Babylon Removal

mel_1396 · Jul 1, 2013

Other people who had the same problem seemed to get rid of Babylon in one day and it never made a reappearance. I want to know why I keep seeing it everyday because I have found no one else with the same issue on various help forums.

kuttus · Jul 1, 2013

Is this coming from Google Bookmarks? Are you loged into your Google Account in Google Chrome?

mel_1396 · Jul 2, 2013

kuttus said:
Is this coming from Google Bookmarks? Are you loged into your Google Account in Google Chrome?

I'm not sure if it's coming from the Bookmarks or not.

I have 2 Google Accounts, the first one that I use the most became infected with Babylon, so I created a new user profile, but with the same account. I am logged into the account with Google Chrome. It's synched so my previous preferences are still available. I have the same 3 Bookmarks, but I manually went to bookmark them again.

Then I created a new user profile with my backup email, I have the same 3 Bookmarks, but I had to create new preferences again because I have never used this email before. Babylon is still there, but this new email is synched with Chrome.

kuttus · Jul 2, 2013

There is a Possibility that this one is coming back from Google Account... Please make sure there is no such entry's in your Google Account. Now follow this steps........

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

STEP 1: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>

STEP 2: Run a scan with Junkware Removal Tool

Please download Junkware Removal Tool to your desktop from here

Turn off your antivirus software now to avoid potential conflicts

Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator

The tool will open and start scanning your system

Please be patient as this can take a while to complete depending on your system's specifications

On completion, a log (JRT.txt) will be saved to your desktop and will automatically open

Post the contents of JRT.txt into your next reply

STEP 3: Run a scan with OTL by OldTimer
<ol><li>Download the OTL utility using the below link :
<><a title="External link" href="http://oldtimer.geekstogo.com/OTL.exe" rel="nofollow external">OTL DOWNLOAD LINK</a> (This link will automatically download OTL on your computer)</></li>
<li>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL-logo.png" alt="" title="OTL-logo" width="106" height="118" class="alignnone size-full wp-image-3946" /></li>
<li>When the window appears, <>underneath Output</> at the top change it to <>Minimal Output</>.</li>
<li>Check the boxes beside <>LOP Check</> and <>Purity Check</>.</li>
<li>Click the<> Run Scan</> button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL.png" alt="" title="OTL" width="658" height="584" class="alignnone size-full wp-image-3945" /></li>
<li>When the scan completes, it will open two notepad windows. <>OTL.Txt</> and <>Extras.Txt</>. These are saved in the same location as OTL.
<>Please post this 2 logs in your first reply.</>.</li></ol>

Settings You need to Select in OTL

Click the Scan All Users checkbox.

Change Standard Registry to All.

Check the boxes beside LOP Check and Purity Check.

Note: If OTL.exe will not run, it may be blocked by malware. Try these alternate versions: <a title="External link" href="http://www.itxassociates.com/OT-Tools/OTL.scr" rel="nofollow external">OTL.scr</a>, or <a title="External link" href="http://oldtimer.geekstogo.com/OTL.com" rel="nofollow external">OTL.com</a>.

<hr />

mel_1396 · Jul 2, 2013

Would it be best if I reply back after each step with my results?

kuttus · Jul 3, 2013

Sure.. No problem.

mel_1396 · Jul 11, 2013

So sorry for the delayed reply. After you posted those instructions Babylon disappeared on its own, but now it's come back.

So here's the AdwCleaner log:

# AdwCleaner v2.304 - Logfile created 07/11/2013 at 13:06:49
# Updated 03/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Melissa Fan - MELISSA
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Melissa Fan\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\WINDOWS\Tasks\EPUpdater.job
Folder Deleted : C:\DOCUME~1\MELISS~1\LOCALS~1\Temp\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Melissa Fan\Application Data\BabSolution
Folder Deleted : C:\Documents and Settings\Melissa Fan\Application Data\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\52558f8ce76dec15
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www.delta-search.com/?babsrc=NT_ss&mntrId=9CAE001560ED44FC&affID=122471&tt=250613_gr2&tsp=4926 --> hxxp://www.google.com

-\\ Google Chrome v27.0.1453.116

File : C:\Documents and Settings\Melissa Fan\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1854 octets] - [11/07/2013 13:06:49]

########## EOF - C:\AdwCleaner[S1].txt - [1914 octets] ##########

kuttus · Jul 11, 2013

Please try the step 3 and update me with log files.

mel_1396 · Jul 12, 2013

I did the OTL scan, but I only got 1 log file - OTL.txt. I did not get the Extras.txt. Is that going to be a problem?

Here's the OTL.txt log file

OTL logfile created on: 12/07/2013 1:38:03 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Melissa Fan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 72.82% Memory free
3.85 Gb Paging File | 3.48 Gb Available in Paging File | 90.33% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.33 Gb Total Space | 19.72 Gb Free Space | 28.44% Space Free | Partition Type: NTFS
Drive E: | 58.66 Gb Total Space | 49.24 Gb Free Space | 83.94% Space Free | Partition Type: NTFS

Computer Name: MELISSA | User Name: Melissa Fan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Melissa Fan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Documents and Settings\Melissa Fan\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE (CANON INC.)
PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\spd__l.dll ()

========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_8fa3539.dll ()
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor9.0) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (Samsung UPD Service) -- C:\WINDOWS\system32\SUPDSvc.exe (Samsung Electronics CO., LTD.)
SRV - (SoundMAX Agent Service (default) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MpKsl2fd3b7f2) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9354C348-990C-4C7C-B532-BD2261BF4D13}\MpKsl2fd3b7f2.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (DasBootF) -- C:\WINDOWS\system32\drivers\DasBootF.SYS ()
DRV - (DasBoot) -- C:\WINDOWS\system32\drivers\DasBoot.SYS ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\HA10KX2K.SYS (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\CTAC32K.SYS (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\CTDVDA2K.SYS (Creative Technology Ltd)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?lang=en-ca
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?lang=en-ca
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1844237615-1450960922-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?lang=en-ca
IE - HKU\S-1-5-21-1844237615-1450960922-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKU\S-1-5-21-1844237615-1450960922-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1844237615-1450960922-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1844237615-1450960922-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1844237615-1450960922-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1844237615-1450960922-839522115-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1844237615-1450960922-839522115-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1844237615-1450960922-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1844237615-1450960922-839522115-1003\..\SearchScopes\{089338FF-3DFE-4999-90DF-E837C55F3509}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1844237615-1450960922-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1844237615-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1844237615-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local>

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/12/07 23:53:47 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.msn.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.71\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.71\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Melissa Fan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Melissa Fan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Melissa Fan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Melissa Fan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\Melissa Fan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1844237615-1450960922-839522115-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1844237615-1450960922-839522115-1003\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1844237615-1450960922-839522115-1003\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [FRYMXINS] C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Documents and Settings\Melissa Fan\Desktop\Unlocker\UnlockerAssistant.exe" File not found
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1844237615-1450960922-839522115-1003..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Melissa Fan\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1844237615-1450960922-839522115-1003..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1844237615-1450960922-839522115-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1844237615-1450960922-839522115-1003..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\Linda\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Melissa Fan\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1844237615-1450960922-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1844237615-1450960922-839522115-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D07A5E86-0A79-4A54-9535-C3B93FE45EBF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Melissa Fan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Melissa Fan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/28 19:14:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ec8ccf30-103f-11e0-969f-001560ed44fc}\Shell - "" = AutoRun
O33 - MountPoints2\{ec8ccf30-103f-11e0-969f-001560ed44fc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ec8ccf30-103f-11e0-969f-001560ed44fc}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/11 23:22:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Melissa Fan\Desktop\OTL.exe
[2013/07/10 23:26:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/07/02 12:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melissa Fan\Local Settings\Application Data\VS Revo Group
[2013/07/02 12:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VS Revo Group
[2013/06/29 13:22:46 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/06/29 13:22:46 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/06/29 13:22:43 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/06/29 13:22:43 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/06/29 13:22:43 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/06/29 13:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/06/27 17:16:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2013/06/27 17:16:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2011/05/22 20:24:18 | 000,956,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files\SaveAsPDFandXPS.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/12 13:40:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/12 13:32:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/12 13:32:41 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/12 13:31:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/11 23:22:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melissa Fan\Desktop\OTL.exe
[2013/07/11 23:06:01 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/11 18:12:50 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/07/11 13:06:15 | 000,650,027 | ---- | M] () -- C:\Documents and Settings\Melissa Fan\Desktop\adwcleaner.exe
[2013/07/11 12:58:06 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/07/11 12:53:04 | 000,341,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/10 23:28:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/10 23:27:31 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/10 23:27:31 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/07/09 22:07:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/07/01 18:42:29 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Melissa Fan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/29 13:22:31 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/06/29 13:22:27 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/06/29 13:22:27 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/06/29 13:22:26 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/06/29 13:22:26 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/06/29 13:22:25 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/06/29 13:22:25 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/11 13:05:56 | 000,650,027 | ---- | C] () -- C:\Documents and Settings\Melissa Fan\Desktop\adwcleaner.exe
[2012/12/30 22:02:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/29 18:33:52 | 000,225,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\DasBootS.SYS
[2012/12/29 18:33:52 | 000,059,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\DasBootF.SYS
[2012/12/29 18:33:52 | 000,027,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\DasBootK.SYS
[2012/12/29 18:33:52 | 000,009,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\DasBootI.SYS
[2012/12/29 18:33:52 | 000,009,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\DasBootE.SYS
[2012/12/29 18:33:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\DasBootD.SYS
[2012/12/29 18:33:51 | 000,020,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\DasBoot.SYS
[2012/06/08 18:52:02 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Melissa Fan\Application Data\mainhst.zgh
[2012/02/14 17:01:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/12/25 12:07:22 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Melissa Fan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012/12/28 21:16:58 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$c5bd99f087d10bdab97cb377d43b960e\L
[2012/12/31 11:49:50 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$c5bd99f087d10bdab97cb377d43b960e\U
[2010/12/06 17:24:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/12/06 17:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/12/03 07:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/04/13 22:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leawo
[2011/05/28 15:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2013/06/30 12:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOIK
[2011/03/23 20:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2013/07/02 12:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VS Revo Group
[2010/12/25 21:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/15 09:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Fan\Application Data\Canon
[2010/12/03 08:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Fan\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/28 11:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Fan\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/07/01 15:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Fan\Application Data\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012/06/02 16:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Fan\Application Data\CompuClever
[2012/12/29 12:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Fan\Application Data\ElevatedDiagnostics
[2011/04/13 22:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Fan\Application Data\Leawo
[2011/04/13 22:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Fan\Application Data\Moyea
[2012/06/02 17:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Fan\Application Data\Oracle
[2011/12/13 16:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Fan\Application Data\Synthesia
[2011/03/23 20:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Fan\Application Data\SYSTEMAX Software Development
[2011/03/02 17:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Fan\Application Data\Tific
[2011/04/13 16:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Fan\Application Data\WinAVI
[2012/06/08 18:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melissa Fan\Application Data\ZipGenius

========== Purity Check ==========

< End of report >

kuttus · Jul 12, 2013

STEP 1: Run the below OTL fix
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL

Code:

:OTL [2012/12/28 21:16:58 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$c5bd99f087d10bdab97cb377d43b960e\L [2012/12/31 11:49:50 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$c5bd99f087d10bdab97cb377d43b960e\U [2010/12/06 17:24:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [2012/06/08 18:52:02 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Melissa Fan\Application Data\mainhst.zgh [2010/12/25 12:07:22 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Melissa Fan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini :commands [emptytemp] [reboot]

<>NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system</></li>
<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>

<hr />

Download Malwarebytes Anti-Rootkit from here to your Desktop

Unzip the contents to a folder on your Desktop.

Open the folder where the contents were unzipped and run mbar.exe

Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.

After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.

When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to

Update Malwarebytes' Anti-Malware

and Launch Malwarebytes' Anti-Malware

then click Finish.

If an update is found, it will download and install the latest version.

When it prompts you to try their 30-day trail, click decline

Once the program has loaded, select Perform quick scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.

When completed, a log will open in Notepad. please copy and paste the log into your next reply

If you accidently close it, the log file is saved here and will be named like this:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

mel_1396 · Jul 12, 2013

The new OTL log:

All processes killed
Error: Unable to interpret <[2012/12/28 21:16:58 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$c5bd99f087d10bdab97cb377d43b960e\L> in the current context!
Error: Unable to interpret <[2012/12/31 11:49:50 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$c5bd99f087d10bdab97cb377d43b960e\U> in the current context!
Error: Unable to interpret <[2010/12/06 17:24:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini> in the current context!
Error: Unable to interpret <[2012/06/08 18:52:02 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Melissa Fan\Application Data\mainhst.zgh> in the current context!
Error: Unable to interpret <[2010/12/25 12:07:22 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Melissa Fan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Favorites

User: Linda
->Temp folder emptied: 77829 bytes
->Temporary Internet Files folder emptied: 10212394 bytes
->Flash cache emptied: 42407 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 214304464 bytes
->Flash cache emptied: 6356 bytes

User: Melissa Fan
->Temp folder emptied: 1147867422 bytes
->Temporary Internet Files folder emptied: 79818224 bytes
->Google Chrome cache emptied: 284024935 bytes
->Flash cache emptied: 79529 bytes

User: NetworkService
->Temp folder emptied: 1322838 bytes
->Temporary Internet Files folder emptied: 37648392 bytes
->Flash cache emptied: 1661 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3261804 bytes
%systemroot%\System32 .tmp files removed: 2840081 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29302776 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 608208212 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,307.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 07122013_202348

kuttus · Jul 12, 2013

Try Malwarebytes' Anti-Malware also.

mel_1396 · Jul 12, 2013

I just completed the Malwarebytes' Anti-Rootkit and I'm about to start Malwarebytes' Anti-Malware.

Here's the mbar-log:

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.12.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Melissa Fan :: MELISSA [administrator]

12/07/2013 8:59:19 PM
mbar-log-2013-07-12 (20-59-19).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 238789
Time elapsed: 11 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
c:\RECYCLER\S-1-5-18\$c5bd99f087d10bdab97cb377d43b960e\U (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-21-1844237615-1450960922-839522115-1003\$c5bd99f087d10bdab97cb377d43b960e\U (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-18\$c5bd99f087d10bdab97cb377d43b960e\L (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-21-1844237615-1450960922-839522115-1003\$c5bd99f087d10bdab97cb377d43b960e\L (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-18\$c5bd99f087d10bdab97cb377d43b960e (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-21-1844237615-1450960922-839522115-1003\$c5bd99f087d10bdab97cb377d43b960e (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

And here's the system-log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.200000 GHz
Memory total: 2146959360, free: 1650552832

Downloaded database version: v2013.07.12.05
Initializing...
------------ Kernel report ------------
07/12/2013 20:59:08
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
\WINDOWS\system32\drivers\DasBootD.SYS
\WINDOWS\system32\drivers\DasBootK.sys
\WINDOWS\system32\drivers\DasBootI.SYS
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
PCIIde.sys
\WINDOWS\System32\Drivers\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\b57xp32.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\aeaudio.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff89bcbab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-5\
Lower Device Object: 0xffffffff89c09d98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff89bcbab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89ba8e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89bcbab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89baef18, DeviceName: \Device\00000061\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff89c09d98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C720C71

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 145404252
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 145404315 Numsec = 123025770

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: E:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Infected: c:\RECYCLER\S-1-5-18\$c5bd99f087d10bdab97cb377d43b960e\U --> [Trojan.Siredef.C]
Infected: c:\RECYCLER\S-1-5-21-1844237615-1450960922-839522115-1003\$c5bd99f087d10bdab97cb377d43b960e\U --> [Trojan.Siredef.C]
Infected: c:\RECYCLER\S-1-5-18\$c5bd99f087d10bdab97cb377d43b960e\L --> [Trojan.Siredef.C]
Infected: c:\RECYCLER\S-1-5-21-1844237615-1450960922-839522115-1003\$c5bd99f087d10bdab97cb377d43b960e\L --> [Trojan.Siredef.C]
Infected: c:\RECYCLER\S-1-5-18\$c5bd99f087d10bdab97cb377d43b960e --> [Trojan.Siredef.C]
Infected: c:\RECYCLER\S-1-5-21-1844237615-1450960922-839522115-1003\$c5bd99f087d10bdab97cb377d43b960e --> [Trojan.Siredef.C]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal successful. No system shutdown is required.
=======================================

Removal queue found; removal started
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.200000 GHz
Memory total: 2146959360, free: 1621405696

Initializing...
------------ Kernel report ------------
07/12/2013 21:12:27
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
\WINDOWS\system32\drivers\DasBootD.SYS
\WINDOWS\system32\drivers\DasBootK.sys
\WINDOWS\system32\drivers\DasBootI.SYS
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
PCIIde.sys
\WINDOWS\System32\Drivers\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\b57xp32.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\aeaudio.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38D91A5B-D623-427D-91C7-24A9ED8D0D91}\MpKsl9397ca08.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff89bcbab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-5\
Lower Device Object: 0xffffffff89c09d98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff89bcbab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89ba8e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89bcbab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89baef18, DeviceName: \Device\00000061\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff89c09d98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C720C71

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 145404252
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 145404315 Numsec = 123025770

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: E:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scan finished
=======================================

Removal queue found; removal started
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.200000 GHz
Memory total: 2146959360, free: 1726021632

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.200000 GHz
Memory total: 2146959360, free: 1647710208

Initializing...
------------ Kernel report ------------
07/12/2013 21:25:52
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
\WINDOWS\system32\drivers\DasBootD.SYS
\WINDOWS\system32\drivers\DasBootK.sys
\WINDOWS\system32\drivers\DasBootI.SYS
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
PCIIde.sys
\WINDOWS\System32\Drivers\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\b57xp32.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\aeaudio.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38D91A5B-D623-427D-91C7-24A9ED8D0D91}\MpKsl96e87f65.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff89b7cab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-5\
Lower Device Object: 0xffffffff89bba940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff89b7cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89b94e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89b7cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89c09510, DeviceName: \Device\00000060\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff89bba940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C720C71

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 145404252
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 145404315 Numsec = 123025770

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: E:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scan finished
=======================================

Removal queue found; removal started
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

mel_1396 · Jul 12, 2013

And here is the Malwarebytes' Anti-Malware log file.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.13.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Melissa Fan :: MELISSA [administrator]

12/07/2013 9:53:16 PM
mbam-log-2013-07-12 (21-53-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235740
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

kuttus · Jul 14, 2013

STEP 1: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> (This link will open a download page in a new window from where you can download HitmanPro)</li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />
STEP 2: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> (This link will automatically download ESET Online Scanner on your computer.)</li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
STEP 3: Run a scan with Kaspersky Virus Removal Tool
<ol><li>Download Kaspersky Virus Removal Tool from the below link and then double click on it to start this utility.
<><a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow">KASPERSKY VIRUS REMOVAL TOOL</a></> (This link open an new webpage from where you can download Kaspersky Virus Removal Tool on your computer.)</li>
<li>Follow the onscreen prompts until it is installed</li>
<li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
<ul>
<li>System Memory</li>
<li>Hidden startup objects</li>
<li>Disk boot sectors</li>
<li>Local Disk (C: )</li>
<li>Also any other drives (Removable that you may have)</li>
</ul>
</li>
<li>Then click on <>Actions</> on the left hand side</li>
<li>Click <>Select Action</>, then make sure both <>Disinfect</> and <>Delete if disinfection fails</> are ticked</li>
<li>Click on <>Automatic Scan</></li>
<li>Now click the <>Start Scanning</> button, to run the scan</li>
<li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
<li>Click <>Detected threats</> on the left</li>
<li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
<li>Please attach kaslog.txt in your next reply.</li>
</ol>
<hr />

mel_1396 · Jul 14, 2013

HitmanPro got rid of some tracking cookies. Here is the ESET log file.

C:\WINDOWS\system32\DBBK\1B7243B64EB25F842357CED8691D5FC3 HTML/ScrInject.B.Gen virus deleted - quarantined
C:\WINDOWS\system32\DBBK\2B964CDB2E1140B660974859B27602FB HTML/Iframe.B.Gen virus deleted - quarantined
C:\WINDOWS\system32\DBBK\33D16BA06831F82D0736C75F218D5769 HTML/Iframe.B.Gen virus deleted - quarantined
C:\WINDOWS\system32\DBBK\58AC598E53DF62E69FAB67874DCFB9B2 HTML/Iframe.B.Gen virus deleted - quarantined
C:\WINDOWS\system32\DBBK\68212B5780FADCE08A126D277D81CB3A HTML/Iframe.B.Gen virus deleted - quarantined
C:\WINDOWS\system32\DBBK\7DB430A2002F973A994B79AAA8E76D72 HTML/Iframe.B.Gen virus deleted - quarantined
C:\WINDOWS\system32\DBBK\83AE60929738479D6C0CCFD5C2EA41F1 HTML/ScrInject.B.Gen virus deleted - quarantined
C:\WINDOWS\system32\DBBK\92169EF3BE0CC8EFD41EA4595356E27D HTML/Iframe.B.Gen virus deleted - quarantined
C:\WINDOWS\system32\DBBK\987CD97B4EE4A365648470AEE6120F41 HTML/Iframe.B.Gen virus deleted - quarantined
C:\WINDOWS\system32\DBBK\9C2B32F3D03BA232CF9CD0D60E411A18 HTML/ScrInject.B.Gen virus deleted - quarantined
C:\WINDOWS\system32\DBBK\AC8769D53A9E85D1C8373FAB9725EFDD HTML/ScrInject.B.Gen virus deleted - quarantined
C:\WINDOWS\system32\DBBK\B8EFD68D4B1CABF13082BE5BF4DEA285 HTML/Iframe.B.Gen virus deleted - quarantined
C:\WINDOWS\system32\DBBK\BA948666EDD642BE5414F8B47D408CF1 HTML/ScrInject.B.Gen virus deleted - quarantined
C:\WINDOWS\system32\DBBK\D1319AA8D8B31ACE827E698A0F959805 HTML/Iframe.B.Gen virus deleted - quarantined
C:\WINDOWS\system32\DBBK\D306B2D2A127B097D02D8D88825FF6F4 HTML/Iframe.B.Gen virus deleted - quarantined
C:\WINDOWS\system32\DBBK\D73ED3E32897BBE351EBF04F8355212F HTML/Iframe.B.Gen virus deleted - quarantined
C:\WINDOWS\system32\DBBK\E9B055BD389209D93E17AE0E217F4946 HTML/ScrInject.B.Gen virus deleted - quarantined

And Kaspersky found no threats.

kuttus · Jul 14, 2013

STEP 1 : Run a scan with Kaspersky TDSSKiller
<ol>
<li>Download Kaspersky TDSKiller from the below link.
<><a title="External link" href="http://support.kaspersky.com/downloads/utils/tdsskiller.exe" rel="external">KASPERKSY TDSSKILLER DOWNLOAD LINK</a></> (This link will automatically download Kaspersky TDSSKiller on your computer)
</li>
<li>Double-click on <>TDSSKiller.exe</> to run the application.
<img src="http://img4.imageshack.us/img4/1907/tdss1.png" alt="Posted Image" /></li>
<li>Click <>Change parameters</>
<img src="http://img593.imageshack.us/img593/288/tdss2.png" alt="Posted Image" /></li>
<li>Check the boxes next to <>Verify Driver Digital Signature</> and <>Detect TDLFS file system</>, then click <>OK</>
<img src="http://img521.imageshack.us/img521/1456/tdss3.png" alt="Posted Image" /></li>
<li>Click on the <>Start Scan</> button to begin the scan and wait for it to finish.
<>NOTE:</> Do not use the computer during the scan!</li>
<li>During the scan it will look similar to the image below:
<img src="http://img6.imageshack.us/img6/9136/tdss4.jpg" alt="Posted Image" /></li>
<li>When it finishes, you will either see a report that no threats were found like below:
<img src="http://img696.imageshack.us/img696/9898/tdss5.jpg" alt="Posted Image" />
If no threats are found at this point, just click the <>Report</> selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.</li>
<li>If any infection or suspected items are found, you will see a window similar to below:
<img src="http://img854.imageshack.us/img854/905/tdss7.jpg" alt="Posted Image" />
<ul>
<li>If you have files that are shown to fail signature check do not take any action on these. Make sure you select <>Skip</>. I will tell you what to do with these later. They may not be issues at all.</li>
<li>If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.</li>
<li>If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
Make sure that <>Cure</> is selected. <>VERY IMPORTANT!</> - If Cure is not available, please choose <>Skip</> instead. DO NOT choose Delete unless instructed to do so.</li>
</ul>
</li>
<li>Click <>Continue</> to apply selected actions.</li>
<li>A reboot may be required to complete disinfection. A window like the below will appear:
<img src="http://img828.imageshack.us/img828/4812/tdss6.jpg" alt="Posted Image" />
Reboot immediately if TDSSKiller states that one is needed.</li>
<li>Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like <>TDSSKiller.2.1.1_2.12.2012_14.17.04_log.txt</> which is based on the program version # and date and time run.</li>
<li>Attach this log to your next reply.</li>
</ol>
<hr />

mel_1396 · Jul 15, 2013

The log file.

13:21:18.0953 2324 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:21:19.0312 2324 ============================================================
13:21:19.0312 2324 Current date / time: 2013/07/15 13:21:19.0312
13:21:19.0312 2324 SystemInfo:
13:21:19.0312 2324
13:21:19.0312 2324 OS Version: 5.1.2600 ServicePack: 3.0
13:21:19.0312 2324 Product type: Workstation
13:21:19.0312 2324 ComputerName: MELISSA
13:21:19.0312 2324 UserName: Melissa Fan
13:21:19.0312 2324 Windows directory: C:\WINDOWS
13:21:19.0312 2324 System windows directory: C:\WINDOWS
13:21:19.0312 2324 Processor architecture: Intel x86
13:21:19.0312 2324 Number of processors: 2
13:21:19.0312 2324 Page size: 0x1000
13:21:19.0312 2324 Boot type: Normal boot
13:21:19.0312 2324 ============================================================
13:21:20.0453 2324 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:21:20.0468 2324 ============================================================
13:21:20.0468 2324 \Device\Harddisk0\DR0:
13:21:20.0468 2324 MBR partitions:
13:21:20.0468 2324 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8AAB15C
13:21:20.0484 2324 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8AAB1DA, BlocksNum 0x755392B
13:21:20.0484 2324 ============================================================
13:21:20.0515 2324 C: <-> \Device\Harddisk0\DR0\Partition1
13:21:20.0562 2324 E: <-> \Device\Harddisk0\DR0\Partition2
13:21:20.0562 2324 ============================================================
13:21:20.0562 2324 Initialize success
13:21:20.0562 2324 ============================================================
13:22:16.0937 2728 ============================================================
13:22:16.0937 2728 Scan started
13:22:16.0937 2728 Mode: Manual; SigCheck; TDLFS;
13:22:16.0937 2728 ============================================================
13:22:17.0125 2728 ================ Scan system memory ========================
13:22:17.0125 2728 System memory - ok
13:22:17.0125 2728 ================ Scan services =============================
13:22:17.0765 2728 Abiosdsk - ok
13:22:17.0765 2728 abp480n5 - ok
13:22:17.0812 2728 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:22:18.0562 2728 ACPI - ok
13:22:18.0593 2728 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:22:18.0734 2728 ACPIEC - ok
13:22:18.0828 2728 [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
13:22:18.0843 2728 AdobeActiveFileMonitor9.0 - ok
13:22:18.0906 2728 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:22:18.0921 2728 AdobeFlashPlayerUpdateSvc - ok
13:22:18.0937 2728 adpu160m - ok
13:22:18.0953 2728 [ E696E749BEDCDA8B23757B8B5EA93780 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
13:22:19.0000 2728 aeaudio - ok
13:22:19.0031 2728 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:22:19.0140 2728 aec - ok
13:22:19.0171 2728 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:22:19.0250 2728 AFD - ok
13:22:19.0250 2728 Aha154x - ok
13:22:19.0265 2728 aic78u2 - ok
13:22:19.0265 2728 aic78xx - ok
13:22:19.0437 2728 [ BBE9054FDADC8D49D29C5DA4FB84A803 ] Akamai c:\program files\common files\akamai/netsession_win_8fa3539.dll
13:22:19.0437 2728 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_8fa3539.dll. md5: BBE9054FDADC8D49D29C5DA4FB84A803
13:22:19.0453 2728 Akamai ( HiddenFile.Multi.Generic ) - warning
13:22:19.0453 2728 Akamai - detected HiddenFile.Multi.Generic (1)
13:22:19.0484 2728 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:22:19.0609 2728 Alerter - ok
13:22:19.0640 2728 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:22:19.0703 2728 ALG - ok
13:22:19.0718 2728 AliIde - ok
13:22:19.0718 2728 amsint - ok
13:22:19.0781 2728 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:22:19.0796 2728 Apple Mobile Device - ok
13:22:19.0843 2728 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:22:19.0906 2728 AppMgmt - ok
13:22:19.0921 2728 asc - ok
13:22:19.0921 2728 asc3350p - ok
13:22:19.0937 2728 asc3550 - ok
13:22:20.0000 2728 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:22:20.0031 2728 aspnet_state - ok
13:22:20.0093 2728 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:22:20.0234 2728 AsyncMac - ok
13:22:20.0281 2728 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:22:20.0421 2728 atapi - ok
13:22:20.0437 2728 Atdisk - ok
13:22:20.0468 2728 [ 09D1B8D24AB33EE70447EE8A9990BB18 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
13:22:20.0546 2728 Ati HotKey Poller - ok
13:22:20.0578 2728 [ F057CBEEBAA69220BB5359803ADAF81D ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
13:22:21.0359 2728 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
13:22:21.0359 2728 ATI Smart - detected UnsignedFile.Multi.Generic (1)
13:22:21.0421 2728 [ 6A6AE8C922C8A8FE1C433E813EAAB526 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:22:21.0484 2728 ati2mtag - ok
13:22:21.0515 2728 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:22:21.0640 2728 Atmarpc - ok
13:22:21.0671 2728 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:22:21.0781 2728 AudioSrv - ok
13:22:21.0812 2728 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:22:21.0937 2728 audstub - ok
13:22:21.0968 2728 [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
13:22:22.0015 2728 b57w2k - ok
13:22:22.0046 2728 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:22:22.0187 2728 Beep - ok
13:22:22.0218 2728 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:22:22.0453 2728 BITS - ok
13:22:22.0500 2728 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:22:22.0531 2728 Bonjour Service - ok
13:22:22.0562 2728 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:22:22.0640 2728 Browser - ok
13:22:22.0671 2728 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:22:22.0796 2728 cbidf2k - ok
13:22:22.0796 2728 cd20xrnt - ok
13:22:22.0843 2728 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:22:22.0984 2728 Cdaudio - ok
13:22:23.0015 2728 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:22:23.0140 2728 Cdfs - ok
13:22:23.0171 2728 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:22:23.0296 2728 Cdrom - ok
13:22:23.0312 2728 Changer - ok
13:22:23.0328 2728 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\system32\cisvc.exe
13:22:23.0453 2728 cisvc - ok
13:22:23.0500 2728 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:22:23.0625 2728 ClipSrv - ok
13:22:23.0656 2728 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:22:23.0718 2728 clr_optimization_v2.0.50727_32 - ok
13:22:23.0718 2728 CmdIde - ok
13:22:23.0734 2728 COMSysApp - ok
13:22:23.0750 2728 Cpqarray - ok
13:22:23.0765 2728 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:22:23.0890 2728 CryptSvc - ok
13:22:23.0937 2728 [ 8A9C65CE4FE6E8CB24CE06BA28D951A0 ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
13:22:24.0031 2728 ctac32k ( UnsignedFile.Multi.Generic ) - warning
13:22:24.0031 2728 ctac32k - detected UnsignedFile.Multi.Generic (1)
13:22:24.0046 2728 [ 5A0EEB00B02FC78605AA9D3590B24978 ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys
13:22:24.0234 2728 ctdvda2k ( UnsignedFile.Multi.Generic ) - warning
13:22:24.0234 2728 ctdvda2k - detected UnsignedFile.Multi.Generic (1)
13:22:24.0265 2728 [ 2381CF056C15271F6B8DAB50FF82CF3A ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
13:22:24.0281 2728 ctprxy2k ( UnsignedFile.Multi.Generic ) - warning
13:22:24.0281 2728 ctprxy2k - detected UnsignedFile.Multi.Generic (1)
13:22:24.0312 2728 [ DA1C530DE86C85A701138B30FB145AF3 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
13:22:24.0406 2728 ctsfm2k ( UnsignedFile.Multi.Generic ) - warning
13:22:24.0406 2728 ctsfm2k - detected UnsignedFile.Multi.Generic (1)
13:22:24.0406 2728 dac2w2k - ok
13:22:24.0406 2728 dac960nt - ok
13:22:24.0437 2728 [ B41CB3AA2E0AAE024B4FB316FE440BE4 ] DasBoot C:\WINDOWS\system32\drivers\DasBoot.SYS
13:22:24.0484 2728 DasBoot - ok
13:22:24.0515 2728 [ 998242A4EDE6992396A90585CC121F2C ] DasBootF C:\WINDOWS\system32\drivers\DasBootF.SYS
13:22:24.0531 2728 DasBootF - ok
13:22:24.0562 2728 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:22:24.0625 2728 DcomLaunch - ok
13:22:24.0671 2728 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:22:24.0796 2728 Dhcp - ok
13:22:24.0828 2728 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:22:24.0953 2728 Disk - ok
13:22:24.0968 2728 dmadmin - ok
13:22:25.0015 2728 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:22:25.0203 2728 dmboot - ok
13:22:25.0218 2728 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
13:22:25.0343 2728 dmio - ok
13:22:25.0359 2728 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:22:25.0484 2728 dmload - ok
13:22:25.0515 2728 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:22:25.0625 2728 dmserver - ok
13:22:25.0656 2728 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:22:25.0781 2728 DMusic - ok
13:22:25.0812 2728 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:22:25.0921 2728 Dnscache - ok
13:22:25.0984 2728 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:22:26.0093 2728 Dot3svc - ok
13:22:26.0109 2728 dpti2o - ok
13:22:26.0125 2728 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:22:26.0250 2728 drmkaud - ok
13:22:26.0281 2728 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:22:26.0421 2728 EapHost - ok
13:22:26.0437 2728 [ 661CF27263F3E0B553BE050A42D357DB ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
13:22:26.0515 2728 emupia ( UnsignedFile.Multi.Generic ) - warning
13:22:26.0515 2728 emupia - detected UnsignedFile.Multi.Generic (1)
13:22:26.0546 2728 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:22:26.0656 2728 ERSvc - ok
13:22:26.0687 2728 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:22:26.0703 2728 Eventlog - ok
13:22:26.0718 2728 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
13:22:26.0765 2728 EventSystem - ok
13:22:26.0796 2728 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:22:26.0937 2728 Fastfat - ok
13:22:26.0968 2728 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:22:27.0046 2728 FastUserSwitchingCompatibility - ok
13:22:27.0062 2728 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:22:27.0187 2728 Fdc - ok
13:22:27.0218 2728 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:22:27.0328 2728 Fips - ok
13:22:27.0359 2728 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:22:27.0484 2728 Flpydisk - ok
13:22:27.0531 2728 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:22:27.0671 2728 FltMgr - ok
13:22:27.0718 2728 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:22:27.0734 2728 FontCache3.0.0.0 - ok
13:22:27.0750 2728 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:22:27.0890 2728 Fs_Rec - ok
13:22:27.0906 2728 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:22:28.0031 2728 Ftdisk - ok
13:22:28.0062 2728 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:22:28.0078 2728 GEARAspiWDM - ok
13:22:28.0125 2728 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:22:28.0250 2728 Gpc - ok
13:22:28.0312 2728 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:22:28.0328 2728 gupdate - ok
13:22:28.0328 2728 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:22:28.0343 2728 gupdatem - ok
13:22:28.0390 2728 [ 43EF4C441DAA46361B400D7AA3C003BA ] ha10kx2k C:\WINDOWS\system32\drivers\ha10kx2k.sys
13:22:28.0500 2728 ha10kx2k ( UnsignedFile.Multi.Generic ) - warning
13:22:28.0500 2728 ha10kx2k - detected UnsignedFile.Multi.Generic (1)
13:22:28.0515 2728 [ 571AC8AC1F9B07312E9284FB236F4AC2 ] hap16v2k C:\WINDOWS\system32\drivers\hap16v2k.sys
13:22:28.0609 2728 hap16v2k ( UnsignedFile.Multi.Generic ) - warning
13:22:28.0609 2728 hap16v2k - detected UnsignedFile.Multi.Generic (1)
13:22:28.0671 2728 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:22:28.0828 2728 helpsvc - ok
13:22:28.0828 2728 HidServ - ok
13:22:28.0890 2728 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:22:29.0000 2728 hkmsvc - ok
13:22:29.0015 2728 hpn - ok
13:22:29.0015 2728 hpt3xx - ok
13:22:29.0062 2728 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:22:29.0093 2728 HTTP - ok
13:22:29.0125 2728 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:22:29.0250 2728 HTTPFilter - ok
13:22:29.0281 2728 i2omgmt - ok
13:22:29.0281 2728 i2omp - ok
13:22:29.0296 2728 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:22:29.0421 2728 i8042prt - ok
13:22:29.0484 2728 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:22:29.0562 2728 idsvc - ok
13:22:29.0562 2728 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:22:29.0687 2728 Imapi - ok
13:22:29.0703 2728 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:22:29.0843 2728 ImapiService - ok
13:22:29.0843 2728 ini910u - ok
13:22:29.0875 2728 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
13:22:30.0000 2728 IntelIde - ok
13:22:30.0015 2728 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:22:30.0140 2728 intelppm - ok
13:22:30.0171 2728 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:22:30.0296 2728 Ip6Fw - ok
13:22:30.0328 2728 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:22:30.0453 2728 IpFilterDriver - ok
13:22:30.0468 2728 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:22:30.0578 2728 IpInIp - ok
13:22:30.0609 2728 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:22:30.0734 2728 IpNat - ok
13:22:30.0781 2728 [ CE004777B92DEA56FE14EC900D20BAA4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:22:30.0828 2728 iPod Service - ok
13:22:30.0859 2728 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:22:30.0984 2728 IPSec - ok
13:22:31.0000 2728 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:22:31.0062 2728 IRENUM - ok
13:22:31.0093 2728 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:22:31.0203 2728 isapnp - ok
13:22:31.0343 2728 [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
13:22:31.0484 2728 JavaQuickStarterService - ok
13:22:31.0500 2728 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:22:31.0625 2728 Kbdclass - ok
13:22:31.0656 2728 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:22:31.0796 2728 kmixer - ok
13:22:31.0812 2728 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:22:31.0890 2728 KSecDD - ok
13:22:31.0937 2728 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:22:31.0984 2728 lanmanserver - ok
13:22:32.0031 2728 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:22:32.0062 2728 lanmanworkstation - ok
13:22:32.0062 2728 lbrtfdc - ok
13:22:32.0109 2728 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:22:32.0234 2728 LmHosts - ok
13:22:32.0265 2728 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:22:32.0390 2728 Messenger - ok
13:22:32.0468 2728 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:22:32.0515 2728 Microsoft Office Groove Audit Service - ok
13:22:32.0546 2728 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:22:32.0671 2728 mnmdd - ok
13:22:32.0703 2728 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
13:22:32.0828 2728 mnmsrvc - ok
13:22:32.0859 2728 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:22:33.0000 2728 Modem - ok
13:22:33.0015 2728 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:22:33.0140 2728 Mouclass - ok
13:22:33.0156 2728 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:22:33.0281 2728 MountMgr - ok
13:22:33.0312 2728 [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:22:33.0343 2728 MpFilter - ok
13:22:33.0468 2728 [ A69630D039C38018689190234F866D77 ] MpKslb949757f C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1CE28C7-DC2A-4D05-8A4C-664A3A3608FB}\MpKslb949757f.sys
13:22:33.0484 2728 MpKslb949757f - ok
13:22:33.0484 2728 mraid35x - ok
13:22:33.0500 2728 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:22:33.0625 2728 MRxDAV - ok
13:22:33.0671 2728 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:22:33.0734 2728 MRxSmb - ok
13:22:33.0781 2728 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
13:22:33.0906 2728 MSDTC - ok
13:22:33.0906 2728 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:22:34.0062 2728 Msfs - ok
13:22:34.0062 2728 MSIServer - ok
13:22:34.0078 2728 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:22:34.0203 2728 MSKSSRV - ok
13:22:34.0250 2728 [ 37F77AEBFF23A99D1BFB4F34CD2D07F2 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
13:22:34.0265 2728 MsMpSvc - ok
13:22:34.0296 2728 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:22:34.0421 2728 MSPCLOCK - ok
13:22:34.0453 2728 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:22:34.0578 2728 MSPQM - ok
13:22:34.0609 2728 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:22:34.0734 2728 mssmbios - ok
13:22:34.0765 2728 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:22:34.0796 2728 Mup - ok
13:22:34.0843 2728 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:22:35.0000 2728 napagent - ok
13:22:35.0031 2728 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:22:35.0156 2728 NDIS - ok
13:22:35.0171 2728 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:22:35.0234 2728 NdisTapi - ok
13:22:35.0250 2728 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:22:35.0375 2728 Ndisuio - ok
13:22:35.0375 2728 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:22:35.0515 2728 NdisWan - ok
13:22:35.0546 2728 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:22:35.0609 2728 NDProxy - ok
13:22:35.0625 2728 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:22:35.0765 2728 NetBIOS - ok
13:22:35.0781 2728 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:22:35.0906 2728 NetBT - ok
13:22:35.0937 2728 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:22:36.0078 2728 NetDDE - ok
13:22:36.0093 2728 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:22:36.0203 2728 NetDDEdsdm - ok
13:22:36.0234 2728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:22:36.0359 2728 Netlogon - ok
13:22:36.0390 2728 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:22:36.0515 2728 Netman - ok
13:22:36.0546 2728 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:22:36.0562 2728 NetTcpPortSharing - ok
13:22:36.0609 2728 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:22:36.0625 2728 Nla - ok
13:22:36.0656 2728 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:22:36.0796 2728 Npfs - ok
13:22:36.0828 2728 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:22:36.0968 2728 Ntfs - ok
13:22:36.0984 2728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:22:37.0109 2728 NtLmSsp - ok
13:22:37.0140 2728 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:22:37.0296 2728 NtmsSvc - ok
13:22:37.0312 2728 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:22:37.0437 2728 Null - ok
13:22:37.0468 2728 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:22:37.0593 2728 NwlnkFlt - ok
13:22:37.0609 2728 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:22:37.0734 2728 NwlnkFwd - ok
13:22:37.0828 2728 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:22:37.0859 2728 odserv - ok
13:22:37.0890 2728 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:22:37.0906 2728 ose - ok
13:22:37.0937 2728 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:22:38.0062 2728 Parport - ok
13:22:38.0078 2728 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:22:38.0218 2728 PartMgr - ok
13:22:38.0250 2728 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:22:38.0359 2728 ParVdm - ok
13:22:38.0375 2728 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:22:38.0500 2728 PCI - ok
13:22:38.0500 2728 PCIDump - ok
13:22:38.0515 2728 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
13:22:38.0640 2728 PCIIde - ok
13:22:38.0656 2728 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:22:38.0781 2728 Pcmcia - ok
13:22:38.0796 2728 PDCOMP - ok
13:22:38.0796 2728 PDFRAME - ok
13:22:38.0796 2728 PDRELI - ok
13:22:38.0812 2728 PDRFRAME - ok
13:22:38.0812 2728 perc2 - ok
13:22:38.0828 2728 perc2hib - ok
13:22:38.0843 2728 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:22:38.0875 2728 PlugPlay - ok
13:22:38.0875 2728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:22:39.0000 2728 PolicyAgent - ok
13:22:39.0015 2728 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:22:39.0156 2728 PptpMiniport - ok
13:22:39.0171 2728 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
13:22:39.0296 2728 Processor - ok
13:22:39.0296 2728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:22:39.0421 2728 ProtectedStorage - ok
13:22:39.0421 2728 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:22:39.0546 2728 PSched - ok
13:22:39.0562 2728 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:22:39.0703 2728 Ptilink - ok
13:22:39.0718 2728 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:22:39.0734 2728 PxHelp20 - ok
13:22:39.0734 2728 ql1080 - ok
13:22:39.0750 2728 Ql10wnt - ok
13:22:39.0750 2728 ql12160 - ok
13:22:39.0765 2728 ql1240 - ok
13:22:39.0765 2728 ql1280 - ok
13:22:39.0796 2728 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:22:39.0906 2728 RasAcd - ok
13:22:39.0953 2728 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:22:40.0062 2728 RasAuto - ok
13:22:40.0093 2728 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:22:40.0218 2728 Rasl2tp - ok
13:22:40.0250 2728 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:22:40.0390 2728 RasMan - ok
13:22:40.0390 2728 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:22:40.0531 2728 RasPppoe - ok
13:22:40.0546 2728 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:22:40.0671 2728 Raspti - ok
13:22:40.0703 2728 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:22:40.0828 2728 Rdbss - ok
13:22:40.0843 2728 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:22:40.0968 2728 RDPCDD - ok
13:22:41.0000 2728 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:22:41.0140 2728 rdpdr - ok
13:22:41.0171 2728 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:22:41.0250 2728 RDPWD - ok
13:22:41.0281 2728 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:22:41.0406 2728 RDSessMgr - ok
13:22:41.0437 2728 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:22:41.0546 2728 redbook - ok
13:22:41.0578 2728 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:22:41.0718 2728 RemoteAccess - ok
13:22:41.0750 2728 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:22:41.0875 2728 RemoteRegistry - ok
13:22:41.0906 2728 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:22:42.0031 2728 RpcLocator - ok
13:22:42.0062 2728 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:22:42.0109 2728 RpcSs - ok
13:22:42.0156 2728 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:22:42.0281 2728 RSVP - ok
13:22:42.0296 2728 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:22:42.0421 2728 SamSs - ok
13:22:42.0453 2728 [ BD26A150DC292913E48EE2B950372DFD ] Samsung UPD Service C:\WINDOWS\system32\SUPDSvc.exe
13:22:42.0468 2728 Samsung UPD Service - ok
13:22:42.0484 2728 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:22:42.0625 2728 SCardSvr - ok
13:22:42.0656 2728 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:22:42.0781 2728 Schedule - ok
13:22:42.0843 2728 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:22:42.0890 2728 Secdrv - ok
13:22:42.0906 2728 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:22:43.0046 2728 seclogon - ok
13:22:43.0062 2728 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:22:43.0203 2728 SENS - ok
13:22:43.0218 2728 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:22:43.0343 2728 serenum - ok
13:22:43.0343 2728 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:22:43.0484 2728 Serial - ok
13:22:43.0500 2728 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:22:43.0625 2728 Sfloppy - ok
13:22:43.0671 2728 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:22:43.0828 2728 SharedAccess - ok
13:22:43.0843 2728 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:22:43.0890 2728 ShellHWDetection - ok
13:22:43.0890 2728 Simbad - ok
13:22:43.0937 2728 [ FA3368A7039F5ABAA4B933703AC34763 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
13:22:44.0000 2728 smwdm - ok
13:22:44.0031 2728 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
13:22:44.0046 2728 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning
13:22:44.0046 2728 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
13:22:44.0046 2728 Sparrow - ok
13:22:44.0078 2728 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:22:44.0218 2728 splitter - ok
13:22:44.0250 2728 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:22:44.0281 2728 Spooler - ok
13:22:44.0312 2728 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:22:44.0390 2728 sr - ok
13:22:44.0406 2728 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:22:44.0468 2728 srservice - ok
13:22:44.0500 2728 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:22:44.0609 2728 Srv - ok
13:22:44.0625 2728 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:22:44.0703 2728 SSDPSRV - ok
13:22:44.0843 2728 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
13:22:44.0968 2728 StillCam - ok
13:22:45.0031 2728 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:22:45.0171 2728 stisvc - ok
13:22:45.0187 2728 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:22:45.0312 2728 swenum - ok
13:22:45.0343 2728 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:22:45.0468 2728 swmidi - ok
13:22:45.0484 2728 SwPrv - ok
13:22:45.0484 2728 symc810 - ok
13:22:45.0500 2728 symc8xx - ok
13:22:45.0500 2728 sym_hi - ok
13:22:45.0500 2728 sym_u3 - ok
13:22:45.0531 2728 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:22:45.0656 2728 sysaudio - ok
13:22:45.0703 2728 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:22:45.0828 2728 SysmonLog - ok
13:22:45.0875 2728 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:22:45.0984 2728 TapiSrv - ok
13:22:46.0015 2728 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:22:46.0062 2728 Tcpip - ok
13:22:46.0093 2728 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:22:46.0234 2728 TDPIPE - ok
13:22:46.0250 2728 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:22:46.0359 2728 TDTCP - ok
13:22:46.0375 2728 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:22:46.0500 2728 TermDD - ok
13:22:46.0531 2728 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:22:46.0656 2728 TermService - ok
13:22:46.0687 2728 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:22:46.0703 2728 Themes - ok
13:22:46.0734 2728 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
13:22:46.0796 2728 TlntSvr - ok
13:22:46.0812 2728 TosIde - ok
13:22:46.0828 2728 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:22:46.0968 2728 TrkWks - ok
13:22:46.0984 2728 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:22:47.0125 2728 Udfs - ok
13:22:47.0125 2728 ultra - ok
13:22:47.0156 2728 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:22:47.0296 2728 Update - ok
13:22:47.0312 2728 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:22:47.0375 2728 upnphost - ok
13:22:47.0406 2728 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:22:47.0531 2728 UPS - ok
13:22:47.0562 2728 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
13:22:47.0656 2728 USBAAPL - ok
13:22:47.0687 2728 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:22:47.0812 2728 usbccgp - ok
13:22:47.0828 2728 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:22:47.0968 2728 usbehci - ok
13:22:48.0000 2728 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:22:48.0125 2728 usbhub - ok
13:22:48.0156 2728 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:22:48.0281 2728 usbprint - ok
13:22:48.0296 2728 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:22:48.0421 2728 usbscan - ok
13:22:48.0453 2728 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:22:48.0578 2728 USBSTOR - ok
13:22:48.0609 2728 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:22:48.0718 2728 usbuhci - ok
13:22:48.0734 2728 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:22:48.0859 2728 VgaSave - ok
13:22:48.0859 2728 ViaIde - ok
13:22:48.0906 2728 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:22:49.0031 2728 VolSnap - ok
13:22:49.0062 2728 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:22:49.0140 2728 VSS - ok
13:22:49.0171 2728 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
13:22:49.0281 2728 W32Time - ok
13:22:49.0296 2728 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:22:49.0437 2728 Wanarp - ok
13:22:49.0468 2728 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
13:22:49.0500 2728 WDC_SAM - ok
13:22:49.0515 2728 WDICA - ok
13:22:49.0531 2728 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:22:49.0640 2728 wdmaud - ok
13:22:49.0671 2728 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:22:49.0812 2728 WebClient - ok
13:22:49.0875 2728 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:22:50.0000 2728 winmgmt - ok
13:22:50.0046 2728 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:22:50.0125 2728 WmdmPmSN - ok
13:22:50.0156 2728 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
13:22:50.0203 2728 Wmi - ok
13:22:50.0218 2728 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:22:50.0343 2728 WmiAcpi - ok
13:22:50.0375 2728 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:22:50.0500 2728 WmiApSrv - ok
13:22:50.0562 2728 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
13:22:50.0640 2728 WMPNetworkSvc - ok
13:22:50.0671 2728 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
13:22:50.0796 2728 wscsvc - ok
13:22:50.0828 2728 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:22:50.0968 2728 wuauserv - ok
13:22:51.0000 2728 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:22:51.0046 2728 WudfPf - ok
13:22:51.0078 2728 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:22:51.0093 2728 WudfRd - ok
13:22:51.0125 2728 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:22:51.0156 2728 WudfSvc - ok
13:22:51.0187 2728 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:22:51.0359 2728 WZCSVC - ok
13:22:51.0375 2728 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:22:51.0531 2728 xmlprov - ok
13:22:51.0531 2728 ================ Scan global ===============================
13:22:51.0562 2728 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:22:51.0593 2728 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
13:22:51.0609 2728 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
13:22:51.0625 2728 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:22:51.0625 2728 [Global] - ok
13:22:51.0625 2728 ================ Scan MBR ==================================
13:22:51.0640 2728 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:22:51.0921 2728 \Device\Harddisk0\DR0 - ok
13:22:51.0921 2728 ================ Scan VBR ==================================
13:22:51.0953 2728 [ 2ABD3E1B3AC9EBECFF4629E2893F187C ] \Device\Harddisk0\DR0\Partition1
13:22:51.0953 2728 \Device\Harddisk0\DR0\Partition1 - ok
13:22:51.0968 2728 [ A5329B3D74D887AFC6F6B2B9F5043C7A ] \Device\Harddisk0\DR0\Partition2
13:22:51.0968 2728 \Device\Harddisk0\DR0\Partition2 - ok
13:22:51.0968 2728 ============================================================
13:22:51.0968 2728 Scan finished
13:22:51.0968 2728 ============================================================
13:22:52.0078 2892 Detected object count: 10
13:22:52.0078 2892 Actual detected object count: 10
13:24:10.0421 2892 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
13:24:10.0421 2892 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
13:24:10.0421 2892 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:10.0421 2892 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:10.0421 2892 ctac32k ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:10.0421 2892 ctac32k ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:10.0421 2892 ctdvda2k ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:10.0421 2892 ctdvda2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:10.0421 2892 ctprxy2k ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:10.0421 2892 ctprxy2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:10.0421 2892 ctsfm2k ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:10.0421 2892 ctsfm2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:10.0437 2892 emupia ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:10.0437 2892 emupia ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:10.0437 2892 ha10kx2k ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:10.0437 2892 ha10kx2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:10.0437 2892 hap16v2k ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:10.0437 2892 hap16v2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:10.0437 2892 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:10.0437 2892 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:27:01.0390 1432 Deinitialize success

kuttus · Jul 15, 2013

Please run the following utility so that I can get a log of your system...
STEP 1 : Run a scan with Combofix

Please read and follow very carefully the below instructions

Download ComboFix from one of the following locations:

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
----------------------------------------------------------------
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

<ul>
<li>Close any open browsers.</li>
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
<>Very Important!</> Temporarily <>disable</> your <>anti-virus</>, <>script blocking</> and any <>anti-malware</> real-time protection <>before</> performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".</li>
<li><>WARNING: Combofix will disconnect your machine from the Internet as soon as it starts</>.Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.</li>
</ul>
-----------------------------------------------------------------

How to run the Combofix scan :

Double click on ComboFix.exe & follow the prompts.

Accept the disclaimer and allow to update if it asks

When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Additional notes:
<ol><li> Do not mouse-click Combofix's window while it is running. That may cause it to stall.</li>
<li> Do not "re-run" Combofix. If you have a problem, reply back for further instructions.</li>
<li> If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.</li></ol>

<hr />

mel_1396 · Jul 15, 2013

I'm not sure if this is the right log, because Combofix was a bit slow to respond. But nonetheless, here is the log

ComboFix 13-07-15.01 - Melissa Fan 15/07/2013 20:27:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2048.1537 [GMT -4:00]
Running from: c:\documents and settings\Melissa Fan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Melissa Fan\Recent\Thumbs.db
c:\windows\system32\msssc.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-06-16 to 2013-07-16 )))))))))))))))))))))))))))))))
.
.
2013-07-15 17:21 . 2013-07-15 17:21 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1CE28C7-DC2A-4D05-8A4C-664A3A3608FB}\MpKslb949757f.sys
2013-07-15 17:16 . 2013-06-12 04:18 7068072 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1CE28C7-DC2A-4D05-8A4C-664A3A3608FB}\mpengine.dll
2013-07-14 16:35 . 2013-07-14 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-07-13 21:16 . 2013-06-12 04:18 7068072 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-13 00:59 . 2013-07-13 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-07-13 00:23 . 2013-07-13 00:23 -------- d-----w- C:\_OTL
2013-07-02 16:58 . 2013-07-02 16:58 -------- d-----w- c:\documents and settings\Melissa Fan\Local Settings\Application Data\VS Revo Group
2013-07-02 16:57 . 2013-07-02 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\VS Revo Group
2013-06-29 17:22 . 2013-06-29 17:22 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-29 17:22 . 2013-06-29 17:22 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-29 17:22 . 2013-06-29 17:22 -------- d-----w- c:\program files\Java
2013-06-27 21:16 . 2013-06-27 21:16 -------- d-----w- c:\windows\system32\Extensions
2013-06-27 21:16 . 2013-06-27 21:16 -------- d-----w- c:\windows\system32\searchplugins
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-29 17:22 . 2012-06-02 21:01 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-29 17:22 . 2012-06-02 21:01 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-19 01:50 . 2012-08-31 03:03 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-11 23:42 . 2012-04-01 15:50 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 23:42 . 2011-05-13 20:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-11 23:42 . 2013-06-11 23:42 8610696 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-08 03:55 . 2004-08-03 20:59 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-03 22:56 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-03 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-03 22:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-03 22:56 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-03 21:17 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-09 04:28 . 2009-01-31 00:35 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-03 01:30 . 2004-08-03 21:18 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28 . 2012-12-05 22:54 238872 ------w- c:\windows\system32\MpSigStub.exe
2011-05-23 00:24 . 2011-05-23 00:24 956344 ----a-w- c:\program files\SaveAsPDFandXPS.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2005-11-09 25600]
"Akamai NetSession Interface"="c:\documents and settings\Melissa Fan\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]
"AsioReg"="CTASIO.DLL" [2005-11-09 73728]
"CTHelper"="CTHELPER.EXE" [2003-06-20 24576]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-09 18944]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-09-06 344064]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE" [2009-06-18 479232]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Linda\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\Melissa Fan\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe /noballoononstart [2011-2-27 390432]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Melissa Fan\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
R1 MpKslb949757f;MpKslb949757f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1CE28C7-DC2A-4D05-8A4C-664A3A3608FB}\MpKslb949757f.sys [15/07/2013 1:21 PM 29904]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [30/09/2010 4:06 AM 169408]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [03/08/2004 6:56 PM 14336]
S0 DasBoot;Panda AntiMalware Support;\SystemRoot\\SystemRoot\system32\drivers\DasBoot.SYS --> \SystemRoot\\SystemRoot\system32\drivers\DasBoot.SYS [?]
S0 DasBootF;Panda AntiMalware Support MF;\SystemRoot\\SystemRoot\system32\drivers\DasBootF.SYS --> \SystemRoot\\SystemRoot\system32\drivers\DasBootF.SYS [?]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [11/12/2011 4:49 PM 131888]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [25/12/2010 12:00 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 08519308
*NewlyCreated* - MPKSLB949757F
*Deregistered* - 08519308
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 21:11 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 23:42]
.
2010-12-03 c:\windows\Tasks\AdobeAAMUpdater-1.0-MELISSA-Melissa Fan.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-05-28 21:42]
.
2013-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-12 21:51]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-12 21:51]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-UnlockerAssistant - c:\documents and settings\Melissa Fan\Desktop\Unlocker\UnlockerAssistant.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-15 20:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-07-15 20:35:30
ComboFix-quarantined-files.txt 2013-07-16 00:35
.
Pre-Run: 23,201,218,560 bytes free
Post-Run: 23,161,704,448 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4F49DC2BA993AE4295D059508D55D118
8F558EB6672622401DA993E1E865C861

Babylon Removal

New Member

Level 2

New Member

Level 2

New Member

Level 2

New Member

Level 2

New Member

Level 2

New Member

Level 2

New Member

New Member

Level 2

New Member

Level 2

New Member

Level 2

New Member

Similar threads