Jump to content

svchost.exe malware or trojan


Recommended Posts

My system has been running VERY slowly lately, and I noticed when I checked the task manager, it almost always shows "svchost.exe" with a very high usage.

Any help would be greatly appreciated- I scanned with MBAM and MS Security essentials, and it always come back with nothing found.

Here are the logs as requested in the FAQ:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by raleigh at 10:26:52 on 2012-08-22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1078 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Southwest Airlines\Ding\Ding.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\logitech\quickcam\lu\lulnchr.exe

c:\program files\logitech\quickcam\lu\LogitechUpdate.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1212586949&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\raleigh\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [screwDrivers RDP Plugin] c:\program files\tricerat\simplify printing\screwdrivers client v4\install_rdp.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAC0ATgBLAFQANgAyAC0AVAAwAFQAMABXAC0ARwA0ADkAOQBBAC0ATABaAEIARABRAC0AOAA2AE4AVABRAA"&"inst=NwA2AC0ANQAwADQAMgA1ADAAMgA3ADcALQBCADEALQBVADkAMAArADEALQBYAE8AMwA2ACsAMQAtAFMAVAAxACsAMgAtAFQAQgA5ACsAMgAtAE4AMQBEACsAMQAtAFAATAArADkALQBDAEkAQQA5ADAAKwAyAA"&"prod=92"&"ver=9.0.894

StartupFolder: c:\docume~1\raleigh\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe

StartupFolder: c:\docume~1\raleigh\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: car-part.com\appcgi

Trusted Zone: minutemanintl.com\www

DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll

DPF: {03A89EFD-E023-B000-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInst11.dll

DPF: {03A89EFD-E023-B100-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInst11.dll

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343849569812

DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} - hxxp://apps.chicago.auctionsolutions.com/4.2/install/isetupml.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{944D7615-AF0D-4A3E-8EA1-B969700F61B0} : DhcpNameServer = 192.168.0.1

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\raleigh\application data\mozilla\firefox\profiles\hvldi4b0.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - www.hotmail.com

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c63e952&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - plugin: c:\documents and settings\raleigh\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\npjpi160_31.dll

FF - plugin: c:\program files\java\jre6\bin\npoji610.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbasic.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]

R1 MpKsl87bf129e;MpKsl87bf129e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4aac47b-0e3e-4b7c-a2c4-fcae8aff1398}\MpKsl87bf129e.sys [2012-8-22 29904]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-12-29 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-5 47640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-28 22344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]

S2 netlimiter;netlimiter;\??\c:\windows\system32\drivers\netlimiter.sys --> c:\windows\system32\drivers\netlimiter.sys [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-17 250056]

S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [2007-10-17 58352]

S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [2007-10-17 8304]

S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [2007-10-17 93904]

S3 cmo_serd;Data Modem @ CDMA Diagnostic Serial Port (WDM);c:\windows\system32\drivers\cmo_serd.sys [2007-10-17 73696]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2012-08-22 12:49:38 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4aac47b-0e3e-4b7c-a2c4-fcae8aff1398}\MpKsl87bf129e.sys

2012-08-21 20:45:59 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan

2012-08-21 20:45:51 -------- d-----w- c:\program files\Security Task Manager

2012-08-21 20:44:42 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4aac47b-0e3e-4b7c-a2c4-fcae8aff1398}\offreg.dll

2012-08-21 20:14:13 7023536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4aac47b-0e3e-4b7c-a2c4-fcae8aff1398}\mpengine.dll

2012-08-16 20:35:03 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-08-09 18:11:00 -------- d-----w- c:\documents and settings\all users\application data\Brother

2012-08-06 13:20:29 -------- d--h--w- c:\windows\PIF

2012-08-02 18:21:19 -------- d-----w- c:\documents and settings\raleigh\local settings\application data\LogMeIn Rescue Applet

2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-08-15 01:07:16 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-15 01:07:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-07 00:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD800JD-22MSA1 rev.10.01E01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x898624B1]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8986993c]; MOV EAX, [0x89869ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\Harddisk0\DR0[0x8A40BAB8]

3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\00000064[0x8A42BAC8]

5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EE140] -> [0x8A3DC940]

\Driver\atapi[0x89C54998] -> IRP_MJ_CREATE -> 0x898624B1

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x898622E2

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 10:29:43.67 ===============

and attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/16/2007 5:17:02 PM

System Uptime: 8/22/2012 8:45:56 AM (2 hours ago)

.

Motherboard: Acer | | F671CR

Processor: Intel Pentium II processor | Socket 775 | 1600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 44.232 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}

Description: USB Mass Storage Device

Device ID: USB\VID_04B8&PID_0838&MI_02\6&19660D7B&0&0002

Manufacturer: Compatible USB storage device

Name: USB Mass Storage Device

PNP Device ID: USB\VID_04B8&PID_0838&MI_02\6&19660D7B&0&0002

Service: USBSTOR

.

==== System Restore Points ===================

.

RP1791: 6/11/2012 2:21:19 AM - System Checkpoint

RP1792: 6/11/2012 3:28:01 AM - Software Distribution Service 3.0

RP1793: 6/12/2012 3:28:14 AM - Software Distribution Service 3.0

RP1794: 6/13/2012 3:00:28 AM - Software Distribution Service 3.0

RP1795: 6/13/2012 3:55:50 AM - Software Distribution Service 3.0

RP1796: 6/14/2012 3:56:04 AM - Software Distribution Service 3.0

RP1797: 6/15/2012 4:21:13 AM - System Checkpoint

RP1798: 6/15/2012 9:31:10 AM - Software Distribution Service 3.0

RP1799: 6/16/2012 9:30:13 AM - Software Distribution Service 3.0

RP1800: 6/17/2012 2:23:25 AM - Software Distribution Service 3.0

RP1801: 6/17/2012 9:32:45 AM - Software Distribution Service 3.0

RP1802: 6/18/2012 9:30:28 AM - Software Distribution Service 3.0

RP1803: 6/19/2012 11:34:58 AM - System Checkpoint

RP1804: 6/20/2012 11:00:17 AM - Software Distribution Service 3.0

RP1805: 6/21/2012 11:12:44 AM - System Checkpoint

RP1806: 6/22/2012 1:21:57 AM - Software Distribution Service 3.0

RP1807: 6/23/2012 1:24:02 AM - System Checkpoint

RP1808: 6/23/2012 2:33:00 PM - Software Distribution Service 3.0

RP1809: 6/24/2012 2:02:39 AM - Software Distribution Service 3.0

RP1810: 6/24/2012 2:32:22 PM - Software Distribution Service 3.0

RP1811: 6/25/2012 2:32:18 PM - Software Distribution Service 3.0

RP1812: 6/26/2012 2:32:09 PM - Software Distribution Service 3.0

RP1813: 6/27/2012 3:00:15 AM - Software Distribution Service 3.0

RP1814: 6/27/2012 2:32:21 PM - Software Distribution Service 3.0

RP1815: 6/28/2012 2:31:44 PM - Software Distribution Service 3.0

RP1816: 6/29/2012 3:23:39 PM - System Checkpoint

RP1817: 6/30/2012 1:32:14 PM - Software Distribution Service 3.0

RP1818: 7/1/2012 1:41:37 AM - Software Distribution Service 3.0

RP1819: 7/1/2012 1:32:20 PM - Software Distribution Service 3.0

RP1820: 7/2/2012 1:53:58 PM - System Checkpoint

RP1821: 7/3/2012 11:03:24 AM - Software Distribution Service 3.0

RP1822: 7/4/2012 11:02:55 AM - Software Distribution Service 3.0

RP1823: 7/5/2012 11:02:52 AM - Software Distribution Service 3.0

RP1824: 7/6/2012 11:02:52 AM - Software Distribution Service 3.0

RP1825: 7/7/2012 11:02:52 AM - Software Distribution Service 3.0

RP1826: 7/8/2012 1:32:20 AM - Software Distribution Service 3.0

RP1827: 7/8/2012 11:02:55 AM - Software Distribution Service 3.0

RP1828: 7/9/2012 11:02:28 AM - Software Distribution Service 3.0

RP1829: 7/10/2012 11:02:01 AM - Software Distribution Service 3.0

RP1830: 7/11/2012 11:03:00 AM - Software Distribution Service 3.0

RP1831: 7/12/2012 3:00:24 AM - Software Distribution Service 3.0

RP1832: 7/13/2012 3:28:03 AM - System Checkpoint

RP1833: 7/13/2012 3:36:30 AM - Software Distribution Service 3.0

RP1834: 7/14/2012 3:35:29 AM - Software Distribution Service 3.0

RP1835: 7/15/2012 2:18:48 AM - Software Distribution Service 3.0

RP1836: 7/16/2012 2:27:02 AM - System Checkpoint

RP1837: 7/16/2012 3:34:57 AM - Software Distribution Service 3.0

RP1838: 7/17/2012 3:38:02 AM - System Checkpoint

RP1839: 7/17/2012 4:49:28 PM - Software Distribution Service 3.0

RP1840: 7/18/2012 4:45:20 PM - Software Distribution Service 3.0

RP1841: 7/19/2012 4:45:34 PM - Software Distribution Service 3.0

RP1842: 7/20/2012 4:46:04 PM - Software Distribution Service 3.0

RP1843: 7/21/2012 4:45:28 PM - Software Distribution Service 3.0

RP1844: 7/22/2012 2:15:32 AM - Software Distribution Service 3.0

RP1845: 7/22/2012 4:45:10 PM - Software Distribution Service 3.0

RP1846: 7/23/2012 4:44:03 PM - Software Distribution Service 3.0

RP1847: 7/24/2012 4:50:05 PM - Software Distribution Service 3.0

RP1848: 7/25/2012 4:49:42 PM - Software Distribution Service 3.0

RP1849: 7/26/2012 4:48:58 PM - Software Distribution Service 3.0

RP1850: 7/27/2012 4:52:11 PM - System Checkpoint

RP1851: 7/27/2012 8:56:54 PM - Software Distribution Service 3.0

RP1852: 7/28/2012 8:56:32 PM - Software Distribution Service 3.0

RP1853: 7/29/2012 1:57:35 AM - Software Distribution Service 3.0

RP1854: 7/29/2012 8:56:34 PM - Software Distribution Service 3.0

RP1855: 7/30/2012 8:55:18 PM - Software Distribution Service 3.0

RP1856: 7/31/2012 8:55:37 PM - Software Distribution Service 3.0

RP1857: 8/1/2012 8:58:18 PM - Software Distribution Service 3.0

RP1858: 8/3/2012 8:46:03 AM - System Checkpoint

RP1859: 8/3/2012 10:53:58 AM - Software Distribution Service 3.0

RP1860: 8/4/2012 11:01:33 AM - System Checkpoint

RP1861: 8/4/2012 1:08:47 PM - Software Distribution Service 3.0

RP1862: 8/5/2012 1:51:08 AM - Software Distribution Service 3.0

RP1863: 8/5/2012 1:08:29 PM - Software Distribution Service 3.0

RP1864: 8/6/2012 9:12:15 AM - Removed TomTom HOME

RP1865: 8/6/2012 9:14:01 AM - Removed Skype™ 4.2

RP1866: 8/6/2012 9:14:32 AM - Removed Skype Toolbars

RP1867: 8/15/2012 3:50:33 AM - System Checkpoint

RP1868: 8/15/2012 3:43:15 PM - Software Distribution Service 3.0

RP1869: 8/16/2012 4:34:51 PM - Software Distribution Service 3.0

RP1870: 8/17/2012 5:04:57 PM - System Checkpoint

RP1871: 8/18/2012 6:07:51 PM - System Checkpoint

RP1872: 8/19/2012 6:41:20 PM - System Checkpoint

RP1873: 8/20/2012 7:28:23 PM - System Checkpoint

RP1874: 8/21/2012 4:10:55 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.5

ArcSoft PhotoImpression 6

ArcSoft Print Creations

Auction Client

Critical Update for Windows Media Player 11 (KB959772)

DING!

EPSON CX7400 User's Guide

EPSON Printer Software

EPSON Scan

EPSON Stylus CX7400 Series Scanner Driver Update

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

IGHQ IT Remote Resuce

INVISION 11 Client

INVISION Client

Java Auto Updater

Java 6 Update 3

Java 6 Update 31

Java 6 Update 5

Java 6 Update 7

LightScribe 1.4.136.1

Logitech QuickCam

Logitech® Camera Driver

LogMeIn

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 Premium

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox (3.5.16)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

NTI Backup NOW! 4.7

NTI CD & DVD-Maker

OGA Notifier 2.0.0048.0

OpenOffice.org 3.0

Pdf995

PowerDVD

QuickLink Mobile

Realtek High Definition Audio Driver

ScrewDrivers Client v4 (rdp only)

Security Task Manager 1.8d

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2124261)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2290570)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB913433)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB970483)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976323)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Shipping Assistant 3.5

Spelling Dictionaries Support For Adobe Reader 8

Spotify

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB971930)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB943729)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VLC media player 1.1.11

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 11

Windows Presentation Foundation

Windows Search 4.0

Windows XP Service Pack 3

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

8/22/2012 10:07:08 AM, error: Print [6161] - The document Magic - Select Printer owned by raleigh failed to print on printer Brother HL-3040CN series. Data type: NT EMF 1.008. Size of the spool file in bytes: 3463376. Number of bytes printed: 3463288. Total number of pages in the document: 1. Number of pages printed: 1. Client machine: \\ACER-E355056E8B. Win32 error code returned by the print processor: 122 (0x7a).

8/21/2012 6:45:55 PM, error: Service Control Manager [7000] - The mbamchameleon service failed to start due to the following error: The system cannot find the file specified.

8/21/2012 4:51:26 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).

8/21/2012 4:36:54 PM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).

8/20/2012 4:34:36 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2201.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8007000e Error description: Not enough storage is available to complete this operation.

8/19/2012 4:34:19 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2201.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8007000e Error description: Not enough storage is available to complete this operation.

8/19/2012 2:06:07 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2201.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8007000e Error description: Not enough storage is available to complete this operation.

8/18/2012 4:34:29 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2201.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8007000e Error description: Not enough storage is available to complete this operation.

8/17/2012 4:38:06 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2201.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8007000e Error description: Not enough storage is available to complete this operation.

8/16/2012 4:35:32 PM, error: PlugPlayManager [11] - The device Root\LEGACY_MPKSL72885565\0000 disappeared from the system without first being prepared for removal.

8/16/2012 4:25:04 PM, error: Service Control Manager [7000] - The osaio service failed to start due to the following error: The system cannot find the file specified.

8/16/2012 4:25:04 PM, error: Service Control Manager [7000] - The netlimiter service failed to start due to the following error: The system cannot find the file specified.

8/15/2012 10:19:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

8/15/2012 10:19:13 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/15/2012 10:18:24 PM, error: System Error [1003] - Error code 1000000a, parameter1 80b93ca0, parameter2 00000002, parameter3 00000001, parameter4 80500d12.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Thanks for the reply MrC.

I downloaded RogueKiller and tried twice to run it, it does the "prescan" and then both times I try to scan, it runs about 3/4 through the process, then shuts down + reboots the system.

I did manage to see that it recognized at least 1 or 2 problem files before shutting down. No log was generated.

Should I keep trying to scan with RogueKiller?

Thank you.

Rig,

Link to post
Share on other sites

No...do this instead........

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Ran TDSSKiller, here is the log:

13:42:46.0218 5324 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03

13:42:46.0484 5324 ============================================================

13:42:46.0484 5324 Current date / time: 2012/08/22 13:42:46.0484

13:42:46.0484 5324 SystemInfo:

13:42:46.0484 5324

13:42:46.0484 5324 OS Version: 5.1.2600 ServicePack: 3.0

13:42:46.0484 5324 Product type: Workstation

13:42:46.0484 5324 ComputerName: ACER-E355056E8B

13:42:46.0484 5324 UserName: raleigh

13:42:46.0484 5324 Windows directory: C:\WINDOWS

13:42:46.0484 5324 System windows directory: C:\WINDOWS

13:42:46.0484 5324 Processor architecture: Intel x86

13:42:46.0484 5324 Number of processors: 1

13:42:46.0484 5324 Page size: 0x1000

13:42:46.0484 5324 Boot type: Normal boot

13:42:46.0484 5324 ============================================================

13:42:48.0515 5324 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

13:42:48.0546 5324 ============================================================

13:42:48.0546 5324 \Device\Harddisk0\DR0:

13:42:48.0546 5324 MBR partitions:

13:42:48.0546 5324 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482

13:42:48.0546 5324 ============================================================

13:42:48.0578 5324 C: <-> \Device\Harddisk0\DR0\Partition1

13:42:48.0578 5324 ============================================================

13:42:48.0578 5324 Initialize success

13:42:48.0578 5324 ============================================================

13:44:08.0546 5068 ============================================================

13:44:08.0546 5068 Scan started

13:44:08.0546 5068 Mode: Manual; SigCheck; TDLFS;

13:44:08.0546 5068 ============================================================

13:44:10.0328 5068 ================ Scan services =============================

13:44:11.0031 5068 Abiosdsk - ok

13:44:11.0062 5068 abp480n5 - ok

13:44:11.0109 5068 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:44:12.0906 5068 ACPI - ok

13:44:12.0937 5068 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

13:44:13.0140 5068 ACPIEC - ok

13:44:13.0234 5068 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

13:44:13.0265 5068 AdobeFlashPlayerUpdateSvc - ok

13:44:13.0296 5068 adpu160m - ok

13:44:13.0328 5068 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

13:44:13.0562 5068 aec - ok

13:44:13.0609 5068 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys

13:44:13.0687 5068 Afc ( UnsignedFile.Multi.Generic ) - warning

13:44:13.0687 5068 Afc - detected UnsignedFile.Multi.Generic (1)

13:44:13.0734 5068 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

13:44:13.0859 5068 AFD - ok

13:44:13.0890 5068 Aha154x - ok

13:44:13.0906 5068 aic78u2 - ok

13:44:13.0921 5068 aic78xx - ok

13:44:13.0968 5068 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

13:44:14.0171 5068 Alerter - ok

13:44:14.0203 5068 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

13:44:14.0484 5068 ALG - ok

13:44:14.0500 5068 AliIde - ok

13:44:14.0515 5068 amsint - ok

13:44:14.0593 5068 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

13:44:14.0765 5068 AppMgmt - ok

13:44:14.0765 5068 asc - ok

13:44:14.0796 5068 asc3350p - ok

13:44:14.0812 5068 asc3550 - ok

13:44:14.0953 5068 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

13:44:15.0000 5068 aspnet_state - ok

13:44:15.0031 5068 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:44:15.0250 5068 AsyncMac - ok

13:44:15.0281 5068 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

13:44:15.0500 5068 atapi - ok

13:44:15.0515 5068 Atdisk - ok

13:44:15.0546 5068 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:44:15.0734 5068 Atmarpc - ok

13:44:15.0781 5068 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

13:44:16.0000 5068 AudioSrv - ok

13:44:16.0046 5068 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

13:44:16.0281 5068 audstub - ok

13:44:16.0328 5068 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

13:44:16.0578 5068 Beep - ok

13:44:16.0625 5068 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

13:44:16.0906 5068 BITS - ok

13:44:16.0968 5068 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll

13:44:17.0187 5068 Browser - ok

13:44:17.0218 5068 [ 2120B6607CBBE426CE821643838EA1D3 ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

13:44:17.0296 5068 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning

13:44:17.0296 5068 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)

13:44:17.0453 5068 catchme - ok

13:44:17.0500 5068 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

13:44:17.0734 5068 cbidf2k - ok

13:44:17.0765 5068 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

13:44:18.0000 5068 CCDECODE - ok

13:44:18.0015 5068 cd20xrnt - ok

13:44:18.0062 5068 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

13:44:18.0328 5068 Cdaudio - ok

13:44:18.0343 5068 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

13:44:18.0546 5068 Cdfs - ok

13:44:18.0609 5068 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:44:18.0781 5068 Cdrom - ok

13:44:18.0796 5068 Changer - ok

13:44:18.0843 5068 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

13:44:19.0062 5068 CiSvc - ok

13:44:19.0093 5068 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

13:44:19.0296 5068 ClipSrv - ok

13:44:19.0343 5068 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:44:19.0406 5068 clr_optimization_v2.0.50727_32 - ok

13:44:19.0500 5068 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:44:19.0546 5068 clr_optimization_v4.0.30319_32 - ok

13:44:19.0562 5068 CmdIde - ok

13:44:19.0625 5068 [ 558F320272D683B70AC7C3E2FB374F67 ] cmo_bus C:\WINDOWS\system32\DRIVERS\cmo_bus.sys

13:44:19.0656 5068 cmo_bus - ok

13:44:19.0703 5068 [ 44799C299272246D1DB599667314BD7B ] cmo_mdfl C:\WINDOWS\system32\DRIVERS\cmo_mdfl.sys

13:44:19.0781 5068 cmo_mdfl - ok

13:44:19.0812 5068 [ 93560533D251E93D4B93D27F67DEB2BF ] cmo_mdm C:\WINDOWS\system32\DRIVERS\cmo_mdm.sys

13:44:19.0843 5068 cmo_mdm - ok

13:44:19.0890 5068 [ FBB270F9DC4FFA40DB8EFAD8A2D744FC ] cmo_serd C:\WINDOWS\system32\DRIVERS\cmo_serd.sys

13:44:19.0984 5068 cmo_serd - ok

13:44:20.0000 5068 COMSysApp - ok

13:44:20.0046 5068 Cpqarray - ok

13:44:20.0093 5068 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

13:44:20.0328 5068 CryptSvc - ok

13:44:20.0343 5068 dac2w2k - ok

13:44:20.0359 5068 dac960nt - ok

13:44:20.0406 5068 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

13:44:20.0531 5068 DcomLaunch - ok

13:44:20.0609 5068 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

13:44:20.0875 5068 Dhcp - ok

13:44:20.0937 5068 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

13:44:21.0109 5068 Disk - ok

13:44:21.0125 5068 dmadmin - ok

13:44:21.0203 5068 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

13:44:21.0406 5068 dmboot - ok

13:44:21.0453 5068 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

13:44:21.0687 5068 dmio - ok

13:44:21.0718 5068 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

13:44:21.0937 5068 dmload - ok

13:44:21.0968 5068 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

13:44:22.0203 5068 dmserver - ok

13:44:22.0250 5068 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

13:44:22.0437 5068 DMusic - ok

13:44:22.0484 5068 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

13:44:22.0781 5068 Dnscache - ok

13:44:22.0828 5068 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

13:44:23.0109 5068 Dot3svc - ok

13:44:23.0140 5068 dpti2o - ok

13:44:23.0187 5068 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

13:44:23.0421 5068 drmkaud - ok

13:44:23.0468 5068 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

13:44:23.0703 5068 EapHost - ok

13:44:23.0796 5068 [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

13:44:24.0187 5068 EPSON_PM_RPCV4_01 - ok

13:44:24.0234 5068 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

13:44:24.0609 5068 ERSvc - ok

13:44:24.0656 5068 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

13:44:24.0859 5068 Eventlog - ok

13:44:24.0921 5068 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

13:44:25.0406 5068 EventSystem - ok

13:44:25.0437 5068 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

13:44:25.0796 5068 Fastfat - ok

13:44:25.0843 5068 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

13:44:26.0265 5068 FastUserSwitchingCompatibility - ok

13:44:26.0312 5068 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe

13:44:26.0843 5068 Fax - ok

13:44:26.0921 5068 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

13:44:27.0171 5068 Fdc - ok

13:44:27.0218 5068 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

13:44:27.0468 5068 Fips - ok

13:44:27.0500 5068 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

13:44:27.0734 5068 Flpydisk - ok

13:44:27.0968 5068 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

13:44:28.0281 5068 FltMgr - ok

13:44:28.0390 5068 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

13:44:28.0421 5068 FontCache3.0.0.0 - ok

13:44:28.0484 5068 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:44:28.0921 5068 Fs_Rec - ok

13:44:28.0937 5068 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:44:29.0578 5068 Ftdisk - ok

13:44:29.0625 5068 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:44:30.0078 5068 Gpc - ok

13:44:30.0218 5068 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

13:44:30.0250 5068 gupdate - ok

13:44:30.0265 5068 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

13:44:30.0281 5068 gupdatem - ok

13:44:30.0359 5068 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

13:44:30.0390 5068 gusvc - ok

13:44:30.0453 5068 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

13:44:30.0843 5068 HDAudBus - ok

13:44:30.0937 5068 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

13:44:31.0234 5068 helpsvc - ok

13:44:31.0234 5068 HidServ - ok

13:44:31.0281 5068 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:44:31.0656 5068 HidUsb - ok

13:44:31.0734 5068 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

13:44:32.0125 5068 hkmsvc - ok

13:44:32.0140 5068 hpn - ok

13:44:32.0250 5068 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

13:44:32.0484 5068 HTTP - ok

13:44:32.0546 5068 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

13:44:32.0937 5068 HTTPFilter - ok

13:44:33.0000 5068 [ 2310CA92D37D97C9231ADF1796B47B9D ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

13:44:33.0140 5068 hwdatacard - ok

13:44:33.0171 5068 i2omgmt - ok

13:44:33.0203 5068 i2omp - ok

13:44:33.0234 5068 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:44:33.0500 5068 i8042prt - ok

13:44:33.0578 5068 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

13:44:33.0718 5068 IDriverT ( UnsignedFile.Multi.Generic ) - warning

13:44:33.0718 5068 IDriverT - detected UnsignedFile.Multi.Generic (1)

13:44:33.0859 5068 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:44:33.0953 5068 idsvc - ok

13:44:34.0093 5068 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe

13:44:34.0343 5068 IISADMIN - ok

13:44:34.0390 5068 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

13:44:34.0765 5068 Imapi - ok

13:44:34.0828 5068 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

13:44:35.0265 5068 ImapiService - ok

13:44:35.0296 5068 ini910u - ok

13:44:35.0656 5068 [ B29781B9A90CD55FC5D859C0B1C243BC ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys

13:44:36.0187 5068 IntcAzAudAddService - ok

13:44:36.0203 5068 IntelIde - ok

13:44:36.0281 5068 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

13:44:36.0531 5068 intelppm - ok

13:44:36.0562 5068 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

13:44:36.0906 5068 Ip6Fw - ok

13:44:36.0937 5068 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:44:37.0296 5068 IpFilterDriver - ok

13:44:37.0359 5068 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:44:37.0750 5068 IpInIp - ok

13:44:37.0781 5068 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:44:38.0062 5068 IpNat - ok

13:44:38.0078 5068 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:44:38.0343 5068 IPSec - ok

13:44:38.0468 5068 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

13:44:39.0531 5068 IRENUM - ok

13:44:39.0578 5068 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:44:39.0828 5068 isapnp - ok

13:44:39.0953 5068 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

13:44:39.0984 5068 JavaQuickStarterService - ok

13:44:40.0000 5068 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:44:40.0312 5068 Kbdclass - ok

13:44:40.0343 5068 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

13:44:40.0578 5068 kmixer - ok

13:44:40.0609 5068 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

13:44:40.0906 5068 KSecDD - ok

13:44:40.0953 5068 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

13:44:41.0171 5068 lanmanserver - ok

13:44:41.0203 5068 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

13:44:41.0453 5068 lanmanworkstation - ok

13:44:41.0468 5068 lbrtfdc - ok

13:44:41.0531 5068 LightScribeService - ok

13:44:41.0593 5068 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

13:44:41.0843 5068 LmHosts - ok

13:44:41.0921 5068 [ F622A3C0C10A26C1DC789CDEB0B2A4EB ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

13:44:41.0968 5068 LMIGuardianSvc - ok

13:44:41.0968 5068 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys

13:44:42.0046 5068 LMIInfo - ok

13:44:42.0062 5068 [ CE9E8BF4E9194B29767CDA90F8BDC675 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe

13:44:42.0093 5068 LMIMaint - ok

13:44:42.0125 5068 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys

13:44:42.0140 5068 lmimirr - ok

13:44:42.0156 5068 LMIRfsClientNP - ok

13:44:42.0156 5068 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

13:44:42.0187 5068 LMIRfsDriver - ok

13:44:42.0218 5068 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe

13:44:42.0250 5068 LogMeIn - ok

13:44:42.0343 5068 [ 38440FE1A65B1FE3D246C5C4CAD22F53 ] LVCOMSer C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

13:44:42.0359 5068 LVCOMSer - ok

13:44:42.0390 5068 [ A6919138F29AE45E90E99FA94737E04C ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

13:44:42.0406 5068 LVPr2Mon - ok

13:44:42.0453 5068 [ 28BD0E4B6C050B591B8CB35B9AD284E6 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

13:44:42.0484 5068 LVPrcSrv - ok

13:44:42.0531 5068 [ 87ECCE893D8AEC5A9337B917742D339C ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys

13:44:42.0687 5068 LVRS - ok

13:44:42.0734 5068 [ 23F8EF78BB9553E465A476F3CEE5CA18 ] LVUSBSta C:\WINDOWS\system32\drivers\LVUSBSta.sys

13:44:42.0781 5068 LVUSBSta - ok

13:44:42.0812 5068 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

13:44:42.0828 5068 MBAMProtector - ok

13:44:42.0921 5068 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

13:44:43.0000 5068 MBAMService - ok

13:44:43.0031 5068 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

13:44:43.0328 5068 Messenger - ok

13:44:43.0359 5068 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

13:44:43.0609 5068 mnmdd - ok

13:44:43.0640 5068 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

13:44:43.0953 5068 mnmsrvc - ok

13:44:43.0968 5068 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

13:44:44.0218 5068 Modem - ok

13:44:44.0234 5068 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:44:44.0468 5068 Mouclass - ok

13:44:44.0531 5068 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:44:44.0828 5068 mouhid - ok

13:44:44.0843 5068 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

13:44:45.0187 5068 MountMgr - ok

13:44:45.0250 5068 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys

13:44:45.0281 5068 MpFilter - ok

13:44:45.0437 5068 [ A69630D039C38018689190234F866D77 ] MpKsl42ddbec7 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4AAC47B-0E3E-4B7C-A2C4-FCAE8AFF1398}\MpKsl42ddbec7.sys

13:44:45.0453 5068 MpKsl42ddbec7 - ok

13:44:45.0468 5068 mraid35x - ok

13:44:45.0500 5068 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:44:45.0750 5068 MRxDAV - ok

13:44:45.0843 5068 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:44:46.0093 5068 MRxSmb - ok

13:44:46.0125 5068 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

13:44:46.0437 5068 MSDTC - ok

13:44:46.0468 5068 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

13:44:46.0921 5068 Msfs - ok

13:44:46.0921 5068 MSIServer - ok

13:44:46.0953 5068 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:44:47.0171 5068 MSKSSRV - ok

13:44:47.0265 5068 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

13:44:47.0296 5068 MsMpSvc - ok

13:44:47.0312 5068 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:44:47.0578 5068 MSPCLOCK - ok

13:44:47.0593 5068 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

13:44:47.0843 5068 MSPQM - ok

13:44:47.0875 5068 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:44:48.0234 5068 mssmbios - ok

13:44:48.0250 5068 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

13:44:48.0609 5068 MSTEE - ok

13:44:48.0640 5068 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

13:44:48.0796 5068 Mup - ok

13:44:48.0812 5068 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

13:44:49.0015 5068 NABTSFEC - ok

13:44:49.0078 5068 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

13:44:49.0328 5068 napagent - ok

13:44:49.0359 5068 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

13:44:49.0671 5068 NDIS - ok

13:44:49.0687 5068 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

13:44:49.0890 5068 NdisIP - ok

13:44:49.0937 5068 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:44:50.0062 5068 NdisTapi - ok

13:44:50.0093 5068 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:44:50.0265 5068 Ndisuio - ok

13:44:50.0312 5068 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:44:50.0500 5068 NdisWan - ok

13:44:50.0531 5068 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

13:44:50.0703 5068 NDProxy - ok

13:44:50.0718 5068 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

13:44:50.0859 5068 NetBIOS - ok

13:44:50.0875 5068 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

13:44:51.0046 5068 NetBT - ok

13:44:51.0093 5068 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

13:44:51.0281 5068 NetDDE - ok

13:44:51.0281 5068 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

13:44:51.0453 5068 NetDDEdsdm - ok

13:44:51.0468 5068 netlimiter - ok

13:44:51.0484 5068 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

13:44:51.0687 5068 Netlogon - ok

13:44:51.0812 5068 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

13:44:52.0000 5068 Netman - ok

13:44:52.0046 5068 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:44:52.0062 5068 NetTcpPortSharing - ok

13:44:52.0125 5068 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

13:44:52.0156 5068 Nla - ok

13:44:52.0187 5068 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

13:44:52.0359 5068 Npfs - ok

13:44:52.0593 5068 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

13:44:52.0890 5068 Ntfs - ok

13:44:52.0968 5068 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys

13:44:53.0015 5068 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning

13:44:53.0015 5068 NTIDrvr - detected UnsignedFile.Multi.Generic (1)

13:44:53.0015 5068 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

13:44:53.0187 5068 NtLmSsp - ok

13:44:53.0265 5068 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

13:44:53.0718 5068 NtmsSvc - ok

13:44:53.0750 5068 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

13:44:54.0187 5068 Null - ok

13:44:54.0218 5068 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:44:54.0421 5068 NwlnkFlt - ok

13:44:54.0437 5068 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:44:54.0687 5068 NwlnkFwd - ok

13:44:54.0890 5068 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

13:44:54.0921 5068 odserv - ok

13:44:54.0921 5068 osaio - ok

13:44:55.0000 5068 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:44:55.0031 5068 ose - ok

13:44:55.0093 5068 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

13:44:55.0328 5068 Parport - ok

13:44:55.0375 5068 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

13:44:55.0562 5068 PartMgr - ok

13:44:55.0593 5068 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

13:44:55.0796 5068 ParVdm - ok

13:44:55.0812 5068 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

13:44:55.0984 5068 PCI - ok

13:44:56.0000 5068 PCIDump - ok

13:44:56.0015 5068 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

13:44:56.0234 5068 PCIIde - ok

13:44:56.0281 5068 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

13:44:56.0484 5068 Pcmcia - ok

13:44:56.0500 5068 PDCOMP - ok

13:44:56.0500 5068 PDFRAME - ok

13:44:56.0515 5068 PDRELI - ok

13:44:56.0531 5068 PDRFRAME - ok

13:44:56.0578 5068 [ B20F958B207E6AAAC5F70D04DD2C30D8 ] pepifilter C:\WINDOWS\system32\DRIVERS\lv302af.sys

13:44:56.0593 5068 pepifilter - ok

13:44:56.0609 5068 perc2 - ok

13:44:56.0625 5068 perc2hib - ok

13:44:56.0734 5068 [ 6B310DE726E1A0DEFD66718A7F79B5D2 ] PID_08A0 C:\WINDOWS\system32\DRIVERS\LV302AV.SYS

13:44:56.0796 5068 PID_08A0 - ok

13:44:56.0937 5068 [ DD184D9ADFE2A8A21741DBDFE9E22F5C ] PID_PEPI C:\WINDOWS\system32\DRIVERS\LV302V32.SYS

13:44:57.0078 5068 PID_PEPI - ok

13:44:57.0109 5068 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

13:44:57.0187 5068 PlugPlay - ok

13:44:57.0203 5068 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

13:44:57.0359 5068 PolicyAgent - ok

13:44:57.0390 5068 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:44:57.0562 5068 PptpMiniport - ok

13:44:57.0578 5068 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

13:44:57.0750 5068 ProtectedStorage - ok

13:44:57.0765 5068 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

13:44:57.0921 5068 PSched - ok

13:44:57.0937 5068 psdfilter - ok

13:44:57.0953 5068 psdvdisk - ok

13:44:57.0968 5068 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:44:58.0171 5068 Ptilink - ok

13:44:58.0171 5068 ql1080 - ok

13:44:58.0187 5068 Ql10wnt - ok

13:44:58.0203 5068 ql12160 - ok

13:44:58.0218 5068 ql1240 - ok

13:44:58.0218 5068 ql1280 - ok

13:44:58.0250 5068 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:44:58.0453 5068 RasAcd - ok

13:44:58.0609 5068 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

13:44:58.0781 5068 RasAuto - ok

13:44:58.0812 5068 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:44:58.0968 5068 Rasl2tp - ok

13:44:59.0015 5068 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

13:44:59.0218 5068 RasMan - ok

13:44:59.0218 5068 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:44:59.0500 5068 RasPppoe - ok

13:44:59.0515 5068 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

13:44:59.0718 5068 Raspti - ok

13:44:59.0750 5068 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:44:59.0953 5068 Rdbss - ok

13:45:00.0000 5068 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:45:00.0265 5068 RDPCDD - ok

13:45:00.0312 5068 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

13:45:00.0812 5068 rdpdr - ok

13:45:00.0875 5068 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

13:45:01.0140 5068 RDPWD - ok

13:45:01.0187 5068 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

13:45:01.0421 5068 RDSessMgr - ok

13:45:01.0500 5068 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

13:45:01.0750 5068 redbook - ok

13:45:01.0781 5068 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

13:45:02.0203 5068 RemoteAccess - ok

13:45:02.0265 5068 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

13:45:02.0546 5068 RemoteRegistry - ok

13:45:02.0562 5068 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

13:45:02.0859 5068 RpcLocator - ok

13:45:02.0890 5068 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll

13:45:03.0046 5068 RpcSs - ok

13:45:03.0078 5068 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

13:45:03.0375 5068 RSVP - ok

13:45:03.0390 5068 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

13:45:03.0640 5068 SamSs - ok

13:45:03.0671 5068 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

13:45:03.0906 5068 SCardSvr - ok

13:45:03.0953 5068 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

13:45:04.0234 5068 Schedule - ok

13:45:04.0281 5068 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:45:04.0625 5068 Secdrv - ok

13:45:04.0656 5068 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

13:45:04.0937 5068 seclogon - ok

13:45:04.0968 5068 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

13:45:05.0171 5068 SENS - ok

13:45:05.0203 5068 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

13:45:05.0500 5068 serenum - ok

13:45:05.0531 5068 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

13:45:05.0843 5068 Serial - ok

13:45:05.0890 5068 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

13:45:06.0156 5068 Sfloppy - ok

13:45:06.0234 5068 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

13:45:06.0546 5068 SharedAccess - ok

13:45:06.0578 5068 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

13:45:06.0812 5068 ShellHWDetection - ok

13:45:06.0812 5068 Simbad - ok

13:45:06.0875 5068 [ 88F2AEBB99C5BDC2F12A1F47E5355730 ] SiS315 C:\WINDOWS\system32\DRIVERS\sisgrp.sys

13:45:07.0000 5068 SiS315 - ok

13:45:07.0046 5068 [ 37DAA9F59A3FF30A314FD98EE8F47000 ] SiSGbeXP C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys

13:45:07.0218 5068 SiSGbeXP - ok

13:45:07.0250 5068 [ 2E49C8D6057EB13AA30733CA2F592348 ] SiSkp C:\WINDOWS\system32\DRIVERS\srvkp.sys

13:45:07.0390 5068 SiSkp - ok

13:45:07.0406 5068 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

13:45:07.0671 5068 SLIP - ok

13:45:07.0703 5068 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] SMTPSVC C:\WINDOWS\system32\inetsrv\inetinfo.exe

13:45:08.0062 5068 SMTPSVC - ok

13:45:08.0093 5068 [ 60C377BE6B3CC83F6A8584934B181D2E ] SNMP C:\WINDOWS\System32\snmp.exe

13:45:08.0359 5068 SNMP - ok

13:45:08.0375 5068 [ 80A050795A107A76C2B1CD4CFBE010E6 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe

13:45:08.0640 5068 SNMPTRAP - ok

13:45:08.0640 5068 Sparrow - ok

13:45:08.0671 5068 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

13:45:08.0906 5068 splitter - ok

13:45:08.0953 5068 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

13:45:09.0156 5068 Spooler - ok

13:45:09.0187 5068 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

13:45:09.0484 5068 sr - ok

13:45:09.0515 5068 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

13:45:09.0734 5068 srservice - ok

13:45:09.0828 5068 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

13:45:09.0968 5068 Srv - ok

13:45:10.0015 5068 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

13:45:10.0234 5068 SSDPSRV - ok

13:45:10.0296 5068 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

13:45:10.0640 5068 stisvc - ok

13:45:10.0656 5068 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

13:45:10.0859 5068 streamip - ok

13:45:10.0890 5068 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

13:45:11.0125 5068 swenum - ok

13:45:11.0187 5068 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

13:45:11.0453 5068 swmidi - ok

13:45:11.0468 5068 SwPrv - ok

13:45:11.0593 5068 [ 6FDA95007C483C378824F86FE351AA9C ] Symantec Core LC C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

13:45:11.0703 5068 Symantec Core LC - ok

13:45:11.0718 5068 symc810 - ok

13:45:11.0734 5068 symc8xx - ok

13:45:11.0734 5068 sym_hi - ok

13:45:11.0750 5068 sym_u3 - ok

13:45:11.0781 5068 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

13:45:12.0000 5068 sysaudio - ok

13:45:12.0046 5068 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

13:45:12.0296 5068 SysmonLog - ok

13:45:12.0328 5068 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

13:45:12.0609 5068 TapiSrv - ok

13:45:12.0656 5068 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:45:12.0812 5068 Tcpip - ok

13:45:12.0843 5068 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

13:45:13.0093 5068 TDPIPE - ok

13:45:13.0140 5068 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

13:45:13.0500 5068 TDTCP - ok

13:45:13.0546 5068 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

13:45:13.0890 5068 TermDD - ok

13:45:13.0953 5068 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

13:45:14.0250 5068 TermService - ok

13:45:14.0281 5068 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

13:45:14.0468 5068 Themes - ok

13:45:14.0515 5068 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

13:45:14.0765 5068 TlntSvr - ok

13:45:14.0765 5068 TosIde - ok

13:45:14.0812 5068 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

13:45:15.0125 5068 TrkWks - ok

13:45:15.0171 5068 [ B3C9C35DC93563B8D19AD414EDF2FC82 ] TrueSight c:\windows\system32\drivers\TrueSight.sys

13:45:15.0296 5068 TrueSight ( UnsignedFile.Multi.Generic ) - warning

13:45:15.0296 5068 TrueSight - detected UnsignedFile.Multi.Generic (1)

13:45:15.0343 5068 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys

13:45:15.0656 5068 uagp35 - ok

13:45:15.0703 5068 [ E0C67BE430C6DE490D6CCAECFA071F9E ] UBHelper C:\WINDOWS\system32\drivers\UBHelper.sys

13:45:15.0796 5068 UBHelper ( UnsignedFile.Multi.Generic ) - warning

13:45:15.0796 5068 UBHelper - detected UnsignedFile.Multi.Generic (1)

13:45:15.0812 5068 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

13:45:16.0062 5068 Udfs - ok

13:45:16.0078 5068 ultra - ok

13:45:16.0125 5068 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

13:45:16.0484 5068 Update - ok

13:45:16.0531 5068 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

13:45:16.0875 5068 upnphost - ok

13:45:16.0906 5068 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

13:45:17.0156 5068 UPS - ok

13:45:17.0218 5068 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

13:45:17.0468 5068 usbaudio - ok

13:45:17.0515 5068 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:45:17.0765 5068 usbccgp - ok

13:45:17.0781 5068 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

13:45:18.0062 5068 usbehci - ok

13:45:18.0078 5068 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:45:18.0312 5068 usbhub - ok

13:45:18.0375 5068 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys

13:45:18.0687 5068 usbohci - ok

13:45:18.0703 5068 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:45:18.0921 5068 usbprint - ok

13:45:18.0953 5068 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:45:19.0359 5068 usbscan - ok

13:45:19.0390 5068 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:45:19.0687 5068 USBSTOR - ok

13:45:19.0703 5068 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

13:45:20.0000 5068 VgaSave - ok

13:45:20.0000 5068 ViaIde - ok

13:45:20.0031 5068 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

13:45:20.0406 5068 VolSnap - ok

13:45:20.0437 5068 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

13:45:20.0953 5068 VSS - ok

13:45:20.0984 5068 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

13:45:21.0203 5068 W32Time - ok

13:45:21.0265 5068 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] W3SVC C:\WINDOWS\system32\inetsrv\inetinfo.exe

13:45:21.0500 5068 W3SVC - ok

13:45:21.0515 5068 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:45:21.0875 5068 Wanarp - ok

13:45:21.0875 5068 WDICA - ok

13:45:21.0906 5068 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

13:45:22.0218 5068 wdmaud - ok

13:45:22.0250 5068 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

13:45:22.0500 5068 WebClient - ok

13:45:22.0609 5068 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

13:45:23.0000 5068 winmgmt - ok

13:45:23.0093 5068 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll

13:45:23.0406 5068 WinRM - ok

13:45:23.0484 5068 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

13:45:23.0734 5068 WmdmPmSN - ok

13:45:23.0812 5068 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

13:45:24.0234 5068 Wmi - ok

13:45:24.0265 5068 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

13:45:24.0734 5068 WmiApSrv - ok

13:45:24.0843 5068 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

13:45:25.0000 5068 WMPNetworkSvc - ok

13:45:25.0078 5068 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

13:45:25.0140 5068 WPFFontCache_v0400 - ok

13:45:25.0203 5068 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

13:45:25.0453 5068 wscsvc - ok

13:45:25.0468 5068 WSearch - ok

13:45:25.0515 5068 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

13:45:25.0765 5068 WSTCODEC - ok

13:45:25.0812 5068 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

13:45:26.0093 5068 wuauserv - ok

13:45:26.0156 5068 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

13:45:26.0484 5068 WudfPf - ok

13:45:26.0531 5068 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

13:45:26.0593 5068 WudfRd - ok

13:45:26.0625 5068 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

13:45:26.0703 5068 WudfSvc - ok

13:45:26.0828 5068 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

13:45:27.0015 5068 WZCSVC - ok

13:45:27.0093 5068 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

13:45:27.0250 5068 xmlprov - ok

13:45:27.0265 5068 ================ Scan global ===============================

13:45:27.0312 5068 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

13:45:27.0421 5068 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

13:45:27.0468 5068 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

13:45:27.0500 5068 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

13:45:27.0515 5068 [Global] - ok

13:45:27.0515 5068 ================ Scan MBR ==================================

13:45:27.0546 5068 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

13:45:27.0546 5068 Suspicious mbr (Forged): \Device\Harddisk0\DR0

13:45:27.0562 5068 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

13:45:27.0562 5068 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

13:45:27.0609 5068 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

13:45:27.0609 5068 \Device\Harddisk0\DR0 - detected TDSS File System (1)

13:45:27.0609 5068 ================ Scan VBR ==================================

13:45:27.0625 5068 [ C7B01142D356A5634109D83B69A6AD21 ] \Device\Harddisk0\DR0\Partition1

13:45:27.0625 5068 \Device\Harddisk0\DR0\Partition1 - ok

13:45:27.0625 5068 ============================================================

13:45:27.0625 5068 Scan finished

13:45:27.0625 5068 ============================================================

13:45:27.0781 5060 Detected object count: 8

13:45:27.0781 5060 Actual detected object count: 8

13:46:14.0406 5060 Afc ( UnsignedFile.Multi.Generic ) - skipped by user

13:46:14.0406 5060 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:46:14.0421 5060 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user

13:46:14.0421 5060 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:46:14.0421 5060 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

13:46:14.0421 5060 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:46:14.0421 5060 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user

13:46:14.0421 5060 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:46:14.0437 5060 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user

13:46:14.0437 5060 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:46:14.0437 5060 UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user

13:46:14.0437 5060 UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:46:15.0171 5060 \Device\Harddisk0\DR0\# - copied to quarantine

13:46:15.0187 5060 \Device\Harddisk0\DR0 - copied to quarantine

13:46:15.0265 5060 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

13:46:15.0281 5060 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

13:46:15.0406 5060 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

13:46:16.0015 5060 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

13:46:16.0046 5060 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

13:46:16.0093 5060 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

13:46:18.0328 5060 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

13:46:20.0281 5060 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

13:46:20.0296 5060 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

13:46:20.0296 5060 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

13:46:20.0656 5060 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

13:46:20.0734 5060 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

13:46:20.0750 5060 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

13:46:20.0765 5060 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

13:46:20.0796 5060 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

13:46:20.0796 5060 \Device\Harddisk0\DR0 - ok

13:46:20.0796 5060 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

13:46:20.0812 5060 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

13:46:20.0812 5060 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

13:47:06.0656 5032 Deinitialize success

Link to post
Share on other sites

Run TDSSKiller again and choose Delete for this one only: (no need to post the log)

13:46:20.0812 5060 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

13:46:20.0812 5060 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

~~~~~~~~~~~~~~~~~

Now see if you can run RogueKiller, MrC

Link to post
Share on other sites

<p>[00:00:0000] Has crashed before : Yes

[00:00:0015] ***** Global Init *****

[00:00:0015] Create mutex : RogueKiller

[00:00:0015] Mutex Created : 0x9c

[00:00:0031] Fill lists

[00:00:0031] OS Language : English

[00:00:0047] Take Privileges

[00:00:0047] Modify Token

[00:00:0062] Set priority to HIGH

[00:00:0062] Getting Operating System

[00:00:0062] Os Getted : Windows XP (5.1.2600 Service Pack 3) 32 bits version

[00:00:0062] ***** Global Init OK *****

[00:00:0078] ***** GUI Init *****

[00:00:0078] Get build number

[00:00:0078] build number : RogueKiller (by Tigzy) -- v7.6.6

[00:00:0234] ***** GUI Init OK *****

[00:00:0250] ***** PreScan *****

[00:00:0250] Clear ListViews

[00:00:0265] Clear Objects

[00:00:0281] [Check Window] Eula - Please read

[00:00:0297] [Check Window] Debug log sending

[00:00:0297] [Check Window] Start Menu

[00:00:0312] [Check Window] SysFader

[00:00:0312] [Check Window] S/PDIF IN/OUT Settings

[00:00:0328] [Check Window] Set Device Type

[00:00:0328] [Check Window] Mixer ToolBox

[00:00:0343] [Check Window] Connector Settings

[00:00:0343] [Check Window] RogueKiller (by Tigzy) -- v7.6.6

[00:00:0343] [Check Window] JavaUpdate SysTray Icon

[00:00:0359] [Check Window] MCI command handling window

[00:00:0375] [Check Window] DDE Server Window

[00:00:0375] [Check Window] UNCFATDMS

[00:00:0390] [Check Window] QuickCam®

[00:00:0406] [Check Window] COCIHiddenwindow

[00:00:0422] [Check Window] medusa_callbackpostmessage_C9725127-BFE4-4159-87DB-9999D30E1845

[00:00:0422] [Check Window] nocaption

[00:00:0437] [Check Window] callbackCFireEventSerializerIFireEvent

[00:00:0437] [Check Window] callbackCLDMEventSerializerIInProcDeviceManagerEvents

[00:00:0453] [Check Window] DDE Server Window

[00:00:0453] [Check Window] HiddenFaxWindow

[00:00:0468] [Check Window] callbackCCOCIMngrEventsSerializerICOCIMngrEvents

[00:00:0468] [Check Window] medusa_callbackpostmessage_C9725127-BFE4-4159-87DB-9999D30E1845

[00:00:0484] [Check Window] nocaption

[00:00:0484] [Check Window] DTS Connect

[00:00:0500] [Check Window] medusa_callbackpostmessage_C9725127-BFE4-4159-87DB-9999D30E1845

[00:00:0500] [Check Window] nocaption

[00:00:0515] [Check Window] medusa_callbackpostmessage_C9725127-BFE4-4159-87DB-9999D30E1845

[00:00:0515] [Check Window] nocaption

[00:00:0531] [Check Window] Dolby Home Threater

[00:00:0531] [Check Window] Advance Setting

[00:00:0547] [Check Window] TOOLBOX

[00:00:0547] [Check Window] Load EQ Preset

[00:00:0562] [Check Window] DeleteEQ

[00:00:0562] [Check Window] Save EQ

[00:00:0578] [Check Window] Realtek HD Audio Manager

[00:00:0578] [Check Window] BackMain_Form

[00:00:0593] [Check Window] Realtek HD Audio Manager

[00:00:0593] [Check Window] medusa_callbackpostmessage_C9725127-BFE4-4159-87DB-9999D30E1845

[00:00:0609] [Check Window] medusa_callbackpostmessage_C9725127-BFE4-4159-87DB-9999D30E1845

[00:00:0609] [Check Window] nocaption

[00:00:0625] [Check Window] nocaption

[00:00:0625] [Check Window] callbackCLCMEventSerializerILogiCommunicationManagerEvents

[00:00:0625] [Check Window] MCI command handling window

[00:00:0640] [Check Window] {A7E495BF-9589-4a6e-8479-DDA2D8D3C05F}

[00:00:0640] [Check Window] Microsoft Security Essentials

[00:00:0656] [Check Window] DDE Server Window

[00:00:0656] [Check Window] LogMeIn - Version Update

[00:00:0672] [Check Window] Connections Tray

[00:00:0672] [Check Window] Power Meter

[00:00:0687] [Check Window] MS_WebcheckMonitor

[00:00:0687] [Check Window] DDE Server Window

[00:00:0703] [Check Window] LogMeIn

[00:00:0703] [Check Window] LogMeIn

[00:00:0718] [Check Window] LogMeIn

[00:00:0734] [Check Window] LogMeIn Status

[00:00:0750] [Check Window] Malwarebytes Anti-Malware

[00:00:0750] [Check Window] LogMeInGui

[00:00:0765] [Check Window] medusa_callbackpostmessage_C9725127-BFE4-4159-87DB-9999D30E1845

[00:00:0765] [Check Window] nocaption

[00:00:0781] [Check Window] callbackCFireEventSerializerIFireEvent

[00:00:0781] [Check Window] callbackCLDMEventSerializerIInProcDeviceManagerEvents

[00:00:0781] [Check Window] GDI+ Window

[00:00:0797] [Check Window] GDI+ Window

[00:00:0797] [Check Window] Logitech Updater

[00:00:0812] [Check Window] Logitech Updater

[00:00:0812] [Check Window] SystemTray Demo

[00:00:0828] [Check Window] GDI+ Window

[00:00:0828] [Check Window] GDI+ Window

[00:00:0843] [Check Window] GDI+ Window

[00:00:0843] [Check Window] svchost.exe malware or trojan - Malwarebytes Forum - Windows Internet Explorer

[00:00:0859] [Check Window] Program Manager

[00:00:0859] [Check Window] M

[00:00:0875] [Check Window] Default IME

[00:00:0875] [Check Window] M

[00:00:0890] [Check Window] Default IME

[00:00:0890] [Check Window] Default IME

[00:00:0906] [Check Window] Default IME

[00:00:0906] [Check Window] Default IME

[00:00:0922] [Check Window] Default IME

[00:00:0922] [Check Window] M

[00:00:0937] [Check Window] Default IME

[00:00:0937] [Check Window] Default IME

[00:00:0953] [Check Window] Default IME

[00:00:0953] [Check Window] Default IME

[00:00:0968] [Check Window] Default IME

[00:00:0968] [Check Window] Default IME

[00:00:0984] [Check Window] Default IME

[00:00:0984] [Check Window] Default IME

[00:00:0984] [Check Window] Default IME

[00:01:0000] [Check Window] M

[00:01:0000] [Check Window] Default IME

[00:01:0015] [Check Window] Default IME

[00:01:0015] [Check Window] Default IME

[00:01:0031] [Check Window] Default IME

[00:01:0031] [Check Window] Default IME

[00:01:0047] [Check Window] Default IME

[00:01:0047] [Check Window] Default IME

[00:01:0062] [Check Window] M

[00:01:0062] [Check Window] Default IME

[00:01:0078] [Check Window] Default IME

[00:01:0078] [Check Window] Default IME

[00:01:0078] [Check Window] Default IME

[00:01:0093] [Check Window] M

[00:01:0093] [Check Window] Default IME

[00:01:0109] [Check Window] M

[00:01:0109] [Check Window] Default IME

[00:01:0125] [Check Window] M

[00:01:0125] [Check Window] Default IME

[00:01:0172] [Check Processes] Service PID : 752

[00:01:0172] [Check Processes] [0] [system Process]

[00:01:0187] [Check Processes] [4] System

[00:01:0187] [Check Processes] [440] smss.exe

[00:01:0187] [Check Processes] [684] csrss.exe

[00:01:0203] [Check Processes] [708] winlogon.exe

[00:01:0218] [Check Processes] [752] services.exe

[00:01:0218] [Check Processes] [764] lsass.exe

[00:01:0234] [Check Processes] [932] svchost.exe

[00:01:0234] [Check Processes] [1000] svchost.exe

[00:01:0250] [Check Processes] [1092] MsMpEng.exe

[00:01:0250] Nb sections : 4

[00:01:0265] Parsing section : [6] .text

[00:01:0265] Parsing section at 0x400

[00:01:0265] Parsing section : [6] .data

[00:01:0281] Parsing section at 0x800

[00:01:0281] Parsing section : [6] .rsrc

[00:01:0297] Parsing section at 0xa00

[00:01:0297] Parsing section : [7] .reloc

[00:01:0297] Parsing section at 0x1000

[00:01:0312] [Check Processes] [1132] svchost.exe

[00:01:0312] [Check Processes] [1196] svchost.exe

[00:01:0328] [Check Processes] [1368] svchost.exe

[00:01:0328] [Check Processes] [1772] spoolsv.exe

[00:01:0343] [Check Processes] [1864] explorer.exe

[00:01:0359] [Check DLLs] Explorer.EXE

[00:01:0359] [Check DLLs] ntdll.dll

[00:01:0375] [Check DLLs] kernel32.dll

[00:01:0375] [Check DLLs] ADVAPI32.dll

[00:01:0375] [Check DLLs] RPCRT4.dll

[00:01:0390] [Check DLLs] Secur32.dll

[00:01:0390] [Check DLLs] BROWSEUI.dll

[00:01:0406] [Check DLLs] GDI32.dll

[00:01:0406] [Check DLLs] USER32.dll

[00:01:0422] [Check DLLs] msvcrt.dll

[00:01:0422] [Check DLLs] ole32.dll

[00:01:0422] [Check DLLs] SHLWAPI.dll

[00:01:0437] [Check DLLs] OLEAUT32.dll

[00:01:0437] [Check DLLs] SHDOCVW.dll

[00:01:0453] [Check DLLs] CRYPT32.dll

[00:01:0453] [Check DLLs] MSASN1.dll

[00:01:0453] [Check DLLs] CRYPTUI.dll

[00:01:0468] [Check DLLs] NETAPI32.dll

[00:01:0468] [Check DLLs] VERSION.dll

[00:01:0468] [Check DLLs] WININET.dll

[00:01:0484] [Check DLLs] Normaliz.dll

[00:01:0484] [Check DLLs] urlmon.dll

[00:01:0500] [Check DLLs] iertutil.dll

[00:01:0500] [Check DLLs] WINTRUST.dll

[00:01:0500] [Check DLLs] IMAGEHLP.dll

[00:01:0515] [Check DLLs] WLDAP32.dll

[00:01:0515] [Check DLLs] SHELL32.dll

[00:01:0531] [Check DLLs] UxTheme.dll

[00:01:0531] [Check DLLs] ShimEng.dll

[00:01:0531] [Check DLLs] AcGenral.DLL

[00:01:0547] [Check DLLs] WINMM.dll

[00:01:0547] [Check DLLs] MSACM32.dll

[00:01:0547] [Check DLLs] USERENV.dll

[00:01:0562] [Check DLLs] IMM32.DLL

[00:01:0562] [Check DLLs] LPK.DLL

[00:01:0578] [Check DLLs] USP10.dll

[00:01:0578] [Check DLLs] comctl32.dll

[00:01:0578] [Check DLLs] comctl32.dll

[00:01:0593] [Check DLLs] msctfime.ime

[00:01:0593] [Check DLLs] appHelp.dll

[00:01:0593] [Check DLLs] CLBCATQ.DLL

[00:01:0609] [Check DLLs] COMRes.dll

[00:01:0609] [Check DLLs] cscui.dll

[00:01:0625] [Check DLLs] CSCDLL.dll

[00:01:0625] [Check DLLs] themeui.dll

[00:01:0625] [Check DLLs] MSIMG32.dll

[00:01:0640] [Check DLLs] xpsp2res.dll

[00:01:0640] [Check DLLs] actxprxy.dll

[00:01:0640] [Check DLLs] MSNLNamespaceMgr.dll

[00:01:0656] [Check DLLs] ieframe.dll

[00:01:0656] [Check DLLs] LVPrcInj01.dll

[00:01:0672] [Check DLLs] deskbar.dll

[00:01:0672] [Check DLLs] dbres.dll.mui

[00:01:0672] [Check DLLs] dbres.dll

[00:01:0687] [Check DLLs] wordwheel.dll

[00:01:0687] [Check DLLs] WTSAPI32.dll

[00:01:0687] [Check DLLs] WINSTA.dll

[00:01:0703] [Check DLLs] msnlExtRes.dll.mui

[00:01:0703] [Check DLLs] msnlExtRes.dll

[00:01:0718] [Check DLLs] msxml3.dll

[00:01:0718] [Check DLLs] ws2_32.dll

[00:01:0718] [Check DLLs] WS2HELP.dll

[00:01:0734] [Check DLLs] LINKINFO.dll

[00:01:0734] [Check DLLs] ntshrui.dll

[00:01:0750] [Check DLLs] ATL.DLL

[00:01:0750] [Check DLLs] SAMLIB.dll

[00:01:0750] [Check DLLs] SETUPAPI.dll

[00:01:0765] [Check DLLs] msi.dll

[00:01:0765] [Check DLLs] NETSHELL.dll

[00:01:0781] [Check DLLs] credui.dll

[00:01:0781] [Check DLLs] dot3api.dll

[00:01:0781] [Check DLLs] rtutils.dll

[00:01:0797] [Check DLLs] dot3dlg.dll

[00:01:0797] [Check DLLs] OneX.DLL

[00:01:0812] [Check DLLs] eappcfg.dll

[00:01:0812] [Check DLLs] MSVCP60.dll

[00:01:0828] [Check DLLs] eappprxy.dll

[00:01:0828] [Check DLLs] iphlpapi.dll

[00:01:0828] [Check DLLs] webcheck.dll

[00:01:0843] [Check DLLs] MLANG.dll

[00:01:0843] [Check DLLs] stobject.dll

[00:01:0843] [Check DLLs] BatMeter.dll

[00:01:0859] [Check DLLs] POWRPROF.dll

[00:01:0859] [Check DLLs] WPDShServiceObj.dll

[00:01:0875] [Check DLLs] WINHTTP.dll

[00:01:0875] [Check DLLs] mydocs.dll

[00:01:0875] [Check DLLs] PortableDeviceTypes.dll

[00:01:0890] [Check DLLs] PortableDeviceApi.dll

[00:01:0890] [Check DLLs] rsaenh.dll

[00:01:0906] [Check DLLs] wdmaud.drv

[00:01:0906] [Check DLLs] msacm32.drv

[00:01:0906] [Check DLLs] midimap.dll

[00:01:0922] [Check DLLs] fxsst.dll

[00:01:0922] [Check DLLs] WINSPOOL.DRV

[00:01:0937] [Check DLLs] FXSAPI.dll

[00:01:0937] [Check DLLs] NTMARTA.DLL

[00:01:0937] [Check DLLs] MPR.dll

[00:01:0953] [Check DLLs] drprov.dll

[00:01:0953] [Check DLLs] ntlanman.dll

[00:01:0968] [Check DLLs] NETUI0.dll

[00:01:0968] [Check DLLs] NETUI1.dll

[00:01:0968] [Check DLLs] NETRAP.dll

[00:01:0984] [Check DLLs] davclnt.dll

[00:01:0984] [Check DLLs] LMIRfsClientNP.dll

[00:02:0000] [Check DLLs] SXS.DLL

[00:02:0000] [Check DLLs] browselc.dll

[00:02:0000] [Check DLLs] wdsShell.dll

[00:02:0015] [Check DLLs] tquery.dll

[00:02:0015] [Check DLLs] PROPSYS.dll

[00:02:0031] [Check DLLs] msshsq.dll

[00:02:0031] [Check DLLs] LangWrbk.dll

[00:02:0031] [Check DLLs] mshtml.dll

[00:02:0047] [Check DLLs] msls31.dll

[00:02:0047] [Check DLLs] PSAPI.DLL

[00:02:0062] [Check DLLs] mstime.dll

[00:02:0062] [Check DLLs] DDRAW.dll

[00:02:0062] [Check DLLs] DCIMAN32.dll

[00:02:0078] [Check DLLs] jscript.dll

[00:02:0078] [Check DLLs] msimtf.dll

[00:02:0078] [Check DLLs] MSCTF.dll

[00:02:0093] [Check DLLs] Dxtrans.dll

[00:02:0093] [Check DLLs] ddrawex.dll

[00:02:0109] [Check DLLs] Dxtmsft.dll

[00:02:0109] [Check DLLs] gdiplus.dll

[00:02:0125] [Check DLLs] D3DIM700.DLL

[00:02:0125] [Check DLLs] DUSER.dll

[00:02:0125] [Check DLLs] mssprxy.dll

[00:02:0140] [Check DLLs] MSGINA.dll

[00:02:0140] [Check DLLs] ODBC32.dll

[00:02:0156] [Check DLLs] comdlg32.dll

[00:02:0156] [Check DLLs] odbcint.dll

[00:02:0156] [Check DLLs] sti.dll

[00:02:0172] [Check DLLs] CFGMGR32.dll

[00:02:0172] [Check DLLs] MSVCR90.dll

[00:02:0187] [Check DLLs] PDFShell.dll

[00:02:0187] [Check DLLs] MSVCP90.dll

[00:02:0203] [Check Processes] [296] svchost.exe

[00:02:0203] [Check Processes] [452] E_S40RP7.EXE

[00:02:0218] Nb sections : 3

[00:02:0218] Parsing section : [6] .text

[00:02:0218] Parsing section at 0x400

[00:02:0234] Parsing section : [6] .data

[00:02:0234] Parsing section at 0x1a400

[00:02:0250] Parsing section : [6] .rsrc

[00:02:0250] Parsing section at 0x1b800

[00:02:0265] [Check Processes] [560] inetinfo.exe

[00:02:0265] Nb sections : 3

[00:02:0281] Parsing section : [6] .text

[00:02:0281] Parsing section at 0x400

[00:02:0297] Parsing section : [6] .data

[00:02:0297] Parsing section at 0x3200

[00:02:0297] Parsing section : [6] .rsrc

[00:02:0312] Parsing section at 0x3400

[00:02:0312] [Check Processes] [596] jqs.exe

[00:02:0328] Nb sections : 4

[00:02:0328] Parsing section : [6] .text

[00:02:0328] Parsing section at 0x1000

[00:02:0343] Parsing section : [7] .rdata

[00:02:0343] Parsing section at 0x17000

[00:02:0359] Parsing section : [6] .data

[00:02:0359] Parsing section at 0x22000

[00:02:0359] Parsing section : [6] .rsrc

[00:02:0375] Parsing section at 0x23000

[00:02:0375] [Check Processes] [628] LMIGuardianSvc.exe

[00:02:0390] Nb sections : 5

[00:02:0390] Parsing section : [6] .text

[00:02:0406] Parsing section at 0x1000

[00:02:0406] Parsing section : [7] .rdata

[00:02:0406] Parsing section at 0x9000

[00:02:0422] Parsing section : [6] .data

[00:02:0422] Parsing section at 0xc000

[00:02:0437] Parsing section : [6] .rsrc

[00:02:0437] Parsing section at 0xd000

[00:02:0453] Parsing section : [7] .reloc

[00:02:0453] Parsing section at 0x58000

[00:02:0453] [Check Processes] [960] LVComSer.exe

[00:02:0468] Nb sections : 4

[00:02:0468] Parsing section : [6] .text

[00:02:0484] Parsing section at 0x1000

[00:02:0484] Parsing section : [7] .rdata

[00:02:0500] Parsing section at 0x1e000

[00:02:0500] Parsing section : [6] .data

[00:02:0500] Parsing section at 0x25000

[00:02:0515] Parsing section : [6] .rsrc

[00:02:0515] Parsing section at 0x27000

[00:02:0531] [Check Processes] [1184] LVPrcSrv.exe

[00:02:0531] Nb sections : 4

[00:02:0531] Parsing section : [6] .text

[00:02:0547] Parsing section at 0x1000

[00:02:0547] Parsing section : [7] .rdata

[00:02:0562] Parsing section at 0x16000

[00:02:0562] Parsing section : [6] .data

[00:02:0562] Parsing section at 0x1c000

[00:02:0578] Parsing section : [6] .rsrc

[00:02:0578] Parsing section at 0x1e000

[00:02:0593] [Check Processes] [1240] mbamservice.exe

[00:02:0593] Nb sections : 5

[00:02:0609] Parsing section : [6] .text

[00:02:0609] Parsing section at 0x400

[00:02:0625] Parsing section : [7] .rdata

[00:02:0625] Parsing section at 0x77c00

[00:02:0640] Parsing section : [6] .data

[00:02:0640] Parsing section at 0x92200

[00:02:0656] Parsing section : [6] .rsrc

[00:02:0656] Parsing section at 0x95a00

[00:02:0656] Parsing section : [7] .reloc

[00:02:0672] Parsing section at 0x96000

[00:02:0672] [Check Processes] [1584] snmp.exe

[00:02:0687] Nb sections : 3

[00:02:0687] Parsing section : [6] .text

[00:02:0687] Parsing section at 0x400

[00:02:0703] Parsing section : [6] .data

[00:02:0703] Parsing section at 0x7200

[00:02:0718] Parsing section : [6] .rsrc

[00:02:0718] Parsing section at 0x7400

[00:02:0718] [Check Processes] [1552] svchost.exe

[00:02:0734] [Check Processes] [1520] searchindexer.exe

[00:02:0750] [Check Processes] [2096] LVComSer.exe

[00:02:0750] Nb sections : 4

[00:02:0765] Parsing section : [6] .text

[00:02:0765] Parsing section at 0x1000

[00:02:0781] Parsing section : [7] .rdata

[00:02:0781] Parsing section at 0x1e000

[00:02:0781] Parsing section : [6] .data

[00:02:0797] Parsing section at 0x25000

[00:02:0797] Parsing section : [6] .rsrc

[00:02:0812] Parsing section at 0x27000

[00:02:0812] [Check Processes] [2752] alg.exe

[00:02:0828] [Check Processes] [1084] RTHDCPL.exe

[00:02:0828] Nb sections : 8

[00:02:0828] Parsing section : [6] .text

[00:02:0843] Parsing section at 0x600

[00:02:0890] Parsing section : [6] .data

[00:02:0906] Parsing section at 0x21cc00

[00:02:0906] Parsing section : [5] .tls

[00:02:0906] Parsing section at 0x253200

[00:02:0922] Parsing section : [7] .rdata

[00:02:0922] Parsing section at 0x253400

[00:02:0922] Parsing section : [7] .idata

[00:02:0937] Parsing section at 0x253600

[00:02:0937] Parsing section : [7] .edata

[00:02:0953] Parsing section at 0x256e00

[00:02:0968] Parsing section : [6] .rsrc

[00:02:0968] Parsing section at 0x2ae400

[00:03:0250] Parsing section : [7] .reloc

[00:03:0250] Parsing section at 0xf39400

[00:03:0265] [Check Processes] [1464] PDVDServ.exe

[00:03:0281] Nb sections : 4

[00:03:0297] Parsing section : [6] .text

[00:03:0297] Parsing section at 0x1000

[00:03:0312] Parsing section : [7] .rdata

[00:03:0312] Parsing section at 0x7000

[00:03:0312] Parsing section : [6] .data

[00:03:0328] Parsing section at 0x8000

[00:03:0328] Parsing section : [6] .rsrc

[00:03:0328] Parsing section at 0xb000

[00:03:0343] [Check Processes] [3000] wuauclt.exe

[00:03:0359] [Check Processes] [3328] LogMeInSystray.exe

[00:03:0359] Nb sections : 5

[00:03:0375] Parsing section : [6] .text

[00:03:0375] Parsing section at 0x1000

[00:03:0375] Parsing section : [7] .rdata

[00:03:0390] Parsing section at 0x8000

[00:03:0390] Parsing section : [6] .data

[00:03:0406] Parsing section at 0xa000

[00:03:0406] Parsing section : [6] .rsrc

[00:03:0406] Parsing section at 0xb000

[00:03:0422] Parsing section : [7] .reloc

[00:03:0422] Parsing section at 0xd000

[00:03:0437] [Check Processes] [3332] Communications_Helper.exe

[00:03:0437] Nb sections : 4

[00:03:0453] Parsing section : [6] .text

[00:03:0453] Parsing section at 0x400

[00:03:0468] Parsing section : [7] .rdata

[00:03:0468] Parsing section at 0x33600

[00:03:0484] Parsing section : [6] .data

[00:03:0484] Parsing section at 0x41c00

[00:03:0484] Parsing section : [6] .rsrc

[00:03:0500] Parsing section at 0x45e00

[00:03:0515] [Check Processes] [3352] Quickcam.exe

[00:03:0515] Nb sections : 4

[00:03:0531] Parsing section : [6] .text

[00:03:0531] Parsing section at 0x400

[00:03:0547] Parsing section : [7] .rdata

[00:03:0562] Parsing section at 0xccc00

[00:03:0562] Parsing section : [6] .data

[00:03:0578] Parsing section at 0x108600

[00:03:0578] Parsing section : [6] .rsrc

[00:03:0593] Parsing section at 0x10f600

[00:03:0625] [Check Processes] [2788] mbamgui.exe

[00:03:0625] Nb sections : 5

[00:03:0640] Parsing section : [6] .text

[00:03:0640] Parsing section at 0x400

[00:03:0656] Parsing section : [7] .rdata

[00:03:0656] Parsing section at 0x1a400

[00:03:0656] Parsing section : [6] .data

[00:03:0672] Parsing section at 0x1fc00

[00:03:0672] Parsing section : [6] .rsrc

[00:03:0672] Parsing section at 0x21000

[00:03:0687] Parsing section : [7] .reloc

[00:03:0703] Parsing section at 0x6ce00

[00:03:0703] [Check Processes] [3272] jusched.exe

[00:03:0718] Nb sections : 4

[00:03:0718] Parsing section : [6] .text

[00:03:0718] Parsing section at 0x400

[00:03:0734] Parsing section : [7] .rdata

[00:03:0734] Parsing section at 0x2c200

[00:03:0750] Parsing section : [6] .data

[00:03:0750] Parsing section at 0x38200

[00:03:0765] Parsing section : [6] .rsrc

[00:03:0765] Parsing section at 0x3a400

[00:03:0781] [Check Processes] [844] msseces.exe

[00:03:0781] Nb sections : 4

[00:03:0781] Parsing section : [6] .text

[00:03:0797] Parsing section at 0x400

[00:03:0812] Parsing section : [6] .data

[00:03:0828] Parsing section at 0xc0200

[00:03:0828] Parsing section : [6] .rsrc

[00:03:0828] Parsing section at 0xc6a00

[00:03:0843] Parsing section : [7] .reloc

[00:03:0843] Parsing section at 0xd0e00

[00:03:0859] [Check Processes] [3212] GoogleToolbarNotifier.exe

[00:03:0859] Nb sections : 4

[00:03:0875] Parsing section : [6] .text

[00:03:0875] Parsing section at 0x400

[00:03:0875] Parsing section : [7] .rdata

[00:03:0890] Parsing section at 0x5e00

[00:03:0890] Parsing section : [6] .data

[00:03:0906] Parsing section at 0x7a00

[00:03:0906] Parsing section : [6] .rsrc

[00:03:0906] Parsing section at 0x8400

[00:03:0922] [Check Processes] [3716] msmsgs.exe

[00:03:0922] Nb sections : 3

[00:03:0937] Parsing section : [6] .text

[00:03:0937] Parsing section at 0x600

[00:03:0968] Parsing section : [6] .data

[00:03:0968] Parsing section at 0x110400

[00:03:0984] Parsing section : [6] .rsrc

[00:03:0984] Parsing section at 0x111c00

[00:04:0000] [Check Processes] [3884] WindowsSearch.exe

[00:04:0015] Nb sections : 4

[00:04:0015] Parsing section : [6] .text

[00:04:0031] Parsing section at 0x400

[00:04:0031] Parsing section : [6] .data

[00:04:0047] Parsing section at 0x1a600

[00:04:0047] Parsing section : [6] .rsrc

[00:04:0047] Parsing section at 0x1ac00

[00:04:0047] Parsing section : [7] .reloc

[00:04:0062] Parsing section at 0x1c600

[00:04:0062] [Check Processes] [2280] COCIManager.exe

[00:04:0078] Nb sections : 4

[00:04:0078] Parsing section : [6] .text

[00:04:0093] Parsing section at 0x400

[00:04:0093] Parsing section : [7] .rdata

[00:04:0109] Parsing section at 0x4e800

[00:04:0109] Parsing section : [6] .data

[00:04:0109] Parsing section at 0x5ee00

[00:04:0125] Parsing section : [6] .rsrc

[00:04:0125] Parsing section at 0x62c00

[00:04:0140] [Check Processes] [1720] LULnchr.exe

[00:04:0140] Nb sections : 4

[00:04:0156] Parsing section : [6] .text

[00:04:0156] Parsing section at 0x400

[00:04:0172] Parsing section : [7] .rdata

[00:04:0172] Parsing section at 0x20400

[00:04:0172] Parsing section : [6] .data

[00:04:0187] Parsing section at 0x25c00

[00:04:0187] Parsing section : [6] .rsrc

[00:04:0187] Parsing section at 0x27400

[00:04:0203] [Check Processes] [2236] LogitechUpdate.exe

[00:04:0203] Nb sections : 4

[00:04:0218] Parsing section : [6] .text

[00:04:0218] Parsing section at 0x1000

[00:04:0234] Parsing section : [7] .rdata

[00:04:0234] Parsing section at 0x4d000

[00:04:0250] Parsing section : [6] .data

[00:04:0250] Parsing section at 0x68000

[00:04:0265] Parsing section : [6] .rsrc

[00:04:0265] Parsing section at 0x6c000

[00:04:0281] [Check Processes] [532] iexplore.exe

[00:04:0297] Nb sections : 4

[00:04:0297] Parsing section : [6] .text

[00:04:0312] Parsing section at 0x400

[00:04:0312] Parsing section : [6] .data

[00:04:0312] Parsing section at 0xa400

[00:04:0328] Parsing section : [6] .rsrc

[00:04:0328] Parsing section at 0xac00

[00:04:0343] Parsing section : [7] .reloc

[00:04:0359] Parsing section at 0x99c00

[00:04:0359] [Check Processes] [1460] iexplore.exe

[00:04:0375] Nb sections : 4

[00:04:0375] Parsing section : [6] .text

[00:04:0375] Parsing section at 0x400

[00:04:0390] Parsing section : [6] .data

[00:04:0390] Parsing section at 0xa400

[00:04:0406] Parsing section : [6] .rsrc

[00:04:0406] Parsing section at 0xac00

[00:04:0422] Parsing section : [7] .reloc

[

Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-08-22.01 - raleigh 08/22/2012 15:37:20.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1089 [GMT -4:00]

Running from: c:\documents and settings\raleigh\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))

.

.

2012-08-22 19:20 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{51687F5E-CF96-42AF-804C-D461052ABF00}\mpengine.dll

2012-08-22 17:46 . 2012-08-22 18:13 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-22 17:14 . 2012-08-22 18:13 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-08-21 20:45 . 2012-08-21 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2012-08-21 20:45 . 2012-08-21 20:45 -------- d-----w- c:\program files\Security Task Manager

2012-08-16 20:35 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-09 18:11 . 2012-08-09 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother

2012-08-06 13:20 . 2012-08-06 13:20 -------- d--h--w- c:\windows\PIF

2012-08-02 18:21 . 2012-08-03 14:42 -------- d-----w- c:\documents and settings\raleigh\Local Settings\Application Data\LogMeIn Rescue Applet

2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 01:07 . 2012-04-17 21:34 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-15 01:07 . 2011-07-06 14:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 17:46 . 2011-12-28 22:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 13:19 . 2005-10-06 00:06 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50 . 2007-05-15 22:43 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2004-08-04 05:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 21:35 . 2009-06-04 00:09 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32 . 2004-08-04 05:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19 . 2007-07-31 02:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19 . 2007-07-31 02:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19 . 2004-08-04 05:00 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 19:19 . 2004-08-04 05:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19 . 2004-08-04 05:00 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 19:19 . 2007-07-31 02:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 19:19 . 2007-07-31 02:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19 . 2004-08-04 05:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 19:19 . 2004-08-04 05:00 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 19:19 . 2004-08-04 05:00 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 19:19 . 2007-07-31 02:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:19 . 2004-08-04 05:00 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 19:19 . 2004-08-04 05:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 19:18 . 2009-06-04 00:09 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18 . 2009-06-04 00:09 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2004-08-04 05:00 599040 ----a-w- c:\windows\system32\crypt32.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2012-08-22_19.05.44 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-07-24 20:33 . 2012-08-22 19:43 227180 c:\windows\system32\inetsrv\MetaBase.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-29 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-14 52832]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"SiSPower"="SiSPower.dll" [2007-02-28 53248]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"ScrewDrivers RDP Plugin"="c:\program files\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe" [2011-04-28 45384]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAC0ATgBLAFQANgAyAC0AVAAwAFQAMABXAC0ARwA0ADkAOQBBAC0ATABaAEIARABRAC0AOAA2AE4AVABRAA&inst=NwA2AC0ANQAwADQAMgA1ADAAMgA3ADcALQBCADEALQBVADkAMAArADEALQBYAE8AMwA2ACsAMQAtAFMAVAAxACsAMgAtAFQAQgA5ACsAMgAtAE4AMQBEACsAMQAtAFAATAArADkALQBDAEkAQQA5ADAAKwAyAA∏=92&ver=9.0.894" [?]

.

c:\documents and settings\raleigh\Start Menu\Programs\Startup\

DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2009-09-29 00:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk

backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]

Alaunch [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]

2006-09-23 20:08 61440 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD\\OLRSubmission\\OLRSubmission.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\LogMeIn Rescue Calling Card\\CallingCard.exe"=

"c:\\WINDOWS\\LMI2D.tmp\\lmi_rescue.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Documents and Settings\\raleigh\\Application Data\\Spotify\\spotify.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9999:UDP"= 9999:UDP:LANScope UDP Port

"2804:TCP"= 2804:TCP:LANScope TCP Port

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/29/2011 9:53 AM 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 1:41 PM 12856]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/28/2011 6:28 PM 655944]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/28/2011 6:28 PM 22344]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 5:43 PM 135664]

S2 netlimiter;netlimiter;\??\c:\windows\system32\drivers\netlimiter.sys --> c:\windows\system32\drivers\netlimiter.sys [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/17/2012 5:34 PM 250056]

S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [10/17/2007 12:24 PM 58352]

S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [10/17/2007 12:24 PM 8304]

S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [10/17/2007 12:24 PM 93904]

S3 cmo_serd;Data Modem @ CDMA Diagnostic Serial Port (WDM);c:\windows\system32\drivers\cmo_serd.sys [10/17/2007 12:24 PM 73696]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 5:43 PM 135664]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - UBHELPER

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 01:07]

.

2012-08-21 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-29 08:53]

.

2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 21:42]

.

2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 21:42]

.

2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-783975438-433103722-3473481398-1008Core.job

- c:\documents and settings\raleigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-06 13:22]

.

2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-783975438-433103722-3473481398-1008UA.job

- c:\documents and settings\raleigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-06 13:22]

.

2012-08-22 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]

.

2012-08-22 c:\windows\Tasks\User_Feed_Synchronization-{9373A04D-379D-4C6A-B6C8-832B7FC8FB82}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1212586949&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

Trusted Zone: car-part.com\appcgi

Trusted Zone: minutemanintl.com\www

TCP: DhcpNameServer = 192.168.0.1

DPF: {03A89EFD-E023-B000-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInst11.dll

DPF: {03A89EFD-E023-B100-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInst11.dll

FF - ProfilePath - c:\documents and settings\raleigh\Application Data\Mozilla\Firefox\Profiles\hvldi4b0.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - www.hotmail.com

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c63e952&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-22 15:45

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD800JD-22MSA1 rev.10.01E01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

.

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0xB9F12864

user & kernel MBR OK

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-783975438-433103722-3473481398-1008\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(712)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

- - - - - - - > 'explorer.exe'(2836)

c:\windows\system32\WININET.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-08-22 15:47:43

ComboFix-quarantined-files.txt 2012-08-22 19:47

ComboFix2.txt 2012-08-22 19:12

ComboFix3.txt 2011-12-28 21:40

.

Pre-Run: 50,197,135,360 bytes free

Post-Run: 50,178,015,232 bytes free

.

- - End Of File - - 0AC2121AF2457647584D12B70DC0821A

Link to post
Share on other sites

Sorry for the slow reply- I ended up having to run Combofix twice. I tried several times to attach the first report in a reply, but each time something would lock up the browser (I tried IE and Chrome) and not let me paste the text into the reply box, or let me click the "post" button.

So, this is the report generated after the 2nd run of Combofix- let me know if you need the 1st report and I'll post it up.

Thanks!

Link to post
Share on other sites

RK Report:

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: raleigh [Admin rights]

Mode: Scan -- Date: 08/22/2012 16:41:03

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800JD-22MSA1 +++++

--- User ---

[MBR] 814ada70c4f671fd96447688765bec97

[bSP] 6c807b57d82e869e759c0174e0affc51 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Link to post
Share on other sites

Everything seems good so far. :)

MBAM Log:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.23.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

raleigh :: ACER-E355056E8B [administrator]

Protection: Enabled

8/23/2012 8:59:46 AM

mbam-log-2012-08-23 (08-59-46).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 292407

Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Good.......

Please do this:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

MrC

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.46

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

Java 6 Update 34

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 10.0.42.34 Flash Player out of Date!

Adobe Reader 8 Adobe Reader out of Date!

Adobe Reader X (10.1.4)

Mozilla Firefox (3.5.16) Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Java™ 6 Update 34

Java™ 6 Update 3

Java™ 6 Update 5

Java™ 6 Update 7

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 10.0.42.34 Flash Player out of Date!

Adobe Reader 8 Adobe Reader out of Date!

Adobe Reader X (10.1.4)

Mozilla Firefox (3.5.16) Firefox out of Date!

OK, your Java, Adobe Flash Player, Reader and FF are out of date.

Older versions of programs are vulnerable to malware...please update them.

That info can be found in my Preventive Maintenance below.

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.