 08:27 - 00000000 __SHD () C:\Documents and Settings\LocalService\Cookies(4)
2014-02-26 23:03 - 2014-02-26 22:57 - 00000000 __SHD () C:\Documents and Settings\LocalService\Cookies(3)
2014-02-26 23:03 - 2003-10-11 05:06 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-26 20:44 - 2014-02-26 20:44 - 00000000 ____D () C:\Documents and Settings\LocalService\Cookies(2)
2014-02-26 19:32 - 2014-02-26 19:32 - 00000597 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt
2014-02-26 19:20 - 2014-02-26 19:20 - 00009214 _____ () C:\ComboFix.txt
2014-02-26 19:18 - 2003-10-11 05:06 - 00000411 _____ () C:\WINDOWS\system.ini
2014-02-22 01:08 - 2004-04-02 14:21 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Dad's Stuff
2014-02-17 21:15 - 2014-02-17 21:15 - 00019849 _____ () C:\Documents and Settings\Owner\Desktop\Nahunta.xlsx
2014-02-17 21:11 - 2014-02-17 21:11 - 00019875 _____ () C:\Documents and Settings\Owner\Desktop\Woodbine.xlsx
2014-02-17 20:57 - 2014-02-17 20:57 - 00019871 _____ () C:\Documents and Settings\Owner\Desktop\Hilliard.xlsx
2014-02-15 23:30 - 2012-08-28 21:19 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Quench
2014-02-13 03:07 - 2009-06-04 01:17 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-12 07:05 - 2005-03-31 19:56 - 00271360 ____C () C:\Documents and Settings\Owner\My Documents\archive.pst
2014-02-06 03:54 - 2006-11-07 02:26 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-06 03:54 - 2003-11-15 03:22 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-05 18:26 - 2012-06-13 17:04 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 18:26 - 2011-10-05 17:03 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 18:26 - 2011-10-05 17:03 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 18:26 - 2011-10-05 17:03 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 18:26 - 2007-06-27 09:34 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 18:26 - 2007-06-27 09:34 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 18:26 - 2007-06-27 09:34 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 18:26 - 2007-06-27 09:34 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 18:26 - 2006-11-07 20:03 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 18:26 - 2006-11-07 20:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 18:26 - 2006-11-07 20:03 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 18:26 - 2006-11-07 02:27 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 18:26 - 2006-10-17 11:05 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 18:26 - 2006-10-17 11:05 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 18:26 - 2006-10-17 11:04 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 18:26 - 2006-10-17 11:03 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 18:26 - 2006-10-17 10:57 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 18:26 - 2006-09-18 09:15 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 18:26 - 2006-05-19 10:06 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 18:26 - 2006-05-10 00:25 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 18:26 - 2006-05-10 00:25 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 18:26 - 2006-05-10 00:25 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 18:26 - 2006-05-10 00:25 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 18:26 - 2006-05-10 00:25 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 18:26 - 2006-05-10 00:25 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 18:26 - 2004-07-07 17:37 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 18:26 - 2004-02-06 17:05 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 18:26 - 2004-01-21 16:20 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 18:26 - 2003-11-15 03:23 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 18:26 - 2003-11-15 03:23 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 18:26 - 2003-11-15 03:23 - 00067072 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 18:26 - 2003-11-15 03:23 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 18:26 - 2003-11-15 03:23 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 18:26 - 2003-11-15 03:22 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 18:26 - 2003-11-15 03:22 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 18:26 - 2003-11-15 03:22 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 18:26 - 2003-11-15 03:22 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 18:26 - 2003-11-15 03:22 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 18:26 - 2003-11-15 02:58 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 17:24 - 2004-08-04 00:59 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-04 21:38 - 2010-08-08 16:03 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Smarte Carte
2014-02-01 12:00 - 2010-04-29 23:04 - 00000000 ____D () C:\WINDOWS\ERDNT

Files to move or delete:
====================
C:\Documents and Settings\Owner\Application Data\cache.ini


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-02-2014 02
Ran by Owner at 2014-03-01 00:47:56
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.186 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acronis*PrivacyExpert (HKLM\...\PrivacyExpert) (Version: - Acronis)
Active@ ISO Burner (HKLM\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.5.1 - LSoft Technologies)
Active@ Password Changer Professional (HKLM\...\Active@ Password Changer Professional) (Version: 4.0 - LSoft Technologies Inc)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Photoshop Album Starter Edition (HKLM\...\{483616D1-867E-46F8-BEC7-3C6475933908}) (Version: 1.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 7.0 (HKLM\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (Version: 7.0.0.3 - Adobe Systems Incorporated) Hidden
Adobe Photoshop.com Inspiration Browser (HKLM\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 2.61 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
AiO_Scan (Version: 5.31.1.27 - Hewlett-Packard) Hidden
AIOMinimal (Version: 5.31.1.27 - Hewlett-Packard) Hidden
AiOSoftware (Version: 5.31.1.27 - Hewlett-Packard) Hidden
ArcSoft Print Creations (HKLM\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version: - ArcSoft)
ArcSoft ShowBiz 2 (HKLM\...\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}) (Version: - )
ArcSoft Software Suite (HKLM\...\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}) (Version: - )
avast! Free Antivirus (HKLM\...\avast) (Version: 8.0.1497.0 - AVAST Software)
CafeScribe Offline (HKLM\...\com.Follett.CafeScribe.Offline) (Version: 2.2.0.2 - Follett Software Company)
CafeScribe Offline (Version: 2.2.0 - Follett Software Company) Hidden
Calculator Powertoy for Windows XP (HKLM\...\{B37C842A-B624-46B8-A727-654E72F1C91A}) (Version: 1.00.0001 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CD ROM Applied Management Science 2e (HKLM\...\CD ROM Applied Management Science 2e) (Version: - )
CheckIt Diagnostics (HKLM\...\CheckIt Diagnostics) (Version: 7.0 - Smith Micro Software, Inc.)
Command & Conquer Generals (HKLM\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (Version: 0.50.0000 - Electronic Arts) Hidden
Command and ConquerTM Generals Zero Hour (HKLM\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (Version: 1.00.0000 - Electronic Arts) Hidden
Compaq Connections (HKLM\...\BackWeb-1940576 Uninstaller) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 5.31.0.150 - Hewlett-Packard) Hidden
CreativeProjects (Version: 5.31.0.150 - Hewlett-Packard) Hidden
Director (Version: 5.31.0.154 - Hewlett-Packard) Hidden
DocProc (Version: 3.1.0.0 - Hewlett-Packard) Hidden
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version: - )
EPSON CX8400 User's Guide (HKLM\...\Silent Package Run-Time Sample) (Version: - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
EPSON Stylus CX8400 Series Scanner Driver Update (HKLM\...\{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}) (Version: - )
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Fax (Version: 5.31.1.27 - Hewlett-Packard) Hidden
Free Window Registry Repair (HKLM\...\Free Window Registry Repair) (Version: - )
GdiplusUpgrade (Version: 1.00.01 - Hewlett-Packard) Hidden
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (HKLM\...\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}) (Version: 1.1.1905.1 - Microsoft Corporation)
HP Deskjet Preloaded Printer Drivers (HKLM\...\{F419D20A-7719-4639-8E30-C073A040D878}) (Version: 8.3.3.0 - Hewlett-Packard Company)
HP Photo & Imaging 3.1 (HKLM\...\HP Photo & Imaging) (Version: 3.1 - HP)
HP Photo and Imaging 2.0 - Photosmart Cameras (HKLM\...\{5D7F0A0E-369E-46C0-9F99-FAB21A064781}) (Version: 2.0.0000 - {&Tahoma8}Hewlett-Packard)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP PSC & OfficeJet 3.0 (HKLM\...\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}) (Version: 3.0 - HP)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
hpmdtab (Version: 2.0.470.1598 - Hewlett-Packard) Hidden
HpSdpAppCoreApp (Version: 2.00.0000 - Hewlett-Packard) Hidden
HPSystemDiagnostics (Version: 1.5.0.0 - Your Company Name) Hidden
InstantShare (Version: 3.1.0.13 - Hewlett-Packard) Hidden
Intel(R) Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
IntelliMover Data Transfer Demo (HKLM\...\{14589F05-C658-4594-9429-D437BA688686}) (Version: - )
InterActual Player (HKLM\...\InterActual Player) (Version: - )
InterVideo WinDVD Player (HKLM\...\{98E8A2EF-4EAE-43B8-A172-74842B764777}) (Version: 4.0-B11.399 - InterVideo Inc.)
LG United Mobile Drivers (HKLM\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Macromedia Shockwave Player (HKLM\...\Macromedia Shockwave Player) (Version: - )
Mah Jong Tiles Deluxe (HKLM\...\Mah Jong Tiles Deluxe) (Version: - GameHouse, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Memories Disc Creator 2.0 (HKLM\...\{2E132061-C78A-48D4-A899-1D13B9D189FA}) (Version: 2.0.588.1728 - Memories Disc Creator 2.0)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Baseline Security Analyzer 1.2.1 (HKLM\...\{DF15059E-A356-47B2-B14B-6380ED32AB68}) (Version: 1.2.4013.0 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Data Access Components KB870669 (HKLM\...\KB870669) (Version: - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft Money 2004 (HKLM\...\{1D643CD7-4DD6-11D7-A4E0-000874180BB3}) (Version: 12.0.50 - Microsoft)
Microsoft Money 2004 System Pack (HKLM\...\{8C64E145-54BA-11D6-91B1-00500462BE80}) (Version: 12.0.80 - Microsoft)
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office Access 2003 (HKLM\...\{90150409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint 2003 Template Creation Wizard (HKLM\...\{39B1915D-3CBA-42F8-8A58-2AB5587BF863}) (Version: 1.0.0 - Microsoft)
Microsoft Office PowerPoint 2003 Template Pack 1 (HKLM\...\{90AB0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office PowerPoint 2003 Template Pack 2 (HKLM\...\{90AC0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office PowerPoint 2003 Template Pack 3 (HKLM\...\{90AD0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition (HKLM\...\{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}) (Version: 1.1.0.2423 - Microsoft Corporation)
Microsoft Producer for Microsoft Office PowerPoint 2003 (HKLM\...\{155FBB0D-0EE9-42D1-9E41-15E08F691033}) (Version: 2.0.1389.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)
MS Access 97 SP2 (HKLM\...\MS Access 97 SP2) (Version: - )
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
MyScribe (HKLM\...\MyScribe) (Version: 20101118 - Fourteen40 Inc., a Follett Corporation Company.)
NSS Labs Browser Hardening Utility for IE8 (HKLM\...\{4989815E-42B5-4AF1-A118-81714C497B3B}) (Version: 1.0 - Nss Labs)
NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version: - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
PC-Doctor for Windows (HKLM\...\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}) (Version: - )
PhotoGallery (Version: 5.31.0.158 - Hewlett-Packard) Hidden
PhotoshopdotcomInspirationBrowser (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Photosmart 140,240,7200,7600,7700,7900 Series (HKLM\...\{45B6180B-DCAB-4093-8EE8-6164457517F0}) (Version: 2.0 - Hewlett-Packard)
Pop-Up Stopper Free Edition (HKLM\...\Pop-Up Stopper Free Edition) (Version: 3.1.1014 - Panicware, Inc.)
PrintScreen (Version: 5.31.0.147 - Hewlett-Packard) Hidden
Professor Answers (HKLM\...\Professor Answers) (Version: - Individual Software, Inc.)
Professor Teaches Excel 2003 (HKLM\...\Professor Teaches Excel 2003) (Version: 1.0 - Individual Software, Inc.)
Professor Teaches PowerPoint 2003 (HKLM\...\Professor Teaches PowerPoint 2003) (Version: 1.0 - Individual Software, Inc.)
Professor Teaches Word 2003 (HKLM\...\Professor Teaches Word 2003) (Version: 1.0 - Individual Software, Inc.)
PS2 (HKLM\...\PS2) (Version: - )
PSShortcutsP (Version: 1.00.0000 - Hewlett-Packard) Hidden
Python 2.2 combined Win32 extensions (HKLM\...\Python 2.2 combined Win32 extensions) (Version: - )
Python 2.2.1 (HKLM\...\Python 2.2.1) (Version: 2.2.1 - PythonLabs at Zope Corporation)
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickProjects (Version: 5.31.0.147 - Hewlett-Packard) Hidden
Readme (Version: 5.31.1.27 - Hewlett-Packard) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 6.5.1 - Hewlett-Packard)
RegCure (HKLM\...\RegCure) (Version: 3.0.2.0 - ParetoLogic, Inc.)
Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)
Scan (Version: 3.1.0.0 - Hewlett-Packard) Hidden
SkinsHP1 (Version: 5.31.0.147 - Hewlett-Packard) Hidden
SkinsHP2 (Version: 5.31.0.147 - Hewlett-Packard) Hidden
Sonic Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.9 - Sonic Solutions)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sybase SQL Anywhere 7 Personal Server (HKLM\...\Sybase SQL Anywhere 7 Personal Server) (Version: - )
System Security Suite 1.04 (HKLM\...\System Security Suite 1.04) (Version: - )
Top Comp Calculator (HKLM\...\{FC713618-78C4-4563-9105-B9B503E8A86F}) (Version: 2.05.0001 - New York Life)
TrayApp (Version: 5.31.0.147 - Hewlett-Packard) Hidden
TrojanHunter 5.3 (HKLM\...\TrojanHunter_is1) (Version: 5.3 - Mischel Internet Security)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - )
Unload (Version: 3.1.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Virtual Magnifying Glass v3.4 (HKLM\...\Virtual Magnifying Glass_is1) (Version: - )
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
WebReg (Version: 5.31.0.147 - Hewlett-Packard) Hidden
Westwood Shared Internet Components (HKLM\...\WOLAPI) (Version: - )
Windows Defender Signatures (Version: 1.20.1459.12 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0017.0 - Microsoft Corporation)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0 - Microsoft) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Connect (Version: - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinPatrol 2009 (HKLM\...\WinPatrol) (Version: 17.0.2010.0 - BillP Studios)
Zone Deluxe Games (HKLM\...\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}) (Version: 7.1.7412.1 - Zone.com)

==================== Restore Points =========================

19-01-2014 02:41:38 System Checkpoint
19-01-2014 08:00:20 Software Distribution Service 3.0
20-01-2014 08:00:20 Software Distribution Service 3.0
21-01-2014 08:00:16 Software Distribution Service 3.0
22-01-2014 03:48:22 Software Distribution Service 3.0
23-01-2014 04:31:04 System Checkpoint
23-01-2014 08:00:16 Software Distribution Service 3.0
24-01-2014 08:00:18 Software Distribution Service 3.0
25-01-2014 08:00:16 Software Distribution Service 3.0
26-01-2014 02:43:26 Software Distribution Service 3.0
26-01-2014 08:00:17 Software Distribution Service 3.0
26-01-2014 13:59:34 Made by Regsofts
26-01-2014 14:31:55 Software Distribution Service 3.0
27-01-2014 08:00:21 Software Distribution Service 3.0
28-01-2014 08:00:16 Software Distribution Service 3.0
29-01-2014 08:00:18 Software Distribution Service 3.0
30-01-2014 08:00:17 Software Distribution Service 3.0
31-01-2014 08:49:18 Software Distribution Service 3.0
01-02-2014 03:38:52 Spybot-S&D Spyware removal
01-02-2014 10:51:00 Software Distribution Service 3.0
02-02-2014 00:34:44 Made by Regsofts
02-02-2014 00:41:27 Made by Regsofts
02-02-2014 08:00:17 Software Distribution Service 3.0
03-02-2014 08:00:16 Software Distribution Service 3.0
04-02-2014 08:00:16 Software Distribution Service 3.0
05-02-2014 08:00:16 Software Distribution Service 3.0
06-02-2014 02:18:39 Made by Regsofts
06-02-2014 08:00:18 Software Distribution Service 3.0
07-02-2014 08:00:19 Software Distribution Service 3.0
07-02-2014 13:55:53 Software Distribution Service 3.0
12-02-2014 05:49:55 System Checkpoint
13-02-2014 04:50:18 Made by Regsofts
13-02-2014 08:00:20 Software Distribution Service 3.0
14-02-2014 08:00:16 Software Distribution Service 3.0
15-02-2014 08:00:25 Software Distribution Service 3.0
15-02-2014 19:03:24 Made by Regsofts
16-02-2014 08:00:18 Software Distribution Service 3.0
17-02-2014 04:33:39 Software Distribution Service 3.0
18-02-2014 05:03:27 System Checkpoint
18-02-2014 08:00:16 Software Distribution Service 3.0
19-02-2014 08:00:16 Software Distribution Service 3.0
21-02-2014 04:24:03 Software Distribution Service 3.0
21-02-2014 08:00:20 Software Distribution Service 3.0
21-02-2014 09:52:54 Made by Regsofts
22-02-2014 08:00:17 Software Distribution Service 3.0
23-02-2014 03:55:34 Made by Regsofts
23-02-2014 04:04:59 Installed Java 7 Update 51
23-02-2014 08:00:17 Software Distribution Service 3.0
24-02-2014 09:32:28 Software Distribution Service 3.0
25-02-2014 08:39:58 Software Distribution Service 3.0
26-02-2014 08:00:16 Software Distribution Service 3.0
27-02-2014 03:57:25 Restore Operation
27-02-2014 04:06:07 Software Distribution Service 3.0
27-02-2014 08:00:17 Software Distribution Service 3.0
27-02-2014 13:25:38 Restore Operation
27-02-2014 13:40:59 Software Distribution Service 3.0
28-02-2014 01:08:29 Restore Operation
28-02-2014 01:37:12 Software Distribution Service 3.0
28-02-2014 02:09:01 Made by Regsofts
28-02-2014 08:00:42 Software Distribution Service 3.0

==================== Hosts content: ==========================

2003-10-11 05:06 - 2014-02-01 12:00 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-28 19:12 - 2014-02-28 16:37 - 02275840 _____ () C:\Program Files\AVAST Software\Avast\defs\14022803\algo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 1535.3 MB
Available physical RAM: 825.28 MB
Total Pagefile: 2920.51 MB
Available Pagefile: 2390.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.35 MB

==================== Drives ================================

Drive c: (PRESARIO) (Fixed) (Total:147.51 GB) (Free:96.29 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (PRESARIO_RP) (Fixed) (Total:5.14 GB) (Free:1.06 GB) FAT32 ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 153 GB) (Disk ID: F84EF84E)

Partition: GPT Partition Type.

==================== End Of Log ============================

Juliet
2014-03-01, 13:51
Does your antivirus show a file path for this infection?

You have used/run ComboFix, sometimes that not a good idea when those who have not been trained how to use it.
What I need is to also view the log files it creates and see if infections were listed there.

C:\qoobox\quarantined_files.txt <-- is this file present? If so -- please post its contents.

How about c:\Combofix\combofix.txt <-- is it here?


*******************************


http://www.malwarebytes.org/forums/style_images/1/bf_new.gif Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php). Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


**********************************

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



In your next reply please post:
C:\AdwCleaner[S1].txt
MBAM log
C:\Qoobox\quarantined_files.txt
C:\Combofix\combofix.txt

wmbeyer
2014-03-02, 15:55
This is what my Trojan AV found;
Found trojan file: C:\WINDOWS\Explorer.EXE (Zbot.17604)
Found trojan file: C:\Program Files\Microsoft Office\OFFICE11\MSOHTMED.EXE (Zbot.18284)
Found trojan file: C:\WINDOWS\ERDNT\cache\explorer.exe (Zbot.17604)
Found trojan file: C:\WINDOWS\explorer.exe (Zbot.17604)
Found trojan file: C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOHTMED.EXE (Zbot.18284)
Found trojan file: C:\WINDOWS\ServicePackFiles\i386\explorer.exe (Zbot.17604)

What you requested;
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.02.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: BILLSR [administrator]

3/1/2014 11:33:50 PM
mbam-log-2014-03-01 (23-33-50).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 357985
Time elapsed: 1 hour(s), 24 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
ComboFix 14-02-24.02 - Administrator 02/26/2014 19:12:34.122.1 - x86 NETWORK
Running from: G:\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\grpconv.exe . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2014-01-27 to 2014-02-27 )))))))))))))))))))))))))))))))
.
.
2014-02-23 04:06 . 2014-02-23 04:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Oracle
2014-02-23 04:05 . 2014-02-23 04:05 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-02-23 04:05 . 2014-02-23 04:05 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-02-16 04:17 . 2014-02-16 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\VS Revo Group
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 05:05 . 2012-10-29 06:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 05:05 . 2012-10-29 06:27 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 23:26 . 2004-02-06 22:05 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26 . 2003-11-15 08:23 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26 . 2003-11-15 08:22 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26 . 2003-11-15 08:22 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2014-01-04 03:13 . 2003-11-15 07:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-05 11:26 . 2003-11-15 08:23 1172992 ----a-w- c:\windows\system32\msxml3.dll
2006-11-21 23:51 . 2006-11-21 23:52 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"20131224"="c:\program files\AVAST Software\Avast\setup\emupdate\eeb175ef-c090-469c-a744-66d249ad0127.exe" [2014-02-25 181136]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56145929.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83144339.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RecordNow!"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"hpsysdrv"=c:\windows\system\hpsysdrv.exe
"LTMSG"=LTMSG.exe 7
"Recguard"=c:\windows\SMINST\RECGUARD.EXE
"THGuard"="c:\program files\TrojanHunter 5.3\THGuard.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
.
R0 aswRvrt;aswRvrt; [x]
R0 aswVmm;aswVmm; [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-08-30 66336]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 3744]
R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs; [x]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 3904]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys [2012-07-03 23040]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys [2012-07-03 27776]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis.sys [2012-07-04 70400]
R3 cpuz134;cpuz134;c:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
S1 aswKbd;aswKbd; [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-29 05:05]
.
2014-02-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-23 07:47]
.
2014-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-08 21:21]
.
2014-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-08 21:21]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
mSearch Bar =
mWindow Title =
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-26 19:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1730167982-1273179249-2621698179-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,ac,d1,86,ae,48,f7,4c,bd,b5,84,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,ac,d1,86,ae,48,f7,4c,bd,b5,84,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-02-26 19:20:18
ComboFix-quarantined-files.txt 2014-02-27 00:20
ComboFix2.txt 2014-02-01 17:06
ComboFix3.txt 2014-02-01 05:06
ComboFix4.txt 2014-01-26 13:44
ComboFix5.txt 2014-02-27 00:10
.
Pre-Run: 108,614,369,280 bytes free
Post-Run: 108,635,889,664 bytes free
.
- - End Of File - - 423F4444C889CDFFD6CD68E951AB36A4
8F558EB6672622401DA993E1E865C861

I can find a QooBox Quarantine Box file, but no txt file

Juliet
2014-03-02, 19:15
I have to inform you how open to infection your version of windows is at the moment.

Your running Windows XP with no service packs installed. This mean all exploits that Microsoft applied security patches for are not on this machine.

Cryptography Services Error !!
c:\windows\system32\grpconv.exe . . . is missing!!
If you could download and install at least Service pack 1 this would be helped. And I'm afraid that if you continue to run/use this computer in an unprotected state you risk losing the machine entirely, or it will become unstable since in April of the coming month, Microsoft stops support all together.

see if c:\windows\ServicePackFiles\i386\grpconv.exe exists?

We can run a couple more tools and try to get the infection off.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please download and run RogueKiller 32 Bit (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) to your desktop.

RogueKiller 64 Bit (http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe) <---use this one for 64 bit systems

Which system am I using? (http://support.microsoft.com/kb/827218)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download the latest version of TDSSKiller from here (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) and save it to your Desktop.




Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG

Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.

Click the Start Scan button.


If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Please copy and paste its contents on your next reply.

wmbeyer
2014-03-03, 03:35
[COLOR="#0000FF"]I have the service pack CD's and went to microsoft web site which told me that service pack 3 is installed. It used to be install and up to date. What ever happened to this machine, it must have deleated all of the security updates.

TDS did not offer a cure option.


RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 03/02/2014 20:15:58
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Maxtor 6Y160P0 +++++
--- User ---
[MBR] da8ce004910272bc055f07016261e27c
[BSP] 1d67e15fd5dcae2f83b17d1513da0814 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 5271 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10795680 | Size: 151052 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03022014_201558.txt >>




20:31:07.0046 0x097c [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
20:31:07.0062 0x097c MBAMProtector - ok
20:31:07.0125 0x097c [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:31:07.0156 0x097c MBAMScheduler - ok
20:31:07.0250 0x097c [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:31:07.0281 0x097c MBAMService - ok
20:31:07.0328 0x097c [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:31:07.0437 0x097c Messenger - ok
20:31:07.0468 0x097c [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:31:07.0578 0x097c mnmdd - ok
20:31:07.0656 0x097c [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
20:31:07.0765 0x097c mnmsrvc - ok
20:31:07.0812 0x097c [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:31:08.0015 0x097c Modem - ok
20:31:08.0062 0x097c [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:31:08.0156 0x097c Mouclass - ok
20:31:08.0203 0x097c [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:31:08.0296 0x097c mouhid - ok
20:31:08.0312 0x097c [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:31:08.0437 0x097c MountMgr - ok
20:31:08.0437 0x097c mraid35x - ok
20:31:08.0484 0x097c [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:31:08.0593 0x097c MRxDAV - ok
20:31:08.0687 0x097c [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:31:08.0765 0x097c MRxSmb - ok
20:31:08.0796 0x097c [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:31:08.0968 0x097c MSDTC - ok
20:31:09.0000 0x097c [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:31:09.0109 0x097c Msfs - ok
20:31:09.0109 0x097c MSIServer - ok
20:31:09.0140 0x097c [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:31:09.0250 0x097c MSKSSRV - ok
20:31:09.0296 0x097c [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:31:09.0406 0x097c MSPCLOCK - ok
20:31:09.0515 0x097c [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:31:09.0625 0x097c MSPQM - ok
20:31:09.0656 0x097c [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:31:09.0765 0x097c mssmbios - ok
20:31:09.0796 0x097c [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:31:09.0953 0x097c MSTEE - ok
20:31:09.0968 0x097c [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:31:09.0984 0x097c Mup - ok
20:31:10.0015 0x097c [ A1520761F42DBB06DB7929D6FA9753EA, FFD1D4B3C057371126CAC9D19ADA26762EBE8B61EE533073C91B2804ABC4CF89 ] MxlW2k C:\WINDOWS\system32\drivers\MxlW2k.sys
20:31:10.0078 0x097c MxlW2k - detected UnsignedFile.Multi.Generic ( 1 )
20:31:12.0140 0x097c Detect skipped due to KSN trusted
20:31:12.0140 0x097c MxlW2k - ok
20:31:12.0171 0x097c [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:31:12.0281 0x097c NABTSFEC - ok
20:31:12.0328 0x097c [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:31:12.0453 0x097c napagent - ok
20:31:12.0468 0x097c [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:31:12.0593 0x097c NDIS - ok
20:31:12.0625 0x097c [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:31:12.0734 0x097c NdisIP - ok
20:31:12.0781 0x097c [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:31:12.0796 0x097c NdisTapi - ok
20:31:12.0828 0x097c [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:31:12.0937 0x097c Ndisuio - ok
20:31:12.0984 0x097c [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:31:13.0093 0x097c NdisWan - ok
20:31:13.0125 0x097c [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:31:13.0140 0x097c NDProxy - ok
20:31:13.0156 0x097c [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:31:13.0281 0x097c NetBIOS - ok
20:31:13.0296 0x097c [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:31:13.0609 0x097c NetBT - ok
20:31:13.0656 0x097c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
20:31:14.0031 0x097c NetDDE - ok
20:31:14.0046 0x097c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:31:14.0328 0x097c NetDDEdsdm - ok
20:31:14.0359 0x097c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:31:14.0468 0x097c Netlogon - ok
20:31:14.0531 0x097c [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
20:31:14.0718 0x097c Netman - ok
20:31:14.0750 0x097c [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:31:14.0781 0x097c NetTcpPortSharing - ok
20:31:14.0812 0x097c [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:31:14.0937 0x097c NIC1394 - ok
20:31:14.0984 0x097c [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
20:31:15.0015 0x097c Nla - ok
20:31:15.0046 0x097c [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:31:15.0156 0x097c Npfs - ok
20:31:15.0218 0x097c [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:31:15.0343 0x097c Ntfs - ok
20:31:15.0359 0x097c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
20:31:15.0546 0x097c NtLmSsp - ok
20:31:15.0593 0x097c [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:31:15.0718 0x097c NtmsSvc - ok
20:31:15.0750 0x097c [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
20:31:15.0859 0x097c Null - ok
20:31:15.0968 0x097c [ 62E9DAB3B565091287E056437264F2ED, 5782448094776176A58E6BD6521FC1330A611F84885F740D8760F93E238B927A ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:31:16.0078 0x097c nv - ok
20:31:16.0109 0x097c [ B72CB24BB0E6B1CE17EE3E23946409B3, A4028D882DD5E6A970782C2D9611E541428D72BCD278AA067BCC2E5BFC801712 ] nvax C:\WINDOWS\system32\drivers\nvax.sys
20:31:16.0125 0x097c nvax - ok
20:31:16.0171 0x097c [ 9B7ACCFAC9B19B98D54F45A9CF61CA39, 9A1796C9764227848824474B29506533A2C52C5E1AD67F33AC8634830A59065A ] nvcap C:\WINDOWS\system32\DRIVERS\nvcap.sys
20:31:16.0203 0x097c nvcap - ok
20:31:16.0234 0x097c [ 2AFA043B0243137D0EDC8CFB8305551B, FE4FCD96DD0EEA804DA642769F353B2FDA8EC97E11E400AF0D3E37AACB177A8C ] NVENET C:\WINDOWS\system32\DRIVERS\NVENET.sys
20:31:16.0250 0x097c NVENET - ok
20:31:16.0281 0x097c [ 8780EB5B1C5252993032988250BEEA8A, 157F667FD1CB3473E5E63A2FB6122759853ECD4F11F5EF84762A0C7EA9BAF376 ] nvnforce C:\WINDOWS\system32\drivers\nvapu.sys
20:31:16.0312 0x097c nvnforce - ok
20:31:16.0328 0x097c [ BEF79A5B5A01BB749AFBED27837E6311, C0E5310E18F505762D47D4BC8A303D7382F4AD1BB2ADEA70DD13E447EB13A638 ] NVXBAR C:\WINDOWS\system32\DRIVERS\NVxbar.sys
20:31:16.0343 0x097c NVXBAR - ok
20:31:16.0375 0x097c [ 01621905AE34BC24AAA2FDDB93977299, 5B64CACA6B5E4003878886AF12CAF254475FEED8D40ABB2BB54FA95248577C7B ] nv_agp C:\WINDOWS\system32\DRIVERS\nv_agp.sys
20:31:16.0390 0x097c nv_agp - ok
20:31:16.0421 0x097c [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:31:16.0515 0x097c NwlnkFlt - ok
20:31:16.0546 0x097c [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:31:16.0671 0x097c NwlnkFwd - ok
20:31:16.0687 0x097c [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:31:16.0796 0x097c ohci1394 - ok
20:31:16.0859 0x097c [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:31:16.0906 0x097c ose - ok
20:31:16.0937 0x097c [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:31:17.0062 0x097c Parport - ok
20:31:17.0078 0x097c [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:31:17.0171 0x097c PartMgr - ok
20:31:17.0203 0x097c [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:31:17.0328 0x097c ParVdm - ok
20:31:17.0343 0x097c [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:31:17.0453 0x097c PCI - ok
20:31:17.0453 0x097c PCIDump - ok
20:31:17.0484 0x097c [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:31:17.0640 0x097c PCIIde - ok
20:31:17.0656 0x097c [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:31:17.0796 0x097c Pcmcia - ok
20:31:17.0796 0x097c PDCOMP - ok
20:31:17.0812 0x097c PDFRAME - ok
20:31:17.0812 0x097c PDRELI - ok
20:31:17.0828 0x097c PDRFRAME - ok
20:31:17.0828 0x097c perc2 - ok
20:31:17.0843 0x097c perc2hib - ok
20:31:17.0890 0x097c [ E5AC9F8C128B597DD7919AF96B84172E, 89142626A44CF2A1AB807117D94F9EE3FAE3EF253E351898437460D8636D5988 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
20:31:17.0890 0x097c pfc - detected UnsignedFile.Multi.Generic ( 1 )
20:31:19.0937 0x097c Detect skipped due to KSN trusted
20:31:19.0937 0x097c pfc - ok
20:31:20.0125 0x097c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
20:31:20.0140 0x097c PlugPlay - ok
20:31:20.0156 0x097c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:31:20.0328 0x097c PolicyAgent - ok
20:31:20.0359 0x097c [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:31:20.0468 0x097c PptpMiniport - ok
20:31:20.0484 0x097c [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
20:31:20.0593 0x097c Processor - ok
20:31:20.0593 0x097c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:31:20.0703 0x097c ProtectedStorage - ok
20:31:20.0734 0x097c [ 390C204CED3785609AB24E9C52054A84, D997A9EAAE4A7FED9C2FEBD1AA7D1171431B9C9D56F8BFB587DCAE26203FF4D2 ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys
20:31:20.0750 0x097c Ps2 - ok
20:31:20.0765 0x097c [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:31:20.0890 0x097c PSched - ok
20:31:20.0921 0x097c [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:31:21.0187 0x097c Ptilink - ok
20:31:21.0218 0x097c [ D86B4A68565E444D76457F14172C875A, 06B1CF81A62B3DAA8D0C5A8B88C56A504DE8E9278C520F754AF363A6676C58B0 ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
20:31:21.0234 0x097c PxHelp20 - ok
20:31:21.0250 0x097c ql1080 - ok
20:31:21.0250 0x097c Ql10wnt - ok
20:31:21.0250 0x097c ql12160 - ok
20:31:21.0265 0x097c ql1240 - ok
20:31:21.0265 0x097c ql1280 - ok
20:31:21.0296 0x097c [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:31:21.0406 0x097c RasAcd - ok
20:31:21.0437 0x097c [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:31:21.0562 0x097c RasAuto - ok
20:31:21.0578 0x097c [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:31:21.0687 0x097c Rasl2tp - ok
20:31:21.0734 0x097c [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:31:21.0843 0x097c RasMan - ok
20:31:21.0859 0x097c [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:31:21.0968 0x097c RasPppoe - ok
20:31:22.0015 0x097c [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:31:22.0125 0x097c Raspti - ok
20:31:22.0156 0x097c [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:31:22.0265 0x097c Rdbss - ok
20:31:22.0312 0x097c [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:31:22.0406 0x097c RDPCDD - ok
20:31:22.0453 0x097c [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:31:22.0484 0x097c RDPWD - ok
20:31:22.0515 0x097c [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:31:22.0625 0x097c RDSessMgr - ok
20:31:22.0656 0x097c [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:31:22.0765 0x097c redbook - ok
20:31:22.0812 0x097c [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:31:22.0953 0x097c RemoteAccess - ok
20:31:22.0984 0x097c [ 8B5B8A11306190C6963D3473F052D3C8, BEBCCA8109C742447C862907B7A3924548303AC720E3FB16563F24DF3238F82B ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
20:31:23.0218 0x097c Revoflt - ok
20:31:23.0265 0x097c [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\System32\locator.exe
20:31:23.0484 0x097c RpcLocator - ok
20:31:23.0531 0x097c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:31:23.0562 0x097c RpcSs - ok
20:31:23.0593 0x097c [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\System32\rsvp.exe
20:31:23.0875 0x097c RSVP - ok
20:31:23.0921 0x097c [ 2EF9C0DC26B30B2318B1FC3FAA1F0AE7, 34BBA614CEA83A99D92A16591D04CFBA3AE309652CC1B505A036E34E3F8F037A ] rtl8139 C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
20:31:23.0937 0x097c rtl8139 - ok
20:31:23.0968 0x097c [ 0DBCC071A268E0340A2BA6BDD98BACE4, 1DDC39AF8FC7342A5C0D314B6F20E212400472349B15769F0480C2C48636DFCF ] S3Psddr C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
20:31:24.0109 0x097c S3Psddr - ok
20:31:24.0125 0x097c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
20:31:24.0265 0x097c SamSs - ok
20:31:24.0312 0x097c [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:31:24.0437 0x097c SCardSvr - ok
20:31:24.0484 0x097c [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:31:24.0609 0x097c Schedule - ok
20:31:24.0656 0x097c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:31:24.0718 0x097c Secdrv - ok
20:31:24.0750 0x097c [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:31:24.0859 0x097c seclogon - ok
20:31:24.0875 0x097c [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
20:31:25.0000 0x097c SENS - ok
20:31:25.0171 0x097c [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:31:25.0484 0x097c Serenum - ok
20:31:25.0515 0x097c [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:31:25.0625 0x097c Serial - ok
20:31:25.0656 0x097c [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:31:25.0781 0x097c Sfloppy - ok
20:31:25.0843 0x097c [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:31:25.0984 0x097c SharedAccess - ok
20:31:26.0015 0x097c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:31:26.0031 0x097c ShellHWDetection - ok
20:31:26.0046 0x097c Simbad - ok
20:31:26.0093 0x097c [ BDFEF5C5D41BA377852389E8F07104EA, 7616E92DD86AC71D393DE3D95555C810C8BA4F7417C1A9C72227336C12E9A4BF ] SiS315 C:\WINDOWS\system32\DRIVERS\sisgrp.sys
20:31:26.0125 0x097c SiS315 - ok
20:31:26.0171 0x097c [ 923D23638C616EECB0D811461161D0B8, C8BCC075CD5B1C885CC4A1BFC511C8454F04422778DE849A03D025FC90203B82 ] SISAGP C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
20:31:26.0187 0x097c SISAGP - ok
20:31:26.0218 0x097c [ 7E9E5823AFBB5AF2851ABB1659FF627D, 2EEFCF909E351131FBEAA10790089B80EBE03D62AE7A736D0C398936501F9585 ] SiSkp C:\WINDOWS\system32\DRIVERS\srvkp.sys
20:31:26.0234 0x097c SiSkp - ok
20:31:26.0234 0x097c [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:31:26.0343 0x097c SLIP - ok
20:31:26.0359 0x097c [ 12176466F20B8568B6EA8622362E14C0, 8FAEE1AB5960D52B6B9B1B873A99A3EB4321754BF62EB292F3A2E3042ADBA1F9 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
20:31:26.0375 0x097c snapman - detected UnsignedFile.Multi.Generic ( 1 )
20:31:36.0453 0x097c snapman ( UnsignedFile.Multi.Generic ) - warning
20:31:49.0171 0x097c Sparrow - ok
20:31:49.0203 0x097c [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:31:49.0328 0x097c splitter - ok
20:31:49.0421 0x097c [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:31:49.0437 0x097c Spooler - ok
20:31:49.0437 0x097c [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:31:49.0562 0x097c sr - ok
20:31:49.0609 0x097c [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
20:31:49.0703 0x097c srservice - ok
20:31:49.0750 0x097c [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:31:49.0796 0x097c Srv - ok
20:31:49.0859 0x097c [ 64E44ACD8C238FCBBB78F0BA4BDC4B05, 59D015DD86EA35AC8F667C063AE76FAFA9497F04225D256DF5A37EB1461F15D4 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
20:31:49.0890 0x097c ssadbus - ok
20:31:49.0906 0x097c [ BB2C84A15C765DA89FD832B0E73F26CE, BAE3E7726F075340B8CC7BCA18869DFEA304A03B0A0429B4C3D186B1149E9A9A ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
20:31:49.0937 0x097c ssadmdfl - ok
20:31:49.0953 0x097c [ 6D0D132DDC6F43EDA00DCED6D8B1CA31, 0A37081D95A56861C3E48592048DFCFAE6FB38510D21AB41C9C73744743E7646 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
20:31:49.0984 0x097c ssadmdm - ok
20:31:50.0031 0x097c [ 1A5A397BC459F346AB56492B61EF79F6, 9CB7BE4E4A7B145D97BA0C72EE7ECB844DA6EB0282FBC3BE92A1CC5AD80FA6C4 ] ssadserd C:\WINDOWS\system32\DRIVERS\ssadserd.sys
20:31:50.0046 0x097c ssadserd - ok
20:31:50.0093 0x097c [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:31:50.0171 0x097c SSDPSRV - ok
20:31:50.0203 0x097c [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:31:50.0343 0x097c stisvc - ok
20:31:50.0375 0x097c [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:31:50.0500 0x097c streamip - ok
20:31:50.0531 0x097c [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:31:50.0640 0x097c swenum - ok
20:31:50.0671 0x097c [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:31:50.0781 0x097c swmidi - ok
20:31:50.0781 0x097c SwPrv - ok
20:31:50.0796 0x097c symc810 - ok
20:31:50.0812 0x097c symc8xx - ok
20:31:50.0812 0x097c sym_hi - ok
20:31:50.0812 0x097c sym_u3 - ok
20:31:50.0859 0x097c [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:31:50.0984 0x097c sysaudio - ok
20:31:51.0000 0x097c [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:31:51.0281 0x097c SysmonLog - ok
20:31:51.0328 0x097c [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:31:51.0453 0x097c TapiSrv - ok
20:31:51.0500 0x097c [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:31:51.0562 0x097c Tcpip - ok
20:31:51.0593 0x097c [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:31:51.0765 0x097c TDPIPE - ok
20:31:51.0796 0x097c [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:31:51.0906 0x097c TDTCP - ok
20:31:51.0921 0x097c [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:31:52.0031 0x097c TermDD - ok
20:31:52.0093 0x097c [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
20:31:52.0218 0x097c TermService - ok
20:31:52.0250 0x097c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
20:31:52.0265 0x097c Themes - ok
20:31:52.0265 0x097c TosIde - ok
20:31:52.0359 0x097c [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:31:52.0515 0x097c TrkWks - ok
20:31:52.0531 0x097c [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:31:52.0640 0x097c Udfs - ok
20:31:52.0656 0x097c ultra - ok
20:31:52.0703 0x097c [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:31:52.0828 0x097c Update - ok
20:31:52.0875 0x097c [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
20:31:52.0937 0x097c upnphost - ok
20:31:52.0984 0x097c [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
20:31:53.0093 0x097c UPS - ok
20:31:53.0140 0x097c [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:31:53.0171 0x097c usbccgp - ok
20:31:53.0187 0x097c [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:31:53.0203 0x097c usbehci - ok
20:31:53.0234 0x097c [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:31:53.0343 0x097c usbhub - ok
20:31:53.0375 0x097c [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:31:53.0500 0x097c usbohci - ok
20:31:53.0531 0x097c [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:31:53.0640 0x097c usbprint - ok
20:31:53.0656 0x097c [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:31:53.0671 0x097c usbscan - ok
20:31:53.0687 0x097c [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:31:53.0796 0x097c USBSTOR - ok
20:31:53.0843 0x097c [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:31:53.0953 0x097c usbuhci - ok
20:31:53.0968 0x097c [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:31:54.0078 0x097c VgaSave - ok
20:31:54.0109 0x097c [ 4B039BBD037B01F5DB5A144C837F283A, EA319B165958D19C71E059762C9F6ECD96BB96FBFF3B187519D1BBB2033F6A6D ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
20:31:54.0140 0x097c viaagp1 - ok
20:31:54.0187 0x097c [ E8C619C6C6BDE90D130DDA87150E1944, 9D1028F1CE16BCD8CAA0493C54A3155DB803C04FCC9595E5660EF645331F0ADE ] viagfx C:\WINDOWS\system32\DRIVERS\vtmini.sys
20:31:54.0218 0x097c viagfx - ok
20:31:54.0250 0x097c [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde C:\WINDOWS\System32\DRIVERS\viaide.sys
20:31:54.0359 0x097c ViaIde - ok
20:31:54.0375 0x097c [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:31:54.0484 0x097c VolSnap - ok
20:31:54.0531 0x097c [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
20:31:54.0593 0x097c VSS - ok
20:31:54.0640 0x097c [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
20:31:54.0765 0x097c W32Time - ok
20:31:54.0812 0x097c [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:31:54.0937 0x097c Wanarp - ok
20:31:54.0953 0x097c WDICA - ok
20:31:54.0984 0x097c [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:31:55.0109 0x097c wdmaud - ok
20:31:55.0140 0x097c [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
20:31:55.0250 0x097c WebClient - ok
20:31:55.0328 0x097c [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:31:55.0437 0x097c winmgmt - ok
20:31:55.0500 0x097c [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:31:55.0515 0x097c WmdmPmSN - ok
20:31:55.0640 0x097c [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:31:55.0703 0x097c WMPNetworkSvc - ok
20:31:55.0718 0x097c [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:31:55.0734 0x097c WpdUsb - ok
20:31:55.0765 0x097c [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:31:55.0890 0x097c WS2IFSL - ok
20:31:55.0921 0x097c [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:31:56.0046 0x097c wscsvc - ok
20:31:56.0062 0x097c [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:31:56.0171 0x097c WSTCODEC - ok
20:31:56.0203 0x097c [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:31:56.0312 0x097c wuauserv - ok
20:31:56.0359 0x097c [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:31:56.0375 0x097c WudfPf - ok
20:31:56.0421 0x097c [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WUDFRd C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:31:56.0437 0x097c WUDFRd - ok
20:31:56.0468 0x097c [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:31:56.0500 0x097c WudfSvc - ok
20:31:56.0562 0x097c [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:31:56.0718 0x097c WZCSVC - ok
20:31:56.0734 0x097c [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:31:56.0859 0x097c xmlprov - ok
20:31:56.0890 0x097c [ FD1F4E9CF06C71C8D73A24ACF18D8296, 808941E9D1C389B9F4662FA3187766D64A09E41CBEC3A1DB44D6569AEEBF2F7F ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
20:31:56.0906 0x097c {6080A529-897E-4629-A488-ABA0C29B635E} - ok
20:31:56.0937 0x097c [ D4D7331D33D1FA73E588E5CE0D90A4C1, 428FAFFBA7CF57CD5902DC365DF0E05D5B5F4619A7A97B1BA6F4FBD269984A25 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
20:31:56.0968 0x097c {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
20:31:56.0968 0x097c ================ Scan global ===============================
20:31:57.0000 0x097c [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
20:31:57.0046 0x097c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
20:31:57.0078 0x097c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
20:31:57.0109 0x097c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
20:31:57.0125 0x097c [ Global ] - ok
20:31:57.0125 0x097c ================ Scan MBR ==================================
20:31:57.0140 0x097c [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:31:57.0375 0x097c \Device\Harddisk0\DR0 - ok
20:31:57.0375 0x097c ================ Scan VBR ==================================
20:31:57.0375 0x097c [ 6AAEC5ACAE1DAD385B5EFAAA49C501DA ] \Device\Harddisk0\DR0\Partition1
20:31:57.0390 0x097c \Device\Harddisk0\DR0\Partition1 - ok
20:31:57.0421 0x097c [ 713EBD1D854715E92E9637CC3F6A93C1 ] \Device\Harddisk0\DR0\Partition2
20:31:57.0453 0x097c \Device\Harddisk0\DR0\Partition2 - ok
20:31:57.0453 0x097c Waiting for KSN requests completion. In queue: 60
20:31:58.0453 0x097c Waiting for KSN requests completion. In queue: 60
20:31:59.0453 0x097c Waiting for KSN requests completion. In queue: 60
20:32:00.0515 0x097c AV detected via SS1: avast! Antivirus, 5.0.134219225, disabled, updated
20:32:00.0515 0x097c FW detected via SS1: avast! Antivirus, 5.0.117441986, disabled
20:32:00.0515 0x097c Win FW state via NFM: enabled
20:32:11.0328 0x097c ============================================================
20:32:11.0328 0x097c Scan finished
20:32:11.0328 0x097c ============================================================
20:32:11.0328 0x03ec Detected object count: 1
20:32:11.0328 0x03ec Actual detected object count: 1
20:32:22.0093 0x03ec snapman ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:22.0093 0x03ec snapman ( UnsignedFile.Multi.Generic ) - User select action: Skip

Juliet
2014-03-03, 13:11
Please download Malwarebytes Anti-Rootkit (http://www.malwarebytes.org/products/mbar/) and save it to your desktop.
Be sure to print out and follow the instructions provided on that same page for performing a scan.
Caution: This is a beta version so also read the disclaimer and back up (http://support.microsoft.com/kb/971759) all your data before using.

When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.

Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
Copy and paste the contents of these two log files in your next reply.Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.



http://h10025.www1.hp.com/ewfrf/wc/document?docname=bph05767&cc=us&dlc=en&lc=en
http://www.bleepingcomputer.com/forums/t/43051/how-to-use-sfcexe-to-repair-system-files/
Read over the articles located above, we need to see if the files indicated as infected can be replaced.
It might also be, you will need to uninstall SP3, then go back to Microsoft updates and allow it to download SP3 again.

wmbeyer
2014-03-04, 05:47
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.994000 GHz
Memory total: 1609875456, free: 1027063808

Downloaded database version: v2014.03.03.05
Downloaded database version: v2014.02.20.01
=======================================
Initializing...
------------ Kernel report ------------
03/03/2014 10:03:31
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
fasttx2k.sys
\WINDOWS\System32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
viaagp1.sys
snapman.sys
SISAGPX.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
nv_agp.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
agp440.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\PS2.sys
\SystemRoot\System32\Drivers\aswKbd.SYS
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\NVENET.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\System32\Drivers\MxlW2k.SYS
\SystemRoot\System32\Drivers\AFS2K.SYS
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ltmdmnt.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\System32\DRIVERS\nic1394.sys
\SystemRoot\System32\DRIVERS\nv4_mini.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\processr.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\srvkp.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\DRIVERS\usbscan.sys
\SystemRoot\System32\DRIVERS\usbprint.sys
\SystemRoot\System32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\arp1394.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\kbdhid.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\Aspi32.SYS
\??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\DRIVERS\secdrv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8a22b030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000076\
Lower Device Object: 0xffffffff8a229030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a5d9ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a60d940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a5d9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a5d9998, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a5e9590, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a5d9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a61f1f8, DeviceName: \Device\00000067\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a60d940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\a302.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\a302.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a303.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\a303.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a304.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\a304.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a305.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\a305.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a306.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\a306.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a307.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\a307.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a308.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\a308.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a309.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\a309.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a310.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\a310.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a311.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\a311.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a313.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\a313.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a314.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\a314.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\AdFirewall.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\AdFirewall.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtlmnt5.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mtxparhm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\enum1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinpdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pcdrsrvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pcdrsrvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\recagent.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rtl8139.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rtl8139.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vch.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vch.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ntmtlfax.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nvarm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nvarm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nvmcp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nvmcp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wa301a.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wa301a.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wa301b.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wa301b.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv07nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv08nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv09nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wadv11nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\watv06nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\watv10nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wpdusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1btxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1mdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1pdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1raxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1rvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1snxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1ttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1tuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1xbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati1xsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati2mtaa.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati2mtag.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinbtxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinmdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinraxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinrvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinsnxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atintuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinxbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atinxsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\slnt7554.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\slntamr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\slnthal.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\slwdmsup.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\HP_DW142A-ABA S6900NX NA410_YC_Pres_QMXM407_E41NAheRED4_4_IDiablo_SASUSTeK Computer INC._VRev 1.xx_B3.03_T031203_WXH1_L409_M512_J164_7AMD_8Athlon 64 3200+_92_1104C8023_N10DE00D6_P_Z11C1044C_K_A10DE00DA_U10DE00D7_G10DE0322.MRK" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\HP_DW142A-ABA S6900NX NA410_YC_Pres_QMXM407_E41NAheRED4_4_IDiablo_SASUSTeK Computer INC._VRev 1.xx_B3.03_T031203_WXH1_L409_M512_J164_7AMD_8Athlon 64 3200+_92_1104C8023_N10DE00D6_P_Z11C1044C_K_A10DE00DA_U10DE00D7_G10DE0322.MRK" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfcxts2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F84EF84E

Partition information:

Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 10795617

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 10795680 Numsec = 309355200
Partition is not bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 163928604672 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-320153056-320173056)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8a22b030, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a22c2b0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a22c3c0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a22b030, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a229030, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\
------------ End ----------
Read File: File "c:\documents and settings\all users\application data\epson\epw!3 ssrp\ " is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Owner\IETldCache\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-10795680-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Juliet
2014-03-04, 15:09
you may need to uninstall SP3 and then redownload it to replace missing files needed for your computer.
Our search for rootkit infections is coming up clean.

What I'd like to do

Find ComboFix and delete it. I want you to download an updated copy.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

Place ComboFix.exe on your Desktop <--Important

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (http://en.wikipedia.org/wiki/Recovery_Console) (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...

wmbeyer
2014-03-05, 01:07
Latest report;

ComboFix 14-03-04.03 - Owner 03/04/2014 17:56:27.119.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1052 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-1730167982-1273179249-2621698179-1003(2)\Dc1.txt
c:\recycler(2)\S-1-5-21-1730167982-1273179249-2621698179-1003(2)\Dc2.txt
c:\recycler(2)\S-1-5-21-1730167982-1273179249-2621698179-1003(2)\Dc3.txt
c:\recycler(2)\S-1-5-21-1730167982-1273179249-2621698179-1003(2)\INFO2
.
c:\windows\system32\grpconv.exe . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2014-02-04 to 2014-03-04 )))))))))))))))))))))))))))))))
.
.
2014-03-04 04:05 . 2014-03-04 04:05 -------- d-----w- c:\documents and settings\Owner\Application Data\AVAST Software
2014-03-03 15:03 . 2014-03-04 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-03-03 15:03 . 2014-03-03 15:03 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-03 15:02 . 2014-03-03 15:02 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-02 02:44 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-02 02:44 . 2014-03-02 02:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-01 05:47 . 2014-03-01 05:48 -------- d-----w- C:\FRST
2014-02-28 01:31 . 2014-02-28 01:31 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-04 16:00 . 2013-10-12 23:35 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-03-04 04:00 . 2013-10-12 23:35 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-04 04:00 . 2013-10-12 23:35 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-04 04:00 . 2013-10-12 23:35 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys.1393948842296
2014-03-04 04:00 . 2012-01-26 17:56 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-04 04:00 . 2012-01-26 17:56 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-03-04 04:00 . 2012-01-26 17:56 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-04 04:00 . 2012-01-26 17:56 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-03-04 04:00 . 2012-01-26 17:56 43152 ----a-w- c:\windows\avastSS.scr
2014-03-04 04:00 . 2012-01-26 17:56 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-28 02:06 . 2012-10-29 06:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-28 02:06 . 2012-10-29 06:27 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 23:26 . 2004-02-06 22:05 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26 . 2003-11-15 08:23 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26 . 2003-11-15 08:22 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26 . 2003-11-15 08:22 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2014-01-04 03:13 . 2003-11-15 07:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-05 11:26 . 2003-11-15 08:23 1172992 ----a-w- c:\windows\system32\msxml3.dll
2006-11-21 23:51 . 2006-11-21 23:52 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-04 04:00 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-04 3767096]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"20131224"="c:\program files\AVAST Software\Avast\setup\emupdate\94eb4bdb-4252-417e-a079-5a47b85f7738.exe" [2014-03-04 181136]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56145929.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83144339.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PopUpStopperFreeEdition"=c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"hpsysdrv"=c:\windows\system\hpsysdrv.exe
"LTMSG"=LTMSG.exe 7
"Recguard"=c:\windows\SMINST\RECGUARD.EXE
"THGuard"="c:\program files\TrojanHunter 5.3\THGuard.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10/12/2013 6:35 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10/12/2013 6:35 PM 180248]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [10/22/2012 9:05 PM 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/26/2012 12:56 PM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/26/2012 12:56 PM 410784]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [10/12/2013 6:35 PM 67824]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [6/3/2005 2:02 AM 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [6/3/2005 2:02 AM 3904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/1/2014 9:44 PM 22856]
S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs; [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [3/1/2014 9:44 PM 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/1/2014 9:44 PM 701512]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [7/3/2012 11:43 AM 23040]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [7/3/2012 11:43 AM 27776]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys [7/4/2012 1:47 PM 70400]
S3 cpuz134;cpuz134;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [10/2/2011 1:28 PM 27064]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [5/13/2011 2:21 AM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [5/13/2011 2:21 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [5/13/2011 2:21 AM 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [5/13/2011 2:21 AM 114280]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 64116724
*Deregistered* - 64116724
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-29 02:06]
.
2014-03-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-23 04:00]
.
2014-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-08 21:21]
.
2014-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-08 21:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/home/x/
uDefault_Search_URL =
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar =
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-04 18:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1730167982-1273179249-2621698179-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-03-04 18:03:53
ComboFix-quarantined-files.txt 2014-03-04 23:03
ComboFix2.txt 2014-02-27 00:20
.
Pre-Run: 101,473,165,312 bytes free
Post-Run: 101,476,233,216 bytes free
.
- - End Of File - - CC38C583B09ECD3AD5E753B7D5FB74D0
8F558EB6672622401DA993E1E865C861

Juliet
2014-03-05, 01:31
Did you try to uninstall SP3 and re-download it?

There is a specific file still missing.


The malware has damaged some services.


Please download ServicesRepair (http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe) and save it to your desktop.

Double-click ServicesRepair.exe.
If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.


After restart wait a few minutes until the system settled down.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`


Do you have your Windows XP disc?

Okay. If you can't find yours, any chance you could maybe borrow one from a friend? If not, we maybe able to try something else.
We need to use your Windows XP disc, so that we can grab replace a file on your computer with the copy that is on the Windows XP disc.


How is your computer at the moment?

wmbeyer
2014-03-05, 08:09
I cannot find SP3 to deleat it, I will let you know if I can can find a copy of XP. just one question. If i upgrade to windows 7 or 8, will ths kill thid virus, or will it be better th simply wipe my hard drive or buy a new one?

Juliet
2014-03-05, 13:53
I cannot find SP3 to deleat it, I will let you know if I can can find a copy of XP. just one question. If i upgrade to windows 7 or 8, will ths kill thid virus, or will it be better th simply wipe my hard drive or buy a new one?

As far as the virus, it's most likely gone from what I can find. What a major issue here is, the need to replace missing files needed for the system to run properly.
A reinstall of SP3 or a reformat is a choice. Upgrading the entire Operating system is a good choice because Microsoft is ending support to Windows XP in a few weeks now.
the antimalware/virus protection programs can't stop infections, they are not going to plug holes in an vulnerable version of windows.
I don't think there will be any stopping XP systems from being exploited, as hackers are already jumping on systems and taking over.

Please read over the below links with choices that are available.

http://forums.whatthetech.com/index.php?showtopic=127901
http://forums.pcpitstop.com/index.php?/topic/202746-windows-xp-users-who-want-to-save-their-machines/

wmbeyer
2014-03-06, 06:29
I haven't been able to uninstall SP3 because I cannot find it on my add/remove listing. If there is some way that you can suggest to remove it, I have the CD to restore it. Although I have enough processor speed for windows 8, my ram memory is maxed out at 1.5 gigs. So that's not really an option. Other than that, I can only re-install XP and wipe my drive or simply buy a new computer. Here is the report from my anti-Trojan program.

Found trojan file: C:\WINDOWS\Explorer.EXE (Zbot.17604)
Found trojan file: C:\Documents and Settings\Owner\Desktop\FRST.exe (Zeus.6265)
Warning: Unable to unpack UPX-packed file C:\Documents and Settings\Owner\Desktop\Security 6-23\tdsskiller.exe
Warning: Unable to unpack UPX-packed file C:\Documents and Settings\Owner\Local Settings\Application Data\Citrix\GoToAssist Express Customer\g2ax_customer_combined_dll_core_win32_x86_330.exe
Found trojan file: C:\Documents and Settings\Owner\My Documents\My Downloads\office2007sp3-kb2526086-fullfile-en-us.exe (Zbot.16020)
Warning: Unable to unpack UPX-packed file C:\JRT\erunt\ERDNT.E_E
Warning: Executable file with double extensions found: C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe
Warning: Unable to unpack UPX-packed file C:\Program Files\ERUNT\ERDNT.E_E
Found trojan file: C:\Program Files\InstallShield Installation Information\{7694E0B1-2332-448B-9235-929F84B41E3F}\setup.exe (Koobface.2251)
Found trojan file: C:\Program Files\Microsoft Office\OFFICE11\MSOHTMED.EXE (Zbot.18284)
Warning: Executable file with double extensions found: C:\WINDOWS\bwUnin-6.2.3.66L.exe
Found trojan file: C:\WINDOWS\ERDNT\cache\explorer.exe (Zbot.17604)
Found trojan file: C:\WINDOWS\explorer.exe (Zbot.17604)
Found trojan file: C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSOHTMED.EXE (Zbot.18284)
Found trojan file: C:\WINDOWS\ServicePackFiles\i386\explorer.exe (Zbot.17604)

Juliet
2014-03-06, 12:50
I think we're looking at a reformat and install on this computer since the main files and services required to operate the machine are infected.


Please download and run RogueKiller 32 Bit (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) to your desktop.

RogueKiller 64 Bit (http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe) <---use this one for 64 bit systems

Which system am I using? (http://support.microsoft.com/kb/827218)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Post back the report which should be located on your desktop.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

HitmanPro


Please download HitmanPro (http://www.bleepingcomputer.com/download/hitmanpro/).
Launch the program by double clicking on the icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
Click on the next button. You must agree with the terms of EULA.
Check the box beside "No, I only want to perform a one-time scan to check this computer".
Click on the next button.
The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
Click on the next button.
Click on the "Export scan results to XML file".
Save that file to your desktop and zip and attach it in your next reply.

wmbeyer
2014-03-07, 00:56
I accidentally hit next rather than list tabs. The proram deleted what it found.

RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 03/06/2014 16:50:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost

<Log computer="BILLSR" windows="5.1.3.2600.X86/1" scan="Normal" version="3.7.9.212" date="2014-03-06T16:56:14" timeSpentInSecs="241" filesProcessed="21074"><
Item type="Cookie" score="0.0" status="Deleted"><File path="C:\Documents and Settings\Owner\Cookies\2BSFKLLT.txt
Item type Cookie score="0.0" status="Deleted"File path="C:\Documents and Settings\Owner\Cookies\4NA8ZQGJ.txt Item type Cookie score="0.0" status="Deleted"File path="C:\Documents and Settings\Owner\Cookies\72U12RG5.txt Item type Cookie score="0.0" status="Deleted"File path="C:\Documents and Settings\Owner\Cookies\969IW4LP.txt Item type Cookie score="0.0" status="Deleted"File path="C:\Documents and Settings\Owner\Cookies\DDYGM8BE.txt Item type Cookie score="0.0" status="Deleted"File path="C:\Documents and Settings\Owner\Cookies\ES8Y48H4.txt Item type Cookie score="0.0" status="Deleted"File path="C:\Documents and Settings\Owner\Cookies\IGUCQ6UP.txt Item type Cookie score="0.0" status="Deleted"File path="C:\Documents and Settings\Owner\Cookies\J08H0UCQ.txt Item type Cookie score="0.0" status="Deleted"File path="C:\Documents and Settings\Owner\Cookies\LFUPQ06I.txt Item type Cookie score="0.0" status="Deleted"File path="C:\Documents and Settings\Owner\Cookies\MOG0TYSQ.txt
Item type Cookie score="0.0" status="Deleted"File path="C:\Documents and Settings\Owner\Cookies\OGBIJF9P.txt Item type Cookie score="0.0" status="Deleted"File path="C:\Documents and Settings\Owner\Cookies\OKKEFMPB.txt Item type Cookie score="0.0" status="Deleted"File path="C:\Documents and Settings\Owner\Cookies\P9OYU8N3.txt Item type Cookie score="0.0" status="Deleted"File path="C:\Documents and Settings\Owner\Cookies\UUWFV90V.txt
Item type Cookie score="0.0" status="Deleted"File path="C:\Documents and Settings\Owner\Cookies\W2I23YST.txt Item type Cookie score="0.0" status="Deleted"File path="C:\Documents and Settings\Owner\Cookies\X6BIFEMW.txt Item type Cookie score="0.0" status="Deleted"File path="C:\Documents and Settings\Owner\Cookies\X6JW7YQB.txt Item /Log>

Juliet
2014-03-07, 02:22
All it deleted were cookies.
This is odd, all this rootkit scans we're using come back clean.




Download Windows Repair (all in one) from here (http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/).

Install the program then run it

Go to step 2 and allow it to run Disk check
Once that is done then go to step 3 and allow it to run SFC
On the the Start Repairs tab => Click the Start
Click on the select all check box and then click on Start
DON'T use the computer while each scan is in progress.
Restart may be needed to finish the repair procedure.


Let me know if you could perform all the steps successfully.



Go here (http://go.eset.com/us/online-scanner) to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish

wmbeyer
2014-03-09, 16:35
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\0\7e6fb840-329f0f4f Java/Exploit.Agent.OFE trojan
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\11\62a6918b-59675c9f a variant of Java/Exploit.CVE-2011-3544.CL trojan
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\16\2753db10-201a1067 a variant of Java/Exploit.Agent.NEA trojan
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\29\7180b71d-4681b1ec a variant of Java/Exploit.CVE-2013-1488.K trojan
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\52\1371ff74-25a1544a a variant of Java/Exploit.Agent.PHQ trojan
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\58\3294103a-5179717c a variant of Java/Exploit.CVE-2011-3544.CL trojan
C:\Program Files\Grp Conv Removal Tool [1]\GrpConvRemovalTool[1].exe a variant of Win32/SecurityStronghold.A potentially unwanted application

Juliet
2014-03-09, 18:00
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\0\7e6fb840-329f0f4f
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\11\62a6918b-59675c9f
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\16\2753db10-201a1067
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\29\7180b71d-4681b1ec
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\52\1371ff74-25a1544a
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\58\3294103a-5179717c
C:\Program Files\Grp Conv Removal Tool [1]\GrpConvRemovalTool[1].exe
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~

Please run this security check for my review.

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe).

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Please post these 2 logs.

wmbeyer
2014-03-10, 05:51
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-03-2014 01
Ran by Owner at 2014-03-09 23:26:01 Run:1
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\0\7e6fb840-329f0f4f
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\11\62a6918b-59675c9f
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\16\2753db10-201a1067
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\29\7180b71d-4681b1ec
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\52\1371ff74-25a1544a
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\58\3294103a-5179717c
C:\Program Files\Grp Conv Removal Tool [1]\GrpConvRemovalTool[1].exe
Reboot:
end

*****************

C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\0\7e6fb840-329f0f4f => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\11\62a6918b-59675c9f => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\16\2753db10-201a1067 => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\29\7180b71d-4681b1ec => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\52\1371ff74-25a1544a => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\58\3294103a-5179717c => Moved successfully.
C:\Program Files\Grp Conv Removal Tool [1]\GrpConvRemovalTool[1].exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

Juliet
2014-03-10, 14:36
Please update me on how things are at the moment?

Juliet
2014-03-26, 01:25
It's been several days since you were last here, do you still need help?

Juliet
2014-03-27, 20:29
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.