Win32.agent.adb and others...

**Pikpik** · 2012-10-01, 10:03

I noticed my computer has been crashing a lot more often in the past couple days than before, including some blue screen errors, and I got concerned. I did an S&D search and several serious looking items came up, including Win32.VB.du, Win32.Banker.prx, Win32.Autorun.dso, and a mention that my browser was infected with Win32.agent.adb. I tried running Malwarebytes, but it would usually crash midway through the scan, although I did get it to work in Safe Mode once, where it didn't find much. I used the Chameleon settings to get it to scan out of safe mode, but it didn't find anything. Spybot tends to lock up on its scan three files from the end. I use Microsoft Security Essentials, but that's also been crashing without warning lately, including during scans, and it doesn't find anything either.

I try to remove things with Spybot, but it says the resources are in use, and asks if it can run when I restart. I tried it, but it bluescreened at the end of its scan. I tried to install another antivirus like Avast, but it bluescreened at the end of installation then refused to start the program when it restarted. I tried the Outpost Security Suite, but it locked up during its initial scan and some fonts disappeared, then when I tried to restart in safe mode, the program wouldn't load. Then the computer wouldn't boot at all, so I had to go back into safe mode and uninstall the security suite, then it booted alright.

I've tried a few times to get rid of these things with Spybot, but they keep coming back... I'm worried something's seriously wrong. Here are the logs.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Zarla at 21:11:44 on 2012-09-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.1297 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Stickies\stickies.exe
svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Winamp5\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\Steam\Steam.exe
.
============== Pseudo HJT Report ===============
.
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRunOnce: [1] c:\program files\malwarebytes' anti-malware\chameleon\mbam-chameleon.exe /r /p
StartupFolder: c:\docume~1\zarla\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\zarla\startm~1\programs\startup\lastfm~1.lnk - c:\program files\last.fm\LastFMHelper.exe
StartupFolder: c:\docume~1\zarla\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1344119090125
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344119235656
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3E885F99-6B75-4C9E-AFC6-346B05F06238} : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\zarla\application data\mozilla\firefox\profiles\jf4tt3qn.transferringover\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\zarla\application data\mozilla\firefox\profiles\jf4tt3qn.transferringover\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.10.dll
FF - component: c:\documents and settings\zarla\application data\mozilla\firefox\profiles\jf4tt3qn.transferringover\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.11.dll
FF - component: c:\documents and settings\zarla\application data\mozilla\firefox\profiles\jf4tt3qn.transferringover\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.12.dll
FF - component: c:\documents and settings\zarla\application data\mozilla\firefox\profiles\jf4tt3qn.transferringover\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.13.dll
FF - component: c:\documents and settings\zarla\application data\mozilla\firefox\profiles\jf4tt3qn.transferringover\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.9.dll
FF - component: c:\documents and settings\zarla\application data\mozilla\firefox\profiles\jf4tt3qn.transferringover\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\documents and settings\zarla\application data\mozilla\firefox\profiles\jf4tt3qn.transferringover\extensions\openxmlviewer@codeplex.com\plugins\npDocX.dll
FF - plugin: c:\documents and settings\zarla\application data\mozilla\firefox\profiles\jf4tt3qn.transferringover\extensions\openxmlviewer@codeplex.com\plugins\npnul32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre7\bin\npjpi170_07.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: BarTab: bartap@philikon.de - %profile%\extensions\bartap@philikon.de
FF - Ext: OpenXMLViewer: OpenXMLViewer@Codeplex.com - %profile%\extensions\OpenXMLViewer@Codeplex.com
FF - Ext: Rehost Image: rehostimage@engy.us - %profile%\extensions\rehostimage@engy.us
FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Resurrect Pages: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3} - %profile%\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Image Search Options: {4a313247-8330-4a81-948e-b79936516f78} - %profile%\extensions\{4a313247-8330-4a81-948e-b79936516f78}
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
FF - Ext: Popup ALT Attribute: {61FD08D8-A2CB-46c0-B36D-3F531AC53C12} - %profile%\extensions\{61FD08D8-A2CB-46c0-B36D-3F531AC53C12}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: LJlogin: {ad4ee9e5-49c7-4589-acf3-db9fa76a95c9} - %profile%\extensions\{ad4ee9e5-49c7-4589-acf3-db9fa76a95c9}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Firefox 2, the theme, reloaded: {fd2f951f-77ea-4938-9493-0c892c027a13} - %profile%\extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2010-3-9 188984]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 MpKslbbfa0b08;MpKslbbfa0b08;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f98086c-330e-4dae-b963-0f9dd12d87d3}\MpKslbbfa0b08.sys [2012-9-30 29904]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2012-8-14 1373480]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-5-13 99856]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2012-8-18 472644]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-9-30 35144]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-8-16 11520]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-8-4 1691480]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-9-30 114144]
.
=============== Created Last 30 ================
.
2012-10-01 03:12:59 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-09-30 17:25:35 66520 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll
2012-09-30 17:25:35 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2012-09-30 17:25:35 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2012-09-30 17:25:34 505816 ----a-w- c:\program files\mozilla firefox\sqlite3.dll
2012-09-30 17:25:33 719832 ----a-w- c:\program files\mozilla firefox\mozcrt19.dll
2012-09-30 17:25:33 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2012-09-30 17:25:33 1014744 ----a-w- c:\program files\mozilla firefox\js3250.dll
2012-09-30 16:58:19 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-30 16:42:56 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f98086c-330e-4dae-b963-0f9dd12d87d3}\MpKslbbfa0b08.sys
2012-09-30 15:33:05 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f98086c-330e-4dae-b963-0f9dd12d87d3}\mpengine.dll
2012-09-30 07:03:45 -------- d-----w- c:\program files\AVAST Software
2012-09-30 07:03:45 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-09-29 16:10:53 -------- d-----w- c:\documents and settings\zarla\local settings\application data\PCHealth
2012-09-29 13:26:04 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-29 13:10:09 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-09-29 07:55:17 -------- d-----w- c:\documents and settings\zarla\application data\Malwarebytes
2012-09-29 07:54:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-09-29 07:54:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-29 07:54:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-29 03:19:49 404400 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-25 11:42:36 1409 ----a-w- c:\windows\QTFont.for
2012-09-08 06:05:38 -------- d-----w- c:\documents and settings\zarla\local settings\application data\kiloHearts
2012-09-08 06:04:55 -------- d-----w- c:\documents and settings\zarla\application data\MSPS
2012-09-05 02:22:40 -------- d-----w- c:\documents and settings\zarla\local settings\application data\DOSBox
2012-09-05 01:40:21 -------- d-----w- c:\documents and settings\zarla\local settings\application data\Lazy 8 Studios
2012-09-05 01:40:16 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-09-05 01:40:09 -------- d-----w- c:\windows\Logs
2012-09-01 21:08:06 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-01 21:07:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-09-01 21:07:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 21:07:37 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-20 04:43:37 588 ----a-w- c:\windows\uninstallstickies.bat
2012-08-14 17:11:50 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-08-04 23:32:36 0 ----a-w- c:\windows\ativpsrm.bin
2012-07-20 18:00:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
.
============= FINISH: 21:14:09.51 ===============

Aswmbr logs:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-30 21:24:17
-----------------------------
21:24:17.640 OS Version: Windows 5.1.2600 Service Pack 3
21:24:17.640 Number of processors: 4 586 0x102
21:24:17.640 ComputerName: CEDA-09E6FD4986 UserName: Zarla
21:24:18.703 Initialize success
21:27:40.734 AVAST engine defs: 12093001
21:28:03.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\ahcix861Port2Path0Target0Lun0
21:28:03.578 Disk 0 Vendor: Seagate_ 1AJ1 Size: 953869MB BusType: 1
21:28:03.593 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\ahcix861Port2Path0Target1Lun0
21:28:03.593 Disk 1 Vendor: Seagate_ 3.AA Size: 476940MB BusType: 1
21:28:03.593 Disk 0 MBR read successfully
21:28:03.593 Disk 0 MBR scan
21:28:03.625 Disk 0 Windows XP default MBR code
21:28:03.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63
21:28:03.625 Disk 0 scanning sectors +1953504000
21:28:03.703 Disk 0 scanning C:\WINDOWS\system32\drivers
21:28:16.546 Service scanning
21:28:28.812 Service MpKsld4a42852 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F98086C-330E-4DAE-B963-0F9DD12D87D3}\MpKsld4a42852.sys **LOCKED** 32
21:28:33.125 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
21:28:37.046 Modules scanning
21:28:40.625 Disk 0 trace - called modules:
21:28:40.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8ac061e8]<<
21:28:40.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a288030]
21:28:40.656 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\Scsi\ahcix861Port2Path0Target0Lun0[0x8ab1b998]
21:28:40.656 \Driver\ahcix86[0x8aac8f38] -> IRP_MJ_CREATE -> 0x8ac061e8
21:28:41.812 AVAST engine scan C:\WINDOWS
21:28:53.015 AVAST engine scan C:\WINDOWS\system32
21:31:29.281 AVAST engine scan C:\WINDOWS\system32\drivers
21:31:52.609 AVAST engine scan C:\Documents and Settings\Zarla
21:52:01.171 AVAST engine scan C:\Documents and Settings\All Users
00:11:40.640 Scan finished successfully
00:18:13.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Zarla\My Documents\MBR.dat"
00:18:13.718 The log file has been saved successfully to "C:\Documents and Settings\Zarla\My Documents\aswMBR.txt"

And the Spybot log:

Win32.VB.du: [SBI $C471BC2C] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt

Win32.VB.du: [SBI $5DDE6C15] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden

Microsoft.Windows.InfectedHostfile: [SBI $50865E77] Data (File, nothing done)
C:\WINDOWS\system32\drivers\etc\hosts_infected

Win32.Banker.prx: [SBI $22E68569] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Microsoft\Internet Explorer\BrowserEmulation\TLDUpdates

Win32.Banker.prx: [SBI $25582D55] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Microsoft\Internet Explorer\IETld\StaleIETldCache

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\AMD

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\ATI

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Policies

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-19\Software\Mediamatics

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-19\Software\Classes

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Mediamatics

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Policies

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Classes

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Adobe

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\ATI

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\AVAST Software

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Clients

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Gabest

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Google

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\JavaSoft

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Last.fm

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Macromedia

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Malwarebytes' Anti-Malware

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Mediamatics

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Memeo

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Microsoft

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Mozilla

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\MozillaPlugins

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Netscape

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Nintendo

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Policies

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Realtek

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Safer Networking Limited

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Trolltech

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Valve

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\WinampAC3

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\WinRAR

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Classes

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\AMD

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\ATI

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft

Win32.Agent.ws: [SBI $2BB30D89] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Policies

Win32.Autorun.dc3: [SBI $3958106B] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}

--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-08-15 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-10-22 Tools.dll (2.1.6.8)
2012-04-04 Includes\Adware.sbi (*)
2012-09-25 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2012-09-26 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-06-18 Includes\Hijackers.sbi (*)
2012-09-25 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-08-28 Includes\Malware.sbi (*)
2012-09-25 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-08-21 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-06-18 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-09-05 Includes\Spyware.sbi (*)
2012-09-04 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-27 Includes\Trojans.sbi (*)
2012-09-27 Includes\TrojansC-02.sbi (*)
2012-09-20 Includes\TrojansC-03.sbi (*)
2012-09-28 Includes\TrojansC-04.sbi (*)
2012-08-31 Includes\TrojansC-05.sbi (*)
2012-09-07 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2008-12-24 Plugins\TCPIPAddress.dll

**torreattack** · 2012-10-09, 13:23

Please note that all instructions given are customised for this computer only.
Tthe tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Safer-Networking forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.

Hi Pikpik and welcome to Safer-Networking

My name is torreattack, and I will be helping you with your malware problems. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer
Backup your data - Vista
Backup your data - windows 7

Please observe these rules while we work:

Perform all actions in the order given.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Stick with it till you're given the all clear.
Remember, absence of symptoms does not mean the infection is all gone.
Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given.
As sometimes it is necessary to go offline and you will lose access to them.

If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) where the conditions for receiving help here are explained.

==============================================================================================================================================
Sorry for being late.

Since you logs is quite old now, I need to get the latest logs. Please do the following:

1. RogueKiller

Please download RogueKiller by Tigzy and save it to your desktop.
Allow the download if prompted by your security software and please close all your programs.
Right click on RogueKiller.exe and select " Run as administrator " to run it.
If it does not run, please try a few times.
Wait for PreScan to finish, then click on Scan.
Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
Please copy and paste the contents of that log in your next reply.

2. TDSSKiller
Please download TDSSKiller.exe and save it to your Desktop.

Right click on TDSSKiller.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
When the TDSSKiller finish loading, click on Change parameters.
Tick the Detect TDLFS file system and click ok.
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
DO NOT TRY TO FIX ANYTHING AT THIS POINT

3. OTL
Please download OTL ... by Old Timer . Save it to your Desktop.

Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened, maximized
- Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.

4. Checklist
Please post:

RKreport[x].txt
TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt
OTL.txt and Extra.txt
An update on your problems

note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thank you for your GREAT patience.
torreattack

**Pikpik** · 2012-10-10, 08:13

RKreport3.txt

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 10/09/2012 22:47:32

¤¤¤ Bad processes : 2 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF71F1B40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF71F1B40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF71F1B40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF71F1B40)
IRP[IRP_MJ_POWER] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF71F1B40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF71F1B40)
IRP[IRP_MJ_PNP] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF71F1B40)
IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF71EF864)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Seagate ST1000DM005 HD10 SCSI Disk Device +++++
--- User ---
[MBR] 5a93c3bb77973e0df9d4bba454bb703a
[BSP] 77ca3c46127bfbf073c5756b4778880a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Seagate ST3500630AS SCSI Disk Device +++++
--- User ---
[MBR] e1203746f124325972c21b90178ce4f0
[BSP] 08d74e8d21ec574dfeb1e1982d1504ee : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: WD My Book 1110 USB Device +++++
--- User ---
[MBR] 501e0d6900b18b534a9fcc91650fc670
[BSP] d17cd76fdfd3323b5fe85b518ea94d94 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953198 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

TDSSreport:

22:33:09.0492 1844 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:33:09.0961 1844 ============================================================
22:33:09.0961 1844 Current date / time: 2012/10/09 22:33:09.0961
22:33:09.0961 1844 SystemInfo:
22:33:09.0961 1844
22:33:09.0961 1844 OS Version: 5.1.2600 ServicePack: 3.0
22:33:09.0961 1844 Product type: Workstation
22:33:09.0961 1844 ComputerName: CEDA-09E6FD4986
22:33:09.0961 1844 UserName: Administrator
22:33:09.0961 1844 Windows directory: C:\WINDOWS
22:33:09.0961 1844 System windows directory: C:\WINDOWS
22:33:09.0961 1844 Processor architecture: Intel x86
22:33:09.0961 1844 Number of processors: 4
22:33:09.0961 1844 Page size: 0x1000
22:33:09.0961 1844 Boot type: Normal boot
22:33:09.0961 1844 ============================================================
22:33:10.0617 1844 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:33:10.0633 1844 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:33:10.0649 1844 Drive \Device\Harddisk2\DR4 - Size: 0xE8B6F00000 (930.86 Gb), SectorSize: 0x200, Cylinders: 0x1DAAB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:33:10.0664 1844 ============================================================
22:33:10.0664 1844 \Device\Harddisk0\DR0:
22:33:10.0664 1844 MBR partitions:
22:33:10.0664 1844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
22:33:10.0664 1844 \Device\Harddisk1\DR1:
22:33:10.0664 1844 MBR partitions:
22:33:10.0664 1844 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
22:33:10.0680 1844 \Device\Harddisk2\DR4:
22:33:10.0680 1844 MBR partitions:
22:33:10.0680 1844 \Device\Harddisk2\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x745B7000
22:33:10.0680 1844 ============================================================
22:33:10.0695 1844 C: <-> \Device\Harddisk0\DR0\Partition1
22:33:10.0695 1844 H: <-> \Device\Harddisk2\DR4\Partition1
22:33:10.0727 1844 D: <-> \Device\Harddisk1\DR1\Partition1
22:33:10.0727 1844 ============================================================
22:33:10.0727 1844 Initialize success
22:33:10.0727 1844 ============================================================
22:33:45.0274 5392 ============================================================
22:33:45.0274 5392 Scan started
22:33:45.0274 5392 Mode: Manual; TDLFS;
22:33:45.0274 5392 ============================================================
22:33:45.0461 5392 ================ Scan system memory ========================
22:33:45.0461 5392 System memory - ok
22:33:45.0477 5392 ================ Scan services =============================
22:33:45.0555 5392 Abiosdsk - ok
22:33:45.0555 5392 abp480n5 - ok
22:33:45.0586 5392 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:33:45.0586 5392 ACPI - ok
22:33:45.0617 5392 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:33:45.0617 5392 ACPIEC - ok
22:33:45.0617 5392 adpu160m - ok
22:33:45.0649 5392 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:33:45.0649 5392 aec - ok
22:33:45.0680 5392 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:33:45.0680 5392 AFD - ok
22:33:45.0695 5392 Aha154x - ok
22:33:45.0711 5392 [ FD26D4B471E614C2A9B92A272FAFFDAC ] ahcix86 C:\WINDOWS\system32\drivers\ahcix86.sys
22:33:45.0711 5392 ahcix86 - ok
22:33:45.0711 5392 aic78u2 - ok
22:33:45.0727 5392 aic78xx - ok
22:33:45.0774 5392 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:33:45.0774 5392 Alerter - ok
22:33:45.0805 5392 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
22:33:45.0805 5392 ALG - ok
22:33:45.0805 5392 AliIde - ok
22:33:45.0852 5392 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
22:33:45.0867 5392 Ambfilt - ok
22:33:45.0867 5392 [ 6E58654CB25730B2579E45E1FD116A47 ] amdide C:\WINDOWS\system32\DRIVERS\amdide.sys
22:33:45.0867 5392 amdide - ok
22:33:45.0914 5392 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
22:33:45.0914 5392 AmdPPM - ok
22:33:45.0914 5392 amsint - ok
22:33:45.0945 5392 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:33:45.0961 5392 AppMgmt - ok
22:33:45.0977 5392 [ 4F9CBBF95E8F7A0D4C0EDCFE3B78102E ] ASAPIW2k C:\WINDOWS\system32\drivers\ASAPIW2k.sys
22:33:45.0977 5392 ASAPIW2k - ok
22:33:45.0977 5392 asc - ok
22:33:45.0992 5392 asc3350p - ok
22:33:45.0992 5392 asc3550 - ok
22:33:46.0039 5392 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:33:46.0039 5392 aspnet_state - ok
22:33:46.0055 5392 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:33:46.0055 5392 AsyncMac - ok
22:33:46.0086 5392 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:33:46.0086 5392 atapi - ok
22:33:46.0086 5392 Atdisk - ok
22:33:46.0117 5392 [ 7EEB8386F9AC3721EDAD9B21E5C2F2D4 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
22:33:46.0133 5392 Ati HotKey Poller - ok
22:33:46.0258 5392 [ 28F1B6CCD2E0A184DA7D9F266BFEB267 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:33:46.0320 5392 ati2mtag - ok
22:33:46.0336 5392 [ F3C66593C93776A7614569137C74C724 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
22:33:46.0336 5392 AtiHDAudioService - ok
22:33:46.0367 5392 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:33:46.0367 5392 Atmarpc - ok
22:33:46.0383 5392 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:33:46.0383 5392 AudioSrv - ok
22:33:46.0414 5392 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:33:46.0414 5392 audstub - ok
22:33:46.0445 5392 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:33:46.0445 5392 Beep - ok
22:33:46.0461 5392 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
22:33:46.0508 5392 BITS - ok
22:33:46.0508 5392 BLKWGU(Belkin) - ok
22:33:46.0539 5392 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
22:33:46.0539 5392 Browser - ok
22:33:46.0570 5392 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:33:46.0570 5392 cbidf2k - ok
22:33:46.0586 5392 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:33:46.0586 5392 CCDECODE - ok
22:33:46.0586 5392 cd20xrnt - ok
22:33:46.0586 5392 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:33:46.0602 5392 Cdaudio - ok
22:33:46.0602 5392 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:33:46.0602 5392 Cdfs - ok
22:33:46.0617 5392 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:33:46.0617 5392 Cdrom - ok
22:33:46.0617 5392 Changer - ok
22:33:46.0664 5392 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:33:46.0664 5392 CiSvc - ok
22:33:46.0664 5392 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:33:46.0664 5392 ClipSrv - ok
22:33:46.0695 5392 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:33:46.0695 5392 clr_optimization_v2.0.50727_32 - ok
22:33:46.0711 5392 CmdIde - ok
22:33:46.0711 5392 COMSysApp - ok
22:33:46.0711 5392 Cpqarray - ok
22:33:46.0742 5392 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:33:46.0742 5392 CryptSvc - ok
22:33:46.0742 5392 dac2w2k - ok
22:33:46.0742 5392 dac960nt - ok
22:33:46.0774 5392 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:33:46.0789 5392 DcomLaunch - ok
22:33:46.0805 5392 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:33:46.0805 5392 Dhcp - ok
22:33:46.0805 5392 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:33:46.0805 5392 Disk - ok
22:33:46.0805 5392 dmadmin - ok
22:33:46.0867 5392 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:33:46.0867 5392 dmboot - ok
22:33:46.0867 5392 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:33:46.0883 5392 dmio - ok
22:33:46.0883 5392 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:33:46.0883 5392 dmload - ok
22:33:46.0883 5392 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:33:46.0883 5392 dmserver - ok
22:33:46.0899 5392 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:33:46.0899 5392 DMusic - ok
22:33:46.0930 5392 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:33:46.0930 5392 Dnscache - ok
22:33:46.0961 5392 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:33:46.0977 5392 Dot3svc - ok
22:33:46.0977 5392 dpti2o - ok
22:33:46.0977 5392 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:33:46.0977 5392 drmkaud - ok
22:33:47.0008 5392 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:33:47.0008 5392 EapHost - ok
22:33:47.0024 5392 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:33:47.0039 5392 ERSvc - ok
22:33:47.0039 5392 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
22:33:47.0039 5392 Eventlog - ok
22:33:47.0086 5392 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
22:33:47.0086 5392 EventSystem - ok
22:33:47.0117 5392 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:33:47.0117 5392 Fastfat - ok
22:33:47.0149 5392 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:33:47.0149 5392 FastUserSwitchingCompatibility - ok
22:33:47.0149 5392 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
22:33:47.0149 5392 Fdc - ok
22:33:47.0164 5392 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:33:47.0164 5392 Fips - ok
22:33:47.0164 5392 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:33:47.0164 5392 Flpydisk - ok
22:33:47.0195 5392 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:33:47.0195 5392 FltMgr - ok
22:33:47.0242 5392 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:33:47.0242 5392 FontCache3.0.0.0 - ok
22:33:47.0258 5392 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:33:47.0258 5392 Fs_Rec - ok
22:33:47.0258 5392 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:33:47.0258 5392 Ftdisk - ok
22:33:47.0274 5392 [ 32A73A8952580B284A47290ADB62032A ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:33:47.0274 5392 GEARAspiWDM - ok
22:33:47.0274 5392 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:33:47.0274 5392 Gpc - ok
22:33:47.0305 5392 [ E4AEF0DAACBE59B048BE0224A6D0E601 ] HCWBT8xx C:\WINDOWS\system32\drivers\HCWBT8XX.sys
22:33:47.0305 5392 HCWBT8xx - ok
22:33:47.0320 5392 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:33:47.0320 5392 HDAudBus - ok
22:33:47.0352 5392 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:33:47.0352 5392 helpsvc - ok
22:33:47.0367 5392 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
22:33:47.0367 5392 HidServ - ok
22:33:47.0367 5392 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:33:47.0367 5392 hidusb - ok
22:33:47.0383 5392 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:33:47.0399 5392 hkmsvc - ok
22:33:47.0399 5392 hpn - ok
22:33:47.0430 5392 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:33:47.0430 5392 HTTP - ok
22:33:47.0445 5392 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:33:47.0445 5392 HTTPFilter - ok
22:33:47.0445 5392 i2omgmt - ok
22:33:47.0445 5392 i2omp - ok
22:33:47.0461 5392 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:33:47.0461 5392 i8042prt - ok
22:33:47.0539 5392 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:33:47.0586 5392 IDriverT - ok
22:33:47.0633 5392 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:33:47.0649 5392 idsvc - ok
22:33:47.0649 5392 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:33:47.0649 5392 Imapi - ok
22:33:47.0664 5392 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:33:47.0664 5392 ImapiService - ok
22:33:47.0680 5392 ini910u - ok
22:33:47.0805 5392 [ 5D138ADC44C43BF37634C8E528D75B1F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:33:47.0867 5392 IntcAzAudAddService - ok
22:33:47.0867 5392 IntelIde - ok
22:33:47.0899 5392 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:33:47.0899 5392 Ip6Fw - ok
22:33:47.0914 5392 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:33:47.0914 5392 IpFilterDriver - ok
22:33:47.0930 5392 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:33:47.0930 5392 IpInIp - ok
22:33:47.0945 5392 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:33:47.0945 5392 IpNat - ok
22:33:47.0992 5392 [ 962BC769D1008D83F6A00B9DE887EEF4 ] iPodService C:\Program Files\iPod\bin\iPodService.exe
22:33:47.0992 5392 iPodService - ok
22:33:48.0008 5392 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:33:48.0008 5392 IPSec - ok
22:33:48.0024 5392 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:33:48.0024 5392 IRENUM - ok
22:33:48.0039 5392 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:33:48.0039 5392 isapnp - ok
22:33:48.0117 5392 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
22:33:48.0117 5392 JavaQuickStarterService - ok
22:33:48.0117 5392 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:33:48.0117 5392 Kbdclass - ok
22:33:48.0133 5392 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:33:48.0133 5392 kbdhid - ok
22:33:48.0133 5392 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:33:48.0133 5392 kmixer - ok
22:33:48.0149 5392 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:33:48.0149 5392 KSecDD - ok
22:33:48.0180 5392 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:33:48.0180 5392 lanmanserver - ok
22:33:48.0211 5392 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:33:48.0211 5392 lanmanworkstation - ok
22:33:48.0211 5392 lbrtfdc - ok
22:33:48.0258 5392 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:33:48.0258 5392 LmHosts - ok
22:33:48.0305 5392 [ A8382713F5870E4AF1DE4E8F7AF9D882 ] Macromedia Licensing Service C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
22:33:48.0305 5392 Macromedia Licensing Service - ok
22:33:48.0320 5392 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:33:48.0320 5392 Messenger - ok
22:33:48.0320 5392 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:33:48.0336 5392 mnmdd - ok
22:33:48.0352 5392 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:33:48.0352 5392 mnmsrvc - ok
22:33:48.0367 5392 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:33:48.0367 5392 Modem - ok
22:33:48.0399 5392 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
22:33:48.0414 5392 Monfilt - ok
22:33:48.0430 5392 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:33:48.0430 5392 Mouclass - ok
22:33:48.0445 5392 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:33:48.0445 5392 mouhid - ok
22:33:48.0445 5392 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:33:48.0461 5392 MountMgr - ok
22:33:48.0492 5392 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:33:48.0492 5392 MozillaMaintenance - ok
22:33:48.0524 5392 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:33:48.0524 5392 MpFilter - ok
22:33:48.0617 5392 [ A69630D039C38018689190234F866D77 ] MpKsl8f6c6478 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD916C67-892D-4FDC-A7F6-F9CCDC7D8DBD}\MpKsl8f6c6478.sys
22:33:48.0617 5392 MpKsl8f6c6478 - ok
22:33:48.0617 5392 mraid35x - ok
22:33:48.0617 5392 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:33:48.0617 5392 MRxDAV - ok
22:33:48.0649 5392 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:33:48.0664 5392 MRxSmb - ok
22:33:48.0664 5392 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:33:48.0664 5392 MSDTC - ok
22:33:48.0664 5392 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:33:48.0664 5392 Msfs - ok
22:33:48.0664 5392 MSIServer - ok
22:33:48.0680 5392 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:33:48.0680 5392 MSKSSRV - ok
22:33:48.0758 5392 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:33:48.0758 5392 MsMpSvc - ok
22:33:48.0758 5392 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:33:48.0758 5392 MSPCLOCK - ok
22:33:48.0774 5392 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:33:48.0774 5392 MSPQM - ok
22:33:48.0774 5392 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:33:48.0774 5392 mssmbios - ok
22:33:48.0805 5392 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:33:48.0805 5392 MSTEE - ok
22:33:48.0805 5392 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:33:48.0805 5392 Mup - ok
22:33:48.0836 5392 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:33:48.0836 5392 NABTSFEC - ok
22:33:48.0899 5392 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:33:48.0899 5392 napagent - ok
22:33:48.0914 5392 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:33:48.0914 5392 NDIS - ok
22:33:48.0914 5392 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:33:48.0914 5392 NdisIP - ok
22:33:48.0945 5392 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:33:48.0945 5392 NdisTapi - ok
22:33:48.0977 5392 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:33:48.0977 5392 Ndisuio - ok
22:33:48.0977 5392 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:33:48.0977 5392 NdisWan - ok
22:33:49.0008 5392 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:33:49.0008 5392 NDProxy - ok
22:33:49.0008 5392 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:33:49.0008 5392 NetBIOS - ok
22:33:49.0024 5392 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:33:49.0024 5392 NetBT - ok
22:33:49.0039 5392 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
22:33:49.0055 5392 NetDDE - ok
22:33:49.0055 5392 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:33:49.0055 5392 NetDDEdsdm - ok
22:33:49.0086 5392 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:33:49.0086 5392 Netlogon - ok
22:33:49.0133 5392 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
22:33:49.0133 5392 Netman - ok
22:33:49.0149 5392 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:33:49.0149 5392 NetTcpPortSharing - ok
22:33:49.0180 5392 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
22:33:49.0180 5392 Nla - ok
22:33:49.0211 5392 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files\CDBurnerXP\NMSAccessU.exe
22:33:49.0211 5392 NMSAccess - ok
22:33:49.0227 5392 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:33:49.0227 5392 Npfs - ok
22:33:49.0227 5392 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:33:49.0242 5392 Ntfs - ok
22:33:49.0242 5392 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:33:49.0242 5392 NtLmSsp - ok
22:33:49.0274 5392 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:33:49.0274 5392 NtmsSvc - ok
22:33:49.0289 5392 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:33:49.0289 5392 Null - ok
22:33:49.0320 5392 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:33:49.0320 5392 NwlnkFlt - ok
22:33:49.0320 5392 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:33:49.0320 5392 NwlnkFwd - ok
22:33:49.0336 5392 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:33:49.0336 5392 Parport - ok
22:33:49.0336 5392 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:33:49.0336 5392 PartMgr - ok
22:33:49.0383 5392 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:33:49.0383 5392 ParVdm - ok
22:33:49.0383 5392 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:33:49.0383 5392 PCI - ok
22:33:49.0383 5392 PCIDump - ok
22:33:49.0383 5392 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:33:49.0383 5392 PCIIde - ok
22:33:49.0414 5392 [ 1BEBE7DE8508A02650CDCE45C664C2A2 ] PCLEPCI C:\WINDOWS\system32\drivers\pclepci.sys
22:33:49.0414 5392 PCLEPCI - ok
22:33:49.0430 5392 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:33:49.0430 5392 Pcmcia - ok
22:33:49.0430 5392 PDCOMP - ok
22:33:49.0430 5392 PDFRAME - ok
22:33:49.0445 5392 PDRELI - ok
22:33:49.0445 5392 PDRFRAME - ok
22:33:49.0445 5392 perc2 - ok
22:33:49.0445 5392 perc2hib - ok
22:33:49.0477 5392 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
22:33:49.0477 5392 PlugPlay - ok
22:33:49.0477 5392 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:33:49.0477 5392 PolicyAgent - ok
22:33:49.0492 5392 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:33:49.0492 5392 PptpMiniport - ok
22:33:49.0492 5392 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
22:33:49.0492 5392 Processor - ok
22:33:49.0492 5392 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:33:49.0492 5392 ProtectedStorage - ok
22:33:49.0492 5392 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:33:49.0492 5392 PSched - ok
22:33:49.0508 5392 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:33:49.0508 5392 Ptilink - ok
22:33:49.0508 5392 ql1080 - ok
22:33:49.0508 5392 Ql10wnt - ok
22:33:49.0508 5392 ql12160 - ok
22:33:49.0508 5392 ql1240 - ok
22:33:49.0524 5392 ql1280 - ok
22:33:49.0524 5392 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:33:49.0524 5392 RasAcd - ok
22:33:49.0555 5392 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:33:49.0555 5392 RasAuto - ok
22:33:49.0586 5392 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:33:49.0586 5392 Rasl2tp - ok
22:33:49.0617 5392 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:33:49.0617 5392 RasMan - ok
22:33:49.0617 5392 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:33:49.0617 5392 RasPppoe - ok
22:33:49.0617 5392 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:33:49.0617 5392 Raspti - ok
22:33:49.0617 5392 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:33:49.0633 5392 Rdbss - ok
22:33:49.0633 5392 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:33:49.0633 5392 RDPCDD - ok
22:33:49.0633 5392 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:33:49.0633 5392 rdpdr - ok
22:33:49.0664 5392 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:33:49.0664 5392 RDPWD - ok
22:33:49.0695 5392 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:33:49.0711 5392 RDSessMgr - ok
22:33:49.0711 5392 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:33:49.0711 5392 redbook - ok
22:33:49.0758 5392 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:33:49.0758 5392 RemoteAccess - ok
22:33:49.0789 5392 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:33:49.0789 5392 RemoteRegistry - ok
22:33:49.0789 5392 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
22:33:49.0789 5392 RpcLocator - ok
22:33:49.0820 5392 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:33:49.0836 5392 RpcSs - ok
22:33:49.0852 5392 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:33:49.0852 5392 RSVP - ok
22:33:49.0883 5392 [ 3AE0728E82EDEAE0D9C37651C0451535 ] RT25USBAP C:\WINDOWS\system32\DRIVERS\rt25usbap.sys
22:33:49.0945 5392 RT25USBAP - ok
22:33:49.0977 5392 [ D3578C3806ED545E5C36B2A20F5C0B5A ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:33:49.0977 5392 RTLE8023xp - ok
22:33:49.0977 5392 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
22:33:49.0977 5392 SamSs - ok
22:33:49.0977 5392 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:33:49.0992 5392 SCardSvr - ok
22:33:49.0992 5392 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:33:49.0992 5392 Schedule - ok
22:33:50.0039 5392 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:33:50.0039 5392 Secdrv - ok
22:33:50.0055 5392 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:33:50.0055 5392 seclogon - ok
22:33:50.0055 5392 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
22:33:50.0055 5392 SENS - ok
22:33:50.0055 5392 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:33:50.0070 5392 serenum - ok
22:33:50.0070 5392 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:33:50.0070 5392 Serial - ok
22:33:50.0102 5392 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:33:50.0102 5392 Sfloppy - ok
22:33:50.0133 5392 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:33:50.0149 5392 SharedAccess - ok
22:33:50.0149 5392 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:33:50.0164 5392 ShellHWDetection - ok
22:33:50.0164 5392 Simbad - ok
22:33:50.0195 5392 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:33:50.0195 5392 SkypeUpdate - ok
22:33:50.0227 5392 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:33:50.0227 5392 SLIP - ok
22:33:50.0242 5392 Sparrow - ok
22:33:50.0258 5392 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:33:50.0258 5392 splitter - ok
22:33:50.0289 5392 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:33:50.0289 5392 Spooler - ok
22:33:50.0320 5392 [ D390675B8CE45E5FB359338E5E649329 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
22:33:50.0320 5392 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: D390675B8CE45E5FB359338E5E649329
22:33:50.0320 5392 sptd ( LockedFile.Multi.Generic ) - warning
22:33:50.0320 5392 sptd - detected LockedFile.Multi.Generic (1)
22:33:50.0352 5392 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:33:50.0352 5392 sr - ok
22:33:50.0367 5392 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
22:33:50.0367 5392 srservice - ok
22:33:50.0383 5392 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:33:50.0383 5392 Srv - ok
22:33:50.0414 5392 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:33:50.0414 5392 SSDPSRV - ok
22:33:50.0430 5392 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
22:33:50.0430 5392 StarOpen - ok
22:33:50.0430 5392 Steam Client Service - ok
22:33:50.0477 5392 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:33:50.0477 5392 stisvc - ok
22:33:50.0492 5392 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:33:50.0492 5392 streamip - ok
22:33:50.0492 5392 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:33:50.0492 5392 swenum - ok
22:33:50.0524 5392 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:33:50.0524 5392 swmidi - ok
22:33:50.0524 5392 SwPrv - ok
22:33:50.0524 5392 symc810 - ok
22:33:50.0524 5392 symc8xx - ok
22:33:50.0539 5392 sym_hi - ok
22:33:50.0539 5392 sym_u3 - ok
22:33:50.0555 5392 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:33:50.0555 5392 sysaudio - ok
22:33:50.0586 5392 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:33:50.0586 5392 SysmonLog - ok
22:33:50.0649 5392 [ 7855D6371E72EDCE0C4148AC79674DD4 ] TabletServiceWacom C:\WINDOWS\system32\Wacom_Tablet.exe
22:33:50.0664 5392 TabletServiceWacom - ok
22:33:50.0695 5392 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:33:50.0695 5392 TapiSrv - ok
22:33:50.0711 5392 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:33:50.0727 5392 Tcpip - ok
22:33:50.0727 5392 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:33:50.0727 5392 TDPIPE - ok
22:33:50.0742 5392 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:33:50.0742 5392 TDTCP - ok
22:33:50.0758 5392 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:33:50.0758 5392 TermDD - ok
22:33:50.0774 5392 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
22:33:50.0774 5392 TermService - ok
22:33:50.0774 5392 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
22:33:50.0789 5392 Themes - ok
22:33:50.0820 5392 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:33:50.0820 5392 TlntSvr - ok
22:33:50.0820 5392 TosIde - ok
22:33:50.0836 5392 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:33:50.0836 5392 TrkWks - ok
22:33:50.0836 5392 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:33:50.0836 5392 Udfs - ok
22:33:50.0852 5392 ultra - ok
22:33:50.0883 5392 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:33:50.0883 5392 Update - ok
22:33:50.0914 5392 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:33:50.0914 5392 upnphost - ok
22:33:50.0930 5392 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
22:33:50.0930 5392 UPS - ok
22:33:50.0945 5392 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
22:33:50.0945 5392 usbaudio - ok
22:33:50.0961 5392 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:33:50.0961 5392 usbccgp - ok
22:33:50.0977 5392 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:33:50.0977 5392 usbehci - ok
22:33:50.0977 5392 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:33:50.0977 5392 usbhub - ok
22:33:50.0992 5392 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:33:50.0992 5392 usbohci - ok
22:33:51.0008 5392 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:33:51.0008 5392 usbscan - ok
22:33:51.0024 5392 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:33:51.0024 5392 usbstor - ok
22:33:51.0039 5392 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:33:51.0039 5392 VgaSave - ok
22:33:51.0039 5392 ViaIde - ok
22:33:51.0039 5392 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:33:51.0039 5392 VolSnap - ok
22:33:51.0055 5392 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
22:33:51.0055 5392 VSS - ok
22:33:51.0070 5392 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
22:33:51.0070 5392 W32Time - ok
22:33:51.0070 5392 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
22:33:51.0070 5392 wacommousefilter - ok
22:33:51.0086 5392 [ 73E6F16A1F187D71FB26AF308551E54A ] wacomvhid C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
22:33:51.0086 5392 wacomvhid - ok
22:33:51.0086 5392 [ 889459833432B161CB99CFDF84A1A9BB ] WacomVKHid C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
22:33:51.0086 5392 WacomVKHid - ok
22:33:51.0086 5392 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:33:51.0086 5392 Wanarp - ok
22:33:51.0102 5392 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
22:33:51.0102 5392 WDC_SAM - ok
22:33:51.0164 5392 [ 0220362DEB2A21551B418D61F3153347 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
22:33:51.0164 5392 WDDMService - ok
22:33:51.0164 5392 WDICA - ok
22:33:51.0180 5392 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:33:51.0180 5392 wdmaud - ok
22:33:51.0195 5392 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
22:33:51.0195 5392 WDSmartWareBackgroundService - ok
22:33:51.0195 5392 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:33:51.0195 5392 WebClient - ok
22:33:51.0258 5392 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:33:51.0258 5392 winmgmt - ok
22:33:51.0289 5392 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
22:33:51.0289 5392 WmdmPmSN - ok
22:33:51.0320 5392 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:33:51.0320 5392 Wmi - ok
22:33:51.0336 5392 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:33:51.0336 5392 WmiAcpi - ok
22:33:51.0336 5392 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:33:51.0336 5392 WmiApSrv - ok
22:33:51.0383 5392 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:33:51.0383 5392 wscsvc - ok
22:33:51.0399 5392 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:33:51.0399 5392 WSTCODEC - ok
22:33:51.0414 5392 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:33:51.0414 5392 wuauserv - ok
22:33:51.0430 5392 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:33:51.0445 5392 WZCSVC - ok
22:33:51.0477 5392 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:33:51.0477 5392 xmlprov - ok
22:33:51.0477 5392 ZDPSp50 - ok
22:33:51.0492 5392 ================ Scan global ===============================
22:33:51.0508 5392 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:33:51.0555 5392 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:33:51.0570 5392 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:33:51.0570 5392 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:33:51.0570 5392 [Global] - ok
22:33:51.0570 5392 ================ Scan MBR ==================================
22:33:51.0602 5392 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:33:51.0774 5392 \Device\Harddisk0\DR0 - ok
22:33:51.0774 5392 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
22:33:51.0836 5392 \Device\Harddisk1\DR1 - ok
22:33:51.0852 5392 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR4
22:33:51.0961 5392 \Device\Harddisk2\DR4 - ok
22:33:51.0961 5392 ================ Scan VBR ==================================
22:33:51.0961 5392 [ 8CCD18D91C414BB76D189EE4F9383670 ] \Device\Harddisk0\DR0\Partition1
22:33:51.0961 5392 \Device\Harddisk0\DR0\Partition1 - ok
22:33:51.0977 5392 [ ABA7BB530658141D9654C85ECD1C0E12 ] \Device\Harddisk1\DR1\Partition1
22:33:51.0977 5392 \Device\Harddisk1\DR1\Partition1 - ok
22:33:51.0977 5392 [ EE3DC49BBC7BDFB67117D318E9B51AA1 ] \Device\Harddisk2\DR4\Partition1
22:33:51.0977 5392 \Device\Harddisk2\DR4\Partition1 - ok
22:33:51.0977 5392 ============================================================
22:33:51.0977 5392 Scan finished
22:33:51.0977 5392 ============================================================
22:33:51.0977 2092 Detected object count: 1
22:33:51.0977 2092 Actual detected object count: 1
22:34:26.0742 2092 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:34:26.0742 2092 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:35:18.0117 4512 Deinitialize success

**Pikpik** · 2012-10-10, 08:19

OTL:

OTL logfile created on: 10/9/2012 10:36:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Zarla\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.12 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 76.81% Memory free
4.96 Gb Paging File | 4.35 Gb Available in Paging File | 87.65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 563.57 Gb Free Space | 60.50% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 29.32 Gb Free Space | 6.30% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive H: | 930.86 Gb Total Space | 61.65 Gb Free Space | 6.62% Space Free | Partition Type: NTFS
Drive X: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CEDA-09E6FD4986 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Zarla\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Last.fm\LastFMHelper.exe (Last.fm)
PRC - C:\Program Files\Last.fm\LastFM.exe (Last.fm)
PRC - C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

========== Services (SafeList) ==========

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)

========== Driver Services (SafeList) ==========

DRV - (ZDPSp50) -- System32\Drivers\ZDPSp50.sys File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (BLKWGU(Belkin) -- system32\DRIVERS\BLKWGU.sys File not found
DRV - (apgcd1yn) -- File not found
DRV - (MpKsl8f6c6478) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD916C67-892D-4FDC-A7F6-F9CCDC7D8DBD}\MpKsl8f6c6478.sys (Microsoft Corporation)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (ahcix86) -- C:\WINDOWS\system32\drivers\ahcix86.sys (Advanced Micro Devices, Inc)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (amdide) -- C:\WINDOWS\system32\drivers\amdide.sys (Advanced Micro Devices)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (HCWBT8xx) -- C:\WINDOWS\system32\drivers\HCWBT8XX.sys (Hauppauge Computer Works)
DRV - (RT25USBAP) -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS (Ralink Technology Inc.)
DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-436374069-1202660629-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-436374069-1202660629-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-436374069-1202660629-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 F5 1A 3E B9 A3 CD 01 [binary data]
IE - HKU\S-1-5-21-436374069-1202660629-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-436374069-1202660629-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-436374069-1202660629-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-436374069-1202660629-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/30 10:25:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/30 10:25:35 | 000,000,000 | ---D | M]

[2012/09/30 10:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-436374069-1202660629-839522115-1003..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-436374069-1202660629-839522115-1003..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\Zarla\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Zarla\Start Menu\Programs\Startup\Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (Last.fm)
O4 - Startup: C:\Documents and Settings\Zarla\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\Stickies\stickies.exe (Zhorn Software)
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-436374069-1202660629-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-1202660629-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/w...?1344119090125 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1344119235656 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E885F99-6B75-4C9E-AFC6-346B05F06238}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/14 20:21:29 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2012/08/04 02:55:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/28 13:00:27 | 000,000,088 | R--- | M] () - X:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/09 22:30:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/10/09 22:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2012/10/09 22:30:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/10/09 22:30:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/10/09 22:30:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/10/09 22:30:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/10/09 22:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/10/09 22:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/10/09 22:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/10/09 22:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/10/09 22:30:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012/10/09 22:30:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012/10/09 22:30:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012/10/09 22:30:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012/10/09 22:30:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/10/09 22:30:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/10/09 22:30:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012/10/09 22:30:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012/10/07 15:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Compound File Explorer
[2012/10/07 15:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CoCo Systems
[2012/10/07 15:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\CoCo Systems
[2012/10/06 04:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SourceTec
[2012/10/06 04:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2012/10/06 04:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2012/10/06 04:23:39 | 000,696,240 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/09/30 21:09:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/09/30 21:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/09/30 21:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/09/30 10:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2012/09/30 09:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/09/30 09:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/30 00:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/30 00:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/09/29 00:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/29 00:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/29 00:54:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/29 00:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/29 00:50:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/09/28 20:19:49 | 000,073,136 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/09 22:27:05 | 025,054,208 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness4.fla
[2012/10/09 21:44:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1202660629-839522115-1003UA.job
[2012/10/09 17:44:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1202660629-839522115-1003Core.job
[2012/10/09 09:24:08 | 003,043,446 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness4.swf
[2012/10/09 07:43:35 | 025,018,368 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness3.fla
[2012/10/09 07:32:01 | 003,088,214 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness3.swf
[2012/10/09 01:14:19 | 024,757,760 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness2.fla
[2012/10/08 22:11:42 | 024,684,032 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness.fla
[2012/10/08 20:16:01 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/10/08 20:16:01 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/10/08 16:10:36 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/10/08 15:51:01 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/08 15:51:01 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/08 15:47:06 | 000,000,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/10/08 15:46:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/08 15:46:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/07 22:49:10 | 002,958,775 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness2.swf
[2012/10/07 19:27:26 | 002,810,798 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\madness.swf
[2012/10/06 05:03:13 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/06 05:03:13 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/06 04:28:27 | 000,000,395 | ---- | M] () -- C:\WINDOWS\PKZIPW.INI
[2012/10/01 19:50:10 | 000,001,917 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/09/30 10:25:38 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/30 09:03:02 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/30 08:01:03 | 000,443,587 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_infected
[2012/09/30 07:08:02 | 000,000,124 | ---- | M] () -- C:\WINDOWS\System32\pixelcity.ini
[2012/09/29 06:32:14 | 000,443,587 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120930-002014.backup
[2012/09/29 06:11:59 | 000,000,223 | -HS- | M] () -- C:\boot.ini
[2012/09/25 01:52:04 | 003,778,688 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Love is War chorus.mp3
[2012/09/17 14:23:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/09 22:30:36 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/10/09 22:30:36 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012/10/09 09:24:03 | 003,043,446 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness4.swf
[2012/10/09 01:10:03 | 025,054,208 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness4.fla
[2012/10/08 20:16:01 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/10/08 20:16:01 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/10/07 14:19:13 | 003,088,214 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness3.swf
[2012/10/07 12:34:56 | 025,018,368 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness3.fla
[2012/10/07 10:47:48 | 002,958,775 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness2.swf
[2012/10/06 07:08:57 | 024,757,760 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness2.fla
[2012/10/06 05:06:50 | 002,810,798 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness.swf
[2012/10/06 03:04:11 | 024,684,032 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\madness.fla
[2012/10/01 20:12:53 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/30 10:25:38 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/29 06:12:00 | 000,001,118 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2012/09/29 06:12:00 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2012/09/29 06:12:00 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
[2012/09/29 06:12:00 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/08/30 23:07:52 | 000,018,073 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2012/08/18 23:57:36 | 000,000,395 | ---- | C] () -- C:\WINDOWS\PKZIPW.INI
[2012/08/17 11:04:17 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/08/17 11:04:17 | 000,601,728 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/08/17 11:04:17 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/08/17 11:01:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/17 00:41:40 | 000,000,124 | ---- | C] () -- C:\WINDOWS\System32\pixelcity.ini
[2012/08/16 02:30:11 | 004,874,240 | ---- | C] () -- C:\WINDOWS\System32\DSE2_DFT.dll
[2012/08/14 15:58:26 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2012/08/14 15:58:20 | 000,000,127 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2012/08/14 15:03:36 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2012/08/14 10:33:09 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2012/08/14 10:33:08 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2012/08/14 10:33:08 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2012/08/14 10:33:07 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2012/08/14 10:33:07 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2012/08/14 10:33:07 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2012/08/14 09:47:13 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012/08/14 08:04:30 | 000,001,110 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2012/08/14 06:16:58 | 000,000,042 | ---- | C] () -- C:\WINDOWS\AlchemyMindworksUpdateList.INI
[2012/08/14 06:16:38 | 000,212,992 | ---- | C] () -- C:\WINDOWS\ALCHUNIN.EXE
[2012/08/04 22:30:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/08/04 22:20:55 | 000,509,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/04 17:56:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/08/04 17:27:45 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/08/04 17:27:45 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/08/04 17:27:45 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2012/08/04 17:27:41 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/08/04 17:27:37 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/08/04 16:32:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/08/04 16:23:29 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012/08/04 16:17:24 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/08/04 02:57:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/08/04 02:53:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012/08/04 16:13:10 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 02:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 02:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Extras:

OTL Extras logfile created on: 10/9/2012 10:36:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Zarla\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.12 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 76.81% Memory free
4.96 Gb Paging File | 4.35 Gb Available in Paging File | 87.65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 563.57 Gb Free Space | 60.50% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 29.32 Gb Free Space | 6.30% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive H: | 930.86 Gb Total Space | 61.65 Gb Free Space | 6.62% Space Free | Partition Type: NTFS
Drive X: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CEDA-09E6FD4986 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-436374069-1202660629-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\common\auditorium\Auditorium.exe" = C:\Program Files\Steam\steamapps\common\auditorium\Auditorium.exe:*:Enabled:Auditorium -- ()
"C:\Program Files\Steam\steamapps\common\the binding of isaac\Isaac.exe" = C:\Program Files\Steam\steamapps\common\the binding of isaac\Isaac.exe:*:Enabled:The Binding of Isaac -- (Edmund Mcmillen & Florian Himsl )
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe" = C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\Program Files\Steam\steamapps\common\cogs\cogs.exe" = C:\Program Files\Steam\steamapps\common\cogs\cogs.exe:*:Enabled:Cogs -- ()
"C:\Program Files\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe" = C:\Program Files\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe:*:Enabled:Audiosurf -- ()
"C:\Program Files\Steam\steamapps\common\the sims 3\Game\Bin\Sims3Launcher.exe" = C:\Program Files\Steam\steamapps\common\the sims 3\Game\Bin\Sims3Launcher.exe:*:Enabled:The Sims(TM) 3 -- (Electronic Arts, Inc.)
"C:\Program Files\Steam\steamapps\common\the sims 3\Support\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\steamapps\common\the sims 3\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:The Sims(TM) 3 -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B94925-4A1C-D7AC-A851-0E7A9D5ED8BE}" = CCC Help Thai
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11EECEB2-5C76-99CD-2E39-756CBDD73499}" = CCC Help Spanish
"{146303B2-EA46-4BFB-8054-FC75A0D0088B}" = VOCALOID Voice DB (Miriam)
"{18E70170-C334-44BB-ACCA-3DCCC65CE4C7}" = VOCALOID SKIN (Zero-G LOLA)
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2154AF92-3049-42C5-A4C0-83AE99436752}" = VOCALOID Expression DB (Leon)
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{2515EAA9-AE9F-4F0A-8301-B40034838B8A}" = Livestream Procaster
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2AE31B63-387A-249C-2124-5C459B07B8E3}" = CCC Help Korean
"{2B1D90C0-F2C0-C20A-0C21-6B2DEEEB33BC}" = CCC Help Dutch
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{2FB56B11-9A6F-4962-8598-FE68F9BDBB52}" = VOCALOID SKIN (Crypton MEIKO)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B786ABD-AA64-0225-3925-8FA3F77FE53B}" = CCC Help Polish
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{44F77FBE-828D-4B04-A02B-C70426F65C86}" = VOCALOID Expression DB (Miriam)
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{54D8C662-ED7A-8B98-2ADD-AE6F2F2D0299}" = CCC Help Danish
"{55EE08EE-77A4-475E-A163-D6A673498ECF}" = VOCALOID Voice DB (Lola)
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5C134C7E-537D-4BA2-913D-A6F163DF10D4}" = UTAU 歌声合成ツール
"{6808A819-8657-8AF7-1351-9702425337E7}" = CCC Help Chinese Traditional
"{6B5AB2D2-1C9D-4513-B086-EF52F89568FB}" = VOCALOID Voice DB (Meiko)
"{70AE4016-BCFD-9B62-5B9A-CCB831A3715B}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73F64EE9-AC9A-9585-E6DA-7547AD804820}" = CCC Help Chinese Standard
"{76312427-983B-9524-527B-3E44E4620334}" = CCC Help Greek
"{77E75011-B477-842D-F291-7D0985797D56}" = CCC Help Swedish
"{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}" = LibreOffice 3.4
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8BA70AE2-35EE-8A73-22BD-F2DB17CDD96D}" = Catalyst Control Center InstallProxy
"{8BBB3758-6759-4086-835B-1D665DBE979F}" = VOCALOID SKIN (Zero-G MIRIAM)
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E58E89-4623-CE23-B743-0BFAA94677A6}" = CCC Help German
"{98A957AC-7BA3-82F7-A273-D8C783B23C5F}" = CCC Help French
"{98B069B8-EF38-CE76-1728-02AC63AC0438}" = Catalyst Control Center
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B89EB0D-68C3-4E5D-A705-CD8D37DABF50}" = VOCALOID Expression DB (Standard)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{9EEC34BF-9682-EE9D-ACE4-6C571E24A7EE}" = CCC Help Japanese
"{9F3B5588-E05C-4D99-AA2C-459AA6C5F31E}" = VOCALOID Voice DB (Leon)
"{A0D08A19-EC76-441B-A264-0E71A8F5ABF8}" = VOCALOID SKIN (Crypton KAITO)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A95FF0B9-5CFB-497E-8872-3A5F41AD9D4F}" = VOCALOID2 VSTi V2.0.2.0
"{AB165295-EA7E-6753-55A8-429C08A85690}" = CCC Help Italian
"{AB3902FC-219F-A3A0-10EC-63CFF24DF707}" = Catalyst Control Center Graphics Previews Common
"{AF1BC708-5329-4545-927C-E44E8EC092D3}" = Compound File Explorer
"{B123B3B1-C2A0-47E7-AAAB-D1E2DBE259CB}" = VOCALOID Editor V1.1.2.0
"{B293548D-735F-1F86-1C9C-1A56B8928FEE}" = AMD Catalyst Install Manager
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B40B1EFB-BA7B-462A-EA58-0AD6A05EC931}" = CCC Help English
"{B6588186-9657-486C-AEB1-F57D8E160F19}" = VOCALOID2 Expression DB (Standard)
"{B67624DE-75CE-4FAD-9F29-5C115773CE61}" = Studio 9 Content CD/DVD
"{B7197A7E-AE3B-4575-90CA-6820EC7E7631}" = VOCALOID2 Voice DB (SweetANN)
"{B7CD2ADE-855E-2A1C-683A-3A4C05A7CA5D}" = Catalyst Control Center Localization All
"{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C14BEC54-8253-6AC5-D446-506281A5E4F8}" = CCC Help Russian
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1EC6451-68A9-7EC2-2DB4-899A09A1CA09}" = CCC Help Norwegian
"{C542D258-F474-6798-A018-EB480B8EDC6C}" = CCC Help Turkish
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{C7904010-6875-4843-8B82-9FC49B2CCC2E}" = VOCALOID SKIN (Zero-G LEON)
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E60588F9-9961-1136-B5A1-74D15B1C0EA1}" = CCC Help Finnish
"{E7DF9EFA-42AE-475F-2C5C-E2E9AC953AA5}" = CCC Help Hungarian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F01C1DBB-E5DE-49BE-97A6-483F128AEFAF}" = VOCALOID Expression DB (Lola)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C1C21B-F56E-400B-B0B0-270D817889F3}" = VOCALOID2 Editor V2.0.2.3
"{F1C27587-F747-D0C8-907C-054B87A08B64}" = ccc-utility
"{F3292D16-6363-4AB8-85AF-75B61544B678}" = VOCALOID Voice DB (Kaito)
"{F7170995-22B7-082B-63D3-776AD36AE749}" = CCC Help Portuguese
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FA82D553-7A07-43A4-98E8-14C62402A4F2}" = Autodesk SketchBook Copic Edition
"{FAC611DA-E445-4D7A-8311-7389C627FA32}" = VOCALOID VSTi V1.1.2.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"AbiWord2" = AbiWord 2.8.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Photoshop v4.0" = Adobe Photoshop v4.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"CravingExplorer_is1" = Craving Explorer Version 1.4.0
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader_is1" = Foxit Reader
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Fraps" = Fraps (remove only)
"GIF Construction Set Professional 3" = GIF Construction Set Professional 3
"Hollywood FX 5.5 Additional Effects" = Hollywood FX 5.5 Additional Effects
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.1.0
"LastFM_is1" = Last.fm 1.4.2.59470
"ljArchive" = ljArchive
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"proDAD-Heroglyph-1.0" = proDAD Heroglyph 1.0
"proDAD-Heroglyph-2.0" = proDAD Heroglyph 2.0
"REAPER" = REAPER
"Steam App 113200" = The Binding of Isaac
"Steam App 12900" = Audiosurf
"Steam App 205870" = Auditorium
"Steam App 26500" = Cogs
"Steam App 440" = Team Fortress 2
"Steam App 47890" = The Sims(TM) 3
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"SUPER ©" = SUPER © Version 2008.bld.30 (Mar 22, 2008)
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"Wacom Tablet Driver" = Wacom Tablet
"WiFiConnector" = Nintendo Wi-Fi USB Connector Registration Tool
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"ZhornStickies" = Stickies 7.1a

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/8/2012 6:36:10 PM | Computer Name = CEDA-09E6FD4986 | Source = Application Error | ID = 1000
Description = Faulting application winamp.exe, version 5.5.1.1763, faulting module
unknown, version 0.0.0.0, fault address 0x3d79a8eb.

Error - 10/8/2012 6:53:32 PM | Computer Name = CEDA-09E6FD4986 | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 4.1.522.0, faulting module
unknown, version 0.0.0.0, fault address 0x04d40318.

Error - 10/8/2012 6:53:36 PM | Computer Name = CEDA-09E6FD4986 | Source = Application Error | ID = 1001
Description = Fault bucket -1100585123.

Error - 10/8/2012 6:57:24 PM | Computer Name = CEDA-09E6FD4986 | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 4.1.522.0, faulting module
mpengine.dll, version 1.1.8800.0, fault address 0x00272f5a.

Error - 10/8/2012 6:57:26 PM | Computer Name = CEDA-09E6FD4986 | Source = Application Error | ID = 1001
Description = Fault bucket -1117951277.

Error - 10/8/2012 7:11:46 PM | Computer Name = CEDA-09E6FD4986 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80096010, P2 mpupdateengine, P3 am delta,
P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 10/9/2012 3:40:21 AM | Computer Name = CEDA-09E6FD4986 | Source = Application Error | ID = 1000
Description = Faulting application flash.exe, version 7.0.0.470, faulting module
flash.exe, version 7.0.0.470, fault address 0x005f8bcb.

Error - 10/9/2012 3:40:27 AM | Computer Name = CEDA-09E6FD4986 | Source = Application Error | ID = 1001
Description = Fault bucket 72543518.

Error - 10/9/2012 3:42:17 AM | Computer Name = CEDA-09E6FD4986 | Source = Application Error | ID = 1000
Description = Faulting application flash.exe, version 7.0.0.470, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x00018ea0.

Error - 10/9/2012 3:42:21 AM | Computer Name = CEDA-09E6FD4986 | Source = Application Error | ID = 1001
Description = Fault bucket -1103495833.

[ System Events ]
Error - 10/8/2012 6:57:27 PM | Computer Name = CEDA-09E6FD4986 | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 10/8/2012 6:57:42 PM | Computer Name = CEDA-09E6FD4986 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Microsoft Antimalware Service
service, but this action failed with the following error: %%1056

Error - 10/8/2012 7:00:29 PM | Computer Name = CEDA-09E6FD4986 | Source = Microsoft Antimalware | ID = 5008
Description = %%860 engine has been terminated due to an unexpected error. Failure
Type: %%830 Exception code: 0xc0000005 Resource: file:C:\Documents and Settings\Zarla\Application
Data\Western Digital\WD SmartWare\instances\F90ED62B-E232-4C56-9B8B-668E9BED9495\f90ed62b-e232-4c56-9b8b-668e9bed9495-preinq.db3-journal

Error - 10/8/2012 7:00:29 PM | Computer Name = CEDA-09E6FD4986 | Source = Microsoft Antimalware | ID = 5008
Description = %%860 engine has been terminated due to an unexpected error. Failure
Type: %%830 Exception code: 0xc0000005 Resource: file:C:\Documents and Settings\Zarla\Application
Data\Western Digital\WD SmartWare\instances\EEC7451A-7EDA-4E64-BF6C-625B986D4849\eec7451a-7eda-4e64-bf6c-625b986d4849-preinq.db3-journal

Error - 10/8/2012 7:00:29 PM | Computer Name = CEDA-09E6FD4986 | Source = Service Control Manager | ID = 7034
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 3 time(s).

Error - 10/8/2012 7:11:45 PM | Computer Name = CEDA-09E6FD4986 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: 1.137.1342.0 Previous Signature Version: 1.137.1157.0 Update Source: %%815

Update
Stage: %%854 Source Path: Signature Type: %%800 Update Type: %%804 User: NT AUTHORITY\SYSTEM

Current
Engine Version: 1.1.8800.0 Previous Engine Version: 1.1.8800.0 Error code: 0x80096010

Error
description: The digital signature of the object did not verify.

Error - 10/8/2012 7:11:45 PM | Computer Name = CEDA-09E6FD4986 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: 1.137.1342.0 Previous Signature Version: 1.137.1157.0 Update Source: %%815

Update
Stage: %%854 Source Path: Signature Type: %%801 Update Type: %%804 User: NT AUTHORITY\SYSTEM

Current
Engine Version: 1.1.8800.0 Previous Engine Version: 1.1.8800.0 Error code: 0x80096010

Error
description: The digital signature of the object did not verify.

Error - 10/8/2012 7:11:47 PM | Computer Name = CEDA-09E6FD4986 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.137.1157.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error
code: 0x80070643 Error description: Fatal error during installation.

Error - 10/8/2012 7:11:52 PM | Computer Name = CEDA-09E6FD4986 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138
(Definition 1.137.1342.0).

Error - 10/8/2012 11:26:48 PM | Computer Name = CEDA-09E6FD4986 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume D:.

< End of report >

Recent problems:

I hit more bluescreens over the past few days, usually for no discernable reason. One mentioned a page fault in a non paged area, and the other didn't seem to list a reason. One time it blue screened while I was tapping the undo button on my tablet pen in Flash, and the other it blue screened while I was reading something online. Firefox in general has been crashing almost non-stop but also crashes when I try to update it to the latest version, so I'm using Chrome for now, which hasn't crashed... although it did lock up once. Once it locked up, most everything else locked up, and when I tried to restart or shut down the process, the Task Manager refused to come up until I held the keys down for like five minutes. I tried to tell it to restart, but it had trouble shutting everything down and then hung on my desktop, so I manually restarted it.
For the past day or so it seems to have been behaving itself, but I feel like things are getting worse. Security Essentials in particular keeps crashing and asking me to restart it seemingly randomly, and when I try to run scans with it, the scans usually crash halfway through, but when they do finish, they don't find anything.

**torreattack** · 2012-10-10, 17:49

Hi Pikpik :

I suspected part of the reason for blue screen was caused by Microsoft Security Essentials. However, let's try with others before we "toy" with MSE.

1. Since you said Firefox keep crashing, I think you better uninstall it and then download the latest version and try it again.

Error - 10/8/2012 11:26:48 PM | Computer Name = CEDA-09E6FD4986 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume D:

2. Please run the chkdsk on each of your hardisk and hardisk partition.

3. Please upload Minidump file

Open your browser and go to this website: http://www.sendspace.com/
Click on the picture that written Click to browse
now, go to C:\Windows\Minidump.
click on the lastest Minidump file accroding to the date.
note: example name of minidump file: Mini100812-07.dmp
Click open and then click upload.
At the Download Link section, click Copy Link.
Paste the link to me.

4. Do the antivirus or anti-malware still detected any virus/malware?

Thank you,
torreattack

**Pikpik** · 2012-10-10, 22:57

I set it to run Chkdsk and then when I tried to restart, it hung again on the desktop. When I manually restarted it, it ran chkdsk on the secondary hard drive D, then when it finished it automatically did C, then Windows loaded. I told it to chkdsk C, restarted, it said the volume was clean immediately without doing any scanning that I saw, it came back to Windows, then said it had recovered from a serious error. Then it bluescreened while I was reporting the error, something about bad_pool. I didn't notice it fix anything in either check... the D hard drive is pretty old though. The C one should be fairly new...

Here's the minidump file - http://www.sendspace.com/file/c21l8y

Security Essentials doesn't pick up anything with a Quick Scan, but the thing is most of the time when I tell it to scan it crashes. I tried a full scan with Malwarebytes a little while before I first posted here, and it didn't find anything. Spybot finds a lot of things every time I scan, but it tends to hang at the end of it and when I try to remove them, they all just keep coming back. I tried installing some other anti-viruses like the Outlook one, but that made Windows refuse to boot entirely and also crashed in the middle of a scan. Avast refused to install properly or work either.

There are some Windows updates available, should I install those in the meantime?

**torreattack** · 2012-10-11, 11:44

Hi Pikpik:

1. While we are try to fix your problem, please don't update windows until I tell you so.

2. What is the type of infection that spybot detected? Cookie?

3. Try to download AVIRA antivirus, then install it. If the installation is ok, uninstall the MSE and run a full scan.

4. If you have other minidump files, please upload them as well.

I will be back as soon as possible.
torreattack

**Pikpik** · 2012-10-11, 12:59

I'll try and install Avira... in the meantime, here's what Spybot picks up.

Win32.Autorun.dc3
Bredolab.fb
Fraud.XPDefender2013
Microsoft.Windows.InfectedHostFile
Win32.Agent.ws (all the others have one or two entries, but this one has 49)
Win32.Autorun.dso
Win32.Banker.prx

And it gave me a warning about my browser being infected with Win32.agent.Adb. When I try to get rid of them, they either come back or say that some of the files are in use and ask if I want to run the scan when I restart my computer... when I tried that, it bluescreened at the end of the scan.
Spybot usually hangs near the end of its scan and gets stuck on "scanning download directories".

Here are all the minidump files I have - http://www.sendspace.com/filegroup/Y...WsOpZWxMGQlF7w

**Pikpik** · 2012-10-11, 13:31

I installed Avira, it seemed to go okay until it was supposed to do its first system scan/update, then it crashed. When I opened it again, it updated properly, but when I told it to scan, it bluescreened with "memory_management" listed as the cause. When it rebooted, the Avira symbol disappeared from the taskbar and when I tried to open it, it kept crashing. I uninstalled MSE and kept trying, but the Avira center wouldn't open so I could scan. I tried right clicking a hard drive and telling Avira to scan it, but it crashed. It did successfully scan a single file later though. Windows said that Avira was still on in the security center, but I couldn't access the control center at all. I ended up reinstalling MSE just to be safe, but it looks like Avira isn't working either. Before it bluescreened on the first scan I think it detected at least one suspicious file but I couldn't see what it was.

**torreattack** · 2012-10-14, 02:42

Hi Pikpik:

Sorry for being late, your BSOD　problem seem more toward hardware failure.

1. Did you just install new hardware or make a change to some hardware or a hardware driver?

2. Memtest86 v4.0
Memtest86 is absolutely the best of the free memory testing programs.

Download the zipped ISO image
Once downloaded, extract the ISO file and burn it to a CD.

If you need help, see How To Burn an ISO Image File to a Disc.
Next, restart your computer and boot to the CD during startup.

Memtest86 will start immediately and begin testing your RAM.
If Memtest86 doesn't start (for example, your operating system loads as normal or you see an error), then see these tips on booting from discs.
Once one pass has completed without error, the "Pass complete, no errors, press Esc to exit" message will appear. At this point you can press Esc to stop Memtest86 and reboot your PC.

Memtest86 does not stop on its own but will continue to make passes until you stop it.

I recommend replacing the RAM if Memtest86 finds any errors. Even if you aren't seeing issues with your computer right now, you likely will in the future.

3. Do you have access to XP installation disc? If "yes", please try this out.

SFC
The system file checker command compares the system files in your computer with the original ones.
If one is corrupted or missing it will try to replace it. This is the reason to have installation disc handy:

Click on start
Click on run
Type the following text... do not include the quote box title "Quote'

sfc /scannow

note: let the scan run. If it asks you to insert cd, do so

4. If everything ok, can you kindly remove the defective hard drive and observe whether the BSOD happen?

thanks,
torreattack

Thread: Win32.agent.adb and others...

Thread Tools

Display

Win32.agent.adb and others...

Posting Permissions