moneypak or Ice virus trying to use farbar

S

shanks0510

New Member
Thread author
Jun 27, 2013
6
need help getting rid of virus using farbar here is my recent scan

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2013 02
Ran by Administrator (administrator) on 27-06-2013 17:38:56
Running from G:\
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [213936 2006-05-16] (Macrovision Corporation)
HKLM\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler [213936 2006-05-16] (Macrovision Corporation)
HKLM\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [x]
HKLM\...\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall [1121792 2005-08-12] (McAfee, Inc.)
HKLM\...\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300" [99840 2003-06-04] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R300" [99840 2003-06-04] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [901800 2011-11-17] (Ask)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
MountPoints2: {361ac05d-0e0d-11da-9aa9-806d6172696f} - E:\setup.exe
HKU\Rick.DBVW4W91\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [x]
HKU\Rick.DBVW4W91\...\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [x]
HKU\Rick.DBVW4W91\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [x]
HKU\Rick.DBVW4W91\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKU\user1\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\user1\...\Command Processor: "C:\DOCUME~1\user1\LOCALS~1\Temp\snoafeedeyfctetvc.exe" <===== ATTENTION!
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk
ShortcutTarget: Wireless Configuration Utility HW.15.lnk -> C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe ()
Startup: C:\Documents and Settings\Rick.DBVW4W91\Start Menu\Programs\Startup\Registry Defender Platinum.lnk
ShortcutTarget: Registry Defender Platinum.lnk -> C:\Program Files\Registry Defender Platinum\RegistryDefender.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm133YYus&ptnrS=YKxdm133YYus&ptb=EFE1E13C-2FEB-4A29-ACD9-C2824D8FDE2D&psa=&ind=2012101415&st=sb&n=77ee3b27&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope value is missing.
BHO: Produtools Manuals Toolbar - {16bb67e0-6319-4077-be84-f41269e051f3} - C:\Program Files\Produtools_Manuals\prxtbPro2.dll (Conduit Ltd.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Vgrabber v1.5 Toolbar - {73507124-6acd-43aa-b749-c3bcfefbea97} - C:\Program Files\Vgrabber_v1.5\prxtbVgr2.dll (Conduit Ltd.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Produtools Manuals Toolbar - {16bb67e0-6319-4077-be84-f41269e051f3} - C:\Program Files\Produtools_Manuals\prxtbPro2.dll (Conduit Ltd.)
Toolbar: HKLM - Vgrabber v1.5 Toolbar - {73507124-6acd-43aa-b749-c3bcfefbea97} - C:\Program Files\Vgrabber_v1.5\prxtbVgr2.dll (Conduit Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 18 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 19 mswsock.dll File Not found (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel(R) Corporation)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2008-06-18] (Meetinghouse Data Communications)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302812 2005-10-14] (Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-06-09] (Malwarebytes Corporation)
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [23680 2007-06-18] (Motorola)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 rtl8185; C:\Windows\System32\DRIVERS\rtl8185.sys [306304 2007-01-29] (Realtek Semiconductor Corporation )
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 Atdisk; No ImagePath
S3 bvrp_pci; No ImagePath
S3 CA561; System32\Drivers\SPCA561.SYS [x]
S1 Changer; No ImagePath
S1 lbrtfdc; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 Simbad; No ImagePath
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]
S3 WDICA; No ImagePath

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-06-26 22:42 - 2013-06-27 07:02 - 00000000 ____D C:\FRST
2013-06-26 22:41 - 2013-06-26 22:41 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-26 18:10 - 2013-06-26 18:10 - 00000000 ____D C:\Windows\CSC
2013-06-26 17:19 - 2013-06-27 17:38 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-26 17:19 - 2013-06-27 12:52 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-26 17:19 - 2006-04-25 00:18 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Corel
2013-06-26 17:19 - 2006-04-25 00:15 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent
2013-06-26 17:19 - 2006-04-25 00:15 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Musicmatch
2013-06-26 17:19 - 2006-04-25 00:13 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Symantec
2013-06-26 17:19 - 2006-04-25 00:12 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\CCWin
2013-06-26 17:19 - 2006-04-25 00:08 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software
2013-06-26 17:19 - 2006-04-25 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2013-06-26 17:19 - 2006-04-25 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Sun
2013-06-26 17:19 - 2005-08-16 19:52 - 00000136 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
2013-06-26 17:19 - 2005-08-16 03:52 - 00001298 ____A C:\Documents and Settings\Administrator\Desktop\Media Center.lnk
2013-06-26 17:19 - 2005-08-16 03:33 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini
2013-06-26 13:32 - 2008-04-13 18:11 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\hidserv.dll
2013-06-26 13:32 - 2008-04-13 18:11 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hidserv.dll
2013-06-21 12:53 - 2013-06-21 12:53 - 00009227 ____A C:\Documents and Settings\user1\My Documents\Your Loan is Conditionally Approved!.eml
2013-06-09 18:56 - 2013-06-09 18:56 - 00013074 ____A C:\Documents and Settings\user1\hs_err_pid5944.log
2013-06-09 18:52 - 2013-06-09 18:52 - 00012849 ____A C:\Documents and Settings\user1\hs_err_pid4104.log
2013-06-09 18:27 - 2013-06-09 18:27 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-06-09 18:20 - 2013-06-09 18:20 - 00012587 ____A C:\Documents and Settings\user1\hs_err_pid1044.log
2013-06-09 18:19 - 2013-06-09 18:19 - 00012856 ____A C:\Documents and Settings\user1\hs_err_pid2364.log
2013-06-08 11:29 - 2013-06-08 11:29 - 00086535 ____A C:\Windows\unins000.dat
2013-06-08 11:29 - 2013-06-08 11:29 - 00000009 ____A C:\END
2013-06-08 11:29 - 2013-06-08 11:29 - 00000000 ____D C:\Program Files\vGrabber-software
2013-06-08 11:29 - 2013-06-08 11:27 - 01169609 ____A C:\Windows\unins000.exe
2013-06-08 11:28 - 2013-06-23 11:41 - 00000000 ____D C:\Program Files\Vgrabber_v1.5
2013-06-08 11:28 - 2013-06-23 11:41 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Vgrabber_v1.5
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Program Files\SearchProtect
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\CRE
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Application Data\SearchProtect
2013-06-08 11:28 - 2013-05-08 00:10 - 00770384 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100.dll
2013-06-08 11:28 - 2013-05-08 00:10 - 00421200 ____A (Microsoft Corporation) C:\Windows\System32\msvcp100.dll

==================== One Month Modified Files and Folders ========

2013-06-27 17:38 - 2013-06-26 17:19 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-27 17:38 - 2005-08-16 03:49 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-27 17:32 - 2005-08-16 03:49 - 00032514 ____A C:\Windows\SchedLgU.Txt
2013-06-27 17:32 - 2005-08-16 03:49 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-27 17:31 - 2012-12-09 15:13 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-27 17:31 - 2009-11-11 15:25 - 00000178 __ASH C:\Documents and Settings\user1\ntuser.ini
2013-06-27 17:31 - 2009-11-11 15:25 - 00000062 __ASH C:\Documents and Settings\user1\Local Settings\desktop.ini
2013-06-27 17:31 - 2005-08-16 03:49 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-27 17:31 - 2005-08-16 03:40 - 01641136 ____A C:\Windows\WindowsUpdate.log
2013-06-27 17:31 - 2005-08-16 03:38 - 00000000 ____D C:\Windows\Registration
2013-06-27 17:31 - 2005-08-16 03:35 - 00000216 ____A C:\Windows\wiadebug.log
2013-06-27 17:31 - 2005-08-16 03:35 - 00000049 ____A C:\Windows\wiaservc.log
2013-06-27 17:24 - 2012-01-11 10:24 - 00000234 ____A C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job
2013-06-27 16:34 - 2012-12-09 15:13 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-27 16:30 - 2012-08-29 19:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-27 16:19 - 2005-08-16 03:18 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-06-27 12:52 - 2013-06-26 17:19 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-27 07:02 - 2013-06-26 22:42 - 00000000 ____D C:\FRST
2013-06-26 22:41 - 2013-06-26 22:41 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-26 21:40 - 2009-11-11 13:16 - 00398358 ____A C:\Windows\setupapi.log
2013-06-26 21:40 - 2006-04-24 23:51 - 00013538 ____A C:\Windows\setupact.log
2013-06-26 18:10 - 2013-06-26 18:10 - 00000000 ____D C:\Windows\CSC
2013-06-23 18:24 - 2008-01-02 15:55 - 00000230 ____A C:\Windows\RTacDbg.txt
2013-06-23 11:41 - 2013-06-08 11:28 - 00000000 ____D C:\Program Files\Vgrabber_v1.5
2013-06-23 11:41 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Vgrabber_v1.5
2013-06-21 15:22 - 2012-07-15 21:13 - 00001436 ____A C:\Documents and Settings\user1\My Documents\download.qfx
2013-06-21 12:53 - 2013-06-21 12:53 - 00009227 ____A C:\Documents and Settings\user1\My Documents\Your Loan is Conditionally Approved!.eml
2013-06-20 06:39 - 2013-05-14 08:18 - 00001813 ____A C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-06-15 07:31 - 2010-03-05 14:44 - 00000000 ____D C:\Documents and Settings\user1\Application Data\Adobe
2013-06-12 15:30 - 2012-08-29 19:49 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 15:30 - 2012-08-29 19:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-09 19:02 - 2012-09-12 11:07 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-06-09 18:56 - 2013-06-09 18:56 - 00013074 ____A C:\Documents and Settings\user1\hs_err_pid5944.log
2013-06-09 18:52 - 2013-06-09 18:52 - 00012849 ____A C:\Documents and Settings\user1\hs_err_pid4104.log
2013-06-09 18:27 - 2013-06-09 18:27 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-06-09 18:20 - 2013-06-09 18:20 - 00012587 ____A C:\Documents and Settings\user1\hs_err_pid1044.log
2013-06-09 18:19 - 2013-06-09 18:19 - 00012856 ____A C:\Documents and Settings\user1\hs_err_pid2364.log
2013-06-08 20:00 - 2011-09-17 18:16 - 00000404 ____A C:\Windows\Tasks\Registry Winner Schedule.job
2013-06-08 11:42 - 2005-08-16 03:38 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-08 11:39 - 2005-08-16 03:33 - 00476650 ___AC C:\Windows\System32\PerfStringBackup.INI
2013-06-08 11:30 - 2012-03-13 16:14 - 00000000 ____D C:\Documents and Settings\user1\Application Data\PriceGong
2013-06-08 11:29 - 2013-06-08 11:29 - 00086535 ____A C:\Windows\unins000.dat
2013-06-08 11:29 - 2013-06-08 11:29 - 00000009 ____A C:\END
2013-06-08 11:29 - 2013-06-08 11:29 - 00000000 ____D C:\Program Files\vGrabber-software
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Program Files\SearchProtect
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\CRE
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Application Data\SearchProtect
2013-06-08 11:28 - 2012-03-13 16:08 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Conduit
2013-06-08 11:27 - 2013-06-08 11:29 - 01169609 ____A C:\Windows\unins000.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

Now please download this file and save it to your Flash Drive.

[attachment=4976]

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.
 

Attachments

  • fixlist.txt
    3.1 KB · Views: 115
S

shanks0510

New Member
Thread author
Jun 27, 2013
6
kuttus said:
Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

Now please download this file and save it to your Flash Drive.



Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.
Click to expand...
thnx im trying now but i can only do through safe mode command

here is the fix i did a restart but same thing just a white screen

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-06-2013 02
Ran by Administrator at 2013-06-27 19:03:48 Run:6
Running from G:\
Boot Mode: Safe Mode (minimal)

==============================================

HKU\user1\Software\Microsoft\Command Processor\\AutoRun => Value not found.
C:\Documents and Settings\Rick.DBVW4W91\Start Menu\Programs\Startup\Registry Defender Platinum.lnk => Moved successfully.
C:\Program Files\Registry Defender Platinum\RegistryDefender.exe not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510} => Key deleted successfully.
HKCR\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16bb67e0-6319-4077-be84-f41269e051f3} => Key deleted successfully.
HKCR\CLSID\{16bb67e0-6319-4077-be84-f41269e051f3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} => Key deleted successfully.
HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73507124-6acd-43aa-b749-c3bcfefbea97} => Key deleted successfully.
HKCR\CLSID\{73507124-6acd-43aa-b749-c3bcfefbea97} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} => Key deleted successfully.
HKCR\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} => Key deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\desktop.ini => Moved successfully.
C:\Documents and Settings\Administrator\ntuser.ini => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat => Moved successfully.
C:\Documents and Settings\user1\Application Data\SearchProtect => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\desktop.ini => File/Directory not found.
C:\Documents and Settings\NetworkService\Local Settings\desktop.ini => Moved successfully.
C:\Documents and Settings\user1\Local Settings\desktop.ini => Moved successfully.
C:\Documents and Settings\LocalService\Local Settings\desktop.ini => Moved successfully.
C:\Documents and Settings\Administrator\ntuser.ini => File/Directory not found.
C:\Documents and Settings\user1\Application Data\SearchProtect => File/Directory not found.
C:\Documents and Settings\user1\Local Settings\Application Data\Conduit => Moved successfully.
C:\Program Files\SearchProtect => Moved successfully.

==== End of Fixlog ====
 
S

shanks0510

New Member
Thread author
Jun 27, 2013
6
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-06-2013 02
Ran by Administrator at 2013-06-27 19:03:48 Run:6
Running from G:\
Boot Mode: Safe Mode (minimal)

==============================================

HKU\user1\Software\Microsoft\Command Processor\\AutoRun => Value not found.
C:\Documents and Settings\Rick.DBVW4W91\Start Menu\Programs\Startup\Registry Defender Platinum.lnk => Moved successfully.
C:\Program Files\Registry Defender Platinum\RegistryDefender.exe not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510} => Key deleted successfully.
HKCR\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16bb67e0-6319-4077-be84-f41269e051f3} => Key deleted successfully.
HKCR\CLSID\{16bb67e0-6319-4077-be84-f41269e051f3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} => Key deleted successfully.
HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73507124-6acd-43aa-b749-c3bcfefbea97} => Key deleted successfully.
HKCR\CLSID\{73507124-6acd-43aa-b749-c3bcfefbea97} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} => Key deleted successfully.
HKCR\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} => Key deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\desktop.ini => Moved successfully.
C:\Documents and Settings\Administrator\ntuser.ini => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat => Moved successfully.
C:\Documents and Settings\user1\Application Data\SearchProtect => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\desktop.ini => File/Directory not found.
C:\Documents and Settings\NetworkService\Local Settings\desktop.ini => Moved successfully.
C:\Documents and Settings\user1\Local Settings\desktop.ini => Moved successfully.
C:\Documents and Settings\LocalService\Local Settings\desktop.ini => Moved successfully.
C:\Documents and Settings\Administrator\ntuser.ini => File/Directory not found.
C:\Documents and Settings\user1\Application Data\SearchProtect => File/Directory not found.
C:\Documents and Settings\user1\Local Settings\Application Data\Conduit => Moved successfully.
C:\Program Files\SearchProtect => Moved successfully.

==== End of Fixlog ====

i did a restart and same thing just a white screen
 
S

shanks0510

New Member
Thread author
Jun 27, 2013
6
heres a scan with the optional checklist like bcd m5d ect..maybe that will help thanks

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2013 02
Ran by Administrator (administrator) on 27-06-2013 21:28:41
Running from G:\
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [213936 2006-05-16] (Macrovision Corporation)
HKLM\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler [213936 2006-05-16] (Macrovision Corporation)
HKLM\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [x]
HKLM\...\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall [1121792 2005-08-12] (McAfee, Inc.)
HKLM\...\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300" [99840 2003-06-04] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R300" [99840 2003-06-04] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [901800 2011-11-17] (Ask)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
MountPoints2: {361ac05d-0e0d-11da-9aa9-806d6172696f} - E:\setup.exe
HKU\Rick.DBVW4W91\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [x]
HKU\Rick.DBVW4W91\...\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [x]
HKU\Rick.DBVW4W91\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [x]
HKU\Rick.DBVW4W91\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKU\user1\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\user1\...\Command Processor: "C:\DOCUME~1\user1\LOCALS~1\Temp\snoafeedeyfctetvc.exe" <===== ATTENTION!
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk
ShortcutTarget: Wireless Configuration Utility HW.15.lnk -> C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - No Name - {16bb67e0-6319-4077-be84-f41269e051f3} - No File
Toolbar: HKLM - No Name - {73507124-6acd-43aa-b749-c3bcfefbea97} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 18 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 19 mswsock.dll File Not found (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2008-06-18] (Meetinghouse Data Communications)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302812 2005-10-14] (Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-06-09] (Malwarebytes Corporation)
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [23680 2007-06-18] (Motorola)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 rtl8185; C:\Windows\System32\DRIVERS\rtl8185.sys [306304 2007-01-29] (Realtek Semiconductor Corporation )
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 Atdisk; No ImagePath
S3 bvrp_pci; No ImagePath
S3 CA561; System32\Drivers\SPCA561.SYS [x]
S1 Changer; No ImagePath
S1 lbrtfdc; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 Simbad; No ImagePath
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]
S3 WDICA; No ImagePath

========================== Drivers MD5 =======================

C:\Windows\system32\DRIVERS\ABP480N5.SYS 6ABB91494FE6C59089B9336452AB2EA3
C:\Windows\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17
C:\Windows\System32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5
C:\Windows\system32\DRIVERS\adpu160m.sys 9A11864873DA202C996558B2106B0BBC
C:\Windows\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\Windows\System32\DRIVERS\AegisP.sys 58A8273918EEF2BF9204B12ED171513A
C:\Windows\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9
C:\Windows\system32\DRIVERS\agp440.sys 08FD04AA961BDC77FB983F328334E3D7
C:\Windows\system32\DRIVERS\agpCPQ.sys 03A7E0922ACFE1B07D5DB2EEB0773063
C:\Windows\system32\DRIVERS\aha154x.sys C23EA9B5F46C7F7910DB3EAB648FF013
C:\Windows\system32\DRIVERS\aic78u2.sys 19DD0FB48B0C18892F70E2E7D61A1529
C:\Windows\system32\DRIVERS\aic78xx.sys B7FE594A7468AA0132DEB03FB8E34326
C:\Windows\system32\DRIVERS\aliide.sys 1140AB9938809700B46BB88E46D72A96
C:\Windows\system32\DRIVERS\alim1541.sys CB08AED0DE2DD889A8A820CD8082D83C
C:\Windows\system32\DRIVERS\amdagp.sys 95B4FB835E28AA1336CEEB07FD5B9398
C:\Windows\system32\DRIVERS\amsint.sys 79F5ADD8D24BD6893F2903A3E2F3FAD6
C:\Windows\system32\DRIVERS\asc.sys 62D318E9A0C8FC9B780008E724283707
C:\Windows\system32\DRIVERS\asc3350p.sys 69EB0CC7714B32896CCBFD5EDCBEA447
C:\Windows\system32\DRIVERS\asc3550.sys 5D8DE112AA0254B907861E9E9C31D597
C:\Windows\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\Windows\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674
C:\Windows\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\Windows\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\Windows\System32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\Windows\system32\DRIVERS\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\Windows\System32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\Windows\System32\DRIVERS\CCDECODE.sys 0BE5AEF125BE881C4F854C554F2B025C
C:\Windows\system32\DRIVERS\cd20xrnt.sys F3EC03299634490E97BBCE94CD2954C7
C:\Windows\System32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\Windows\System32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\Windows\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE
C:\Windows\system32\DRIVERS\cmdide.sys E5DCB56C533014ECBC556A8357C929D5
C:\Windows\system32\DRIVERS\cpqarray.sys 3EE529119EED34CD212A215E8C40D4B6
C:\Windows\system32\DRIVERS\dac2w2k.sys E550E7418984B65A78299D248F0A7F36
C:\Windows\system32\DRIVERS\dac960nt.sys 683789CAA3864EB46125AE86FF677D34
C:\Windows\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\Windows\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41
C:\Windows\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F
C:\Windows\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\Windows\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\Windows\system32\DRIVERS\dpti2o.sys 40F3B93B4E5B0126F2F5C0A7A5E22660
C:\Windows\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\Windows\System32\DRIVERS\e100b325.sys 95974E66D3DE4951D29E28E8BC0B644C
C:\Windows\System32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\Windows\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\Windows\System32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3
C:\Windows\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\Windows\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\Windows\System32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\Windows\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D
C:\Windows\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\Windows\System32\DRIVERS\HDAudBus.sys 573C7D0A32852B48F3058CFD8026F511
C:\Windows\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1
C:\Windows\system32\DRIVERS\hpn.sys B028377DEA0546A5FCFBA928A8AEFAE0
C:\Windows\System32\DRIVERS\HSFHWBS2.sys 77E4FF0B73BC0AEAAF39BF0C8104231F
C:\Windows\System32\DRIVERS\HSF_DP.sys 60E1604729A15EF4A3B05F298427B3B1
C:\Windows\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38
C:\Windows\System32\Drivers\i2omgmt.sys 9368670BD426EBEA5E8B18A62416EC28
C:\Windows\system32\DRIVERS\i2omp.sys F10863BF1CCC290BABD1A09188AE49E0
C:\Windows\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30
C:\Windows\System32\DRIVERS\ialmnt5.sys 5A8E05F1D5C36ABD58CFFA111EB325EA
C:\Windows\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\Windows\system32\DRIVERS\ini910u.sys 4A40E045FAEE58631FD8D91AFC620719
C:\Windows\System32\DRIVERS\intelide.sys B5466A9250342A7AA0CD1FBA13420678
C:\Windows\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B
C:\Windows\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\Windows\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\Windows\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\Windows\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\Windows\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\Windows\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\Windows\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7
C:\Windows\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128
C:\Windows\System32\DRIVERS\kbdhid.sys 9EF487A186DEA361AA06913A75B3FA99
C:\Windows\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\Windows\System32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1
C:\WINDOWS\system32\drivers\mbamswissarmy.sys 0DB7527DB188C7D967A37BB51BBF3963
C:\Windows\System32\DRIVERS\mdmxsdk.sys EEAEA6514BA7C9D273B5E87C4E1AAB30
C:\Windows\System32\DRIVERS\mhndrv.sys 7F2F1D2815A6449D346FCCCBC569FBD6
C:\Windows\System32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\Windows\System32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1
C:\Windows\System32\drivers\MODEMCSA.sys 1992E0D143B09653AB0F9C5E04B0FD65
C:\Windows\System32\DRIVERS\motccgp.sys A10FA04B73A9D97E5CF77EB1D5A88165
C:\Windows\System32\DRIVERS\motccgpfl.sys AAD6191A4DAA519F04AB12B2AF73E356
C:\Windows\System32\DRIVERS\motmodem.sys FE80C18BA448DDD76B7BEAD9EB203D37
C:\Windows\System32\DRIVERS\motport.sys FE80C18BA448DDD76B7BEAD9EB203D37
C:\Windows\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04
C:\Windows\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685
C:\Windows\System32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\Windows\System32\DRIVERS\MpFilter.sys D993BEA500E7382DC4E760BF4F35EFCB
C:\Windows\system32\DRIVERS\mraid35x.sys 3F4BB95E5A44F3BE34824E8E7CAF0737
C:\Windows\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\Windows\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0
C:\Windows\System32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\Windows\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\Windows\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\Windows\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\Windows\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\Windows\System32\drivers\MSTEE.sys E53736A9E30C45FA9E7B5EAC55056D1D
C:\Windows\System32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5
C:\Windows\System32\DRIVERS\NABTSFEC.sys 5B50F1B2A2ED47D560577B221DA734DB
C:\Windows\System32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\Windows\System32\DRIVERS\NdisIP.sys 7FF1F1FD8609C149AA432F95A8163D97
C:\Windows\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22
C:\Windows\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\Windows\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\Windows\System32\Drivers\NDProxy.sys 9282BD12DFB069D3889EB3FCC1000A9B
C:\Windows\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\Windows\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\Windows\System32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\Windows\System32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\Windows\System32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\Windows\System32\DRIVERS\nv4_mini.sys 2B298519EDBFCF451D43E0F1E8F1006D
C:\Windows\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\Windows\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\Windows\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C
C:\Windows\System32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\Windows\System32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1
C:\Windows\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1
C:\Windows\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0
C:\Windows\System32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1
C:\Windows\system32\DRIVERS\perc2.sys 6C14B9C19BA84F73D3A86DBA11133101
C:\Windows\system32\DRIVERS\perc2hib.sys F50F7C27F131AFE7BEBA13E14A3B9416
C:\Windows\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\Windows\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424
C:\Windows\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\Windows\System32\Drivers\PxHelp20.sys D86B4A68565E444D76457F14172C875A
C:\Windows\system32\DRIVERS\ql1080.sys 0A63FB54039EB5662433CABA3B26DBA7
C:\Windows\system32\DRIVERS\ql10wnt.sys 6503449E1D43A0FF0201AD5CB1B8C706
C:\Windows\system32\DRIVERS\ql12160.sys 156ED0EF20C15114CA097A34A30D8A01
C:\Windows\system32\DRIVERS\ql1240.sys 70F016BEBDE6D29E864C1230A07CC5E6
C:\Windows\system32\DRIVERS\ql1280.sys 907F0AEEA6BC451011611E732BD31FCF
C:\Windows\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\Windows\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\Windows\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\Windows\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\Windows\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\Windows\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\Windows\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1
C:\Windows\System32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7
C:\Windows\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5
C:\Windows\System32\DRIVERS\rtl8185.sys 88B63F291AE10C1B66D2B9ED6921A7DF
C:\Windows\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE
C:\Windows\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7
C:\Windows\System32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\Windows\system32\DRIVERS\sisagp.sys 6B33D0EBD30DB32E27D1D78FE946A754
C:\Windows\System32\DRIVERS\SLIP.sys 866D538EBE33709A5C9F5C62B73B7D14
C:\Windows\system32\DRIVERS\sparrow.sys 83C0F71F86D3BDAF915685F3D568B20E
C:\Windows\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\Windows\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D
C:\Windows\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7
C:\Windows\System32\drivers\sthda.sys 2A2DC39623ADEF8AB3703AB9FAC4B440
C:\Windows\System32\DRIVERS\StreamIP.sys 77813007BA6265C4B6098187E6ED79D2
C:\Windows\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\Windows\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\Windows\system32\DRIVERS\symc810.sys 1FF3217614018630D0A6758630FC698C
C:\Windows\system32\DRIVERS\symc8xx.sys 070E001D95CF725186EF8B20335F933C
C:\Windows\system32\DRIVERS\sym_hi.sys 80AC1C4ABBE2DF3B738BF15517A51F2C
C:\Windows\system32\DRIVERS\sym_u3.sys BF4FAB949A382A8E105F46EBB4937058
C:\Windows\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\Windows\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D
C:\Windows\System32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\Windows\System32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\Windows\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\Windows\system32\DRIVERS\toside.sys F2790F6AF01321B172AA62F8E1E187D9
C:\Windows\System32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\Windows\system32\DRIVERS\ultra.sys 1B698A51CD528D8DA4FFAED66DFC51B9
C:\Windows\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\Windows\System32\DRIVERS\usbccgp.sys 173F317CE0DB8E21322E71B7E60A27E8
C:\Windows\System32\DRIVERS\usbehci.sys 65DCF09D0E37D4C6B11B5B0B76D470A7
C:\Windows\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\Windows\System32\DRIVERS\usbprint.sys A717C8721046828520C9EDF31288FC00
C:\Windows\System32\DRIVERS\usbscan.sys A0B8CF9DEB1184FBDD20784A58FA75D4
C:\Windows\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9
C:\Windows\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6
C:\Windows\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\Windows\system32\DRIVERS\viaagp.sys 754292CE5848B3738281B4F3607EAEF4
C:\Windows\system32\DRIVERS\viaide.sys 3B3EFCDA263B8AC14FDF9CBDD0791B2E
C:\Windows\System32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025
C:\Windows\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\Windows\System32\DRIVERS\Wdf01000.sys FD47474BD21794508AF449D9D91AF6E6
C:\Windows\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F
C:\Windows\System32\DRIVERS\HSF_CNXT.sys F59ED5A43B988A18EF582BB07B2327A7
C:\Windows\System32\DRIVERS\wpdusb.sys CF4DEF1BF66F06964DC0D91844239104
C:\Windows\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8
C:\Windows\System32\DRIVERS\WSTCODEC.SYS C98B39829C2BBD34E454150633C62C78
C:\Windows\System32\DRIVERS\WudfPf.sys F15FEAFFFBB3644CCC80C5DA584E6311
C:\Windows\System32\DRIVERS\wudfrd.sys 28B524262BCE6DE1F7EF9F510BA3985B

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-06-27 21:11 - 2013-06-27 21:28 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-27 20:14 - 2013-06-27 21:28 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-27 20:14 - 2013-06-27 21:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-27 19:05 - 2013-06-27 21:21 - 00000062 __ASH C:\Documents and Settings\user1\Local Settings\desktop.ini
2013-06-27 19:05 - 2013-06-27 21:21 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-27 19:04 - 2013-06-27 21:20 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-27 17:49 - 2013-06-27 17:49 - 00000000 ____A C:\Documents and Settings\Administrator\dir
2013-06-26 22:42 - 2013-06-27 07:02 - 00000000 ____D C:\FRST
2013-06-26 22:41 - 2013-06-26 22:41 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-26 18:10 - 2013-06-26 18:10 - 00000000 ____D C:\Windows\CSC
2013-06-26 17:19 - 2006-04-25 00:18 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Corel
2013-06-26 17:19 - 2006-04-25 00:15 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent
2013-06-26 17:19 - 2006-04-25 00:15 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Musicmatch
2013-06-26 17:19 - 2006-04-25 00:13 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Symantec
2013-06-26 17:19 - 2006-04-25 00:12 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\CCWin
2013-06-26 17:19 - 2006-04-25 00:08 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software
2013-06-26 17:19 - 2006-04-25 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2013-06-26 17:19 - 2006-04-25 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Sun
2013-06-26 17:19 - 2005-08-16 03:52 - 00001298 ____A C:\Documents and Settings\Administrator\Desktop\Media Center.lnk
2013-06-26 17:19 - 2005-08-16 03:33 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini
2013-06-26 13:32 - 2008-04-13 18:11 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\hidserv.dll
2013-06-26 13:32 - 2008-04-13 18:11 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hidserv.dll
2013-06-21 12:53 - 2013-06-21 12:53 - 00009227 ____A C:\Documents and Settings\user1\My Documents\Your Loan is Conditionally Approved!.eml
2013-06-09 18:56 - 2013-06-09 18:56 - 00013074 ____A C:\Documents and Settings\user1\hs_err_pid5944.log
2013-06-09 18:52 - 2013-06-09 18:52 - 00012849 ____A C:\Documents and Settings\user1\hs_err_pid4104.log
2013-06-09 18:27 - 2013-06-09 18:27 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-06-09 18:20 - 2013-06-09 18:20 - 00012587 ____A C:\Documents and Settings\user1\hs_err_pid1044.log
2013-06-09 18:19 - 2013-06-09 18:19 - 00012856 ____A C:\Documents and Settings\user1\hs_err_pid2364.log
2013-06-08 11:29 - 2013-06-08 11:29 - 00086535 ____A C:\Windows\unins000.dat
2013-06-08 11:29 - 2013-06-08 11:29 - 00000009 ____A C:\END
2013-06-08 11:29 - 2013-06-08 11:29 - 00000000 ____D C:\Program Files\vGrabber-software
2013-06-08 11:29 - 2013-06-08 11:27 - 01169609 ____A C:\Windows\unins000.exe
2013-06-08 11:28 - 2013-06-23 11:41 - 00000000 ____D C:\Program Files\Vgrabber_v1.5
2013-06-08 11:28 - 2013-06-23 11:41 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Vgrabber_v1.5
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\CRE
2013-06-08 11:28 - 2013-05-08 00:10 - 00770384 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100.dll
2013-06-08 11:28 - 2013-05-08 00:10 - 00421200 ____A (Microsoft Corporation) C:\Windows\System32\msvcp100.dll

==================== One Month Modified Files and Folders ========

2013-06-27 21:28 - 2013-06-27 21:11 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-27 21:28 - 2013-06-27 20:14 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-27 21:22 - 2013-06-27 20:14 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-27 21:22 - 2009-11-11 15:25 - 00000178 __ASH C:\Documents and Settings\user1\ntuser.ini
2013-06-27 21:22 - 2005-08-16 03:49 - 00032514 ____A C:\Windows\SchedLgU.Txt
2013-06-27 21:22 - 2005-08-16 03:40 - 01643810 ____A C:\Windows\WindowsUpdate.log
2013-06-27 21:22 - 2005-08-16 03:35 - 00000216 ____A C:\Windows\wiadebug.log
2013-06-27 21:22 - 2005-08-16 03:35 - 00000049 ____A C:\Windows\wiaservc.log
2013-06-27 21:21 - 2013-06-27 19:05 - 00000062 __ASH C:\Documents and Settings\user1\Local Settings\desktop.ini
2013-06-27 21:21 - 2013-06-27 19:05 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-27 21:21 - 2005-08-16 03:38 - 00000000 ____D C:\Windows\Registration
2013-06-27 21:20 - 2013-06-27 19:04 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-27 17:49 - 2013-06-27 17:49 - 00000000 ____A C:\Documents and Settings\Administrator\dir
2013-06-27 16:19 - 2005-08-16 03:18 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-06-27 07:02 - 2013-06-26 22:42 - 00000000 ____D C:\FRST
2013-06-26 22:41 - 2013-06-26 22:41 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-26 21:40 - 2009-11-11 13:16 - 00398358 ____A C:\Windows\setupapi.log
2013-06-26 21:40 - 2006-04-24 23:51 - 00013538 ____A C:\Windows\setupact.log
2013-06-26 18:10 - 2013-06-26 18:10 - 00000000 ____D C:\Windows\CSC
2013-06-23 18:24 - 2008-01-02 15:55 - 00000230 ____A C:\Windows\RTacDbg.txt
2013-06-23 11:41 - 2013-06-08 11:28 - 00000000 ____D C:\Program Files\Vgrabber_v1.5
2013-06-23 11:41 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Vgrabber_v1.5
2013-06-21 15:22 - 2012-07-15 21:13 - 00001436 ____A C:\Documents and Settings\user1\My Documents\download.qfx
2013-06-21 12:53 - 2013-06-21 12:53 - 00009227 ____A C:\Documents and Settings\user1\My Documents\Your Loan is Conditionally Approved!.eml
2013-06-20 06:39 - 2013-05-14 08:18 - 00001813 ____A C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-06-15 07:31 - 2010-03-05 14:44 - 00000000 ____D C:\Documents and Settings\user1\Application Data\Adobe
2013-06-12 15:30 - 2012-08-29 19:49 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 15:30 - 2012-08-29 19:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-09 19:02 - 2012-09-12 11:07 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-06-09 18:56 - 2013-06-09 18:56 - 00013074 ____A C:\Documents and Settings\user1\hs_err_pid5944.log
2013-06-09 18:52 - 2013-06-09 18:52 - 00012849 ____A C:\Documents and Settings\user1\hs_err_pid4104.log
2013-06-09 18:27 - 2013-06-09 18:27 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-06-09 18:20 - 2013-06-09 18:20 - 00012587 ____A C:\Documents and Settings\user1\hs_err_pid1044.log
2013-06-09 18:19 - 2013-06-09 18:19 - 00012856 ____A C:\Documents and Settings\user1\hs_err_pid2364.log
2013-06-08 20:00 - 2011-09-17 18:16 - 00000404 ____A C:\Windows\Tasks\Registry Winner Schedule.job
2013-06-08 11:42 - 2005-08-16 03:38 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-08 11:39 - 2005-08-16 03:33 - 00476650 ___AC C:\Windows\System32\PerfStringBackup.INI
2013-06-08 11:30 - 2012-03-13 16:14 - 00000000 ____D C:\Documents and Settings\user1\Application Data\PriceGong
2013-06-08 11:29 - 2013-06-08 11:29 - 00086535 ____A C:\Windows\unins000.dat
2013-06-08 11:29 - 2013-06-08 11:29 - 00000009 ____A C:\END
2013-06-08 11:29 - 2013-06-08 11:29 - 00000000 ____D C:\Program Files\vGrabber-software
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\CRE
2013-06-08 11:27 - 2013-06-08 11:29 - 01169609 ____A C:\Windows\unins000.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

and



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-06-2013 02
Ran by Administrator at 2013-06-27 21:29:58
Running from G:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Installed Programs =======================

924PLC32 (Version: 1.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Reader X (10.1.6) (Version: 10.1.6)
AOLIcon (Version: 1.00.0000)
Ask Toolbar (Version: 1.13.2.0)
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows (Version: 2.0)
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer (Version: 3.0)
Dell Digital Jukebox Driver
Dell Driver Reset Tool (Version: 1.02.0000)
Dell System Restore (Version: 2.00.0000)
ELIcon (Version: 1.00.0000)
EPSON Printer Software
Google Chrome (Version: 27.0.1453.116)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.145)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Indeo® Software
Intel A/V Codecs V2.0
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4410)
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections (Version: 9.20.0000)
Internet Service Offers Launcher (Version: 1.00.0000)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 35 (Version: 6.0.350)
Macromedia Flash Player (Version: 7.0.19.0)
Macromedia Shockwave Player (Version: 10.1.3.18)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MCU (Version: 1.00.0000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Modem Helper (Version: 2.40)
Motorola Driver Installation 3.2.0 (Version: 3.2.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Musicmatch for Windows Media Player (Version: 0.00.000)
MyPC Backup (Version: )
NetWaiting (Version: 2.5.12)
Otto
PCHealthBoost 2.3.0 (Version: 2.3.0)
Produtools Manuals Toolbar (Version: 6.8.5.1)
QuickBooks Premier: Contractor Edition 2006 (Version: )
QuickConnect (Version: 1.00.0000)
QuickTime (Version: 7.3.0.70)
Qwest eChat Support Tools (Version: 4)
Search Protect by conduit (Version: 1.5.0.71)
Sonic Activation Module (Version: 1.0)
Sonic Encoders (Version: 1.00)
Sonic Update Manager (Version: 3.0.0)
TRENDnet TEW-421PC or TEW-423PI (Version: 1.00.0000)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB976749) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
Vgrabber v1.5 Toolbar (Version: 6.13.3.1)
Video Downloader (Version: 1.14)
Video Downloader version 2.0 (Version: 2.0)
WebCyberCoach 3.2 Dell
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WordPerfect Office 12 (Version: 12.01)

==================== Restore Points =========================

30-03-2013 16:13:48 System Checkpoint
02-04-2013 16:32:36 System Checkpoint
17-04-2013 16:09:17 System Checkpoint
29-04-2013 13:22:20 System Checkpoint
07-05-2013 00:17:38 System Checkpoint
22-05-2013 14:22:11 System Checkpoint
24-05-2013 14:48:31 System Checkpoint
28-05-2013 00:02:09 System Checkpoint
29-05-2013 14:23:30 System Checkpoint
10-06-2013 01:30:15 System Checkpoint
11-06-2013 14:10:15 System Checkpoint
19-06-2013 14:08:56 System Checkpoint
27-06-2013 22:49:45 System Checkpoint

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Registry Winner Schedule.job => C:\Program Files\Registry Winner\RegistryWinner.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2013 05:29:14 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: The server name or address could not be resolved

Error: (06/26/2013 05:29:13 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/26/2013 05:29:13 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/23/2013 00:05:38 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/15/2013 07:22:34 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module prxtbvgr0.dll, version 6.13.3.501, fault address 0x00002660.
Processing media-specific event for [iexplore.exe!ws!]

Error: (06/11/2013 10:59:34 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module prxtbvgr0.dll, version 6.13.3.501, fault address 0x00002660.
Processing media-specific event for [iexplore.exe!ws!]

Error: (06/09/2013 06:26:53 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/09/2013 06:26:53 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/09/2013 06:26:53 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/09/2013 06:26:53 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (06/27/2013 09:29:34 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Fips
intelppm
IPSec
MpFilter
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
WS2IFSL

Error: (06/27/2013 09:29:34 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (06/27/2013 09:29:34 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Error: (06/27/2013 09:29:34 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (06/27/2013 09:29:34 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (06/27/2013 09:28:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/27/2013 09:20:49 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/27/2013 09:14:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/27/2013 09:14:12 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/27/2013 09:13:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Fips
intelppm
IPSec
MpFilter
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
WS2IFSL


Microsoft Office Sessions:
=========================
Error: (06/26/2013 05:29:14 PM) (Source: crypt32)(User: )
Description: http://www.download....hrootseq.txtThe server name or address could not be resolved

Error: (06/26/2013 05:29:13 PM) (Source: crypt32)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/26/2013 05:29:13 PM) (Source: crypt32)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/23/2013 00:05:38 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/15/2013 07:22:34 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702prxtbvgr0.dll6.13.3.50100002660

Error: (06/11/2013 10:59:34 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702prxtbvgr0.dll6.13.3.50100002660

Error: (06/09/2013 06:26:53 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/09/2013 06:26:53 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/09/2013 06:26:53 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/09/2013 06:26:53 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 1014.07 MB
Available physical RAM: 827 MB
Total Pagefile: 2445.3 MB
Available Pagefile: 2382.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1964.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:51.21 GB) (Free:32.68 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Backup) (Fixed) (Total:18.61 GB) (Free:18.54 GB) NTFS
Drive g: (HITMANPRO) (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: E686F016)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=51 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=DB)

========================================================
Disk: 1 (Size: 492 MB) (Disk ID: 57F92978)
Partition 1: (Active) - (Size=486 MB) - (Type=0B)

==================== End Of Log ============================
 

Similar threads

K
  • Locked
PowerShell/MaleficAms Powershell Infection Please Help
Replies
2
Views
2,501
Windows Malware Removal Help & Support
nasdaq
nasdaq
F
    • Like
  • Locked
Service Host: Network List Service...Virus?
Replies
11
Views
2,355
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
2,282
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top