Jump to content

Browser won't open Google sites


Recommended Posts

I cannot get my browser (IE8) to connect to any Google sites. I know there's a problem as Malwarebytes keeps blocking IP addresses. My PC is running a little slow. I ran Malwarebytes and it removed a few threats. I also flushed the DNS. SuperAntispyware also ran, and removed a few things, but i continue to have the same problem.

Here's the dds.txt log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10

Run by RobPierce at 8:11:09 on 2012-02-09

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3053.2205 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\WINDOWS\SMINST\Scheduler.exe

C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mURLSearchHooks: H - No File

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray

mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe

mRun: [scheduler] c:\windows\sminst\Scheduler.exe

mRun: [Reminder] c:\windows\creator\Remind_XP.exe

mRun: [Recguard] c:\windows\sminst\Recguard.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [yBlqxAdBNPjQ.exe] c:\documents and settings\all users\application data\yBlqxAdBNPjQ.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} - hxxp://shawwwahps.sha.state.md.us/ahps/ActiveXViewer.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB

DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207576752328

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect114a.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {7A16F968-8E79-11D4-AFC3-0060978DD938} - hxxp://apps.dmv.virginia.gov/eRoute/slactvx.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} - hxxp://www.cortona3d.com/cortona3d.cab

DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {BE65189A-4770-47A0-9B7B-68827DB1C317} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u10-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 74.5.116.242 74.5.116.246

TCP: Interfaces\{15B63FED-754D-4952-B515-94115B5CC121} : DhcpNameServer = 74.5.116.242 74.5.116.246

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\robpierce\application data\mozilla\firefox\profiles\262noymt.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://search.ask.com/?l=dis&o=15083

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - plugin: c:\program files\common files\parallelgraphics\cortona\npCortona.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCortona.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

.

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-10-25 145920]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-9-5 652360]

R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2011-9-27 20504]

R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2011-9-27 21528]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-1-23 36608]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-9-5 20464]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-10 136176]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-10 136176]

S3 rkhdrv40;Rootkit Unhooker Driver; [x]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-02-09 12:04:18 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9081978a-82d4-4a32-b123-7993cf8d6c09}\mpengine.dll

2012-02-08 16:12:20 -------- d-----w- c:\documents and settings\robpierce\application data\SUPERAntiSpyware.com

2012-02-08 16:11:38 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-02-08 16:11:38 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2012-02-08 12:23:20 -------- d-----w- c:\program files\ESET

2012-02-07 19:18:05 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-02-07 19:18:05 -------- d-----w- c:\windows\system32\wbem\Repository

2012-01-13 21:21:04 -------- d-----w- c:\documents and settings\robpierce\application data\ERS Game Studios

2012-01-13 21:07:00 -------- d-----w- c:\program files\Dark Tales - Edgar Allan Poe's The Black Cat

2012-01-13 20:53:06 -------- d-----w- c:\documents and settings\all users\application data\Big Fish Games

2012-01-13 20:52:09 -------- d-----w- c:\documents and settings\all users\application data\BigFishGamesCache

2012-01-10 20:46:09 -------- d-----w- c:\program files\common files\Yahoo!

2012-01-10 20:46:08 -------- d-----w- c:\program files\Pinnacle

2012-01-10 20:46:08 -------- d-----w- c:\documents and settings\all users\application data\Pinnacle VideoSpin

2012-01-10 20:44:40 -------- d-----w- c:\documents and settings\robpierce\local settings\application data\Downloaded Installations

2012-01-10 20:37:16 -------- d-----w- c:\documents and settings\robpierce\local settings\application data\PMB Files

2012-01-10 20:37:13 -------- d-----w- c:\documents and settings\all users\application data\PMB Files

2012-01-10 20:36:54 -------- d-----w- c:\program files\Pando Networks

2012-01-10 17:12:21 9728 ------w- c:\windows\system32\rwnh.dll

2012-01-10 17:12:21 10752 ------w- c:\windows\system32\smtpapi.dll

2012-01-10 17:12:15 884712 ------w- c:\program files\msn\msncorefiles\install\msn9components\digcore.exe

2012-01-10 17:12:15 1327320 ------w- c:\program files\msn\msncorefiles\install\msnsusii.exe

2012-01-10 17:12:13 11053008 ------w- c:\program files\msn\msncorefiles\install\msn9components\msncli.exe

2012-01-10 17:12:11 229376 ------w- c:\program files\msn\msncorefiles\oobe\obelog.dll

2012-01-10 17:12:10 966656 ------w- c:\program files\msn\msncorefiles\oobe\obemetal.dll

2012-01-10 17:12:10 86016 ------w- c:\program files\msn\msncorefiles\oobe\obepopc.dll

2012-01-10 17:12:10 77824 ------w- c:\program files\msn\msncorefiles\oobe\obemtllc.dll

2012-01-10 17:11:08 19569 ----a-w- c:\windows\000001_.tmp

.

==================== Find3M ====================

.

2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe

2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-23 13:25:32 1859584 ---ha-w- c:\windows\system32\win32k.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD800AAJS-60WAA0 rev.58.01D58 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AEAF49F]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8aeb6738]; MOV EAX, [0x8aeb68ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B2A4AB8]

3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000067[0x8B2AD6C8]

5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B2A6D98]

\Driver\atapi[0x8B1D6220] -> IRP_MJ_CREATE -> 0x8AEAF49F

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5d; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8AEAF2C6

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 8:14:09.10 ===============

And this is the attach.txt file:

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 4/7/2008 9:55:53 AM

System Uptime: 2/9/2012 8:07:51 AM (0 hours ago)

.

Motherboard: Hewlett-Packard | | 2820h

Processor: Intel® Core2 Duo CPU E4600 @ 2.40GHz | XU1 PROCESSOR | 2394/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 65 GiB total, 15.919 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 6.307 GiB free.

E: is CDROM (UDF)

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Description: Microsoft PS/2 Port Mouse (IntelliPoint)

Device ID: ACPI\PNP0F13\4&1E368A7A&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Port Mouse (IntelliPoint)

PNP Device ID: ACPI\PNP0F13\4&1E368A7A&0

Service: i8042prt

.

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}

Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

Device ID: ACPI\PNP0303\4&1E368A7A&0

Manufacturer: (Standard keyboards)

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\4&1E368A7A&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP1154: 12/21/2011 4:52:45 PM - System Checkpoint

RP1155: 12/23/2011 3:11:20 AM - System Checkpoint

RP1156: 12/24/2011 3:54:40 AM - System Checkpoint

RP1157: 12/25/2011 3:05:57 PM - System Checkpoint

RP1158: 12/26/2011 4:06:39 PM - System Checkpoint

RP1159: 12/27/2011 5:07:27 PM - System Checkpoint

RP1160: 12/28/2011 10:42:52 AM - Removed Ask Toolbar.

RP1161: 12/28/2011 10:43:44 AM - Removed I.R.I.S. OCR

RP1162: 12/28/2011 10:45:03 AM - Removed Marketsplash Shortcuts

RP1163: 12/29/2011 11:32:21 AM - System Checkpoint

RP1164: 1/3/2012 6:15:20 AM - System Checkpoint

RP1165: 1/4/2012 1:24:10 PM - System Checkpoint

RP1166: 1/4/2012 2:42:31 PM - Installed HP FWUpdateEDO3

RP1167: 1/5/2012 3:00:46 PM - Software Distribution Service 3.0

RP1168: 1/6/2012 3:28:14 PM - Software Distribution Service 3.0

RP1169: 1/7/2012 3:00:17 AM - Software Distribution Service 3.0

RP1170: 1/7/2012 3:42:47 PM - Software Distribution Service 3.0

RP1171: 1/8/2012 3:44:24 PM - Software Distribution Service 3.0

RP1172: 1/9/2012 3:03:04 PM - Software Distribution Service 3.0

RP1173: 1/9/2012 4:50:15 PM - Software Distribution Service 3.0

RP1174: 1/10/2012 12:11:19 PM - Installed Windows XP Service Pack 3.

RP1175: 1/10/2012 3:45:56 PM - Installed Pinnacle VideoSpin.

RP1176: 1/10/2012 5:12:59 PM - Software Distribution Service 3.0

RP1177: 1/11/2012 3:00:17 AM - Software Distribution Service 3.0

RP1178: 1/11/2012 12:31:09 PM - Software Distribution Service 3.0

RP1179: 1/12/2012 12:30:59 PM - Software Distribution Service 3.0

RP1180: 1/13/2012 12:43:18 PM - Software Distribution Service 3.0

RP1181: 1/14/2012 2:35:57 PM - Software Distribution Service 3.0

RP1182: 1/15/2012 2:27:38 AM - Software Distribution Service 3.0

RP1183: 1/16/2012 2:28:28 AM - System Checkpoint

RP1184: 1/16/2012 2:31:51 AM - Software Distribution Service 3.0

RP1185: 1/17/2012 3:01:41 AM - System Checkpoint

RP1186: 1/17/2012 5:41:45 PM - Software Distribution Service 3.0

RP1187: 1/19/2012 2:05:27 AM - Software Distribution Service 3.0

RP1188: 1/19/2012 5:34:39 PM - Software Distribution Service 3.0

RP1189: 1/20/2012 5:42:18 PM - Software Distribution Service 3.0

RP1190: 1/21/2012 5:55:02 PM - Software Distribution Service 3.0

RP1191: 1/22/2012 5:58:55 PM - System Checkpoint

RP1192: 1/22/2012 6:25:26 PM - Software Distribution Service 3.0

RP1193: 1/23/2012 6:37:50 PM - Software Distribution Service 3.0

RP1194: 1/24/2012 6:49:20 PM - Software Distribution Service 3.0

RP1195: 1/25/2012 4:09:05 PM - Software Distribution Service 3.0

RP1196: 1/26/2012 5:28:46 PM - System Checkpoint

RP1197: 1/26/2012 5:55:50 PM - Software Distribution Service 3.0

RP1198: 1/27/2012 11:26:49 PM - Software Distribution Service 3.0

RP1199: 1/29/2012 11:26:48 AM - Software Distribution Service 3.0

RP1200: 1/30/2012 11:59:42 AM - Software Distribution Service 3.0

RP1201: 2/3/2012 3:24:36 PM - System Checkpoint

RP1202: 2/6/2012 10:34:12 AM - System Checkpoint

RP1203: 2/6/2012 11:22:24 AM - Software Distribution Service 3.0

RP1204: 2/7/2012 1:37:19 PM - Software Distribution Service 3.0

RP1205: 2/7/2012 2:17:17 PM - Restore Operation

RP1206: 2/7/2012 2:30:27 PM - Software Distribution Service 3.0

RP1207: 2/7/2012 3:03:16 PM - Installed Microsoft Fix it 50195

RP1208: 2/7/2012 4:06:10 PM - Removed Google Earth Plug-in.

RP1209: 2/9/2012 7:04:14 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

2007 Microsoft Office system

32 Bit HP CIO Components Installer

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.1

Apple Application Support

Apple Software Update

Bing Maps 3D

Buckscore

Cortona3D Viewer

Critical Update for Windows Media Player 11 (KB959772)

CutePDF Writer 2.8

Dark Tales: ™ Edgar Allan Poe's The Black Cat

ESET Online Scanner v3

GDR 4060 for SQL Server Database Services 2005 ENU (KB2494113)

Google Update Helper

Hewlett-Packard ACLM.NET v1.1.0.0

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB958655-v2)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB971276-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Backup and Recovery Manager

HP Driver Diagnostics

HP LaserJet Professional CM1410 Series

HP LJ CM1410 MFP Series HP Scan

HP Update

HPLaserJetHelp_LearnCenter

HPLJUT

hppCM1410LaserJetService

hppFaxDrvCM1410

hppFaxUtilityCM1410

hppLaserJetService

hppSendFaxCM1410

hppTLBXFXCM1410

hpzTLBXFX

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections 12.1.14.1

Intel® Management Engine Interface

InterVideo Register Manager

Java 6 Update 10

Java 6 Update 2

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Default Manager

Microsoft IntelliPoint 7.1

Microsoft IntelliType Pro 7.1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft J# Redist 2003 (KB819777)

Microsoft National Language Support Downlevel APIs

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Live Add-in 1.3

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft UI Engine

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual J# .NET Redistributable Package 1.1

Mozilla Firefox (3.5.2)

Mozilla Thunderbird 9.0.1 (x86 en-US)

MSVCSetup

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

OGA Notifier 2.0.0048.0

Pando Media Booster

PhotoScape

Picasa 3

Pinnacle VideoSpin

QuickTime

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SoundMAX

SUPERAntiSpyware

Tone Mapping Plug-In 1.2

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2596560)

Update for Windows Internet Explorer 8 (KB972636)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB943729)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Watchtower Library 2009 - English

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

XPS Essentials Pack

XPS Essentials Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

2/8/2012 11:36:48 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

2/8/2012 11:36:48 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/7/2012 3:38:44 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

2/7/2012 2:19:37 PM, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0

2/6/2012 7:17:56 AM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001E0BB3BD89 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

2/6/2012 7:16:36 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.956.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.956.0&asdelta=1.119.956.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

2/6/2012 7:16:36 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.956.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.956.0&asdelta=1.119.956.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

2/6/2012 7:16:36 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.956.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.956.0&asdelta=1.119.956.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

2/6/2012 7:16:36 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.956.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8001.0&avdelta=1.119.956.0&asdelta=1.119.956.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

2/6/2012 7:16:31 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.956.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

2/6/2012 6:59:52 AM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 001E0BB3BD89 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

2/6/2012 6:57:42 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.956.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

2/6/2012 6:56:51 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

2/6/2012 6:56:48 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

2/3/2012 4:08:20 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.956.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

2/3/2012 3:06:44 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.956.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

2/3/2012 2:50:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt

2/3/2012 2:50:40 PM, error: Service Control Manager [7024] - The SQL Server (MSSMLBIZ) service terminated with service-specific error 3417 (0xD59).

2/3/2012 2:50:40 PM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the path specified.

2/3/2012 2:50:40 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello wastnawayagn and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Your system is infected with TDL3 rootkit. This is a very serious and well-known problem, so here you are a lof ot information about it:

http://www.kernelmode.info/forum/viewtopic.php?f=16&t=598

Step 1

Your system is protected by Microsoft Security Essentials, but you have some leftovers from your old AV protection - McAfee. Let's take care for them. Follow the instructions from Solution section:

http://service.mcafee.com/FAQDocument.aspx?id=TS100507

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Please follow the instructions to run ComboFix here:

www.bleepingcomputer.com/combofix/how-to-use-combofix#use

Post the log file in your next reply.

In your next reply, please post the following log files:

  • TDSSKiller log
  • ComboFix log

Link to post
Share on other sites

Intersestingly enough, after completing the tdskiller, i opened a browser to attempt to see the next step you have listed. Google opened fine, however THIS site would not open. So i ran the tdskiller and the combofix again, and this time i didnt open browser or reboot in between and i am able to post the logs. ?????

10:06:33.0312 1036 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57

10:06:33.0671 1036 ============================================================

10:06:33.0671 1036 Current date / time: 2012/02/09 10:06:33.0671

10:06:33.0671 1036 SystemInfo:

10:06:33.0671 1036

10:06:33.0671 1036 OS Version: 5.1.2600 ServicePack: 3.0

10:06:33.0671 1036 Product type: Workstation

10:06:33.0671 1036 ComputerName: CRANEDIVISION

10:06:33.0671 1036 UserName: RobPierce

10:06:33.0671 1036 Windows directory: C:\WINDOWS

10:06:33.0671 1036 System windows directory: C:\WINDOWS

10:06:33.0671 1036 Processor architecture: Intel x86

10:06:33.0671 1036 Number of processors: 2

10:06:33.0671 1036 Page size: 0x1000

10:06:33.0671 1036 Boot type: Normal boot

10:06:33.0671 1036 ============================================================

10:06:35.0328 1036 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

10:06:35.0328 1036 \Device\Harddisk0\DR0:

10:06:35.0328 1036 MBR used

10:06:35.0328 1036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8104266

10:06:35.0328 1036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8108166, BlocksNum 0x140249A

10:06:35.0375 1036 Initialize success

10:06:35.0375 1036 ============================================================

10:06:39.0828 1840 ============================================================

10:06:39.0828 1840 Scan started

10:06:39.0828 1840 Mode: Manual; SigCheck; TDLFS;

10:06:39.0828 1840 ============================================================

10:06:41.0609 1840 Abiosdsk - ok

10:06:41.0609 1840 abp480n5 - ok

10:06:41.0671 1840 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

10:06:43.0203 1840 ac97intc - ok

10:06:43.0343 1840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:06:43.0484 1840 ACPI - ok

10:06:43.0515 1840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

10:06:43.0625 1840 ACPIEC - ok

10:06:43.0625 1840 adfs - ok

10:06:43.0671 1840 ADIHdAudAddService (53b29a84f5105a6d887b662188c93503) C:\WINDOWS\system32\drivers\ADIHdAud.sys

10:06:43.0734 1840 ADIHdAudAddService - ok

10:06:43.0765 1840 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

10:06:43.0937 1840 adpu160m - ok

10:06:43.0953 1840 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys

10:06:44.0031 1840 adpu320 ( UnsignedFile.Multi.Generic ) - warning

10:06:44.0031 1840 adpu320 - detected UnsignedFile.Multi.Generic (1)

10:06:44.0046 1840 AEAudio (b4afcc2f911939a1c16a26e7eba7f36b) C:\WINDOWS\system32\drivers\AEAudio.sys

10:06:44.0125 1840 AEAudio - ok

10:06:44.0171 1840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

10:06:44.0296 1840 aec - ok

10:06:44.0343 1840 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

10:06:44.0406 1840 AFD - ok

10:06:44.0421 1840 Aha154x - ok

10:06:44.0437 1840 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

10:06:44.0562 1840 aic78u2 - ok

10:06:44.0578 1840 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

10:06:44.0687 1840 aic78xx - ok

10:06:44.0703 1840 AliIde - ok

10:06:44.0703 1840 amsint - ok

10:06:44.0718 1840 asc - ok

10:06:44.0734 1840 asc3350p - ok

10:06:44.0734 1840 asc3550 - ok

10:06:44.0796 1840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:06:44.0921 1840 AsyncMac - ok

10:06:44.0937 1840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

10:06:45.0062 1840 atapi - ok

10:06:45.0093 1840 Atdisk - ok

10:06:45.0140 1840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:06:45.0265 1840 Atmarpc - ok

10:06:45.0281 1840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

10:06:45.0390 1840 audstub - ok

10:06:45.0406 1840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

10:06:45.0531 1840 Beep - ok

10:06:45.0640 1840 catchme - ok

10:06:45.0656 1840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

10:06:45.0765 1840 cbidf2k - ok

10:06:45.0781 1840 cd20xrnt - ok

10:06:45.0812 1840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

10:06:45.0921 1840 Cdaudio - ok

10:06:45.0953 1840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

10:06:46.0078 1840 Cdfs - ok

10:06:46.0109 1840 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

10:06:46.0234 1840 Cdrom - ok

10:06:46.0250 1840 Changer - ok

10:06:46.0265 1840 CmdIde - ok

10:06:46.0281 1840 Cpqarray - ok

10:06:46.0296 1840 dac2w2k - ok

10:06:46.0312 1840 dac960nt - ok

10:06:46.0328 1840 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

10:06:46.0421 1840 Disk - ok

10:06:46.0484 1840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

10:06:46.0656 1840 dmboot - ok

10:06:46.0671 1840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

10:06:46.0781 1840 dmio - ok

10:06:46.0812 1840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

10:06:46.0921 1840 dmload - ok

10:06:46.0937 1840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

10:06:47.0062 1840 DMusic - ok

10:06:47.0203 1840 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

10:06:47.0359 1840 dpti2o - ok

10:06:47.0406 1840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

10:06:47.0500 1840 drmkaud - ok

10:06:47.0531 1840 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

10:06:47.0640 1840 E100B - ok

10:06:47.0687 1840 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

10:06:47.0718 1840 e1express - ok

10:06:47.0765 1840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

10:06:47.0890 1840 Fastfat - ok

10:06:47.0906 1840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

10:06:48.0015 1840 Fdc - ok

10:06:48.0031 1840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

10:06:48.0156 1840 Fips - ok

10:06:48.0187 1840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

10:06:48.0296 1840 Flpydisk - ok

10:06:48.0328 1840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

10:06:48.0437 1840 FltMgr - ok

10:06:48.0484 1840 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:06:48.0578 1840 Fs_Rec - ok

10:06:48.0593 1840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:06:48.0703 1840 Ftdisk - ok

10:06:48.0750 1840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:06:48.0859 1840 Gpc - ok

10:06:48.0906 1840 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

10:06:49.0015 1840 HDAudBus - ok

10:06:49.0046 1840 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys

10:06:49.0140 1840 HECI - ok

10:06:49.0171 1840 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:06:49.0281 1840 HidUsb - ok

10:06:49.0296 1840 HPFXBULK - ok

10:06:49.0328 1840 HPFXBULKLEDM (6f98a555acf3c1b68fcc1f50e0fd2091) C:\WINDOWS\system32\drivers\hppcbulkio.sys

10:06:49.0343 1840 HPFXBULKLEDM - ok

10:06:49.0375 1840 HPFXFAX (7f854bd9c113b4569ce6579ea3847a2a) C:\WINDOWS\system32\drivers\hppcfaxio.sys

10:06:49.0390 1840 HPFXFAX - ok

10:06:49.0406 1840 hpn - ok

10:06:49.0437 1840 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

10:06:49.0500 1840 HPZid412 - ok

10:06:49.0515 1840 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

10:06:49.0546 1840 HPZipr12 - ok

10:06:49.0578 1840 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

10:06:49.0625 1840 HPZius12 - ok

10:06:49.0671 1840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

10:06:49.0734 1840 HTTP - ok

10:06:49.0734 1840 i2omgmt - ok

10:06:49.0750 1840 i2omp - ok

10:06:49.0796 1840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

10:06:49.0937 1840 i8042prt - ok

10:06:49.0968 1840 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

10:06:50.0093 1840 i81x - ok

10:06:50.0156 1840 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

10:06:50.0281 1840 iAimFP0 - ok

10:06:50.0296 1840 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

10:06:50.0421 1840 iAimFP1 - ok

10:06:50.0453 1840 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

10:06:50.0578 1840 iAimFP2 - ok

10:06:50.0609 1840 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

10:06:50.0734 1840 iAimFP3 - ok

10:06:50.0750 1840 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

10:06:50.0859 1840 iAimFP4 - ok

10:06:50.0890 1840 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys

10:06:51.0000 1840 iAimFP5 - ok

10:06:51.0000 1840 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys

10:06:51.0125 1840 iAimFP6 - ok

10:06:51.0156 1840 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys

10:06:51.0250 1840 iAimFP7 - ok

10:06:51.0281 1840 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

10:06:51.0375 1840 iAimTV0 - ok

10:06:51.0390 1840 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

10:06:51.0500 1840 iAimTV1 - ok

10:06:51.0515 1840 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

10:06:51.0656 1840 iAimTV3 - ok

10:06:51.0671 1840 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

10:06:51.0750 1840 iAimTV4 - ok

10:06:51.0781 1840 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys

10:06:51.0875 1840 iAimTV5 - ok

10:06:51.0890 1840 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys

10:06:51.0968 1840 iAimTV6 - ok

10:06:52.0140 1840 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

10:06:52.0484 1840 ialm - ok

10:06:52.0515 1840 IFXTPM (2cdf483f8fc2bf3f7b93e3bdd734cfbd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS

10:06:52.0593 1840 IFXTPM - ok

10:06:52.0609 1840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

10:06:52.0765 1840 Imapi - ok

10:06:52.0765 1840 ini910u - ok

10:06:52.0812 1840 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

10:06:52.0921 1840 IntelIde - ok

10:06:52.0953 1840 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

10:06:53.0062 1840 intelppm - ok

10:06:53.0093 1840 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

10:06:53.0203 1840 Ip6Fw - ok

10:06:53.0250 1840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:06:53.0359 1840 IpFilterDriver - ok

10:06:53.0375 1840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:06:53.0500 1840 IpInIp - ok

10:06:53.0531 1840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:06:53.0640 1840 IpNat - ok

10:06:53.0671 1840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:06:53.0828 1840 IPSec - ok

10:06:53.0875 1840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

10:06:53.0984 1840 IRENUM - ok

10:06:54.0000 1840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:06:54.0109 1840 isapnp - ok

10:06:54.0140 1840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:06:54.0265 1840 Kbdclass - ok

10:06:54.0281 1840 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

10:06:54.0390 1840 kbdhid - ok

10:06:54.0406 1840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

10:06:54.0515 1840 kmixer - ok

10:06:54.0546 1840 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

10:06:54.0656 1840 KSecDD - ok

10:06:54.0656 1840 lbrtfdc - ok

10:06:54.0687 1840 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

10:06:54.0734 1840 MBAMProtector - ok

10:06:54.0765 1840 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

10:06:54.0875 1840 mnmdd - ok

10:06:54.0906 1840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

10:06:55.0015 1840 Modem - ok

10:06:55.0046 1840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:06:55.0187 1840 Mouclass - ok

10:06:55.0218 1840 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:06:55.0328 1840 mouhid - ok

10:06:55.0359 1840 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

10:06:55.0468 1840 MountMgr - ok

10:06:55.0531 1840 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

10:06:55.0562 1840 MpFilter - ok

10:06:55.0562 1840 mraid35x - ok

10:06:55.0578 1840 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:06:55.0687 1840 MRxDAV - ok

10:06:55.0718 1840 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:06:55.0796 1840 MRxSmb - ok

10:06:55.0859 1840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

10:06:55.0968 1840 Msfs - ok

10:06:55.0984 1840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:06:56.0093 1840 MSKSSRV - ok

10:06:56.0125 1840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:06:56.0234 1840 MSPCLOCK - ok

10:06:56.0265 1840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

10:06:56.0375 1840 MSPQM - ok

10:06:56.0421 1840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:06:56.0531 1840 mssmbios - ok

10:06:56.0562 1840 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

10:06:56.0625 1840 Mup - ok

10:06:56.0671 1840 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

10:06:56.0796 1840 NDIS - ok

10:06:56.0843 1840 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:06:56.0906 1840 NdisTapi - ok

10:06:56.0953 1840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:06:57.0062 1840 Ndisuio - ok

10:06:57.0078 1840 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:06:57.0250 1840 NdisWan - ok

10:06:57.0281 1840 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

10:06:57.0359 1840 NDProxy - ok

10:06:57.0375 1840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

10:06:57.0531 1840 NetBIOS - ok

10:06:57.0562 1840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

10:06:57.0750 1840 NetBT - ok

10:06:57.0781 1840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

10:06:57.0921 1840 Npfs - ok

10:06:57.0968 1840 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

10:06:58.0140 1840 Ntfs - ok

10:06:58.0171 1840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

10:06:58.0296 1840 Null - ok

10:06:58.0312 1840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

10:06:58.0437 1840 NwlnkFlt - ok

10:06:58.0453 1840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

10:06:58.0578 1840 NwlnkFwd - ok

10:06:58.0609 1840 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

10:06:58.0718 1840 P3 - ok

10:06:58.0750 1840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

10:06:58.0875 1840 Parport - ok

10:06:58.0906 1840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

10:06:59.0015 1840 PartMgr - ok

10:06:59.0046 1840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

10:06:59.0156 1840 ParVdm - ok

10:06:59.0187 1840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

10:06:59.0296 1840 PCI - ok

10:06:59.0312 1840 PCIDump - ok

10:06:59.0343 1840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

10:06:59.0453 1840 PCIIde - ok

10:06:59.0468 1840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

10:06:59.0593 1840 Pcmcia - ok

10:06:59.0609 1840 PDCOMP - ok

10:06:59.0609 1840 PDFRAME - ok

10:06:59.0625 1840 PDRELI - ok

10:06:59.0640 1840 PDRFRAME - ok

10:06:59.0640 1840 perc2 - ok

10:06:59.0656 1840 perc2hib - ok

10:06:59.0703 1840 Point32 (273afc65fabf97326aa78ffe38b1e071) C:\WINDOWS\system32\DRIVERS\point32.sys

10:06:59.0750 1840 Point32 - ok

10:06:59.0796 1840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

10:06:59.0906 1840 PptpMiniport - ok

10:06:59.0937 1840 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

10:07:00.0062 1840 PSched - ok

10:07:00.0093 1840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

10:07:00.0203 1840 Ptilink - ok

10:07:00.0203 1840 ql1080 - ok

10:07:00.0218 1840 Ql10wnt - ok

10:07:00.0234 1840 ql12160 - ok

10:07:00.0234 1840 ql1240 - ok

10:07:00.0250 1840 ql1280 - ok

10:07:00.0265 1840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

10:07:00.0390 1840 RasAcd - ok

10:07:00.0421 1840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

10:07:00.0562 1840 Rasl2tp - ok

10:07:00.0578 1840 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

10:07:00.0687 1840 RasPppoe - ok

10:07:00.0718 1840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

10:07:00.0828 1840 Raspti - ok

10:07:00.0859 1840 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

10:07:00.0968 1840 Rdbss - ok

10:07:00.0984 1840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

10:07:01.0093 1840 RDPCDD - ok

10:07:01.0109 1840 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

10:07:01.0250 1840 rdpdr - ok

10:07:01.0296 1840 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

10:07:01.0359 1840 RDPWD - ok

10:07:01.0406 1840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

10:07:01.0515 1840 redbook - ok

10:07:01.0531 1840 RimUsb - ok

10:07:01.0562 1840 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

10:07:01.0609 1840 RimVSerPort - ok

10:07:01.0625 1840 rkhdrv40 - ok

10:07:01.0656 1840 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

10:07:01.0750 1840 ROOTMODEM - ok

10:07:01.0859 1840 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

10:07:01.0890 1840 SASDIFSV - ok

10:07:01.0906 1840 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

10:07:01.0953 1840 SASKUTIL - ok

10:07:02.0000 1840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

10:07:02.0109 1840 Secdrv - ok

10:07:02.0140 1840 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

10:07:02.0265 1840 serenum - ok

10:07:02.0312 1840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

10:07:02.0437 1840 Serial - ok

10:07:02.0500 1840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

10:07:02.0593 1840 Sfloppy - ok

10:07:02.0609 1840 Simbad - ok

10:07:02.0625 1840 Sparrow - ok

10:07:02.0656 1840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

10:07:02.0750 1840 splitter - ok

10:07:02.0796 1840 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

10:07:02.0921 1840 sr - ok

10:07:02.0953 1840 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

10:07:03.0031 1840 Srv - ok

10:07:03.0062 1840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

10:07:03.0171 1840 swenum - ok

10:07:03.0203 1840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

10:07:03.0312 1840 swmidi - ok

10:07:03.0359 1840 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

10:07:03.0484 1840 symc810 - ok

10:07:03.0500 1840 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

10:07:03.0593 1840 symc8xx - ok

10:07:03.0609 1840 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys

10:07:03.0656 1840 Symmpi ( UnsignedFile.Multi.Generic ) - warning

10:07:03.0656 1840 Symmpi - detected UnsignedFile.Multi.Generic (1)

10:07:03.0671 1840 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

10:07:03.0781 1840 sym_hi - ok

10:07:03.0812 1840 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

10:07:03.0906 1840 sym_u3 - ok

10:07:03.0937 1840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

10:07:04.0046 1840 sysaudio - ok

10:07:04.0093 1840 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

10:07:04.0125 1840 Tcpip - ok

10:07:04.0171 1840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

10:07:04.0281 1840 TDPIPE - ok

10:07:04.0312 1840 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

10:07:04.0406 1840 TDTCP - ok

10:07:04.0437 1840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

10:07:04.0546 1840 TermDD - ok

10:07:04.0562 1840 TosIde - ok

10:07:04.0593 1840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

10:07:04.0718 1840 Udfs - ok

10:07:04.0734 1840 ultra - ok

10:07:04.0765 1840 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

10:07:04.0875 1840 usbccgp - ok

10:07:04.0921 1840 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

10:07:05.0015 1840 usbehci - ok

10:07:05.0031 1840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

10:07:05.0156 1840 usbhub - ok

10:07:05.0187 1840 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

10:07:05.0296 1840 usbprint - ok

10:07:05.0328 1840 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

10:07:05.0421 1840 usbscan - ok

10:07:05.0453 1840 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

10:07:05.0562 1840 USBSTOR - ok

10:07:05.0593 1840 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

10:07:05.0687 1840 usbuhci - ok

10:07:05.0734 1840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

10:07:05.0843 1840 VgaSave - ok

10:07:05.0859 1840 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

10:07:05.0968 1840 ViaIde - ok

10:07:05.0984 1840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

10:07:06.0093 1840 VolSnap - ok

10:07:06.0109 1840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

10:07:06.0218 1840 Wanarp - ok

10:07:06.0234 1840 WDICA - ok

10:07:06.0265 1840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

10:07:06.0375 1840 wdmaud - ok

10:07:06.0421 1840 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

10:07:06.0515 1840 WmiAcpi - ok

10:07:06.0562 1840 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

10:07:06.0656 1840 WpdUsb - ok

10:07:06.0687 1840 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

10:07:06.0812 1840 WS2IFSL - ok

10:07:06.0859 1840 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

10:07:06.0937 1840 WudfPf - ok

10:07:06.0968 1840 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

10:07:07.0015 1840 WudfRd - ok

10:07:07.0046 1840 MBR (0x1B8) (4f02a8d4048a138c450ed7f867eb0144) \Device\Harddisk0\DR0

10:07:07.0265 1840 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

10:07:07.0265 1840 \Device\Harddisk0\DR0 - detected TDSS File System (1)

10:07:07.0265 1840 Boot (0x1200) (be6fefc778ce5a65d254ab5f7fc38716) \Device\Harddisk0\DR0\Partition0

10:07:07.0265 1840 \Device\Harddisk0\DR0\Partition0 - ok

10:07:07.0281 1840 Boot (0x1200) (f3186eb0bdaebb6703dd53c4a2243d24) \Device\Harddisk0\DR0\Partition1

10:07:07.0281 1840 \Device\Harddisk0\DR0\Partition1 - ok

10:07:07.0281 1840 ============================================================

10:07:07.0281 1840 Scan finished

10:07:07.0281 1840 ============================================================

10:07:07.0390 3552 Detected object count: 3

10:07:07.0390 3552 Actual detected object count: 3

10:07:18.0968 3552 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user

10:07:18.0968 3552 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:07:18.0968 3552 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user

10:07:18.0968 3552 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:07:18.0968 3552 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

10:07:18.0968 3552 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

10:07:23.0078 3224 Deinitialize success

COMBOFIX:

ComboFix 12-02-09.02 - RobPierce 02/09/2012 10:11:42.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3053.2245 [GMT -5:00]

Running from: c:\documents and settings\RobPierce\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))

.

.

2012-02-09 15:10 . 2012-02-09 15:10 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67EB383D-9C8E-4022-BC05-99889B08B6FA}\MpKsla698b4c4.sys

2012-02-09 15:03 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67EB383D-9C8E-4022-BC05-99889B08B6FA}\mpengine.dll

2012-02-09 14:32 . 2012-02-09 14:32 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-08 16:12 . 2012-02-08 16:12 -------- d-----w- c:\documents and settings\RobPierce\Application Data\SUPERAntiSpyware.com

2012-02-08 16:11 . 2012-02-08 16:12 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-02-08 16:11 . 2012-02-08 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2012-02-08 12:23 . 2012-02-08 12:23 -------- d-----w- c:\program files\ESET

2012-02-07 19:18 . 2012-02-07 19:18 -------- d-----w- c:\windows\system32\wbem\Repository

2012-01-13 21:21 . 2012-01-13 21:21 -------- d-----w- c:\documents and settings\RobPierce\Application Data\ERS Game Studios

2012-01-13 21:07 . 2012-01-13 21:08 -------- d-----w- c:\program files\Dark Tales - Edgar Allan Poe's The Black Cat

2012-01-13 20:53 . 2012-02-08 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Big Fish Games

2012-01-13 20:52 . 2012-02-08 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache

2012-01-10 20:46 . 2012-01-10 20:46 -------- d-----w- c:\program files\Common Files\Yahoo!

2012-01-10 20:46 . 2012-01-10 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle VideoSpin

2012-01-10 20:46 . 2012-01-10 20:46 -------- d-----w- c:\program files\Pinnacle

2012-01-10 20:45 . 2012-01-10 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle

2012-01-10 20:44 . 2012-01-10 20:44 -------- d-----w- c:\documents and settings\RobPierce\Local Settings\Application Data\Downloaded Installations

2012-01-10 20:37 . 2012-01-13 10:02 -------- d-----w- c:\documents and settings\RobPierce\Local Settings\Application Data\PMB Files

2012-01-10 20:37 . 2012-01-10 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files

2012-01-10 20:36 . 2012-01-10 20:36 -------- d-----w- c:\program files\Pando Networks

2012-01-10 17:12 . 2008-04-14 10:42 10752 ------w- c:\windows\system32\smtpapi.dll

2012-01-10 17:12 . 2008-04-14 10:42 9728 ------w- c:\windows\system32\rwnh.dll

2012-01-10 17:12 . 2007-04-03 05:12 1327320 ------w- c:\program files\MSN\MSNCoreFiles\Install\msnsusii.exe

2012-01-10 17:12 . 2007-04-03 05:04 884712 ------w- c:\program files\MSN\MSNCoreFiles\Install\MSN9Components\digcore.exe

2012-01-10 17:12 . 2007-04-03 05:09 11053008 ------w- c:\program files\MSN\MSNCoreFiles\Install\MSN9Components\msncli.exe

2012-01-10 17:12 . 2008-04-14 10:40 229376 ------w- c:\program files\MSN\MSNCoreFiles\OOBE\obelog.dll

2012-01-10 17:12 . 2008-04-14 10:40 966656 ------w- c:\program files\MSN\MSNCoreFiles\OOBE\obemetal.dll

2012-01-10 17:12 . 2008-04-14 10:40 86016 ------w- c:\program files\MSN\MSNCoreFiles\OOBE\obepopc.dll

2012-01-10 17:12 . 2007-04-03 05:14 77824 ------w- c:\program files\MSN\MSNCoreFiles\OOBE\obemtllc.dll

2012-01-10 17:11 . 2006-12-29 05:31 19569 ----a-w- c:\windows\000001_.tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-31 12:44 . 2012-01-05 20:00 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-06 04:19 . 2012-01-06 20:28 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-12-10 20:24 . 2008-09-05 17:16 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-23 13:25 . 2006-02-28 02:00 1859584 ---ha-w- c:\windows\system32\win32k.sys

2007-09-28 17:19 . 2010-06-03 14:29 1769472 -c--a-w- c:\program files\mozilla firefox\plugins\fluxcore.dll

2006-07-28 16:29 . 2010-06-03 14:29 36864 -c--a-w- c:\program files\mozilla firefox\plugins\fluxcryp.dll

2007-09-28 17:19 . 2010-06-03 14:29 798720 -c-ha-w- c:\program files\mozilla firefox\plugins\fluxdx8.dll

2007-09-28 16:56 . 2010-06-03 14:29 61440 -c--a-w- c:\program files\mozilla firefox\plugins\HawkNL.dll

2011-12-13 17:09 . 2011-12-13 17:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-10-14 02:28 . 2010-08-27 18:50 24376 ---ha-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2012-02-09_14.55.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-02-09 15:02 . 2012-02-09 15:02 16384 c:\windows\Temp\Perflib_Perfdata_850.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 4617600]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]

"ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

R1 MpKsla698b4c4;MpKsla698b4c4;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67EB383D-9C8E-4022-BC05-99889B08B6FA}\MpKsla698b4c4.sys [2/9/2012 10:10 AM 29904]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]

R2 HP LaserJet Service;HP LaserJet Service;c:\program files\Hp\HPLaserJetService\HPLaserJetService.exe [10/25/2010 1:53 PM 145920]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/5/2008 12:16 PM 652360]

R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [9/27/2011 3:21 PM 20504]

R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [9/27/2011 3:21 PM 21528]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [1/23/2007 3:13 PM 36608]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/5/2008 12:16 PM 20464]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/10/2010 2:09 PM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/10/2010 2:09 PM 136176]

S3 rkhdrv40;Rootkit Unhooker Driver; [x]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 01242889

*NewlyCreated* - 21131958

*NewlyCreated* - MPKSLA698B4C4

*Deregistered* - 01242889

*Deregistered* - 21131958

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-08 c:\windows\Tasks\At10.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18]

.

2012-02-07 c:\windows\Tasks\At11.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18]

.

2012-02-07 c:\windows\Tasks\At12.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18]

.

2012-02-07 c:\windows\Tasks\At3.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18]

.

2012-02-07 c:\windows\Tasks\At4.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18]

.

2012-02-07 c:\windows\Tasks\At7.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18]

.

2012-02-07 c:\windows\Tasks\At8.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18]

.

2012-02-07 c:\windows\Tasks\At9.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 12:18]

.

2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 19:09]

.

2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 19:09]

.

2012-02-09 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

TCP: DhcpNameServer = 74.5.116.242 74.5.116.246

DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} - hxxp://shawwwahps.sha.state.md.us/ahps/ActiveXViewer.cab

DPF: {7A16F968-8E79-11D4-AFC3-0060978DD938} - hxxp://apps.dmv.virginia.gov/eRoute/slactvx.cab

FF - ProfilePath - c:\documents and settings\RobPierce\Application Data\Mozilla\Firefox\Profiles\262noymt.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://search.ask.com/?l=dis&o=15083

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

Supplementary scan did not complete!

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-09 10:17

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(692)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(1976)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\ImgUtil.dll

c:\windows\system32\pngfilt.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-02-09 10:19:39

ComboFix-quarantined-files.txt 2012-02-09 15:19

ComboFix2.txt 2010-11-15 16:03

.

Pre-Run: 18,129,444,864 bytes free

Post-Run: 18,092,707,840 bytes free

.

- - End Of File - - A5CE08B8DEB52A147EBDAD33FA1C6B0A

Link to post
Share on other sites

Intersestingly enough, after completing the tdskiller, i opened a browser to attempt to see the next step you have listed. Google opened fine, however THIS site would not open. So i ran the tdskiller and the combofix again, and this time i didnt open browser or reboot in between and i am able to post the logs. ?????

This could be caused by the infection, but it is not the right way to solve the problem. If you have any problems with my steps, just find a way to let me know.

Now I need to see what was found by CF and TDSSKiller before.

Please locate to C:\Qoobox\ComboFix-quarantined-files.txt and post it in your next reply. The same thing with the log file from TDSSKiller in C:\ . Post both of them in your next reply.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.