Jump to content

sjd

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Ok, done. Here is the combo-fix log: ComboFix 12-05-08.01 - Valued Customer 04/07/2012 8:13.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.133 [GMT -4:00] Running from: c:\documents and settings\Valued Customer\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\dllcache\dlimport.exe . . ((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 ))))))))))))))))))))))))))))))) . . 2012-04-16 16:01 . 2012-04-16 16:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2012-04-11 15:42 . 2012-04-11 15:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2012-04-09 13:43 . 2012-04-09 13:43 -------- d-----w- c:\program files\iPod 2012-04-09 13:43 . 2012-04-09 13:44 -------- d-----w- c:\program files\iTunes 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr 2012-03-18 23:48 . 2012-03-18 23:48 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-03-18 23:48 . 2012-03-18 23:48 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-04 19:56 . 2011-07-26 17:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-01 11:01 . 2006-03-03 22:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01 . 2004-08-04 05:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01 . 2004-08-04 05:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2004-08-04 05:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2004-08-04 05:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2004-08-04 05:00 385024 ----a-w- c:\windows\system32\html.iec 2012-02-03 09:22 . 2004-08-04 05:00 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-12 10:46 . 2011-07-27 03:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-11 19:06 . 2012-02-20 16:57 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2011-01-06 20:30 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-18 23:48 . 2011-07-26 17:34 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-10-06 59240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-08-15 1404928] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] . c:\documents and settings\Valued Customer\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"= "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\Valued Customer\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/26/2011 1:24 PM 654408] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/26/2011 1:23 PM 22344] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 99592903 *Deregistered* - 99592903 . Contents of the 'Scheduled Tasks' folder . 2012-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76 FF - ProfilePath - c:\documents and settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\68syx7ol.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-07 08:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2012-04-07 08:28:14 ComboFix-quarantined-files.txt 2012-04-07 12:28 . Pre-Run: 7,514,894,336 bytes free Post-Run: 9,937,002,496 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 3A75D3E951155F715CCC8AF52D2E2A18
  2. Thanks for the help. I ran tdss and the scan found nothing. Here's the log. 18:58:56.0921 4080 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 18:58:57.0218 4080 ============================================================ 18:58:57.0218 4080 Current date / time: 2012/04/06 18:58:57.0218 18:58:57.0218 4080 SystemInfo: 18:58:57.0218 4080 18:58:57.0218 4080 OS Version: 5.1.2600 ServicePack: 3.0 18:58:57.0218 4080 Product type: Workstation 18:58:57.0218 4080 ComputerName: SUEDELLGX280 18:58:57.0218 4080 UserName: Valued Customer 18:58:57.0218 4080 Windows directory: C:\WINDOWS 18:58:57.0218 4080 System windows directory: C:\WINDOWS 18:58:57.0218 4080 Processor architecture: Intel x86 18:58:57.0218 4080 Number of processors: 2 18:58:57.0218 4080 Page size: 0x1000 18:58:57.0218 4080 Boot type: Normal boot 18:58:57.0218 4080 ============================================================ 18:58:59.0703 4080 Drive \Device\Harddisk0\DR0 - Size: 0x953C94000 (37.31 Gb), SectorSize: 0x200, Cylinders: 0x1306, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 18:58:59.0703 4080 ============================================================ 18:58:59.0703 4080 \Device\Harddisk0\DR0: 18:58:59.0703 4080 MBR partitions: 18:58:59.0703 4080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A98C86 18:58:59.0703 4080 ============================================================ 18:58:59.0734 4080 C: <-> \Device\Harddisk0\DR0\Partition0 18:58:59.0750 4080 ============================================================ 18:58:59.0750 4080 Initialize success 18:58:59.0750 4080 ============================================================ 18:59:20.0421 3520 ============================================================ 18:59:20.0421 3520 Scan started 18:59:20.0421 3520 Mode: Manual; 18:59:20.0421 3520 ============================================================ 18:59:20.0609 3520 Abiosdsk - ok 18:59:20.0609 3520 abp480n5 - ok 18:59:20.0671 3520 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 18:59:20.0687 3520 ACPI - ok 18:59:20.0718 3520 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 18:59:20.0718 3520 ACPIEC - ok 18:59:20.0718 3520 adpu160m - ok 18:59:20.0765 3520 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 18:59:20.0765 3520 aec - ok 18:59:20.0828 3520 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 18:59:20.0828 3520 AFD - ok 18:59:20.0828 3520 Aha154x - ok 18:59:20.0843 3520 aic78u2 - ok 18:59:20.0843 3520 aic78xx - ok 18:59:20.0890 3520 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 18:59:20.0890 3520 Alerter - ok 18:59:20.0906 3520 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 18:59:20.0921 3520 ALG - ok 18:59:20.0921 3520 AliIde - ok 18:59:20.0937 3520 amsint - ok 18:59:21.0078 3520 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:59:21.0078 3520 Apple Mobile Device - ok 18:59:21.0125 3520 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 18:59:21.0140 3520 AppMgmt - ok 18:59:21.0156 3520 asc - ok 18:59:21.0156 3520 asc3350p - ok 18:59:21.0171 3520 asc3550 - ok 18:59:21.0296 3520 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 18:59:21.0343 3520 aspnet_state - ok 18:59:21.0375 3520 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 18:59:21.0375 3520 AsyncMac - ok 18:59:21.0390 3520 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 18:59:21.0390 3520 atapi - ok 18:59:21.0406 3520 Atdisk - ok 18:59:21.0437 3520 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 18:59:21.0484 3520 Atmarpc - ok 18:59:21.0531 3520 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 18:59:21.0531 3520 AudioSrv - ok 18:59:21.0562 3520 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 18:59:21.0562 3520 audstub - ok 18:59:21.0625 3520 b57w2k (ea377a8e8e1000877210259750cbbf5f) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 18:59:21.0640 3520 b57w2k - ok 18:59:21.0687 3520 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 18:59:21.0687 3520 Beep - ok 18:59:21.0734 3520 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 18:59:21.0937 3520 BITS - ok 18:59:22.0031 3520 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 18:59:22.0046 3520 Bonjour Service - ok 18:59:22.0093 3520 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 18:59:22.0109 3520 Browser - ok 18:59:22.0140 3520 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 18:59:22.0140 3520 cbidf2k - ok 18:59:22.0156 3520 cd20xrnt - ok 18:59:22.0187 3520 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 18:59:22.0187 3520 Cdaudio - ok 18:59:22.0203 3520 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 18:59:22.0218 3520 Cdfs - ok 18:59:22.0265 3520 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 18:59:22.0265 3520 Cdrom - ok 18:59:22.0312 3520 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys 18:59:22.0312 3520 cercsr6 - ok 18:59:22.0312 3520 Changer - ok 18:59:22.0359 3520 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 18:59:22.0359 3520 CiSvc - ok 18:59:22.0359 3520 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 18:59:22.0359 3520 ClipSrv - ok 18:59:22.0453 3520 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:59:22.0484 3520 clr_optimization_v2.0.50727_32 - ok 18:59:22.0484 3520 CmdIde - ok 18:59:22.0500 3520 COMSysApp - ok 18:59:22.0515 3520 Cpqarray - ok 18:59:22.0562 3520 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 18:59:22.0562 3520 CryptSvc - ok 18:59:22.0578 3520 dac2w2k - ok 18:59:22.0578 3520 dac960nt - ok 18:59:22.0640 3520 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 18:59:22.0687 3520 DcomLaunch - ok 18:59:22.0734 3520 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 18:59:22.0750 3520 Dhcp - ok 18:59:22.0765 3520 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 18:59:22.0781 3520 Disk - ok 18:59:22.0781 3520 dmadmin - ok 18:59:22.0859 3520 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 18:59:22.0906 3520 dmboot - ok 18:59:22.0937 3520 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 18:59:22.0953 3520 dmio - ok 18:59:22.0984 3520 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 18:59:22.0984 3520 dmload - ok 18:59:23.0109 3520 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 18:59:23.0125 3520 dmserver - ok 18:59:23.0125 3520 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 18:59:23.0140 3520 DMusic - ok 18:59:23.0187 3520 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 18:59:23.0203 3520 Dnscache - ok 18:59:23.0250 3520 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 18:59:23.0281 3520 Dot3svc - ok 18:59:23.0296 3520 dpti2o - ok 18:59:23.0328 3520 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 18:59:23.0328 3520 drmkaud - ok 18:59:23.0375 3520 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 18:59:23.0375 3520 EapHost - ok 18:59:23.0500 3520 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe 18:59:23.0515 3520 EpsonBidirectionalService - ok 18:59:23.0562 3520 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 18:59:23.0562 3520 ERSvc - ok 18:59:23.0609 3520 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 18:59:23.0625 3520 Eventlog - ok 18:59:23.0687 3520 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 18:59:23.0718 3520 EventSystem - ok 18:59:23.0734 3520 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 18:59:23.0750 3520 Fastfat - ok 18:59:23.0796 3520 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 18:59:23.0812 3520 FastUserSwitchingCompatibility - ok 18:59:23.0859 3520 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 18:59:23.0859 3520 Fdc - ok 18:59:23.0875 3520 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 18:59:23.0875 3520 Fips - ok 18:59:23.0953 3520 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 18:59:23.0984 3520 FLEXnet Licensing Service - ok 18:59:24.0000 3520 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 18:59:24.0000 3520 Flpydisk - ok 18:59:24.0046 3520 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 18:59:24.0062 3520 FltMgr - ok 18:59:24.0156 3520 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 18:59:24.0171 3520 FontCache3.0.0.0 - ok 18:59:24.0203 3520 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 18:59:24.0203 3520 Fs_Rec - ok 18:59:24.0250 3520 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 18:59:24.0265 3520 Ftdisk - ok 18:59:24.0281 3520 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 18:59:24.0296 3520 GEARAspiWDM - ok 18:59:24.0343 3520 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 18:59:24.0343 3520 Gpc - ok 18:59:24.0406 3520 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 18:59:24.0421 3520 gusvc - ok 18:59:24.0546 3520 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 18:59:24.0546 3520 helpsvc - ok 18:59:24.0546 3520 HidServ - ok 18:59:24.0593 3520 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 18:59:24.0593 3520 hidusb - ok 18:59:24.0640 3520 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 18:59:24.0656 3520 hkmsvc - ok 18:59:24.0656 3520 hpn - ok 18:59:24.0703 3520 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 18:59:24.0718 3520 HTTP - ok 18:59:24.0750 3520 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 18:59:24.0796 3520 HTTPFilter - ok 18:59:24.0796 3520 i2omgmt - ok 18:59:24.0796 3520 i2omp - ok 18:59:24.0828 3520 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys 18:59:24.0828 3520 i8042prt - ok 18:59:25.0234 3520 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 18:59:25.0453 3520 ialm - ok 18:59:25.0687 3520 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 18:59:25.0765 3520 idsvc - ok 18:59:25.0875 3520 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 18:59:25.0875 3520 Imapi - ok 18:59:25.0937 3520 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 18:59:25.0953 3520 ImapiService - ok 18:59:25.0968 3520 ini910u - ok 18:59:26.0015 3520 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 18:59:26.0015 3520 IntelIde - ok 18:59:26.0062 3520 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 18:59:26.0062 3520 intelppm - ok 18:59:26.0093 3520 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 18:59:26.0093 3520 Ip6Fw - ok 18:59:26.0140 3520 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 18:59:26.0140 3520 IpFilterDriver - ok 18:59:26.0171 3520 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 18:59:26.0171 3520 IpInIp - ok 18:59:26.0203 3520 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 18:59:26.0203 3520 IpNat - ok 18:59:26.0328 3520 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe 18:59:26.0375 3520 iPod Service - ok 18:59:26.0390 3520 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 18:59:26.0390 3520 IPSec - ok 18:59:26.0421 3520 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 18:59:26.0421 3520 IRENUM - ok 18:59:26.0453 3520 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 18:59:26.0468 3520 isapnp - ok 18:59:26.0468 3520 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 18:59:26.0468 3520 Kbdclass - ok 18:59:26.0484 3520 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 18:59:26.0484 3520 kbdhid - ok 18:59:26.0546 3520 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 18:59:26.0562 3520 kmixer - ok 18:59:26.0593 3520 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 18:59:26.0609 3520 KSecDD - ok 18:59:26.0656 3520 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 18:59:26.0671 3520 lanmanserver - ok 18:59:26.0687 3520 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 18:59:26.0703 3520 lanmanworkstation - ok 18:59:26.0703 3520 lbrtfdc - ok 18:59:26.0765 3520 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 18:59:26.0765 3520 LmHosts - ok 18:59:26.0796 3520 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 18:59:26.0796 3520 MBAMProtector - ok 18:59:26.0937 3520 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 18:59:26.0968 3520 MBAMService - ok 18:59:27.0031 3520 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 18:59:27.0031 3520 Messenger - ok 18:59:27.0078 3520 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 18:59:27.0078 3520 mnmdd - ok 18:59:27.0125 3520 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 18:59:27.0140 3520 mnmsrvc - ok 18:59:27.0171 3520 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 18:59:27.0171 3520 Modem - ok 18:59:27.0218 3520 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 18:59:27.0218 3520 Mouclass - ok 18:59:27.0234 3520 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 18:59:27.0234 3520 mouhid - ok 18:59:27.0281 3520 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 18:59:27.0296 3520 MountMgr - ok 18:59:27.0296 3520 mraid35x - ok 18:59:27.0343 3520 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 18:59:27.0359 3520 MRxDAV - ok 18:59:27.0421 3520 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 18:59:27.0500 3520 MRxSmb - ok 18:59:27.0546 3520 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 18:59:27.0546 3520 MSDTC - ok 18:59:27.0578 3520 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 18:59:27.0578 3520 Msfs - ok 18:59:27.0578 3520 MSIServer - ok 18:59:27.0609 3520 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 18:59:27.0609 3520 MSKSSRV - ok 18:59:27.0640 3520 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 18:59:27.0640 3520 MSPCLOCK - ok 18:59:27.0640 3520 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 18:59:27.0640 3520 MSPQM - ok 18:59:27.0687 3520 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 18:59:27.0687 3520 mssmbios - ok 18:59:27.0750 3520 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 18:59:27.0750 3520 Mup - ok 18:59:27.0812 3520 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 18:59:27.0828 3520 napagent - ok 18:59:27.0875 3520 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 18:59:27.0890 3520 NDIS - ok 18:59:27.0937 3520 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 18:59:27.0937 3520 NdisTapi - ok 18:59:27.0984 3520 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 18:59:27.0984 3520 Ndisuio - ok 18:59:28.0000 3520 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 18:59:28.0000 3520 NdisWan - ok 18:59:28.0062 3520 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 18:59:28.0062 3520 NDProxy - ok 18:59:28.0093 3520 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 18:59:28.0093 3520 NetBIOS - ok 18:59:28.0156 3520 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 18:59:28.0171 3520 NetBT - ok 18:59:28.0250 3520 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 18:59:28.0281 3520 NetDDE - ok 18:59:28.0296 3520 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 18:59:28.0296 3520 NetDDEdsdm - ok 18:59:28.0359 3520 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 18:59:28.0359 3520 Netlogon - ok 18:59:28.0406 3520 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 18:59:28.0421 3520 Netman - ok 18:59:28.0562 3520 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:59:28.0593 3520 NetTcpPortSharing - ok 18:59:28.0687 3520 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 18:59:28.0687 3520 Nla - ok 18:59:28.0734 3520 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 18:59:28.0734 3520 Npfs - ok 18:59:28.0812 3520 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 18:59:28.0843 3520 Ntfs - ok 18:59:28.0843 3520 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 18:59:28.0843 3520 NtLmSsp - ok 18:59:28.0906 3520 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 18:59:28.0937 3520 NtmsSvc - ok 18:59:28.0968 3520 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 18:59:28.0968 3520 Null - ok 18:59:29.0015 3520 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 18:59:29.0015 3520 NwlnkFlt - ok 18:59:29.0046 3520 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 18:59:29.0046 3520 NwlnkFwd - ok 18:59:29.0203 3520 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 18:59:29.0234 3520 odserv - ok 18:59:29.0296 3520 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:59:29.0312 3520 ose - ok 18:59:29.0390 3520 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 18:59:29.0406 3520 Parport - ok 18:59:29.0421 3520 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 18:59:29.0421 3520 PartMgr - ok 18:59:29.0453 3520 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 18:59:29.0453 3520 ParVdm - ok 18:59:29.0468 3520 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 18:59:29.0484 3520 PCI - ok 18:59:29.0484 3520 PCIDump - ok 18:59:29.0546 3520 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys 18:59:29.0546 3520 PCIIde - ok 18:59:29.0578 3520 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 18:59:29.0593 3520 Pcmcia - ok 18:59:29.0593 3520 PDCOMP - ok 18:59:29.0593 3520 PDFRAME - ok 18:59:29.0609 3520 PDRELI - ok 18:59:29.0609 3520 PDRFRAME - ok 18:59:29.0625 3520 perc2 - ok 18:59:29.0625 3520 perc2hib - ok 18:59:29.0703 3520 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 18:59:29.0703 3520 PlugPlay - ok 18:59:29.0750 3520 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 18:59:29.0750 3520 PolicyAgent - ok 18:59:29.0750 3520 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 18:59:29.0765 3520 PptpMiniport - ok 18:59:29.0765 3520 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 18:59:29.0765 3520 ProtectedStorage - ok 18:59:29.0781 3520 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 18:59:29.0796 3520 PSched - ok 18:59:29.0843 3520 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 18:59:29.0843 3520 Ptilink - ok 18:59:29.0843 3520 ql1080 - ok 18:59:29.0859 3520 Ql10wnt - ok 18:59:29.0859 3520 ql12160 - ok 18:59:29.0875 3520 ql1240 - ok 18:59:29.0875 3520 ql1280 - ok 18:59:29.0890 3520 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 18:59:29.0890 3520 RasAcd - ok 18:59:29.0953 3520 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 18:59:29.0953 3520 RasAuto - ok 18:59:29.0968 3520 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 18:59:29.0968 3520 Rasl2tp - ok 18:59:30.0031 3520 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 18:59:30.0046 3520 RasMan - ok 18:59:30.0078 3520 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 18:59:30.0093 3520 RasPppoe - ok 18:59:30.0140 3520 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 18:59:30.0140 3520 Raspti - ok 18:59:30.0203 3520 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 18:59:30.0203 3520 Rdbss - ok 18:59:30.0265 3520 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 18:59:30.0265 3520 RDPCDD - ok 18:59:30.0328 3520 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 18:59:30.0343 3520 rdpdr - ok 18:59:30.0390 3520 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 18:59:30.0390 3520 RDPWD - ok 18:59:30.0437 3520 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 18:59:30.0453 3520 RDSessMgr - ok 18:59:30.0468 3520 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 18:59:30.0484 3520 redbook - ok 18:59:30.0531 3520 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 18:59:30.0531 3520 RemoteAccess - ok 18:59:30.0593 3520 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 18:59:30.0609 3520 RemoteRegistry - ok 18:59:30.0656 3520 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 18:59:30.0656 3520 RpcLocator - ok 18:59:30.0734 3520 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 18:59:30.0734 3520 RpcSs - ok 18:59:30.0796 3520 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 18:59:30.0812 3520 RSVP - ok 18:59:30.0843 3520 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 18:59:30.0859 3520 SamSs - ok 18:59:30.0906 3520 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 18:59:30.0906 3520 SCardSvr - ok 18:59:30.0968 3520 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 18:59:30.0984 3520 Schedule - ok 18:59:31.0062 3520 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 18:59:31.0093 3520 Secdrv - ok 18:59:31.0187 3520 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 18:59:31.0187 3520 seclogon - ok 18:59:31.0281 3520 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys 18:59:31.0343 3520 senfilt - ok 18:59:31.0359 3520 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 18:59:31.0359 3520 SENS - ok 18:59:31.0375 3520 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 18:59:31.0375 3520 serenum - ok 18:59:31.0437 3520 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 18:59:31.0453 3520 Serial - ok 18:59:31.0468 3520 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 18:59:31.0468 3520 Sfloppy - ok 18:59:31.0531 3520 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 18:59:31.0546 3520 SharedAccess - ok 18:59:31.0609 3520 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 18:59:31.0609 3520 ShellHWDetection - ok 18:59:31.0609 3520 Simbad - ok 18:59:31.0671 3520 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys 18:59:31.0687 3520 smwdm - ok 18:59:31.0703 3520 Sparrow - ok 18:59:31.0750 3520 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 18:59:31.0750 3520 splitter - ok 18:59:31.0796 3520 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 18:59:31.0796 3520 Spooler - ok 18:59:31.0843 3520 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 18:59:31.0859 3520 sr - ok 18:59:31.0921 3520 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 18:59:31.0937 3520 srservice - ok 18:59:31.0984 3520 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 18:59:32.0015 3520 Srv - ok 18:59:32.0062 3520 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 18:59:32.0062 3520 SSDPSRV - ok 18:59:32.0125 3520 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 18:59:32.0156 3520 stisvc - ok 18:59:32.0171 3520 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 18:59:32.0171 3520 swenum - ok 18:59:32.0218 3520 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 18:59:32.0234 3520 swmidi - ok 18:59:32.0234 3520 SwPrv - ok 18:59:32.0250 3520 symc810 - ok 18:59:32.0250 3520 symc8xx - ok 18:59:32.0265 3520 sym_hi - ok 18:59:32.0265 3520 sym_u3 - ok 18:59:32.0281 3520 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 18:59:32.0281 3520 sysaudio - ok 18:59:32.0328 3520 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 18:59:32.0328 3520 SysmonLog - ok 18:59:32.0390 3520 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 18:59:32.0406 3520 TapiSrv - ok 18:59:32.0468 3520 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 18:59:32.0500 3520 Tcpip - ok 18:59:32.0531 3520 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 18:59:32.0531 3520 TDPIPE - ok 18:59:32.0531 3520 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 18:59:32.0531 3520 TDTCP - ok 18:59:32.0562 3520 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 18:59:32.0562 3520 TermDD - ok 18:59:32.0625 3520 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 18:59:32.0640 3520 TermService - ok 18:59:32.0703 3520 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 18:59:32.0703 3520 Themes - ok 18:59:32.0750 3520 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 18:59:32.0750 3520 TlntSvr - ok 18:59:32.0765 3520 TosIde - ok 18:59:32.0828 3520 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 18:59:32.0828 3520 TrkWks - ok 18:59:32.0859 3520 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 18:59:32.0859 3520 Udfs - ok 18:59:32.0875 3520 ultra - ok 18:59:32.0937 3520 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 18:59:33.0000 3520 Update - ok 18:59:33.0062 3520 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 18:59:33.0109 3520 upnphost - ok 18:59:33.0156 3520 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 18:59:33.0171 3520 UPS - ok 18:59:33.0203 3520 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 18:59:33.0218 3520 USBAAPL - ok 18:59:33.0250 3520 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 18:59:33.0265 3520 usbehci - ok 18:59:33.0328 3520 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 18:59:33.0328 3520 usbhub - ok 18:59:33.0375 3520 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 18:59:33.0375 3520 usbscan - ok 18:59:33.0406 3520 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 18:59:33.0406 3520 USBSTOR - ok 18:59:33.0453 3520 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 18:59:33.0453 3520 usbuhci - ok 18:59:33.0468 3520 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 18:59:33.0468 3520 VgaSave - ok 18:59:33.0468 3520 ViaIde - ok 18:59:33.0484 3520 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 18:59:33.0500 3520 VolSnap - ok 18:59:33.0562 3520 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 18:59:33.0578 3520 VSS - ok 18:59:33.0625 3520 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 18:59:33.0640 3520 W32Time - ok 18:59:33.0687 3520 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 18:59:33.0703 3520 Wanarp - ok 18:59:33.0734 3520 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys 18:59:33.0734 3520 WDC_SAM - ok 18:59:33.0750 3520 WDICA - ok 18:59:33.0765 3520 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 18:59:33.0765 3520 wdmaud - ok 18:59:33.0828 3520 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 18:59:33.0828 3520 WebClient - ok 18:59:33.0921 3520 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 18:59:33.0968 3520 winmgmt - ok 18:59:34.0031 3520 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll 18:59:34.0046 3520 WmdmPmSN - ok 18:59:34.0125 3520 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 18:59:34.0156 3520 Wmi - ok 18:59:34.0218 3520 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 18:59:34.0218 3520 WmiApSrv - ok 18:59:34.0281 3520 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 18:59:34.0281 3520 wscsvc - ok 18:59:34.0296 3520 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 18:59:34.0328 3520 wuauserv - ok 18:59:34.0437 3520 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 18:59:34.0500 3520 WZCSVC - ok 18:59:34.0531 3520 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 18:59:34.0546 3520 xmlprov - ok 18:59:34.0562 3520 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 18:59:34.0750 3520 \Device\Harddisk0\DR0 - ok 18:59:34.0750 3520 Boot (0x1200) (6424ff92796dc7b5135e0a1fa9574d67) \Device\Harddisk0\DR0\Partition0 18:59:34.0750 3520 \Device\Harddisk0\DR0\Partition0 - ok 18:59:34.0750 3520 ============================================================ 18:59:34.0750 3520 Scan finished 18:59:34.0750 3520 ============================================================ 18:59:34.0765 3280 Detected object count: 0 18:59:34.0765 3280 Actual detected object count: 0 19:00:04.0593 0592 Deinitialize success
  3. Also google mail is had lost the labels from the on screen button, buttons function correctly but display is bare. Ran a malware bytes Pro quick scan, nothing detected. Ran dds.scr and here are the 2 logs: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Valued Customer at 11:08:16 on 2012-04-04 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.226 [GMT -4:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe C:\Documents and Settings\Valued Customer\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [WorkForce 610(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\docume~1\valued~1\locals~1\temp\E_S12.tmp" /EF "HKCU" uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [<NO NAME>] mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\valued customer\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\68syx7ol.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\google\picasa3\npPicasa3.dll . ============= SERVICES / DRIVERS =============== . R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-26 654408] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-26 22344] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] . =============== Created Last 30 ================ . 2012-04-09 13:43:49 -------- d-----w- c:\program files\iPod 2012-04-09 13:43:22 -------- d-----w- c:\program files\iTunes 2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr 2012-03-18 23:48:35 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2012-03-18 23:48:35 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll . ==================== Find3M ==================== . 2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec 2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-12 10:46:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 11:08:33.71 =============== dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.