14 replies to this topic

[Chanta153]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by colton at 22:07:34 on 2012-07-30
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File
BHO: {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - c:\progra~1\winzip~1\wzwmcie.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - Ask Toolbar
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SMTTB2009: {fcbccb87-9224-4b8d-b117-f56d924beb18} - SMTTB2009 Class
TB: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File
TB: Hyperionics DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} -
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
TB: {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\colton\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [iTunesHelper] "d:\games\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Free YouTube to iPod Converter - c:\documents and settings\colton\application data\dvdvideosoftiehelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\colton\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341537885859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0DF223A0-5DC9-408B-99EA-52921A497DDD} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-07-31 04:48:06 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4889875b-f10e-4a6b-8922-e76a4a2b821a}\offreg.dll
2012-07-31 04:48:06 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4889875b-f10e-4a6b-8922-e76a4a2b821a}\MpKsl111059d0.sys
2012-07-31 04:20:56 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4889875b-f10e-4a6b-8922-e76a4a2b821a}\mpengine.dll
2012-07-31 00:44:19 -------- d-----w- c:\documents and settings\colton\application data\Malwarebytes
2012-07-31 00:44:04 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-31 00:44:02 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-31 00:44:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-30 02:18:28 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-07-30 00:16:30 6891424 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-18 20:30:19 -------- d-----w- c:\program files\EndlessOnline
2012-07-17 00:05:05 -------- d-----w- c:\documents and settings\colton\application data\GetRightToGo
2012-07-12 02:15:37 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-11 06:06:40 653745 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-07-11 06:02:33 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA
2012-07-11 05:59:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-11 05:59:55 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-07-11 05:59:55 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-07-11 05:46:09 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-07-06 21:53:48 -------- d-----w- c:\documents and settings\colton\local settings\application data\Skyrim
2012-07-01 20:23:39 -------- d-----w- c:\program files\ATITool
2012-07-01 20:10:35 -------- d-----w- c:\program files\IObit
2012-07-01 20:10:35 -------- d-----w- c:\documents and settings\all users\application data\IObit
.
==================== Find3M ====================
.
2012-07-30 00:52:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-30 00:52:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-13 00:13:40 405144 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-07-05 18:38:13 138992 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-07-05 18:38:02 281288 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-07-05 18:38:02 281288 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-05 08:14:29 281288 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 00:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:40:17 138904 ----a-w- c:\documents and settings\colton\application data\PnkBstrK.sys
2012-06-02 20:39:57 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-26 14:49:58 21840 ----atw- c:\windows\system32\SIntfNT.dll
2012-05-26 14:49:58 17212 ----atw- c:\windows\system32\SIntf32.dll
2012-05-26 14:49:58 12067 ----atw- c:\windows\system32\SIntf16.dll
2012-05-23 22:28:07 319488 ----a-w- c:\windows\HideWin.exe
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2008-03-09 14:25:10 236 ----a-w- c:\program files\common files\dx.reg
.
============= FINISH: 22:09:12.23 ===============

Attached Files

•  attach.zip   4.02KB   5 downloads

[Maniac]

Hello Chanta153! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING


One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall the following applications:

µTorrent
Ask Toolbar


Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
  
• Click the Start Scan button.
  
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
  
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


In your next reply, post the following log files:

• TDSSKiller log
  
• Malwarebytes' Anti-Malware log

[Chanta153]

Thanks for the reply maniac, i appriecate the help. i unistalled utorrent and Ask toolbar, used the TDSS Killer... One more thing ive been noticing is that my firewall (Comodo firewall) has been randomly say a message reading Opps! you found an error and comodo Firewall needs to close... but it never closes and i cant accually send the report.... And malwarebytes Anti-Malware has been blocking randon ip's from website claiming there malicous is this normal? (Here are the logs)(TTDS First)
------------------------------------------------------------
12:34:50.0718 2928 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:34:51.0015 2928 ============================================================
12:34:51.0015 2928 Current date / time: 2012/07/31 12:34:51.0015
12:34:51.0015 2928 SystemInfo:
12:34:51.0015 2928
12:34:51.0015 2928 OS Version: 5.1.2600 ServicePack: 3.0
12:34:51.0015 2928 Product type: Workstation
12:34:51.0015 2928 ComputerName: COLTON-68A0AE49
12:34:51.0015 2928 UserName: colton
12:34:51.0015 2928 Windows directory: C:\WINDOWS
12:34:51.0015 2928 System windows directory: C:\WINDOWS
12:34:51.0015 2928 Processor architecture: Intel x86
12:34:51.0015 2928 Number of processors: 2
12:34:51.0015 2928 Page size: 0x1000
12:34:51.0015 2928 Boot type: Normal boot
12:34:51.0015 2928 ============================================================
12:34:52.0218 2928 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
12:34:52.0296 2928 Drive \Device\Harddisk1\DR3 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:34:52.0296 2928 ============================================================
12:34:52.0296 2928 \Device\Harddisk0\DR0:
12:34:52.0296 2928 MBR partitions:
12:34:52.0296 2928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC7FF53F
12:34:52.0312 2928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC7FF5BD, BlocksNum 0x109C4FC4
12:34:52.0312 2928 \Device\Harddisk1\DR3:
12:34:52.0312 2928 MBR partitions:
12:34:52.0312 2928 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x12A18A82
12:34:52.0312 2928 ============================================================
12:34:52.0312 2928 F: <-> \Device\Harddisk1\DR3\Partition0
12:34:52.0343 2928 C: <-> \Device\Harddisk0\DR0\Partition0
12:34:52.0390 2928 L: <-> \Device\Harddisk0\DR0\Partition1
12:34:52.0390 2928 ============================================================
12:34:52.0390 2928 Initialize success
12:34:52.0390 2928 ============================================================
12:35:05.0468 2596 ============================================================
12:35:05.0468 2596 Scan started
12:35:05.0468 2596 Mode: Manual;
12:35:05.0468 2596 ============================================================
12:35:05.0593 2596 Abiosdsk - ok
12:35:05.0593 2596 abp480n5 - ok
12:35:05.0640 2596 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:35:05.0640 2596 ACPI - ok
12:35:05.0671 2596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:35:05.0671 2596 ACPIEC - ok
12:35:05.0734 2596 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:35:05.0734 2596 AdobeFlashPlayerUpdateSvc - ok
12:35:05.0750 2596 adpu160m - ok
12:35:05.0781 2596 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:35:05.0781 2596 aec - ok
12:35:05.0812 2596 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:35:05.0812 2596 AFD - ok
12:35:05.0828 2596 Aha154x - ok
12:35:05.0828 2596 aic78u2 - ok
12:35:05.0828 2596 aic78xx - ok
12:35:05.0859 2596 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:35:05.0859 2596 Alerter - ok
12:35:05.0875 2596 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:35:05.0875 2596 ALG - ok
12:35:05.0875 2596 AliIde - ok
12:35:05.0968 2596 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
12:35:06.0015 2596 Ambfilt - ok
12:35:06.0078 2596 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
12:35:06.0078 2596 AmdPPM - ok
12:35:06.0078 2596 amsint - ok
12:35:06.0140 2596 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:35:06.0156 2596 Apple Mobile Device - ok
12:35:06.0187 2596 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:35:06.0187 2596 AppMgmt - ok
12:35:06.0187 2596 asc - ok
12:35:06.0187 2596 asc3350p - ok
12:35:06.0187 2596 asc3550 - ok
12:35:06.0218 2596 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\WINDOWS\system32\drivers\AsIO.sys
12:35:06.0218 2596 AsIO - ok
12:35:06.0328 2596 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:35:06.0359 2596 aspnet_state - ok
12:35:06.0375 2596 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:35:06.0375 2596 AsyncMac - ok
12:35:06.0406 2596 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:35:06.0406 2596 atapi - ok
12:35:06.0406 2596 Atdisk - ok
12:35:06.0421 2596 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\WINDOWS\system32\DRIVERS\ATITool.sys
12:35:06.0421 2596 ATITool - ok
12:35:06.0437 2596 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:35:06.0437 2596 Atmarpc - ok
12:35:06.0468 2596 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:35:06.0468 2596 AudioSrv - ok
12:35:06.0515 2596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:35:06.0515 2596 audstub - ok
12:35:06.0546 2596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:35:06.0546 2596 Beep - ok
12:35:06.0562 2596 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys
12:35:06.0578 2596 BIOS - ok
12:35:06.0656 2596 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:35:06.0687 2596 BITS - ok
12:35:06.0750 2596 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:35:06.0750 2596 Bonjour Service - ok
12:35:06.0796 2596 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
12:35:06.0796 2596 Bridge - ok
12:35:06.0796 2596 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
12:35:06.0796 2596 BridgeMP - ok
12:35:06.0828 2596 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:35:06.0828 2596 Browser - ok
12:35:06.0859 2596 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
12:35:06.0859 2596 BrScnUsb - ok
12:35:06.0890 2596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:35:06.0890 2596 cbidf2k - ok
12:35:06.0906 2596 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:35:06.0906 2596 CCDECODE - ok
12:35:06.0906 2596 cd20xrnt - ok
12:35:06.0937 2596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:35:06.0937 2596 Cdaudio - ok
12:35:06.0953 2596 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:35:06.0953 2596 Cdfs - ok
12:35:06.0953 2596 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:35:06.0953 2596 Cdrom - ok
12:35:06.0953 2596 Changer - ok
12:35:07.0000 2596 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:35:07.0000 2596 CiSvc - ok
12:35:07.0015 2596 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:35:07.0015 2596 ClipSrv - ok
12:35:07.0109 2596 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:35:07.0156 2596 clr_optimization_v2.0.50727_32 - ok
12:35:07.0234 2596 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:35:07.0234 2596 clr_optimization_v4.0.30319_32 - ok
12:35:07.0406 2596 cmdAgent (907324001ae25ac5959c91eaa34cabae) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
12:35:07.0406 2596 cmdAgent - ok
12:35:07.0515 2596 cmdGuard (bee235831f8e3f0baaca18b39d285cf5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
12:35:07.0593 2596 cmdGuard - ok
12:35:07.0640 2596 cmdHlp (de548946f36cab62fec2e6aa0149a619) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
12:35:07.0671 2596 cmdHlp - ok
12:35:07.0671 2596 CmdIde - ok
12:35:07.0687 2596 COMSysApp - ok
12:35:07.0687 2596 Cpqarray - ok
12:35:07.0718 2596 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:35:07.0718 2596 CryptSvc - ok
12:35:07.0718 2596 dac2w2k - ok
12:35:07.0734 2596 dac960nt - ok
12:35:07.0781 2596 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:35:07.0781 2596 DcomLaunch - ok
12:35:07.0812 2596 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:35:07.0828 2596 Dhcp - ok
12:35:07.0828 2596 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:35:07.0828 2596 Disk - ok
12:35:07.0828 2596 dmadmin - ok
12:35:07.0875 2596 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:35:07.0890 2596 dmboot - ok
12:35:07.0906 2596 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:35:07.0906 2596 dmio - ok
12:35:07.0921 2596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:35:07.0921 2596 dmload - ok
12:35:07.0953 2596 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:35:07.0953 2596 dmserver - ok
12:35:07.0953 2596 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:35:07.0953 2596 DMusic - ok
12:35:08.0000 2596 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:35:08.0000 2596 Dnscache - ok
12:35:08.0031 2596 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:35:08.0031 2596 Dot3svc - ok
12:35:08.0031 2596 dpti2o - ok
12:35:08.0062 2596 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:35:08.0062 2596 drmkaud - ok
12:35:08.0062 2596 EagleNT - ok
12:35:08.0078 2596 EagleXNt - ok
12:35:08.0093 2596 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:35:08.0093 2596 EapHost - ok
12:35:08.0125 2596 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:35:08.0125 2596 ERSvc - ok
12:35:08.0156 2596 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:35:08.0156 2596 Eventlog - ok
12:35:08.0203 2596 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:35:08.0203 2596 EventSystem - ok
12:35:08.0218 2596 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:35:08.0218 2596 Fastfat - ok
12:35:08.0265 2596 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:35:08.0265 2596 FastUserSwitchingCompatibility - ok
12:35:08.0281 2596 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:35:08.0281 2596 Fdc - ok
12:35:08.0312 2596 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:35:08.0312 2596 Fips - ok
12:35:08.0312 2596 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:35:08.0312 2596 Flpydisk - ok
12:35:08.0328 2596 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:35:08.0328 2596 FltMgr - ok
12:35:08.0437 2596 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:35:08.0437 2596 FontCache3.0.0.0 - ok
12:35:08.0468 2596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:35:08.0468 2596 Fs_Rec - ok
12:35:08.0468 2596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:35:08.0484 2596 Ftdisk - ok
12:35:08.0515 2596 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:35:08.0515 2596 GEARAspiWDM - ok
12:35:08.0546 2596 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:35:08.0546 2596 Gpc - ok
12:35:08.0578 2596 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:35:08.0578 2596 HDAudBus - ok
12:35:08.0656 2596 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:35:08.0656 2596 helpsvc - ok
12:35:08.0671 2596 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:35:08.0671 2596 HidServ - ok
12:35:08.0703 2596 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:35:08.0703 2596 hidusb - ok
12:35:08.0734 2596 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:35:08.0734 2596 hkmsvc - ok
12:35:08.0734 2596 hpn - ok
12:35:08.0765 2596 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:35:08.0781 2596 HTTP - ok
12:35:08.0796 2596 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:35:08.0812 2596 HTTPFilter - ok
12:35:08.0812 2596 i2omgmt - ok
12:35:08.0812 2596 i2omp - ok
12:35:08.0843 2596 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:35:08.0843 2596 i8042prt - ok
12:35:08.0906 2596 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:35:08.0921 2596 IDriverT - ok
12:35:08.0984 2596 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:35:09.0031 2596 idsvc - ok
12:35:09.0046 2596 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:35:09.0046 2596 Imapi - ok
12:35:09.0078 2596 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:35:09.0078 2596 ImapiService - ok
12:35:09.0078 2596 ini910u - ok
12:35:09.0125 2596 Inspect (f89849cf13805ef49da64a8a63193af7) C:\WINDOWS\system32\DRIVERS\inspect.sys
12:35:09.0187 2596 Inspect - ok
12:35:09.0406 2596 IntcAzAudAddService (a799e941c3d19bcf6f93cbe12b55bc17) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:35:09.0421 2596 IntcAzAudAddService - ok
12:35:09.0484 2596 IntelIde - ok
12:35:09.0515 2596 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:35:09.0515 2596 Ip6Fw - ok
12:35:09.0531 2596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:35:09.0531 2596 IpFilterDriver - ok
12:35:09.0546 2596 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:35:09.0546 2596 IpInIp - ok
12:35:09.0578 2596 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:35:09.0578 2596 IpNat - ok
12:35:09.0703 2596 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
12:35:09.0718 2596 iPod Service - ok
12:35:09.0734 2596 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:35:09.0734 2596 IPSec - ok
12:35:09.0750 2596 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:35:09.0750 2596 IRENUM - ok
12:35:09.0781 2596 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:35:09.0781 2596 isapnp - ok
12:35:09.0828 2596 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
12:35:09.0828 2596 JavaQuickStarterService - ok
12:35:09.0875 2596 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:35:09.0875 2596 Kbdclass - ok
12:35:09.0875 2596 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:35:09.0875 2596 kbdhid - ok
12:35:09.0890 2596 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:35:09.0890 2596 kmixer - ok
12:35:09.0937 2596 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
12:35:09.0937 2596 KMWDFILTER - ok
12:35:09.0968 2596 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:35:09.0968 2596 KSecDD - ok
12:35:10.0000 2596 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:35:10.0000 2596 lanmanserver - ok
12:35:10.0046 2596 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:35:10.0046 2596 lanmanworkstation - ok
12:35:10.0046 2596 lbrtfdc - ok
12:35:10.0093 2596 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:35:10.0093 2596 LmHosts - ok
12:35:10.0125 2596 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
12:35:10.0125 2596 MBAMProtector - ok
12:35:10.0171 2596 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:35:10.0171 2596 MBAMService - ok
12:35:10.0187 2596 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:35:10.0187 2596 Messenger - ok
12:35:10.0218 2596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:35:10.0218 2596 mnmdd - ok
12:35:10.0250 2596 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:35:10.0265 2596 mnmsrvc - ok
12:35:10.0281 2596 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:35:10.0281 2596 Modem - ok
12:35:10.0343 2596 monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\monfilt.sys
12:35:10.0375 2596 monfilt - ok
12:35:10.0390 2596 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:35:10.0390 2596 Mouclass - ok
12:35:10.0421 2596 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:35:10.0421 2596 mouhid - ok
12:35:10.0453 2596 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:35:10.0453 2596 MountMgr - ok
12:35:10.0484 2596 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:35:10.0500 2596 MpFilter - ok
12:35:10.0562 2596 MpKslf6cb42fe (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9203D9E2-B2B7-48C5-91EF-65217EECE86E}\MpKslf6cb42fe.sys
12:35:10.0562 2596 MpKslf6cb42fe - ok
12:35:10.0578 2596 mraid35x - ok
12:35:10.0593 2596 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:35:10.0593 2596 MRxDAV - ok
12:35:10.0640 2596 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:35:10.0640 2596 MRxSmb - ok
12:35:10.0687 2596 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:35:10.0687 2596 MSDTC - ok
12:35:10.0703 2596 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:35:10.0703 2596 Msfs - ok
12:35:10.0703 2596 MSIServer - ok
12:35:10.0718 2596 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:35:10.0718 2596 MSKSSRV - ok
12:35:10.0796 2596 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:35:10.0796 2596 MsMpSvc - ok
12:35:10.0796 2596 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:35:10.0796 2596 MSPCLOCK - ok
12:35:10.0812 2596 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:35:10.0812 2596 MSPQM - ok
12:35:10.0812 2596 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:35:10.0812 2596 mssmbios - ok
12:35:10.0843 2596 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:35:10.0843 2596 MSTEE - ok
12:35:10.0890 2596 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
12:35:10.0890 2596 MTsensor - ok
12:35:10.0921 2596 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:35:10.0921 2596 Mup - ok
12:35:10.0953 2596 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:35:10.0953 2596 NABTSFEC - ok
12:35:11.0000 2596 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:35:11.0000 2596 napagent - ok
12:35:11.0031 2596 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:35:11.0031 2596 NDIS - ok
12:35:11.0062 2596 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:35:11.0062 2596 NdisIP - ok
12:35:11.0093 2596 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:35:11.0093 2596 NdisTapi - ok
12:35:11.0109 2596 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:35:11.0109 2596 Ndisuio - ok
12:35:11.0109 2596 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:35:11.0109 2596 NdisWan - ok
12:35:11.0156 2596 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:35:11.0156 2596 NDProxy - ok
12:35:11.0171 2596 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:35:11.0171 2596 NetBIOS - ok
12:35:11.0171 2596 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:35:11.0187 2596 NetBT - ok
12:35:11.0203 2596 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:35:11.0218 2596 NetDDE - ok
12:35:11.0218 2596 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:35:11.0218 2596 NetDDEdsdm - ok
12:35:11.0218 2596 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:35:11.0218 2596 Netlogon - ok
12:35:11.0250 2596 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:35:11.0250 2596 Netman - ok
12:35:11.0328 2596 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:35:11.0328 2596 NetTcpPortSharing - ok
12:35:11.0375 2596 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:35:11.0375 2596 Nla - ok
12:35:11.0406 2596 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:35:11.0406 2596 Npfs - ok
12:35:11.0437 2596 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:35:11.0453 2596 Ntfs - ok
12:35:11.0453 2596 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:35:11.0453 2596 NtLmSsp - ok
12:35:11.0500 2596 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:35:11.0500 2596 NtmsSvc - ok
12:35:11.0531 2596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:35:11.0531 2596 Null - ok
12:35:12.0125 2596 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:35:12.0281 2596 nv - ok
12:35:12.0359 2596 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:35:12.0359 2596 NVENETFD - ok
12:35:12.0375 2596 nvgts (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
12:35:12.0375 2596 nvgts - ok
12:35:12.0390 2596 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:35:12.0390 2596 nvnetbus - ok
12:35:12.0421 2596 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
12:35:12.0421 2596 NVSvc - ok
12:35:12.0593 2596 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:35:12.0625 2596 nvUpdatusService - ok
12:35:12.0703 2596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:35:12.0718 2596 NwlnkFlt - ok
12:35:12.0718 2596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:35:12.0718 2596 NwlnkFwd - ok
12:35:12.0750 2596 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
12:35:12.0750 2596 NwlnkIpx - ok
12:35:12.0750 2596 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
12:35:12.0750 2596 NwlnkNb - ok
12:35:12.0750 2596 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
12:35:12.0765 2596 NwlnkSpx - ok
12:35:12.0765 2596 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:35:12.0765 2596 Parport - ok
12:35:12.0781 2596 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:35:12.0781 2596 PartMgr - ok
12:35:12.0812 2596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:35:12.0812 2596 ParVdm - ok
12:35:12.0843 2596 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:35:12.0843 2596 PCI - ok
12:35:12.0843 2596 PCIDump - ok
12:35:12.0859 2596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:35:12.0859 2596 PCIIde - ok
12:35:12.0890 2596 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:35:12.0890 2596 Pcmcia - ok
12:35:12.0890 2596 PDCOMP - ok
12:35:12.0906 2596 PDFRAME - ok
12:35:12.0906 2596 PDRELI - ok
12:35:12.0906 2596 PDRFRAME - ok
12:35:12.0906 2596 perc2 - ok
12:35:12.0921 2596 perc2hib - ok
12:35:12.0953 2596 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:35:12.0953 2596 PlugPlay - ok
12:35:13.0000 2596 PnkBstrA (3a2e85f7d90d15460c337ce80c2e3b29) C:\WINDOWS\system32\PnkBstrA.exe
12:35:13.0000 2596 PnkBstrA - ok
12:35:13.0031 2596 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:35:13.0031 2596 PolicyAgent - ok
12:35:13.0062 2596 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:35:13.0062 2596 PptpMiniport - ok
12:35:13.0078 2596 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:35:13.0078 2596 Processor - ok
12:35:13.0078 2596 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:35:13.0093 2596 ProtectedStorage - ok
12:35:13.0093 2596 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:35:13.0093 2596 PSched - ok
12:35:13.0109 2596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:35:13.0109 2596 Ptilink - ok
12:35:13.0109 2596 ql1080 - ok
12:35:13.0125 2596 Ql10wnt - ok
12:35:13.0125 2596 ql12160 - ok
12:35:13.0125 2596 ql1240 - ok
12:35:13.0125 2596 ql1280 - ok
12:35:13.0156 2596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:35:13.0156 2596 RasAcd - ok
12:35:13.0171 2596 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:35:13.0187 2596 RasAuto - ok
12:35:13.0203 2596 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:35:13.0203 2596 Rasl2tp - ok
12:35:13.0234 2596 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:35:13.0234 2596 RasMan - ok
12:35:13.0234 2596 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:35:13.0234 2596 RasPppoe - ok
12:35:13.0250 2596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:35:13.0250 2596 Raspti - ok
12:35:13.0265 2596 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:35:13.0265 2596 Rdbss - ok
12:35:13.0281 2596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:35:13.0281 2596 RDPCDD - ok
12:35:13.0296 2596 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:35:13.0296 2596 rdpdr - ok
12:35:13.0328 2596 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
12:35:13.0328 2596 RDPWD - ok
12:35:13.0359 2596 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:35:13.0359 2596 RDSessMgr - ok
12:35:13.0406 2596 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:35:13.0406 2596 redbook - ok
12:35:13.0437 2596 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:35:13.0437 2596 RemoteAccess - ok
12:35:13.0468 2596 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:35:13.0468 2596 RemoteRegistry - ok
12:35:13.0484 2596 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:35:13.0500 2596 RpcLocator - ok
12:35:13.0546 2596 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:35:13.0546 2596 RpcSs - ok
12:35:13.0593 2596 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:35:13.0593 2596 RSVP - ok
12:35:13.0640 2596 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
12:35:13.0640 2596 RT61 - ok
12:35:13.0671 2596 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:35:13.0671 2596 SamSs - ok
12:35:13.0718 2596 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:35:13.0718 2596 SCardSvr - ok
12:35:13.0734 2596 SCDEmu (9feb2026a460916d1a1198b460632630) C:\WINDOWS\system32\drivers\SCDEmu.sys
12:35:13.0796 2596 SCDEmu - ok
12:35:13.0843 2596 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:35:13.0859 2596 Schedule - ok
12:35:13.0875 2596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:35:13.0875 2596 Secdrv - ok
12:35:13.0906 2596 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:35:13.0906 2596 seclogon - ok
12:35:13.0906 2596 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:35:13.0921 2596 SENS - ok
12:35:13.0921 2596 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:35:13.0921 2596 Serenum - ok
12:35:13.0921 2596 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:35:13.0937 2596 Serial - ok
12:35:13.0968 2596 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
12:35:14.0000 2596 sfdrv01 - ok
12:35:14.0000 2596 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
12:35:14.0000 2596 sfhlp02 - ok
12:35:14.0078 2596 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:35:14.0093 2596 Sfloppy - ok
12:35:14.0109 2596 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
12:35:14.0140 2596 sfvfs02 - ok
12:35:14.0171 2596 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:35:14.0171 2596 ShellHWDetection - ok
12:35:14.0171 2596 Simbad - ok
12:35:14.0250 2596 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
12:35:14.0265 2596 SkypeUpdate - ok
12:35:14.0281 2596 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:35:14.0296 2596 SLIP - ok
12:35:14.0296 2596 Sparrow - ok
12:35:14.0328 2596 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:35:14.0328 2596 splitter - ok
12:35:14.0375 2596 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:35:14.0375 2596 Spooler - ok
12:35:14.0390 2596 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:35:14.0390 2596 sr - ok
12:35:14.0406 2596 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:35:14.0406 2596 srservice - ok
12:35:14.0453 2596 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:35:14.0453 2596 Srv - ok
12:35:14.0468 2596 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:35:14.0468 2596 SSDPSRV - ok
12:35:14.0500 2596 Steam Client Service - ok
12:35:14.0531 2596 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:35:14.0546 2596 stisvc - ok
12:35:14.0562 2596 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:35:14.0562 2596 streamip - ok
12:35:14.0593 2596 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:35:14.0593 2596 swenum - ok
12:35:14.0593 2596 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:35:14.0593 2596 swmidi - ok
12:35:14.0609 2596 SwPrv - ok
12:35:14.0609 2596 symc810 - ok
12:35:14.0609 2596 symc8xx - ok
12:35:14.0609 2596 sym_hi - ok
12:35:14.0625 2596 sym_u3 - ok
12:35:14.0625 2596 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:35:14.0625 2596 sysaudio - ok
12:35:14.0656 2596 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:35:14.0656 2596 SysmonLog - ok
12:35:14.0687 2596 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:35:14.0687 2596 TapiSrv - ok
12:35:14.0750 2596 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:35:14.0750 2596 Tcpip - ok
12:35:14.0781 2596 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:35:14.0781 2596 TDPIPE - ok
12:35:14.0796 2596 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:35:14.0796 2596 TDTCP - ok
12:35:14.0812 2596 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:35:14.0812 2596 TermDD - ok
12:35:14.0843 2596 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:35:14.0843 2596 TermService - ok
12:35:14.0875 2596 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:35:14.0875 2596 Themes - ok
12:35:14.0906 2596 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:35:14.0906 2596 TlntSvr - ok
12:35:14.0921 2596 TosIde - ok
12:35:14.0953 2596 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:35:14.0953 2596 TrkWks - ok
12:35:14.0984 2596 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:35:14.0984 2596 Udfs - ok
12:35:14.0984 2596 ultra - ok
12:35:15.0031 2596 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:35:15.0046 2596 Update - ok
12:35:15.0078 2596 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:35:15.0078 2596 upnphost - ok
12:35:15.0093 2596 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:35:15.0093 2596 UPS - ok
12:35:15.0109 2596 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:35:15.0125 2596 USBAAPL - ok
12:35:15.0140 2596 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:35:15.0140 2596 usbaudio - ok
12:35:15.0171 2596 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:35:15.0171 2596 usbccgp - ok
12:35:15.0171 2596 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:35:15.0171 2596 usbehci - ok
12:35:15.0218 2596 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:35:15.0218 2596 usbhub - ok
12:35:15.0218 2596 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:35:15.0218 2596 usbohci - ok
12:35:15.0250 2596 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:35:15.0250 2596 usbprint - ok
12:35:15.0281 2596 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:35:15.0281 2596 usbscan - ok
12:35:15.0281 2596 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:35:15.0281 2596 USBSTOR - ok
12:35:15.0312 2596 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
12:35:15.0312 2596 usbvideo - ok
12:35:15.0312 2596 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:35:15.0312 2596 VgaSave - ok
12:35:15.0390 2596 VIAHdAudAddService (1c43d4c8818dcbd8814e7c260744bcc4) C:\WINDOWS\system32\drivers\viahduaa.sys
12:35:15.0406 2596 VIAHdAudAddService - ok
12:35:15.0421 2596 ViaIde - ok
12:35:15.0453 2596 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:35:15.0453 2596 VolSnap - ok
12:35:15.0500 2596 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:35:15.0500 2596 VSS - ok
12:35:15.0515 2596 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:35:15.0515 2596 W32Time - ok
12:35:15.0546 2596 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:35:15.0562 2596 Wanarp - ok
12:35:15.0562 2596 WDICA - ok
12:35:15.0562 2596 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:35:15.0562 2596 wdmaud - ok
12:35:15.0609 2596 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:35:15.0609 2596 WebClient - ok
12:35:15.0687 2596 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:35:15.0687 2596 winmgmt - ok
12:35:15.0796 2596 WinRing0_1_2_0 (845af1ba23c8d5e64def61bcc441604c) C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys
12:35:15.0812 2596 WinRing0_1_2_0 - ok
12:35:15.0875 2596 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
12:35:15.0921 2596 WinRM - ok
12:35:16.0031 2596 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:35:16.0062 2596 wlidsvc - ok
12:35:16.0156 2596 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:35:16.0156 2596 WmdmPmSN - ok
12:35:16.0218 2596 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:35:16.0218 2596 Wmi - ok
12:35:16.0250 2596 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:35:16.0265 2596 WmiApSrv - ok
12:35:16.0390 2596 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:35:16.0437 2596 WMPNetworkSvc - ok
12:35:16.0578 2596 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:35:16.0593 2596 WPFFontCache_v0400 - ok
12:35:16.0687 2596 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:35:16.0687 2596 WS2IFSL - ok
12:35:16.0703 2596 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:35:16.0703 2596 WSTCODEC - ok
12:35:16.0750 2596 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:35:16.0750 2596 wuauserv - ok
12:35:16.0781 2596 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:35:16.0781 2596 WudfPf - ok
12:35:16.0796 2596 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:35:16.0796 2596 WudfRd - ok
12:35:16.0812 2596 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:35:16.0843 2596 WudfSvc - ok
12:35:16.0890 2596 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:35:16.0906 2596 WZCSVC - ok
12:35:16.0906 2596 XDva390 - ok
12:35:16.0984 2596 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:35:17.0015 2596 xmlprov - ok
12:35:17.0031 2596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:35:17.0062 2596 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
12:35:17.0062 2596 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
12:35:17.0062 2596 MBR (0x1B8) (aac4f0d2ae484abe318cbd52270c0a6e) \Device\Harddisk1\DR3
12:35:17.0218 2596 \Device\Harddisk1\DR3 - ok
12:35:17.0218 2596 Boot (0x1200) (3e11779a10b8db3758f3ba4dc4d2d48a) \Device\Harddisk0\DR0\Partition0
12:35:17.0218 2596 \Device\Harddisk0\DR0\Partition0 - ok
12:35:17.0234 2596 Boot (0x1200) (c163deef373f0bef5442a54abc7f7e2b) \Device\Harddisk0\DR0\Partition1
12:35:17.0234 2596 \Device\Harddisk0\DR0\Partition1 - ok
12:35:17.0234 2596 Boot (0x1200) (685b48152fe5b6ce026342d5af742671) \Device\Harddisk1\DR3\Partition0
12:35:17.0250 2596 \Device\Harddisk1\DR3\Partition0 - ok
12:35:17.0250 2596 ============================================================
12:35:17.0250 2596 Scan finished
12:35:17.0250 2596 ============================================================
12:35:17.0250 1932 Detected object count: 1
12:35:17.0250 1932 Actual detected object count: 1
12:35:43.0265 1932 \Device\Harddisk0\DR0\# - copied to quarantine
12:35:43.0265 1932 \Device\Harddisk0\DR0 - copied to quarantine
12:35:43.0328 1932 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
12:35:43.0343 1932 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
12:35:43.0406 1932 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
12:35:43.0421 1932 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:35:43.0453 1932 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:35:43.0500 1932 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:35:43.0562 1932 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:35:43.0625 1932 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
12:35:43.0640 1932 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
12:35:43.0640 1932 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
12:35:43.0843 1932 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:35:43.0875 1932 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:35:43.0890 1932 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
12:35:43.0890 1932 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
12:35:43.0953 1932 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
12:35:43.0953 1932 \Device\Harddisk0\DR0 - ok
12:35:43.0953 1932 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
12:35:50.0156 3864 Deinitialize success
-------------------------------------------------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.31.10
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
colton :: COLTON-68A0AE49 [administrator]
Protection: Enabled
7/31/2012 12:43:38 PM
mbam-log-2012-07-31 (12-43-38).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237865
Time elapsed: 12 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

[Maniac]

This is the due to the rootkit which your system is infected with. Now:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[Chanta153]

no problems runing combofix (heres the log)
-------------------------------------------------------
ComboFix 12-07-31.03 - colton 08/02/2012 12:48:01.1.2 - x86
Running from: c:\documents and settings\colton\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\colton\Application Data\384bfcd
c:\documents and settings\colton\Application Data\40ad97e
c:\documents and settings\colton\Application Data\8f490aa6
c:\documents and settings\colton\Application Data\8fe1b1c3
c:\documents and settings\colton\Application Data\99f60910
c:\documents and settings\colton\Application Data\9a7b710e
c:\documents and settings\colton\Application Data\bdafb9f2
c:\documents and settings\colton\Application Data\be5ba6b0
c:\documents and settings\colton\Application Data\c3136afd
c:\documents and settings\colton\Application Data\c38c1e5a
c:\documents and settings\colton\Application Data\c41b62fc
c:\documents and settings\colton\Application Data\c46b1c5b
c:\documents and settings\colton\Application Data\d18b3bc6
c:\documents and settings\colton\Application Data\d20473b5
c:\documents and settings\colton\Application Data\d3d49827
c:\documents and settings\colton\Application Data\d82852a0
c:\documents and settings\colton\Application Data\d8c77d55
c:\documents and settings\colton\Application Data\d957f491
c:\documents and settings\colton\Application Data\da0a08a9
c:\documents and settings\colton\Application Data\da93da8f
c:\documents and settings\colton\Application Data\PriceGong
c:\documents and settings\colton\Application Data\PriceGong\Data\1.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\450.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\946.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\a.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\b.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\c.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\d.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\e.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\f.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\g.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\h.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\i.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\j.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\k.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\l.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\m.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\colton\Application Data\PriceGong\Data\n.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\o.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\p.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\q.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\r.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\s.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\t.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\u.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\v.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\w.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\x.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\y.txt
c:\documents and settings\colton\Application Data\PriceGong\Data\z.txt
c:\documents and settings\colton\Application Data\Toolbar4
c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0a4f35b626016d8cd6d5731fa5e2aad7
c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0b64ffa009d9e3d1236fb2b575bd953d
c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0d53f0a9a42a5167b78657f1fc9488f1
c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\1df1df47b49e8b3090bc211048795c5a
c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\27c746d432b7a753a0af8d7c033b46fe
c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2b4ad282984708f7b89800e17a257476
c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2f51f062108c7f20a67770bbdf546004
c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\31dca3ca44f44956ffde9959067d1093
c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\521788680d3595d05d274f3713057765
c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\593abe4ad021a7ca3002ccb2dca1969d
c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\757a20d7a75ae93435ac64a6095eab39
c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\7afabe4e3af1a66103f629a38d90558a
c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9956734e872eec3ea3e17f52e84dc6cc
c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9d810aab3f7bcbacb07c241f8d726714
c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9fc2051aee76f9ef060973477300788d
c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c48c9e27c16419ab995d48b077a802ff
c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\d1a2c0b23b2d4e91acf26940533c64f0
c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\dcd16c0f4842bc19d648b261e3cf263d
c:\documents and settings\colton\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\1e6d0a92883b25f29523edfaccfcde3b
c:\documents and settings\colton\Local Settings\Application Data\Minibar
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\background.html
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\cached_http_request.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\extension_info.json
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\icons\icon128.png
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\icons\icon19.png
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\icons\icon32.png
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\icons\icon48.png
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\includes\content.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\includes\content_kango.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\includes\content_messaging.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\includes\content_userscript.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango-ui\button.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango-ui\ui.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\browser.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\console.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\event_listener.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\initialize.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\io.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\jsonstorage.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\kango.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\lang.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\messaging.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\userscript_engine.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\kango\xhr.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\main.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\manifest.json
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\minibar\actions.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\minibar\cachedxhr.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\minibar\config.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\minibar\macros.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\minibar\minibar.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\popup.html
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\popup.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\tab.html
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome\tab.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\chrome_installer.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\common.js
c:\documents and settings\colton\Local Settings\Application Data\Minibar\install.json
c:\documents and settings\colton\Local Settings\Application Data\Minibar\minibar.crx
c:\documents and settings\colton\Local Settings\Application Data\Minibar\sqlite3.exe
c:\documents and settings\colton\Local Settings\Application Data\Minibar\Uninstall.exe
c:\windows\system32\NEW16.tmp
c:\windows\system32\NEWC.tmp
c:\windows\system32\tmp103.tmp
c:\windows\system32\tmp104.tmp
c:\windows\system32\tmp188.tmp
c:\windows\system32\tmp189.tmp
c:\windows\system32\tmpBD.tmp
c:\windows\system32\tmpBE.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
F:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 19:43 . 2012-08-02 19:43 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4432710-3A41-4AF9-AD7B-417638D150FC}\MpKslc5b82ed1.sys
2012-08-02 19:41 . 2012-08-02 19:41 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4432710-3A41-4AF9-AD7B-417638D150FC}\offreg.dll
2012-08-01 20:18 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4432710-3A41-4AF9-AD7B-417638D150FC}\mpengine.dll
2012-07-31 19:35 . 2012-07-31 19:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-31 08:35 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-31 06:54 . 2012-07-31 07:05 -------- d-----w- C:\i386
2012-07-31 00:44 . 2012-07-31 00:44 -------- d-----w- c:\documents and settings\colton\Application Data\Malwarebytes
2012-07-31 00:44 . 2012-07-31 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-31 00:44 . 2012-07-31 00:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-31 00:44 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-30 02:18 . 2012-07-30 02:18 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-07-18 20:30 . 2012-07-19 20:08 -------- d-----w- c:\program files\EndlessOnline
2012-07-17 00:05 . 2012-07-17 00:06 -------- d-----w- c:\documents and settings\colton\Application Data\GetRightToGo
2012-07-12 02:15 . 2012-07-12 02:16 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-11 23:11 . 2012-07-11 23:22 -------- d-----w- c:\documents and settings\Administrator
2012-07-11 06:06 . 2012-07-12 02:11 653745 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-07-11 06:02 . 2012-07-11 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA
2012-07-11 05:59 . 2012-07-11 05:59 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-07-11 05:59 . 2012-07-11 05:59 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-11 05:59 . 2012-07-11 05:59 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-07-11 05:46 . 2012-07-11 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-07-11 04:33 . 2012-07-11 04:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-07-06 21:53 . 2012-07-06 21:53 -------- d-----w- c:\documents and settings\colton\Local Settings\Application Data\Skyrim
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-30 00:52 . 2012-04-05 03:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-30 00:52 . 2011-07-04 06:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 00:13 . 2012-05-10 23:06 405144 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-07-05 18:38 . 2011-07-05 01:50 138992 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-07-05 18:38 . 2011-08-11 03:29 281288 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-07-05 18:38 . 2011-07-05 01:50 281288 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-05 08:14 . 2011-07-05 01:50 281288 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-06-25 03:28 . 2012-06-25 03:28 3584 ----a-r- c:\documents and settings\colton\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-06-13 13:19 . 2006-03-15 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-03-15 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 00:35 . 2011-07-04 23:33 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2006-03-15 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2011-07-03 05:22 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2011-07-03 05:22 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2011-07-03 05:22 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2011-07-03 05:22 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2011-07-03 05:22 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2009-08-07 02:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2006-03-15 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2011-07-03 05:22 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2011-07-03 05:22 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2011-07-04 23:33 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2011-07-04 23:33 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:40 . 2011-07-05 01:50 138904 ----a-w- c:\documents and settings\colton\Application Data\PnkBstrK.sys
2012-06-02 20:39 . 2011-07-05 01:50 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-05-31 19:25 . 2011-07-04 06:06 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22 . 2006-03-15 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-26 14:49 . 2012-05-26 04:00 21840 ----atw- c:\windows\system32\SIntfNT.dll
2012-05-26 14:49 . 2012-05-26 04:00 17212 ----atw- c:\windows\system32\SIntf32.dll
2012-05-26 14:49 . 2012-05-26 04:00 12067 ----atw- c:\windows\system32\SIntf16.dll
2012-05-23 22:28 . 2012-05-23 22:28 319488 ----a-w- c:\windows\HideWin.exe
2012-05-16 15:08 . 2006-03-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2006-03-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2006-03-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-03-15 12:00 385024 ------w- c:\windows\system32\html.iec
2008-03-09 14:25 . 2011-07-20 20:52 236 ----a-w- c:\program files\Common Files\dx.reg
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-11 16342528]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-12 6749512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 15:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RemoteRegistry"=2 (0x2)
"RasAuto"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"Steam Client Service"=3 (0x3)
"MsMpSvc"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"wlidsvc"=2 (0x2)
"WZCSVC"=2 (0x2)
"helpsvc"=2 (0x2)
"CLPSLS"=2 (0x2)
"SkypeUpdate"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 MpKslc5b82ed1;MpKslc5b82ed1;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4432710-3A41-4AF9-AD7B-417638D150FC}\MpKslc5b82ed1.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLC5B82ED1
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 00:52]
.
2012-07-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]
.
2012-07-15 c:\windows\Tasks\Crysis Wars® Updates.job
- c:\windows\Installer\Crysis Wars® Updates for All Users.lnk [2011-07-05 02:38]
.
2012-08-02 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-07-01 00:57]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1220945662-725345543-1003Core.job
- c:\documents and settings\colton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-27 02:09]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1220945662-725345543-1003UA.job
- c:\documents and settings\colton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-27 02:09]
.
2012-08-02 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to iPod Converter - c:\documents and settings\colton\Application Data\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\colton\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
BHO-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
BHO-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-iTunesHelper - d:\games\iTunesHelper.exe
MSConfigStartUp-Comrade - c:\program files\GameSpy\Comrade\Comrade.exe
AddRemove-APB Reloaded - j:\games\APB\APB Reloaded\Uninstall.exe
AddRemove-Dark Age of Camelot - j:\games\Electronic Arts\Dark Age of Camelot\uninstDAOC.exe
AddRemove-Halo - j:\games\Halo\UNINSTAL.EXE
AddRemove-JDiskReport 1.4.0 - j:\games\Comp ideas\JDisk Report\uninstall.exe
AddRemove-uTorrent - f:\games\Utorrent\uTorrent.exe
AddRemove-{5EC86106-2B0A-4595-B03C-15E2241C1AC5}_is1 - j:\games\Neverwinter Nights\unins000.exe
AddRemove-A Handful Of Audiosurf Addons - j:\games\Audiosurf\Uninstall.exe
AddRemove-{87686C21-8A15-4b4d-A3F1-11141D9BE094} - c:\program files\EA Games\Battlefield Play4Free\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-02 12:56
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-1220945662-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-343818398-1220945662-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b5,45,24,39,f4,8b,f6,aa,72,f8,b2,24,7b,d6,f5,03,32,06,94,30,6a,5c,1d,
f6,1f,b5,41,8c,04,9a,17,82,7a,23,2b,f3,de,c5,32,a3,20,16,a5,56,f0,bb,ed,b1,\
"??"=hex:00,0c,dd,3a,a7,06,65,85,5d,61,22,27,2c,0a,1c,94
.
[HKEY_USERS\S-1-5-21-343818398-1220945662-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:d3,b1,4c,f1,b1,d8,de,da,54,6f,a2,1c,df,c0,43,93,dd,26,fd,98,f1,
52,fb,cb,a2,19,f5,7b,de,a7,80,4c,31,14,ad,3a,6e,17,65,79,68,2d,d2,3c,2a,5d,\
"rkeysecu"=hex:25,dc,c0,6c,15,00,b9,91,ad,5e,71,35,a0,2b,57,d6
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(992)
c:\windows\system32\guard32.dll
.
Completion time: 2012-08-02 12:58:37
ComboFix-quarantined-files.txt 2012-08-02 19:58
.
Pre-Run: 50,446,012,416 bytes free
Post-Run: 51,611,865,088 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 0039CBB81EEC19A9E22E7D4CC3F7740F

[Maniac]

Good!

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

[Chanta153]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bbef6fd4e2103346b3a3e7275f8dd09f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-04 02:26:34
# local_time=2012-08-03 07:26:34 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777213 80 71 1052272 18769868 0 0
# compatibility_mode=5891 16776533 42 93 0 10811198 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=239549
# found=12
# cleaned=12
# scan_time=12963
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\colton\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadhdagcdfgcgcdedadjdhdgdegededg\background.html Win32/BHO.OEI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F627A58D-F9C4-4287-AB5C-9ED46C74F98F}\RP354\A0212357.dll Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F627A58D-F9C4-4287-AB5C-9ED46C74F98F}\RP451\A0255369.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F627A58D-F9C4-4287-AB5C-9ED46C74F98F}\RP464\A0274842.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F627A58D-F9C4-4287-AB5C-9ED46C74F98F}\RP470\A0276299.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\31.07.2012_12.34.51\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\31.07.2012_12.34.51\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\31.07.2012_12.34.51\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\31.07.2012_12.34.51\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\Games\APB\APB_Reloaded_Installer.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\System Volume Information\_restore{F627A58D-F9C4-4287-AB5C-9ED46C74F98F}\RP470\A0276300.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

[Maniac]

How are things now?

[Chanta153]

there a little better, but i still got like.. one blacked outgoing connection to a "malicous website"

[Maniac]

Please give me the IP.

[Chanta153]

I will as soon as i see it again

[Maniac]

Thanks!

[Chanta153]

i havent seen it again so i believe it is gone thanks for the help Maniac!

[Maniac]

Glad I could help!

Please uninstall ComboFix:
www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, uninstall ESET Online Scanner and then manually delete DDS and TDSSKiller.

Some malware prevention tips:
http://forums.malwar...howtopic=104379


Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!