Jump to content

IE redirected - please help


Recommended Posts

Hi,

IE is redirected after searching. Chrome is OK for now.

Hoping I don't have to scratch this machine.

Thanks

Jeff

Malwarebytes mbam-log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.02.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: DECATUR2 [administrator]

Protection: Enabled

5/2/2012 9:41:12 AM

mbam-log-2012-05-02 (09-41-12).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 312817

Time elapsed: 20 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Malwarebytes protection log:

2012/05/02 09:36:20 -0500 DECATUR2 MESSAGE Executing scheduled update: Daily

2012/05/02 09:37:16 -0500 DECATUR2 (null) MESSAGE Scheduled update executed successfully: database updated from version v2012.04.04.08 to version v2012.05.02.03

2012/05/02 09:39:36 -0500 DECATUR2 Administrator MESSAGE Starting protection

2012/05/02 09:39:42 -0500 DECATUR2 Administrator MESSAGE Protection started successfully

2012/05/02 09:39:45 -0500 DECATUR2 Administrator MESSAGE Starting IP protection

2012/05/02 09:39:46 -0500 DECATUR2 Administrator MESSAGE IP Protection started successfully

2012/05/02 09:39:46 -0500 DECATUR2 Administrator MESSAGE Starting database refresh

2012/05/02 09:39:46 -0500 DECATUR2 Administrator MESSAGE Stopping IP protection

2012/05/02 09:39:46 -0500 DECATUR2 Administrator MESSAGE IP Protection stopped

2012/05/02 09:39:51 -0500 DECATUR2 Administrator MESSAGE Database refreshed successfully

2012/05/02 09:39:51 -0500 DECATUR2 Administrator MESSAGE Starting IP protection

2012/05/02 09:39:52 -0500 DECATUR2 Administrator MESSAGE IP Protection started successfully

2012/05/02 09:39:58 -0500 DECATUR2 Administrator IP-BLOCK 217.23.9.193 (Type: outgoing)

2012/05/02 09:40:00 -0500 DECATUR2 Administrator IP-BLOCK 217.23.9.193 (Type: outgoing)

2012/05/02 09:40:06 -0500 DECATUR2 Administrator IP-BLOCK 217.23.9.193 (Type: outgoing)

2012/05/02 09:40:16 -0500 DECATUR2 Administrator IP-BLOCK 217.23.9.193 (Type: outgoing)

2012/05/02 09:40:19 -0500 DECATUR2 Administrator IP-BLOCK 217.23.9.193 (Type: outgoing)

2012/05/02 09:40:23 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.4 (Type: outgoing)

2012/05/02 09:40:25 -0500 DECATUR2 Administrator IP-BLOCK 217.23.9.193 (Type: outgoing)

2012/05/02 09:40:25 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.4 (Type: outgoing)

2012/05/02 09:42:07 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.4 (Type: outgoing)

2012/05/02 09:42:10 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.4 (Type: outgoing)

2012/05/02 09:42:15 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.4 (Type: outgoing)

2012/05/02 09:44:17 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.4 (Type: outgoing)

2012/05/02 09:51:02 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.4 (Type: outgoing)

2012/05/02 09:51:05 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.4 (Type: outgoing)

2012/05/02 09:51:11 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.4 (Type: outgoing)

2012/05/02 09:53:06 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.4 (Type: outgoing)

2012/05/02 09:53:09 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.4 (Type: outgoing)

2012/05/02 09:53:15 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.4 (Type: outgoing)

2012/05/02 09:55:04 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.2 (Type: outgoing)

2012/05/02 09:55:07 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.2 (Type: outgoing)

2012/05/02 09:55:13 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.2 (Type: outgoing)

2012/05/02 10:02:08 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.2 (Type: outgoing)

2012/05/02 10:02:11 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.2 (Type: outgoing)

2012/05/02 10:02:17 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.2 (Type: outgoing)

2012/05/02 10:04:15 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.2 (Type: outgoing)

2012/05/02 10:04:18 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.2 (Type: outgoing)

2012/05/02 10:06:06 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.4 (Type: outgoing)

2012/05/02 10:06:09 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.4 (Type: outgoing)

2012/05/02 10:06:15 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.4 (Type: outgoing)

2012/05/02 10:15:16 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.3 (Type: outgoing)

2012/05/02 10:15:19 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.3 (Type: outgoing)

2012/05/02 10:15:25 -0500 DECATUR2 Administrator IP-BLOCK 206.161.121.3 (Type: outgoing)

*** Here's the dds log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Administrator at 10:06:18 on 2012-05-02

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2066 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\administrator.BBSL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\administrator.BBSL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

I:\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\administrator.BBSL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.live.com

BHO: Time Matters: {00f17ece-12da-46a0-b541-bde4eb7df027} - c:\tmw9e\tmietb.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Time Matters: {00f17ece-12da-46a0-b541-bde4eb7df027} - c:\tmw9e\tmietb.dll

TB: @c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll

TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\administrator.bbsl\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{3E9DBFF8-C0C9-45D6-8C88-61E763BCE6C7} : NameServer = 192.168.1.2,192.168.1.3

TCP: Interfaces\{3E9DBFF8-C0C9-45D6-8C88-61E763BCE6C7} : DhcpNameServer = 192.168.2.1

Notify: AtiExtEvent - Ati2evxx.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-5 654408]

R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2009-11-15 22016]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-5 22344]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-2 40776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 253088]

S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2009-11-15 28800]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-11-15 17536]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-05-02 14:44:22 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4364ca6d-6512-4dde-842d-c6a8b18bbd25}\offreg.dll

2012-05-02 14:40:50 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-05-01 21:51:16 6734704 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4364ca6d-6512-4dde-842d-c6a8b18bbd25}\mpengine.dll

2012-04-13 19:15:50 4126368 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

.

==================== Find3M ====================

.

2012-04-13 19:15:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-13 19:15:57 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-28 18:33:02 230808 ----a-r- c:\windows\system32\cpnprt2.cid

2012-03-21 01:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-12 14:06:04 7284 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-03-05 16:37:58 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-03-05 16:37:58 472808 ----a-w- c:\windows\system32\deployJava1.dll

.

============= FINISH: 10:12:32.38 ===============

*** Here's the attach log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 11/24/2009 1:27:47 PM

System Uptime: 5/2/2012 9:35:36 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 0N185P

Processor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2926/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 205.973 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP449: 2/1/2012 4:55:21 PM - System Checkpoint

RP450: 2/3/2012 9:52:39 AM - System Checkpoint

RP451: 2/6/2012 9:39:37 AM - System Checkpoint

RP452: 2/7/2012 9:40:56 AM - System Checkpoint

RP453: 2/8/2012 11:14:06 AM - System Checkpoint

RP454: 2/9/2012 3:02:47 PM - System Checkpoint

RP455: 2/13/2012 10:24:33 AM - System Checkpoint

RP456: 2/14/2012 11:31:32 AM - System Checkpoint

RP457: 2/15/2012 12:21:09 PM - System Checkpoint

RP458: 2/16/2012 2:40:21 PM - System Checkpoint

RP459: 2/16/2012 4:28:26 PM - Software Distribution Service 3.0

RP460: 2/20/2012 9:27:55 AM - System Checkpoint

RP461: 2/21/2012 12:44:38 PM - System Checkpoint

RP462: 2/22/2012 1:52:40 PM - System Checkpoint

RP463: 2/24/2012 11:39:24 AM - System Checkpoint

RP464: 2/27/2012 9:26:37 AM - System Checkpoint

RP465: 2/28/2012 11:29:06 AM - System Checkpoint

RP466: 2/29/2012 1:14:28 PM - System Checkpoint

RP467: 3/5/2012 9:04:32 AM - Restore Operation

RP468: 3/5/2012 9:50:36 AM - Removed Symantec AntiVirus

RP469: 3/5/2012 9:50:39 AM - Removed Symantec AntiVirus

RP470: 3/5/2012 10:16:43 AM - Restore Operation

RP471: 3/5/2012 10:26:25 AM - Removed Symantec AntiVirus

RP472: 3/5/2012 10:37:35 AM - Removed Java 6 Update 16

RP473: 3/5/2012 10:37:51 AM - Installed Java 6 Update 31

RP474: 3/5/2012 10:42:35 AM - Software Distribution Service 3.0

RP475: 3/5/2012 11:54:24 AM - Removed Steam

RP476: 3/5/2012 2:58:07 PM - Software Distribution Service 3.0

RP477: 3/6/2012 4:41:58 PM - System Checkpoint

RP478: 3/6/2012 4:57:44 PM - Software Distribution Service 3.0

RP479: 3/7/2012 10:28:26 AM - Software Distribution Service 3.0

RP480: 3/7/2012 3:55:20 PM - Software Distribution Service 3.0

RP481: 3/8/2012 2:14:31 PM - Software Distribution Service 3.0

RP482: 3/8/2012 2:53:05 PM - Software Distribution Service 3.0

RP483: 3/8/2012 3:51:30 PM - Software Distribution Service 3.0

RP484: 3/9/2012 1:57:38 PM - Software Distribution Service 3.0

RP485: 3/12/2012 9:14:55 AM - Software Distribution Service 3.0

RP486: 3/12/2012 4:18:55 PM - Software Distribution Service 3.0

RP487: 3/13/2012 11:32:03 AM - Software Distribution Service 3.0

RP488: 3/13/2012 3:27:54 PM - Software Distribution Service 3.0

RP489: 3/14/2012 11:41:15 AM - Software Distribution Service 3.0

RP490: 3/14/2012 4:15:13 PM - Software Distribution Service 3.0

RP491: 3/15/2012 5:29:50 PM - System Checkpoint

RP492: 3/16/2012 3:00:15 AM - Software Distribution Service 3.0

RP493: 3/16/2012 3:31:00 AM - Software Distribution Service 3.0

RP494: 3/16/2012 2:13:25 PM - Software Distribution Service 3.0

RP495: 3/20/2012 10:44:41 AM - Software Distribution Service 3.0

RP496: 3/20/2012 10:54:12 AM - Software Distribution Service 3.0

RP497: 3/21/2012 12:14:50 PM - Software Distribution Service 3.0

RP498: 3/21/2012 12:28:14 PM - Software Distribution Service 3.0

RP499: 3/23/2012 1:37:32 PM - Software Distribution Service 3.0

RP500: 3/23/2012 1:48:31 PM - Software Distribution Service 3.0

RP501: 3/23/2012 4:18:36 PM - Software Distribution Service 3.0

RP502: 3/26/2012 8:59:09 AM - Software Distribution Service 3.0

RP503: 3/26/2012 9:08:35 AM - Software Distribution Service 3.0

RP504: 3/26/2012 5:41:25 PM - Software Distribution Service 3.0

RP505: 3/27/2012 12:40:48 PM - Software Distribution Service 3.0

RP506: 3/28/2012 11:12:26 AM - Software Distribution Service 3.0

RP507: 3/28/2012 4:26:59 PM - Software Distribution Service 3.0

RP508: 3/29/2012 10:32:17 AM - Software Distribution Service 3.0

RP509: 3/29/2012 10:41:48 AM - Software Distribution Service 3.0

RP510: 3/29/2012 4:32:03 PM - Software Distribution Service 3.0

RP511: 3/30/2012 10:03:14 AM - Software Distribution Service 3.0

RP512: 3/30/2012 3:13:17 PM - Software Distribution Service 3.0

RP513: 4/2/2012 9:28:18 AM - Software Distribution Service 3.0

RP514: 4/2/2012 9:39:07 AM - Software Distribution Service 3.0

RP515: 4/2/2012 9:42:08 AM - Software Distribution Service 3.0

RP516: 4/3/2012 11:32:26 AM - Software Distribution Service 3.0

RP517: 4/4/2012 11:26:39 AM - Software Distribution Service 3.0

RP518: 4/5/2012 3:51:59 PM - System Checkpoint

RP519: 4/6/2012 10:16:03 AM - Software Distribution Service 3.0

RP520: 4/9/2012 9:33:35 AM - Software Distribution Service 3.0

RP521: 4/10/2012 10:32:34 AM - Software Distribution Service 3.0

RP522: 4/11/2012 12:49:12 PM - Software Distribution Service 3.0

RP523: 4/12/2012 2:01:56 PM - System Checkpoint

RP524: 4/13/2012 10:28:12 AM - Software Distribution Service 3.0

RP525: 4/16/2012 9:13:23 AM - Software Distribution Service 3.0

RP526: 4/17/2012 9:20:06 AM - Software Distribution Service 3.0

RP527: 4/18/2012 11:25:52 AM - Software Distribution Service 3.0

RP528: 4/19/2012 11:53:15 AM - Software Distribution Service 3.0

RP529: 4/23/2012 10:31:25 AM - Software Distribution Service 3.0

RP530: 4/24/2012 10:35:32 AM - System Checkpoint

RP531: 4/25/2012 10:07:28 AM - Software Distribution Service 3.0

RP532: 4/26/2012 11:22:14 AM - System Checkpoint

RP533: 4/26/2012 2:45:37 PM - Software Distribution Service 3.0

RP534: 4/30/2012 9:26:46 AM - Software Distribution Service 3.0

RP535: 5/1/2012 9:30:39 AM - Software Distribution Service 3.0

RP536: 5/1/2012 4:50:47 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.1

Adobe Shockwave Player 11.6

ATI Catalyst Control Center

ATI Display Driver

Bing Bar

Bing Bar Platform

Bing Rewards Client Installer

Brava! Reader 7.0

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Localization All

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help English

CCC Help French

CCC Help German

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Portuguese

CCC Help Spanish

CCC Help Turkish

Coupon Printer for Windows

Dell Backup and Recovery Manager

Diagnostic Utility

FoxTab Video Converter (remove only)

Google Chrome

HijackThis 1.99.1

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB953955)

Hotfix for Windows XP (KB954434)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB958347)

Hotfix for Windows XP (KB959252)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB968764)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® Matrix Storage Manager

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Lexis® Front Office - Time Matters® 9.0 Enterprise

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Default Manager

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft XNA Framework Redistributable 4.0

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB927977)

OGA Notifier 2.0.0048.0

PowerDVD DX

Realtek High Definition Audio Driver

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE 10.3

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Skins

swMSM

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB898461)

Update for Windows XP (KB951618-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB976749)

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Presentation Foundation

WordPerfect Office 12

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

5/2/2012 9:16:57 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

5/2/2012 9:14:54 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

5/2/2012 9:14:54 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

5/2/2012 9:14:54 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/2/2012 9:14:54 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/2/2012 9:14:54 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

5/2/2012 9:13:54 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/2/2012 9:13:47 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

4/26/2012 2:35:11 PM, error: NETLOGON [5776] - Failed to create/open file \system32\config\netlogon.ftl with the following error: Access is denied.

.

==== End Of File ===========================

Link to post
Share on other sites

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:02:52 AM, on 5/2/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\administrator.BBSL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\administrator.BBSL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\administrator.BBSL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

I:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1

O2 - BHO: Time Matters - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\TMW9E\tmietb.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Time Matters - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\TMW9E\tmietb.dll

O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\administrator.BBSL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BBSL.com

O17 - HKLM\Software\..\Telephony: DomainName = BBSL.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E9DBFF8-C0C9-45D6-8C88-61E763BCE6C7}: NameServer = 192.168.1.2,192.168.1.3

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BBSL.com

O17 - HKLM\System\CS1\Services\Tcpip\..\{3E9DBFF8-C0C9-45D6-8C88-61E763BCE6C7}: NameServer = 192.168.1.2,192.168.1.3

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--

End of file - 7046 bytes

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

Link to post
Share on other sites

Here's the RogueKiller scan results:

RogueKiller V7.4.1 [05/02/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Administrator [Admin rights]

Mode: Scan -- Date: 05/02/2012 11:16:40

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1068413307-950957645-2907131760-500UA.job @ : C:\Documents and Settings\administrator.BBSL\Local -> FOUND

[sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1068413307-950957645-2907131760-500Core.job @ : C:\Documents and Settings\administrator.BBSL\Local -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAJS-75M0A0 +++++

--- User ---

[MBR] 5916a31665d12f8ada58cbb9e62d862c

[bSP] 57ebeff2313f991a6fe753b171cc7198 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 238377 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] e2935d6bdbdc7ff23ce24eaf685c13e0

[bSP] 57ebeff2313f991a6fe753b171cc7198 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 238377 Mo

2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 488279202 | Size: 0 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] e2935d6bdbdc7ff23ce24eaf685c13e0

[bSP] 57ebeff2313f991a6fe753b171cc7198 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 238377 Mo

2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 488279202 | Size: 0 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Thanks

Jeff

Link to post
Share on other sites

Please make sure system restore is running and create a new restore point before continuing.

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Looks like that did the trick. After the reboot, IE is working just fine.

Mr C - you are a saint!

THANKS!!!

Jeff

11:35:25.0333 2624 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

11:35:25.0646 2624 ============================================================

11:35:25.0646 2624 Current date / time: 2012/05/02 11:35:25.0646

11:35:25.0646 2624 SystemInfo:

11:35:25.0646 2624

11:35:25.0646 2624 OS Version: 5.1.2600 ServicePack: 3.0

11:35:25.0646 2624 Product type: Workstation

11:35:25.0646 2624 ComputerName: DECATUR2

11:35:25.0646 2624 UserName: Administrator

11:35:25.0646 2624 Windows directory: C:\WINDOWS

11:35:25.0646 2624 System windows directory: C:\WINDOWS

11:35:25.0646 2624 Processor architecture: Intel x86

11:35:25.0646 2624 Number of processors: 2

11:35:25.0646 2624 Page size: 0x1000

11:35:25.0646 2624 Boot type: Normal boot

11:35:25.0646 2624 ============================================================

11:35:27.0129 2624 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

11:35:27.0191 2624 ============================================================

11:35:27.0191 2624 \Device\Harddisk0\DR0:

11:35:27.0191 2624 MBR partitions:

11:35:27.0191 2624 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D194CA2

11:35:27.0191 2624 ============================================================

11:35:27.0222 2624 C: <-> \Device\Harddisk0\DR0\Partition0

11:35:27.0222 2624 ============================================================

11:35:27.0222 2624 Initialize success

11:35:27.0222 2624 ============================================================

11:36:25.0762 2916 ============================================================

11:36:25.0762 2916 Scan started

11:36:25.0762 2916 Mode: Manual; SigCheck; TDLFS;

11:36:25.0762 2916 ============================================================

11:36:26.0074 2916 Abiosdsk - ok

11:36:26.0105 2916 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

11:36:26.0261 2916 abp480n5 - ok

11:36:26.0277 2916 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:36:26.0355 2916 ACPI - ok

11:36:26.0355 2916 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

11:36:26.0417 2916 ACPIEC - ok

11:36:26.0449 2916 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

11:36:26.0464 2916 AdobeFlashPlayerUpdateSvc - ok

11:36:26.0495 2916 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

11:36:26.0558 2916 adpu160m - ok

11:36:26.0589 2916 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

11:36:26.0652 2916 aec - ok

11:36:26.0683 2916 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

11:36:26.0698 2916 AFD - ok

11:36:26.0714 2916 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

11:36:26.0776 2916 agp440 - ok

11:36:26.0776 2916 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

11:36:26.0839 2916 agpCPQ - ok

11:36:26.0839 2916 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

11:36:26.0870 2916 Aha154x - ok

11:36:26.0870 2916 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

11:36:26.0932 2916 aic78u2 - ok

11:36:26.0932 2916 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

11:36:26.0995 2916 aic78xx - ok

11:36:27.0026 2916 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

11:36:27.0089 2916 Alerter - ok

11:36:27.0120 2916 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

11:36:27.0167 2916 ALG - ok

11:36:27.0182 2916 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

11:36:27.0260 2916 AliIde - ok

11:36:27.0276 2916 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

11:36:27.0370 2916 alim1541 - ok

11:36:27.0370 2916 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

11:36:27.0463 2916 amdagp - ok

11:36:27.0479 2916 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

11:36:27.0526 2916 amsint - ok

11:36:27.0573 2916 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

11:36:27.0604 2916 AppMgmt - ok

11:36:27.0619 2916 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

11:36:27.0729 2916 asc - ok

11:36:27.0729 2916 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

11:36:27.0760 2916 asc3350p - ok

11:36:27.0775 2916 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

11:36:27.0854 2916 asc3550 - ok

11:36:27.0932 2916 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

11:36:27.0947 2916 aspnet_state - ok

11:36:27.0978 2916 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:36:28.0088 2916 AsyncMac - ok

11:36:28.0119 2916 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

11:36:28.0213 2916 atapi - ok

11:36:28.0213 2916 Atdisk - ok

11:36:28.0259 2916 Ati HotKey Poller (9967166608694dc884d69cbb612ba3a3) C:\WINDOWS\system32\Ati2evxx.exe

11:36:28.0337 2916 Ati HotKey Poller - ok

11:36:28.0525 2916 ati2mtag (79e69e18960e8013840af2681c5e77ab) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

11:36:28.0634 2916 ati2mtag - ok

11:36:28.0728 2916 AtiHdmiService (d9bc8892b9440a2551b8148c57aa039e) C:\WINDOWS\system32\drivers\AtiHdmi.sys

11:36:28.0759 2916 AtiHdmiService - ok

11:36:28.0790 2916 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:36:28.0915 2916 Atmarpc - ok

11:36:28.0946 2916 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

11:36:29.0056 2916 AudioSrv - ok

11:36:29.0071 2916 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

11:36:29.0165 2916 audstub - ok

11:36:29.0180 2916 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

11:36:29.0290 2916 Beep - ok

11:36:29.0337 2916 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

11:36:29.0446 2916 BITS - ok

11:36:29.0446 2916 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

11:36:29.0508 2916 Browser - ok

11:36:29.0539 2916 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

11:36:29.0586 2916 cbidf - ok

11:36:29.0586 2916 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

11:36:29.0649 2916 cbidf2k - ok

11:36:29.0649 2916 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

11:36:29.0680 2916 cd20xrnt - ok

11:36:29.0696 2916 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

11:36:29.0742 2916 Cdaudio - ok

11:36:29.0758 2916 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

11:36:29.0820 2916 Cdfs - ok

11:36:29.0836 2916 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:36:29.0867 2916 Cdrom - ok

11:36:29.0867 2916 Changer - ok

11:36:29.0898 2916 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

11:36:29.0945 2916 CiSvc - ok

11:36:29.0977 2916 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

11:36:30.0055 2916 ClipSrv - ok

11:36:30.0117 2916 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:36:30.0164 2916 clr_optimization_v2.0.50727_32 - ok

11:36:30.0195 2916 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:36:30.0226 2916 clr_optimization_v4.0.30319_32 - ok

11:36:30.0242 2916 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

11:36:30.0320 2916 CmdIde - ok

11:36:30.0320 2916 COMSysApp - ok

11:36:30.0336 2916 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

11:36:30.0414 2916 Cpqarray - ok

11:36:30.0460 2916 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

11:36:30.0539 2916 CryptSvc - ok

11:36:30.0539 2916 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

11:36:30.0663 2916 dac2w2k - ok

11:36:30.0663 2916 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

11:36:30.0741 2916 dac960nt - ok

11:36:30.0773 2916 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

11:36:30.0804 2916 DcomLaunch - ok

11:36:30.0835 2916 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

11:36:30.0898 2916 Dhcp - ok

11:36:30.0913 2916 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

11:36:30.0976 2916 Disk - ok

11:36:30.0976 2916 dmadmin - ok

11:36:31.0038 2916 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

11:36:31.0100 2916 dmboot - ok

11:36:31.0116 2916 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

11:36:31.0163 2916 dmio - ok

11:36:31.0179 2916 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

11:36:31.0225 2916 dmload - ok

11:36:31.0241 2916 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

11:36:31.0319 2916 dmserver - ok

11:36:31.0350 2916 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

11:36:31.0428 2916 DMusic - ok

11:36:31.0460 2916 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

11:36:31.0475 2916 Dnscache - ok

11:36:31.0506 2916 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

11:36:31.0600 2916 Dot3svc - ok

11:36:31.0631 2916 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

11:36:31.0694 2916 dpti2o - ok

11:36:31.0725 2916 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

11:36:31.0787 2916 drmkaud - ok

11:36:31.0819 2916 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

11:36:31.0897 2916 EapHost - ok

11:36:31.0912 2916 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

11:36:31.0990 2916 ERSvc - ok

11:36:32.0022 2916 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

11:36:32.0037 2916 Eventlog - ok

11:36:32.0068 2916 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

11:36:32.0068 2916 EventSystem - ok

11:36:32.0084 2916 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

11:36:32.0146 2916 Fastfat - ok

11:36:32.0209 2916 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

11:36:32.0240 2916 FastUserSwitchingCompatibility - ok

11:36:32.0256 2916 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

11:36:32.0318 2916 Fax - ok

11:36:32.0334 2916 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

11:36:32.0396 2916 Fdc - ok

11:36:32.0427 2916 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

11:36:32.0474 2916 Fips - ok

11:36:32.0490 2916 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

11:36:32.0568 2916 Flpydisk - ok

11:36:32.0583 2916 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

11:36:32.0677 2916 FltMgr - ok

11:36:32.0771 2916 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

11:36:32.0786 2916 FontCache3.0.0.0 - ok

11:36:32.0786 2916 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:36:32.0864 2916 Fs_Rec - ok

11:36:32.0880 2916 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:36:32.0943 2916 Ftdisk - ok

11:36:32.0958 2916 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:36:33.0021 2916 Gpc - ok

11:36:33.0052 2916 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

11:36:33.0114 2916 HDAudBus - ok

11:36:33.0145 2916 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

11:36:33.0224 2916 helpsvc - ok

11:36:33.0255 2916 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

11:36:33.0333 2916 HidServ - ok

11:36:33.0348 2916 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

11:36:33.0395 2916 hidusb - ok

11:36:33.0426 2916 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

11:36:33.0505 2916 hkmsvc - ok

11:36:33.0520 2916 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

11:36:33.0583 2916 hpn - ok

11:36:33.0614 2916 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

11:36:33.0614 2916 HTTP - ok

11:36:33.0661 2916 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

11:36:33.0739 2916 HTTPFilter - ok

11:36:33.0754 2916 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

11:36:33.0817 2916 i2omgmt - ok

11:36:33.0832 2916 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

11:36:33.0895 2916 i2omp - ok

11:36:33.0973 2916 IAANTMON (52e8a3cc8269adb27d25182284c5e650) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

11:36:34.0035 2916 IAANTMON - ok

11:36:34.0082 2916 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys

11:36:34.0098 2916 iaStor - ok

11:36:34.0207 2916 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

11:36:34.0269 2916 idsvc - ok

11:36:34.0301 2916 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

11:36:34.0410 2916 Imapi - ok

11:36:34.0441 2916 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

11:36:34.0566 2916 ImapiService - ok

11:36:34.0582 2916 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

11:36:34.0691 2916 ini910u - ok

11:36:34.0941 2916 IntcAzAudAddService (5c8f36cdcb489111b24003af4dfe1fdc) C:\WINDOWS\system32\drivers\RtkHDAud.sys

11:36:35.0112 2916 IntcAzAudAddService - ok

11:36:35.0206 2916 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

11:36:35.0315 2916 IntelIde - ok

11:36:35.0331 2916 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

11:36:35.0440 2916 intelppm - ok

11:36:35.0456 2916 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

11:36:35.0581 2916 Ip6Fw - ok

11:36:35.0612 2916 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

11:36:35.0737 2916 IpFilterDriver - ok

11:36:35.0768 2916 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

11:36:35.0862 2916 IpInIp - ok

11:36:35.0893 2916 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:36:36.0018 2916 IpNat - ok

11:36:36.0049 2916 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:36:36.0143 2916 IPSec - ok

11:36:36.0174 2916 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

11:36:36.0236 2916 IRENUM - ok

11:36:36.0268 2916 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:36:36.0377 2916 isapnp - ok

11:36:36.0439 2916 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe

11:36:36.0455 2916 JavaQuickStarterService - ok

11:36:36.0455 2916 JRAID (b07084095f8c03aadb9811c9df14b5e4) C:\WINDOWS\system32\DRIVERS\jraid.sys

11:36:36.0486 2916 JRAID - ok

11:36:36.0517 2916 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:36:36.0627 2916 Kbdclass - ok

11:36:36.0642 2916 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

11:36:36.0736 2916 kbdhid - ok

11:36:36.0767 2916 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

11:36:36.0876 2916 kmixer - ok

11:36:36.0908 2916 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

11:36:36.0908 2916 KSecDD - ok

11:36:36.0939 2916 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

11:36:36.0970 2916 LanmanServer - ok

11:36:37.0001 2916 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

11:36:37.0017 2916 lanmanworkstation - ok

11:36:37.0017 2916 lbrtfdc - ok

11:36:37.0064 2916 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

11:36:37.0173 2916 LmHosts - ok

11:36:37.0189 2916 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

11:36:37.0204 2916 MBAMProtector - ok

11:36:37.0267 2916 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

11:36:37.0282 2916 MBAMService - ok

11:36:37.0313 2916 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

11:36:37.0423 2916 Messenger - ok

11:36:37.0438 2916 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

11:36:37.0501 2916 mnmdd - ok

11:36:37.0532 2916 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

11:36:37.0594 2916 mnmsrvc - ok

11:36:37.0594 2916 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

11:36:37.0673 2916 Modem - ok

11:36:37.0688 2916 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:36:37.0751 2916 Mouclass - ok

11:36:37.0766 2916 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

11:36:37.0829 2916 mouhid - ok

11:36:37.0844 2916 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

11:36:37.0922 2916 MountMgr - ok

11:36:37.0954 2916 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

11:36:37.0985 2916 MpFilter - ok

11:36:38.0063 2916 MpKsl58cf220b (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4364CA6D-6512-4DDE-842D-C6A8B18BBD25}\MpKsl58cf220b.sys

11:36:38.0063 2916 MpKsl58cf220b - ok

11:36:38.0094 2916 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

11:36:38.0156 2916 mraid35x - ok

11:36:38.0188 2916 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:36:38.0266 2916 MRxDAV - ok

11:36:38.0297 2916 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:36:38.0344 2916 MRxSmb - ok

11:36:38.0375 2916 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

11:36:38.0453 2916 MSDTC - ok

11:36:38.0453 2916 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

11:36:38.0547 2916 Msfs - ok

11:36:38.0547 2916 MSIServer - ok

11:36:38.0609 2916 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:36:38.0718 2916 MSKSSRV - ok

11:36:38.0781 2916 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe

11:36:38.0796 2916 MsMpSvc - ok

11:36:38.0843 2916 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:36:38.0937 2916 MSPCLOCK - ok

11:36:38.0937 2916 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

11:36:39.0062 2916 MSPQM - ok

11:36:39.0077 2916 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:36:39.0187 2916 mssmbios - ok

11:36:39.0218 2916 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

11:36:39.0234 2916 Mup - ok

11:36:39.0296 2916 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

11:36:39.0421 2916 napagent - ok

11:36:39.0452 2916 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

11:36:39.0546 2916 NDIS - ok

11:36:39.0593 2916 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:36:39.0593 2916 NdisTapi - ok

11:36:39.0608 2916 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:36:39.0717 2916 Ndisuio - ok

11:36:39.0733 2916 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:36:39.0842 2916 NdisWan - ok

11:36:39.0874 2916 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

11:36:39.0889 2916 NDProxy - ok

11:36:39.0889 2916 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

11:36:39.0998 2916 NetBIOS - ok

11:36:40.0014 2916 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

11:36:40.0139 2916 NetBT - ok

11:36:40.0155 2916 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

11:36:40.0233 2916 NetDDE - ok

11:36:40.0248 2916 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

11:36:40.0295 2916 NetDDEdsdm - ok

11:36:40.0326 2916 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

11:36:40.0389 2916 Netlogon - ok

11:36:40.0404 2916 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

11:36:40.0482 2916 Netman - ok

11:36:40.0545 2916 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

11:36:40.0560 2916 NetTcpPortSharing - ok

11:36:40.0592 2916 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

11:36:40.0607 2916 Nla - ok

11:36:40.0623 2916 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

11:36:40.0685 2916 Npfs - ok

11:36:40.0717 2916 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

11:36:40.0779 2916 Ntfs - ok

11:36:40.0779 2916 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

11:36:40.0841 2916 NtLmSsp - ok

11:36:40.0888 2916 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

11:36:40.0951 2916 NtmsSvc - ok

11:36:40.0966 2916 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

11:36:41.0029 2916 Null - ok

11:36:41.0060 2916 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

11:36:41.0154 2916 NwlnkFlt - ok

11:36:41.0169 2916 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

11:36:41.0247 2916 NwlnkFwd - ok

11:36:41.0341 2916 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

11:36:41.0372 2916 odserv - ok

11:36:41.0403 2916 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:36:41.0403 2916 ose - ok

11:36:41.0435 2916 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

11:36:41.0513 2916 Parport - ok

11:36:41.0528 2916 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

11:36:41.0591 2916 PartMgr - ok

11:36:41.0591 2916 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

11:36:41.0653 2916 ParVdm - ok

11:36:41.0684 2916 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

11:36:41.0747 2916 PCI - ok

11:36:41.0747 2916 PCIDump - ok

11:36:41.0762 2916 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

11:36:41.0809 2916 PCIIde - ok

11:36:41.0825 2916 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

11:36:41.0872 2916 Pcmcia - ok

11:36:41.0872 2916 PDCOMP - ok

11:36:41.0887 2916 PDFRAME - ok

11:36:41.0887 2916 PDRELI - ok

11:36:41.0887 2916 PDRFRAME - ok

11:36:41.0903 2916 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

11:36:41.0965 2916 perc2 - ok

11:36:41.0965 2916 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

11:36:42.0012 2916 perc2hib - ok

11:36:42.0059 2916 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

11:36:42.0075 2916 PlugPlay - ok

11:36:42.0106 2916 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

11:36:42.0168 2916 PolicyAgent - ok

11:36:42.0184 2916 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:36:42.0262 2916 PptpMiniport - ok

11:36:42.0262 2916 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

11:36:42.0309 2916 ProtectedStorage - ok

11:36:42.0324 2916 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

11:36:42.0371 2916 PSched - ok

11:36:42.0387 2916 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:36:42.0449 2916 Ptilink - ok

11:36:42.0481 2916 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys

11:36:42.0481 2916 PxHelp20 - ok

11:36:42.0496 2916 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

11:36:42.0559 2916 ql1080 - ok

11:36:42.0559 2916 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

11:36:42.0621 2916 Ql10wnt - ok

11:36:42.0637 2916 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

11:36:42.0699 2916 ql12160 - ok

11:36:42.0699 2916 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

11:36:42.0762 2916 ql1240 - ok

11:36:42.0793 2916 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

11:36:42.0840 2916 ql1280 - ok

11:36:42.0855 2916 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:36:42.0902 2916 RasAcd - ok

11:36:42.0949 2916 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

11:36:43.0027 2916 RasAuto - ok

11:36:43.0058 2916 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:36:43.0105 2916 Rasl2tp - ok

11:36:43.0121 2916 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

11:36:43.0199 2916 RasMan - ok

11:36:43.0199 2916 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:36:43.0261 2916 RasPppoe - ok

11:36:43.0261 2916 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

11:36:43.0324 2916 Raspti - ok

11:36:43.0370 2916 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:36:43.0433 2916 Rdbss - ok

11:36:43.0448 2916 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:36:43.0511 2916 RDPCDD - ok

11:36:43.0526 2916 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

11:36:43.0573 2916 rdpdr - ok

11:36:43.0605 2916 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

11:36:43.0620 2916 RDPWD - ok

11:36:43.0651 2916 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

11:36:43.0745 2916 RDSessMgr - ok

11:36:43.0761 2916 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

11:36:43.0823 2916 redbook - ok

11:36:43.0839 2916 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

11:36:43.0901 2916 RemoteAccess - ok

11:36:43.0932 2916 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

11:36:43.0995 2916 RemoteRegistry - ok

11:36:44.0026 2916 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

11:36:44.0088 2916 RpcLocator - ok

11:36:44.0120 2916 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

11:36:44.0135 2916 RpcSs - ok

11:36:44.0166 2916 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

11:36:44.0213 2916 RSVP - ok

11:36:44.0260 2916 RTLE8023xp (e47c52f0380f0950e2bc9f1bcdc0de9b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

11:36:44.0307 2916 RTLE8023xp - ok

11:36:44.0338 2916 RTLTEAMING (9f6b9f66223b1265ed66d005d93e539d) C:\WINDOWS\system32\DRIVERS\RTLTEAMING.SYS

11:36:44.0338 2916 RTLTEAMING ( UnsignedFile.Multi.Generic ) - warning

11:36:44.0338 2916 RTLTEAMING - detected UnsignedFile.Multi.Generic (1)

11:36:44.0354 2916 RTLVLAN (6ec43dc18746bb9b6ddec4c99b15b6fc) C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS

11:36:44.0354 2916 RTLVLAN ( UnsignedFile.Multi.Generic ) - warning

11:36:44.0354 2916 RTLVLAN - detected UnsignedFile.Multi.Generic (1)

11:36:44.0385 2916 RtNdPt5x (5ffd2aaf467b80fab34929afb7702060) C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys

11:36:44.0401 2916 RtNdPt5x - ok

11:36:44.0432 2916 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

11:36:44.0479 2916 SamSs - ok

11:36:44.0510 2916 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

11:36:44.0588 2916 SCardSvr - ok

11:36:44.0619 2916 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

11:36:44.0682 2916 Schedule - ok

11:36:44.0744 2916 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

11:36:44.0760 2916 SeaPort - ok

11:36:44.0791 2916 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:36:44.0838 2916 Secdrv - ok

11:36:44.0853 2916 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

11:36:44.0916 2916 seclogon - ok

11:36:44.0931 2916 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

11:36:44.0994 2916 SENS - ok

11:36:45.0009 2916 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

11:36:45.0072 2916 Serenum - ok

11:36:45.0088 2916 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

11:36:45.0150 2916 Serial - ok

11:36:45.0166 2916 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

11:36:45.0244 2916 Sfloppy - ok

11:36:45.0275 2916 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

11:36:45.0337 2916 SharedAccess - ok

11:36:45.0368 2916 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

11:36:45.0368 2916 ShellHWDetection - ok

11:36:45.0368 2916 Simbad - ok

11:36:45.0384 2916 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

11:36:45.0447 2916 sisagp - ok

11:36:45.0478 2916 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

11:36:45.0509 2916 Sparrow - ok

11:36:45.0525 2916 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

11:36:45.0587 2916 splitter - ok

11:36:45.0618 2916 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

11:36:45.0634 2916 Spooler - ok

11:36:45.0649 2916 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

11:36:45.0696 2916 sr - ok

11:36:45.0712 2916 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

11:36:45.0743 2916 srservice - ok

11:36:45.0774 2916 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

11:36:45.0790 2916 Srv - ok

11:36:45.0806 2916 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

11:36:45.0852 2916 SSDPSRV - ok

11:36:45.0884 2916 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

11:36:45.0962 2916 stisvc - ok

11:36:46.0024 2916 stllssvr (e476c66713c842f58e61a95826ed1d57) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

11:36:46.0024 2916 stllssvr - ok

11:36:46.0071 2916 svobmu (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\hrvuegdv.sys

11:36:46.0087 2916 svobmu ( UnsignedFile.Multi.Generic ) - warning

11:36:46.0087 2916 svobmu - detected UnsignedFile.Multi.Generic (1)

11:36:46.0102 2916 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

11:36:46.0165 2916 swenum - ok

11:36:46.0211 2916 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

11:36:46.0274 2916 swmidi - ok

11:36:46.0274 2916 SwPrv - ok

11:36:46.0290 2916 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

11:36:46.0352 2916 symc810 - ok

11:36:46.0383 2916 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

11:36:46.0446 2916 symc8xx - ok

11:36:46.0446 2916 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

11:36:46.0508 2916 sym_hi - ok

11:36:46.0508 2916 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

11:36:46.0555 2916 sym_u3 - ok

11:36:46.0586 2916 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

11:36:46.0649 2916 sysaudio - ok

11:36:46.0695 2916 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

11:36:46.0742 2916 SysmonLog - ok

11:36:46.0789 2916 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

11:36:46.0851 2916 TapiSrv - ok

11:36:46.0867 2916 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

11:36:46.0883 2916 Tcpip - ok

11:36:46.0883 2916 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

11:36:46.0961 2916 TDPIPE - ok

11:36:46.0992 2916 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

11:36:47.0070 2916 TDTCP - ok

11:36:47.0086 2916 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

11:36:47.0179 2916 TermDD - ok

11:36:47.0195 2916 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

11:36:47.0273 2916 TermService - ok

11:36:47.0304 2916 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

11:36:47.0335 2916 Themes - ok

11:36:47.0367 2916 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

11:36:47.0398 2916 TlntSvr - ok

11:36:47.0429 2916 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

11:36:47.0507 2916 TosIde - ok

11:36:47.0523 2916 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

11:36:47.0601 2916 TrkWks - ok

11:36:47.0616 2916 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

11:36:47.0710 2916 Udfs - ok

11:36:47.0741 2916 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

11:36:47.0788 2916 ultra - ok

11:36:47.0819 2916 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

11:36:47.0913 2916 Update - ok

11:36:47.0960 2916 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

11:36:48.0007 2916 upnphost - ok

11:36:48.0069 2916 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

11:36:48.0178 2916 UPS - ok

11:36:48.0210 2916 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

11:36:48.0334 2916 usbccgp - ok

11:36:48.0366 2916 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:36:48.0366 2916 usbehci - ok

11:36:48.0381 2916 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:36:48.0491 2916 usbhub - ok

11:36:48.0506 2916 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

11:36:48.0615 2916 usbprint - ok

11:36:48.0662 2916 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

11:36:48.0787 2916 usbscan - ok

11:36:48.0787 2916 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:36:48.0865 2916 USBSTOR - ok

11:36:48.0881 2916 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

11:36:48.0928 2916 usbuhci - ok

11:36:48.0943 2916 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

11:36:49.0006 2916 VgaSave - ok

11:36:49.0037 2916 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

11:36:49.0099 2916 viaagp - ok

11:36:49.0115 2916 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

11:36:49.0162 2916 ViaIde - ok

11:36:49.0193 2916 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

11:36:49.0256 2916 VolSnap - ok

11:36:49.0302 2916 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

11:36:49.0334 2916 VSS - ok

11:36:49.0365 2916 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

11:36:49.0427 2916 w32time - ok

11:36:49.0443 2916 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:36:49.0505 2916 Wanarp - ok

11:36:49.0505 2916 WDICA - ok

11:36:49.0537 2916 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

11:36:49.0630 2916 wdmaud - ok

11:36:49.0646 2916 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

11:36:49.0708 2916 WebClient - ok

11:36:49.0771 2916 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

11:36:49.0849 2916 winmgmt - ok

11:36:49.0880 2916 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll

11:36:49.0958 2916 WmdmPmSN - ok

11:36:50.0020 2916 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

11:36:50.0036 2916 Wmi - ok

11:36:50.0083 2916 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

11:36:50.0177 2916 WmiApSrv - ok

11:36:50.0286 2916 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

11:36:50.0317 2916 WPFFontCache_v0400 - ok

11:36:50.0379 2916 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

11:36:50.0504 2916 WS2IFSL - ok

11:36:50.0536 2916 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

11:36:50.0614 2916 wscsvc - ok

11:36:50.0629 2916 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

11:36:50.0692 2916 wuauserv - ok

11:36:50.0707 2916 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

11:36:50.0801 2916 WZCSVC - ok

11:36:50.0832 2916 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

11:36:50.0895 2916 xmlprov - ok

11:36:50.0926 2916 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

11:36:50.0941 2916 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected

11:36:50.0941 2916 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)

11:36:50.0973 2916 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

11:36:50.0973 2916 \Device\Harddisk0\DR0 - detected TDSS File System (1)

11:36:51.0004 2916 Boot (0x1200) (b946d01acc7491a986d0843c7017c438) \Device\Harddisk0\DR0\Partition0

11:36:51.0004 2916 \Device\Harddisk0\DR0\Partition0 - ok

11:36:51.0004 2916 ============================================================

11:36:51.0004 2916 Scan finished

11:36:51.0004 2916 ============================================================

11:36:51.0129 3428 Detected object count: 5

11:36:51.0129 3428 Actual detected object count: 5

11:40:31.0690 3428 RTLTEAMING ( UnsignedFile.Multi.Generic ) - skipped by user

11:40:31.0690 3428 RTLTEAMING ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:40:31.0690 3428 RTLVLAN ( UnsignedFile.Multi.Generic ) - skipped by user

11:40:31.0690 3428 RTLVLAN ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:40:31.0690 3428 svobmu ( UnsignedFile.Multi.Generic ) - skipped by user

11:40:31.0690 3428 svobmu ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:40:31.0736 3428 \Device\Harddisk0\DR0\# - copied to quarantine

11:40:31.0752 3428 \Device\Harddisk0\DR0 - copied to quarantine

11:40:31.0783 3428 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine

11:40:31.0799 3428 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine

11:40:31.0814 3428 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine

11:40:31.0814 3428 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine

11:40:31.0814 3428 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine

11:40:31.0861 3428 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine

11:40:31.0986 3428 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine

11:40:32.0095 3428 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine

11:40:32.0173 3428 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine

11:40:32.0236 3428 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

11:40:32.0408 3428 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

11:40:32.0501 3428 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

11:40:32.0532 3428 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

11:40:32.0579 3428 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine

11:40:32.0579 3428 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine

11:40:32.0579 3428 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine

11:40:32.0595 3428 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine

11:40:32.0626 3428 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine

11:40:32.0735 3428 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine

11:40:32.0845 3428 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine

11:40:32.0923 3428 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine

11:40:33.0094 3428 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine

11:40:33.0157 3428 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot

11:40:33.0157 3428 \Device\Harddisk0\DR0 - ok

11:40:33.0235 3428 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure

11:40:33.0235 3428 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine

11:40:33.0251 3428 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine

11:40:33.0251 3428 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine

11:40:33.0251 3428 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine

11:40:33.0251 3428 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine

11:40:33.0251 3428 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine

11:40:33.0266 3428 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine

11:40:33.0297 3428 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine

11:40:33.0297 3428 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine

11:40:33.0360 3428 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

11:40:33.0438 3428 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

11:40:33.0469 3428 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

11:40:33.0469 3428 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

11:40:33.0500 3428 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine

11:40:33.0500 3428 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine

11:40:33.0500 3428 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine

11:40:33.0500 3428 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine

11:40:33.0516 3428 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine

11:40:33.0547 3428 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine

11:40:33.0594 3428 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine

11:40:33.0641 3428 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine

11:40:33.0781 3428 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine

11:40:33.0797 3428 \Device\Harddisk0\DR0\TDLFS - deleted

11:40:33.0797 3428 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

11:41:34.0412 3188 Deinitialize success

Link to post
Share on other sites

Well RogueKiller spotted it:

¤¤¤ Infection : Root.MBR ¤¤¤

----------------------------------

We're not done yet, we have to run another scan.......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Roger that. Thanks.

Here's the ComboFix log:

ComboFix 12-05-02.03 - Administrator 05/02/2012 14:51:21.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2402 [GMT -5:00]

Running from: c:\documents and settings\administrator.BBSL\My Documents\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\ron\g2mdlhlpx.exe

.

c:\windows\system32\drivers\i8042prt.sys . . . is missing!!

.

.

((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))

.

.

2012-05-02 16:40 . 2012-05-02 16:40 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-02 14:22 . 2012-05-02 14:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2012-05-02 14:22 . 2012-05-02 14:22 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2012-05-01 21:51 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4364CA6D-6512-4DDE-842D-C6A8B18BBD25}\mpengine.dll

2012-04-24 15:03 . 2012-04-24 15:03 -------- d-----w- c:\documents and settings\ron\Application Data\Malwarebytes

2012-04-13 19:15 . 2012-04-13 19:15 4126368 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-13 19:15 . 2012-03-29 15:34 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-13 19:15 . 2011-05-23 13:54 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-13 07:36 . 2012-03-07 16:28 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-04-04 20:56 . 2012-03-05 17:00 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-28 18:33 . 2012-03-28 18:33 230808 ----a-r- c:\windows\system32\cpnprt2.cid

2012-03-21 01:44 . 2011-04-18 19:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-12 14:06 . 2012-03-05 21:04 7284 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-03-05 16:37 . 2012-03-05 16:38 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-03-05 16:37 . 2010-05-27 15:19 472808 ----a-w- c:\windows\system32\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-14 61440]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1068413307-950957645-2907131760-1119\Scripts\Logon\0\0]

"Script"=Map TM9

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1068413307-950957645-2907131760-1121\Scripts\Logon\0\0]

"Script"=Map TM9

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1068413307-950957645-2907131760-1139\Scripts\Logon\0\0]

"Script"=Map TM9

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1068413307-950957645-2907131760-500\Scripts\Logon\0\0]

"Script"=Map TM9

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/5/2012 12:00 PM 654408]

R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [11/15/2009 9:43 PM 22016]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/5/2012 12:00 PM 22344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/29/2012 10:34 AM 253088]

S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [11/15/2009 9:43 PM 28800]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [11/15/2009 9:43 PM 17536]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:15]

.

2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1068413307-950957645-2907131760-1121Core.job

- c:\documents and settings\james\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-26 20:02]

.

2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1068413307-950957645-2907131760-1121UA.job

- c:\documents and settings\james\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-26 20:02]

.

2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1068413307-950957645-2907131760-500Core.job

- c:\documents and settings\administrator.BBSL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-12 19:23]

.

2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1068413307-950957645-2907131760-500UA.job

- c:\documents and settings\administrator.BBSL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-12 19:23]

.

2012-05-02 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{3E9DBFF8-C0C9-45D6-8C88-61E763BCE6C7}: NameServer = 192.168.1.2,192.168.1.3

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Notify-NavLogon - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-02 14:55

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1068413307-950957645-2907131760-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,d6,6c,ae,0f,a6,ea,48,92,72,7b,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,d6,6c,ae,0f,a6,ea,48,92,72,7b,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,d6,6c,ae,0f,a6,ea,48,92,72,7b,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,d6,6c,ae,0f,a6,ea,48,92,72,7b,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,d6,6c,ae,0f,a6,ea,48,92,72,7b,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(768)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2012-05-02 14:56:00

ComboFix-quarantined-files.txt 2012-05-02 19:55

.

Pre-Run: 221,073,264,640 bytes free

Post-Run: 221,765,988,352 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 7366BC10626F3FCEAA199544BD929FC1

Link to post
Share on other sites

OK, you're missing one file ---> i8042prt.sys

Lets see if we can find a copy on the machine:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :Filefind
    i8042prt.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites

We're done.... :)

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.