Start.Sweetpacks got me...

[stanmich]

I'm usually better than this, but here we go. Not sure if I should post the DDS.txt yet?

[D-FRED-BROWN]

Hello stanmich and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

For now, forget about DDS and please just proceed with the following insructions.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.
  

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  

----------Step 3----------------

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

----------Step 4----------------

In your next reply, please include the following:

• TDSSKiller's logfile
  
• MBAR mbar-log.txt and system-log.txt
  
• Security Check checkup.txt
  

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

[stanmich]

Thank you. I ran TDSSKiller and got nothing. I am currently running the MWB Anti-Rootkit, but need to leave the office for the time being. Will update when it is done scanning and cleaning....

[D-FRED-BROWN]

Sounds good. I'll wait for the other logs.

[stanmich]

Just in case, here is the TDSSKiller log:

19:22:11.0859 2228 TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:34

19:22:12.0218 2228 ============================================================

19:22:12.0218 2228 Current date / time: 2013/05/22 19:22:12.0218

19:22:12.0218 2228 SystemInfo:

19:22:12.0218 2228

19:22:12.0218 2228 OS Version: 5.1.2600 ServicePack: 3.0

19:22:12.0218 2228 Product type: Workstation

19:22:12.0218 2228 ComputerName: HP-P4

19:22:12.0218 2228 UserName: Admin

19:22:12.0218 2228 Windows directory: C:\WINDOWS

19:22:12.0218 2228 System windows directory: C:\WINDOWS

19:22:12.0218 2228 Processor architecture: Intel x86

19:22:12.0218 2228 Number of processors: 2

19:22:12.0218 2228 Page size: 0x1000

19:22:12.0218 2228 Boot type: Normal boot

19:22:12.0218 2228 ============================================================

19:22:13.0421 2228 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

19:22:13.0421 2228 ============================================================

19:22:13.0421 2228 \Device\Harddisk0\DR0:

19:22:13.0421 2228 MBR partitions:

19:22:13.0421 2228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482

19:22:13.0421 2228 ============================================================

19:22:13.0453 2228 C: <-> \Device\Harddisk0\DR0\Partition1

19:22:13.0453 2228 ============================================================

19:22:13.0453 2228 Initialize success

19:22:13.0453 2228 ============================================================

19:22:19.0656 3068 ============================================================

19:22:19.0656 3068 Scan started

19:22:19.0656 3068 Mode: Manual;

19:22:19.0656 3068 ============================================================

19:22:20.0031 3068 ================ Scan system memory ========================

19:22:20.0031 3068 System memory - ok

19:22:20.0031 3068 ================ Scan services =============================

19:22:20.0109 3068 Abiosdsk - ok

19:22:20.0109 3068 abp480n5 - ok

19:22:20.0171 3068 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

19:22:20.0171 3068 ACPI - ok

19:22:20.0203 3068 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

19:22:20.0203 3068 ACPIEC - ok

19:22:20.0203 3068 adpu160m - ok

19:22:20.0234 3068 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

19:22:20.0234 3068 aec - ok

19:22:20.0281 3068 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

19:22:20.0281 3068 AFD - ok

19:22:20.0296 3068 Aha154x - ok

19:22:20.0296 3068 aic78u2 - ok

19:22:20.0312 3068 aic78xx - ok

19:22:20.0343 3068 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

19:22:20.0343 3068 Alerter - ok

19:22:20.0375 3068 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

19:22:20.0375 3068 ALG - ok

19:22:20.0375 3068 AliIde - ok

19:22:20.0375 3068 amsint - ok

19:22:20.0515 3068 [ 5234837DFEC4092E235594B25CF02865 ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe

19:22:20.0515 3068 Application Updater - ok

19:22:20.0546 3068 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

19:22:20.0562 3068 AppMgmt - ok

19:22:20.0562 3068 asc - ok

19:22:20.0562 3068 asc3350p - ok

19:22:20.0578 3068 asc3550 - ok

19:22:20.0687 3068 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

19:22:20.0703 3068 aspnet_state - ok

19:22:20.0718 3068 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

19:22:20.0718 3068 AsyncMac - ok

19:22:20.0750 3068 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

19:22:20.0750 3068 atapi - ok

19:22:20.0765 3068 Atdisk - ok

19:22:20.0781 3068 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

19:22:20.0781 3068 Atmarpc - ok

19:22:20.0812 3068 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

19:22:20.0812 3068 AudioSrv - ok

19:22:20.0859 3068 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

19:22:20.0859 3068 audstub - ok

19:22:20.0921 3068 [ 5175E788BCD1CB7345AB21F3E14369D2 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys

19:22:20.0921 3068 b57w2k - ok

19:22:20.0968 3068 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

19:22:20.0968 3068 Beep - ok

19:22:21.0015 3068 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

19:22:21.0031 3068 BITS - ok

19:22:21.0171 3068 [ 686045905787B68D829CE647A6DFAD2B ] Blackberry Device Manager C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

19:22:21.0171 3068 Blackberry Device Manager - ok

19:22:21.0218 3068 [ 9B53D428DE0A2566A03499D7AA48DEC4 ] Blfp C:\WINDOWS\system32\DRIVERS\baspxp32.sys

19:22:21.0218 3068 Blfp - ok

19:22:21.0250 3068 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

19:22:21.0250 3068 Browser - ok

19:22:21.0281 3068 [ 4813DF77EDE536A52E3737971F910BAA ] BTCFilterService C:\WINDOWS\system32\DRIVERS\motfilt.sys

19:22:21.0296 3068 BTCFilterService - ok

19:22:21.0312 3068 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

19:22:21.0312 3068 cbidf2k - ok

19:22:21.0312 3068 cd20xrnt - ok

19:22:21.0343 3068 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

19:22:21.0343 3068 Cdaudio - ok

19:22:21.0390 3068 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

19:22:21.0390 3068 Cdfs - ok

19:22:21.0406 3068 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

19:22:21.0406 3068 Cdrom - ok

19:22:21.0406 3068 Changer - ok

19:22:21.0437 3068 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

19:22:21.0437 3068 CiSvc - ok

19:22:21.0453 3068 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

19:22:21.0453 3068 ClipSrv - ok

19:22:21.0531 3068 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:22:21.0531 3068 clr_optimization_v2.0.50727_32 - ok

19:22:21.0578 3068 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:22:21.0625 3068 clr_optimization_v4.0.30319_32 - ok

19:22:21.0625 3068 CmdIde - ok

19:22:21.0640 3068 COMSysApp - ok

19:22:21.0640 3068 Cpqarray - ok

19:22:21.0671 3068 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

19:22:21.0671 3068 CryptSvc - ok

19:22:21.0687 3068 dac2w2k - ok

19:22:21.0687 3068 dac960nt - ok

19:22:21.0750 3068 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

19:22:21.0750 3068 DcomLaunch - ok

19:22:21.0765 3068 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

19:22:21.0765 3068 Dhcp - ok

19:22:21.0796 3068 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

19:22:21.0796 3068 Disk - ok

19:22:21.0796 3068 dmadmin - ok

19:22:21.0828 3068 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

19:22:21.0843 3068 dmboot - ok

19:22:21.0859 3068 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys

19:22:21.0859 3068 dmio - ok

19:22:21.0875 3068 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

19:22:21.0875 3068 dmload - ok

19:22:21.0875 3068 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

19:22:21.0875 3068 dmserver - ok

19:22:21.0921 3068 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

19:22:21.0921 3068 DMusic - ok

19:22:21.0968 3068 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

19:22:21.0968 3068 Dnscache - ok

19:22:22.0015 3068 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

19:22:22.0015 3068 Dot3svc - ok

19:22:22.0015 3068 dpti2o - ok

19:22:22.0046 3068 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

19:22:22.0046 3068 drmkaud - ok

19:22:22.0093 3068 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

19:22:22.0093 3068 EapHost - ok

19:22:22.0093 3068 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

19:22:22.0093 3068 ERSvc - ok

19:22:22.0140 3068 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

19:22:22.0140 3068 Eventlog - ok

19:22:22.0156 3068 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

19:22:22.0156 3068 EventSystem - ok

19:22:22.0203 3068 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

19:22:22.0203 3068 Fastfat - ok

19:22:22.0296 3068 [ 83158CA47591AF55A9759B5C648B0462 ] FastFreeConverterUpdt C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe

19:22:22.0312 3068 FastFreeConverterUpdt - ok

19:22:22.0359 3068 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

19:22:22.0375 3068 FastUserSwitchingCompatibility - ok

19:22:22.0406 3068 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

19:22:22.0406 3068 Fdc - ok

19:22:22.0421 3068 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

19:22:22.0421 3068 Fips - ok

19:22:22.0437 3068 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

19:22:22.0437 3068 Flpydisk - ok

19:22:22.0484 3068 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

19:22:22.0484 3068 FltMgr - ok

19:22:22.0531 3068 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

19:22:22.0531 3068 FontCache3.0.0.0 - ok

19:22:22.0546 3068 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

19:22:22.0546 3068 Fs_Rec - ok

19:22:22.0546 3068 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

19:22:22.0546 3068 Ftdisk - ok

19:22:22.0578 3068 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

19:22:22.0578 3068 Gpc - ok

19:22:22.0687 3068 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

19:22:22.0687 3068 gupdate - ok

19:22:22.0687 3068 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

19:22:22.0687 3068 gupdatem - ok

19:22:22.0703 3068 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

19:22:22.0703 3068 HDAudBus - ok

19:22:22.0781 3068 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

19:22:22.0781 3068 helpsvc - ok

19:22:22.0812 3068 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

19:22:22.0812 3068 HidServ - ok

19:22:22.0843 3068 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

19:22:22.0843 3068 HidUsb - ok

19:22:22.0890 3068 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

19:22:22.0890 3068 hkmsvc - ok

19:22:22.0906 3068 hpn - ok

19:22:22.0937 3068 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

19:22:22.0937 3068 HTTP - ok

19:22:22.0953 3068 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

19:22:22.0953 3068 HTTPFilter - ok

19:22:22.0953 3068 i2omgmt - ok

19:22:22.0968 3068 i2omp - ok

19:22:22.0984 3068 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

19:22:22.0984 3068 i8042prt - ok

19:22:23.0062 3068 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

19:22:23.0093 3068 ialm - ok

19:22:23.0171 3068 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

19:22:23.0187 3068 idsvc - ok

19:22:23.0203 3068 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

19:22:23.0203 3068 Imapi - ok

19:22:23.0234 3068 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

19:22:23.0234 3068 ImapiService - ok

19:22:23.0250 3068 ini910u - ok

19:22:23.0406 3068 [ 06B0E8D608AB69643B14A1F95F7FEAB3 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys

19:22:23.0437 3068 IntcAzAudAddService - ok

19:22:23.0437 3068 IntelIde - ok

19:22:23.0453 3068 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

19:22:23.0453 3068 intelppm - ok

19:22:23.0484 3068 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

19:22:23.0484 3068 Ip6Fw - ok

19:22:23.0515 3068 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

19:22:23.0515 3068 IpFilterDriver - ok

19:22:23.0531 3068 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

19:22:23.0531 3068 IpInIp - ok

19:22:23.0546 3068 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

19:22:23.0562 3068 IpNat - ok

19:22:23.0562 3068 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

19:22:23.0562 3068 IPSec - ok

19:22:23.0593 3068 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

19:22:23.0593 3068 IRENUM - ok

19:22:23.0625 3068 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

19:22:23.0625 3068 isapnp - ok

19:22:23.0765 3068 [ 5739F2821D49975CEDE6BF0153D0CF01 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe

19:22:23.0765 3068 JavaQuickStarterService - ok

19:22:23.0781 3068 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

19:22:23.0781 3068 Kbdclass - ok

19:22:23.0781 3068 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

19:22:23.0781 3068 kbdhid - ok

19:22:23.0796 3068 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

19:22:23.0796 3068 kmixer - ok

19:22:23.0828 3068 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

19:22:23.0828 3068 KSecDD - ok

19:22:23.0859 3068 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

19:22:23.0859 3068 lanmanserver - ok

19:22:23.0921 3068 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

19:22:23.0921 3068 lanmanworkstation - ok

19:22:23.0921 3068 lbrtfdc - ok

19:22:23.0968 3068 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

19:22:23.0968 3068 LmHosts - ok

19:22:24.0000 3068 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

19:22:24.0000 3068 MBAMProtector - ok

19:22:24.0046 3068 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

19:22:24.0062 3068 MBAMScheduler - ok

19:22:24.0093 3068 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

19:22:24.0093 3068 MBAMService - ok

19:22:24.0125 3068 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys

19:22:24.0125 3068 MBAMSwissArmy - ok

19:22:24.0156 3068 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\WINDOWS\system32\DRIVERS\mcdbus.sys

19:22:24.0171 3068 mcdbus - ok

19:22:24.0187 3068 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

19:22:24.0187 3068 Messenger - ok

19:22:24.0218 3068 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

19:22:24.0218 3068 mnmdd - ok

19:22:24.0250 3068 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe

19:22:24.0250 3068 mnmsrvc - ok

19:22:24.0281 3068 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

19:22:24.0281 3068 Modem - ok

19:22:24.0328 3068 [ 0A43169E115B5E9346A4BA1EFFCB04CB ] motandroidusb C:\WINDOWS\system32\Drivers\motoandroid.sys

19:22:24.0328 3068 motandroidusb - ok

19:22:24.0359 3068 [ F55572B150DB90CDBD95038ED287EB50 ] motccgp C:\WINDOWS\system32\DRIVERS\motccgp.sys

19:22:24.0359 3068 motccgp - ok

19:22:24.0375 3068 [ 1B3720C4D16904756D49EF306706B978 ] motccgpfl C:\WINDOWS\system32\DRIVERS\motccgpfl.sys

19:22:24.0375 3068 motccgpfl - ok

19:22:24.0406 3068 [ B5DF98B8FD04204F4571FE0161288B98 ] motmodem C:\WINDOWS\system32\DRIVERS\motmodem.sys

19:22:24.0406 3068 motmodem - ok

19:22:24.0468 3068 [ FDF0D78147DA8B2A93FE42D9A14C1B0B ] Motorola Device Manager C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

19:22:24.0468 3068 Motorola Device Manager - ok

19:22:24.0484 3068 [ 140176B235722B6B92B56910ACDF3CC0 ] MotoSwitchService C:\WINDOWS\system32\DRIVERS\motswch.sys

19:22:24.0484 3068 MotoSwitchService - ok

19:22:24.0500 3068 [ 28938D6403C55289B7670798C075EF02 ] Motousbnet C:\WINDOWS\system32\DRIVERS\Motousbnet.sys

19:22:24.0500 3068 Motousbnet - ok

19:22:24.0531 3068 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

19:22:24.0531 3068 Mouclass - ok

19:22:24.0593 3068 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

19:22:24.0593 3068 mouhid - ok

19:22:24.0609 3068 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

19:22:24.0609 3068 MountMgr - ok

19:22:24.0609 3068 mraid35x - ok

19:22:24.0609 3068 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

19:22:24.0625 3068 MRxDAV - ok

19:22:24.0671 3068 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

19:22:24.0687 3068 MRxSmb - ok

19:22:24.0718 3068 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe

19:22:24.0718 3068 MSDTC - ok

19:22:24.0734 3068 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

19:22:24.0734 3068 Msfs - ok

19:22:24.0734 3068 MSIServer - ok

19:22:24.0765 3068 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

19:22:24.0765 3068 MSKSSRV - ok

19:22:24.0781 3068 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

19:22:24.0781 3068 MSPCLOCK - ok

19:22:24.0796 3068 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

19:22:24.0796 3068 MSPQM - ok

19:22:24.0812 3068 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

19:22:24.0812 3068 mssmbios - ok

19:22:24.0843 3068 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

19:22:24.0843 3068 Mup - ok

19:22:24.0875 3068 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

19:22:24.0875 3068 napagent - ok

19:22:24.0890 3068 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

19:22:24.0890 3068 NDIS - ok

19:22:24.0921 3068 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

19:22:24.0921 3068 NdisTapi - ok

19:22:24.0968 3068 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

19:22:24.0968 3068 Ndisuio - ok

19:22:24.0968 3068 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

19:22:24.0968 3068 NdisWan - ok

19:22:25.0000 3068 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

19:22:25.0000 3068 NDProxy - ok

19:22:25.0031 3068 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll

19:22:25.0031 3068 Net Driver HPZ12 - ok

19:22:25.0031 3068 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

19:22:25.0031 3068 NetBIOS - ok

19:22:25.0046 3068 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

19:22:25.0062 3068 NetBT - ok

19:22:25.0078 3068 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

19:22:25.0093 3068 NetDDE - ok

19:22:25.0093 3068 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

19:22:25.0093 3068 NetDDEdsdm - ok

19:22:25.0125 3068 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

19:22:25.0125 3068 Netlogon - ok

19:22:25.0156 3068 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

19:22:25.0156 3068 Netman - ok

19:22:25.0187 3068 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

19:22:25.0218 3068 NetTcpPortSharing - ok

19:22:25.0250 3068 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

19:22:25.0250 3068 Nla - ok

19:22:25.0250 3068 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

19:22:25.0250 3068 Npfs - ok

19:22:25.0281 3068 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

19:22:25.0296 3068 Ntfs - ok

19:22:25.0296 3068 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

19:22:25.0296 3068 NtLmSsp - ok

19:22:25.0343 3068 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

19:22:25.0343 3068 NtmsSvc - ok

19:22:25.0375 3068 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

19:22:25.0375 3068 Null - ok

19:22:25.0406 3068 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

19:22:25.0406 3068 NwlnkFlt - ok

19:22:25.0406 3068 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

19:22:25.0406 3068 NwlnkFwd - ok

19:22:25.0453 3068 [ 678D5EE988376F52E9CA7A312212173D ] ODWGU(Ativa) C:\WINDOWS\system32\DRIVERS\ODWGU.sys

19:22:25.0468 3068 ODWGU(Ativa) - ok

19:22:25.0468 3068 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

19:22:25.0484 3068 Parport - ok

19:22:25.0484 3068 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

19:22:25.0484 3068 PartMgr - ok

19:22:25.0515 3068 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

19:22:25.0515 3068 ParVdm - ok

19:22:25.0531 3068 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

19:22:25.0531 3068 PCI - ok

19:22:25.0531 3068 PCIDump - ok

19:22:25.0562 3068 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

19:22:25.0562 3068 PCIIde - ok

19:22:25.0578 3068 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

19:22:25.0578 3068 Pcmcia - ok

19:22:25.0578 3068 PDCOMP - ok

19:22:25.0687 3068 [ A1688A4FB2EC49D040C027EF6DC7A87B ] PDF Architect Helper Service C:\Program Files\PDF Architect\HelperService.exe

19:22:25.0718 3068 PDF Architect Helper Service - ok

19:22:25.0781 3068 [ E23FF9B2F8EEAB2BDDA681C21C48E843 ] PDF Architect Service C:\Program Files\PDF Architect\ConversionService.exe

19:22:25.0796 3068 PDF Architect Service - ok

19:22:25.0796 3068 PDFRAME - ok

19:22:25.0812 3068 PDRELI - ok

19:22:25.0812 3068 PDRFRAME - ok

19:22:25.0812 3068 perc2 - ok

19:22:25.0828 3068 perc2hib - ok

19:22:25.0843 3068 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

19:22:25.0843 3068 PlugPlay - ok

19:22:25.0906 3068 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll

19:22:25.0906 3068 Pml Driver HPZ12 - ok

19:22:25.0906 3068 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

19:22:25.0906 3068 PolicyAgent - ok

19:22:25.0921 3068 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

19:22:25.0921 3068 PptpMiniport - ok

19:22:25.0937 3068 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys

19:22:25.0937 3068 Processor - ok

19:22:25.0937 3068 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

19:22:25.0953 3068 ProtectedStorage - ok

19:22:26.0000 3068 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe

19:22:26.0000 3068 ProtexisLicensing - ok

19:22:26.0000 3068 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

19:22:26.0000 3068 PSched - ok

19:22:26.0062 3068 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

19:22:26.0062 3068 PSI_SVC_2 - ok

19:22:26.0078 3068 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

19:22:26.0078 3068 Ptilink - ok

19:22:26.0078 3068 ql1080 - ok

19:22:26.0093 3068 Ql10wnt - ok

19:22:26.0093 3068 ql12160 - ok

19:22:26.0093 3068 ql1240 - ok

19:22:26.0109 3068 ql1280 - ok

19:22:26.0140 3068 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

19:22:26.0140 3068 RasAcd - ok

19:22:26.0171 3068 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

19:22:26.0171 3068 RasAuto - ok

19:22:26.0203 3068 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

19:22:26.0218 3068 Rasl2tp - ok

19:22:26.0265 3068 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

19:22:26.0265 3068 RasMan - ok

19:22:26.0265 3068 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

19:22:26.0281 3068 RasPppoe - ok

19:22:26.0281 3068 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

19:22:26.0281 3068 Raspti - ok

19:22:26.0312 3068 [ 70E88A1342CB991C4FBA928A8AF9D3EF ] RCPS C:\WINDOWS\rcps.exe

19:22:27.0984 3068 RCPS - ok

19:22:28.0015 3068 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

19:22:28.0015 3068 Rdbss - ok

19:22:28.0046 3068 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

19:22:28.0046 3068 RDPCDD - ok

19:22:28.0109 3068 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

19:22:28.0109 3068 rdpdr - ok

19:22:28.0171 3068 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

19:22:28.0171 3068 RDPWD - ok

19:22:28.0203 3068 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

19:22:28.0203 3068 RDSessMgr - ok

19:22:28.0234 3068 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

19:22:28.0234 3068 redbook - ok

19:22:28.0281 3068 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

19:22:28.0281 3068 RemoteAccess - ok

19:22:28.0312 3068 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

19:22:28.0312 3068 RemoteRegistry - ok

19:22:28.0359 3068 [ BBCE96557881586683611C561FB06269 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys

19:22:28.0359 3068 RimUsb - ok

19:22:28.0375 3068 [ C4F4FCD5AE48BDD31648981DDF8EF993 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys

19:22:28.0375 3068 RimVSerPort - ok

19:22:28.0406 3068 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys

19:22:28.0406 3068 ROOTMODEM - ok

19:22:28.0437 3068 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

19:22:28.0437 3068 RpcLocator - ok

19:22:28.0484 3068 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

19:22:28.0484 3068 RpcSs - ok

19:22:28.0515 3068 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

19:22:28.0515 3068 RSVP - ok

19:22:28.0546 3068 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

19:22:28.0546 3068 SamSs - ok

19:22:28.0562 3068 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

19:22:28.0578 3068 SCardSvr - ok

19:22:28.0609 3068 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

19:22:28.0609 3068 Schedule - ok

19:22:28.0640 3068 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

19:22:28.0640 3068 Secdrv - ok

19:22:28.0656 3068 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

19:22:28.0656 3068 seclogon - ok

19:22:28.0656 3068 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

19:22:28.0656 3068 SENS - ok

19:22:28.0687 3068 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

19:22:28.0703 3068 serenum - ok

19:22:28.0703 3068 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

19:22:28.0718 3068 Serial - ok

19:22:28.0734 3068 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

19:22:28.0734 3068 Sfloppy - ok

19:22:28.0796 3068 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

19:22:28.0796 3068 SharedAccess - ok

19:22:28.0812 3068 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

19:22:28.0812 3068 ShellHWDetection - ok

19:22:28.0812 3068 Simbad - ok

19:22:28.0828 3068 Sparrow - ok

19:22:28.0843 3068 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

19:22:28.0843 3068 splitter - ok

19:22:28.0890 3068 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

19:22:28.0890 3068 Spooler - ok

19:22:28.0906 3068 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

19:22:28.0906 3068 sr - ok

19:22:28.0937 3068 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

19:22:28.0937 3068 srservice - ok

19:22:28.0968 3068 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

19:22:28.0984 3068 Srv - ok

19:22:29.0000 3068 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

19:22:29.0000 3068 SSDPSRV - ok

19:22:29.0015 3068 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

19:22:29.0031 3068 stisvc - ok

19:22:29.0046 3068 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

19:22:29.0046 3068 swenum - ok

19:22:29.0046 3068 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

19:22:29.0046 3068 swmidi - ok

19:22:29.0062 3068 SwPrv - ok

19:22:29.0062 3068 symc810 - ok

19:22:29.0078 3068 symc8xx - ok

19:22:29.0078 3068 sym_hi - ok

19:22:29.0078 3068 sym_u3 - ok

19:22:29.0093 3068 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

19:22:29.0093 3068 sysaudio - ok

19:22:29.0109 3068 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

19:22:29.0109 3068 SysmonLog - ok

19:22:29.0171 3068 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

19:22:29.0171 3068 TapiSrv - ok

19:22:29.0234 3068 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

19:22:29.0234 3068 Tcpip - ok

19:22:29.0265 3068 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

19:22:29.0265 3068 TDPIPE - ok

19:22:29.0281 3068 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

19:22:29.0281 3068 TDTCP - ok

19:22:29.0328 3068 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

19:22:29.0328 3068 TermDD - ok

19:22:29.0328 3068 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

19:22:29.0343 3068 TermService - ok

19:22:29.0359 3068 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

19:22:29.0359 3068 Themes - ok

19:22:29.0390 3068 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe

19:22:29.0406 3068 TlntSvr - ok

19:22:29.0406 3068 TosIde - ok

19:22:29.0437 3068 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

19:22:29.0437 3068 TrkWks - ok

19:22:29.0453 3068 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

19:22:29.0453 3068 Udfs - ok

19:22:29.0468 3068 ultra - ok

19:22:29.0515 3068 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

19:22:29.0531 3068 Update - ok

19:22:29.0578 3068 [ 1BA417F51BF6715F2A98014E4C093EB4 ] Updater By SweetPacks C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe

19:22:29.0578 3068 Updater By SweetPacks - ok

19:22:29.0593 3068 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

19:22:29.0593 3068 upnphost - ok

19:22:29.0609 3068 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

19:22:29.0609 3068 UPS - ok

19:22:29.0640 3068 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

19:22:29.0640 3068 usbaudio - ok

19:22:29.0687 3068 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

19:22:29.0687 3068 usbccgp - ok

19:22:29.0703 3068 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

19:22:29.0703 3068 usbehci - ok

19:22:29.0750 3068 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

19:22:29.0750 3068 usbhub - ok

19:22:29.0765 3068 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

19:22:29.0781 3068 usbscan - ok

19:22:29.0796 3068 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:22:29.0796 3068 USBSTOR - ok

19:22:29.0812 3068 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

19:22:29.0812 3068 usbuhci - ok

19:22:29.0828 3068 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

19:22:29.0828 3068 VgaSave - ok

19:22:29.0828 3068 ViaIde - ok

19:22:29.0843 3068 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

19:22:29.0843 3068 VolSnap - ok

19:22:29.0875 3068 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

19:22:29.0875 3068 VSS - ok

19:22:29.0906 3068 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

19:22:29.0921 3068 W32Time - ok

19:22:29.0937 3068 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

19:22:29.0937 3068 Wanarp - ok

19:22:29.0984 3068 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys

19:22:29.0984 3068 Wdf01000 - ok

19:22:30.0000 3068 WDICA - ok

19:22:30.0015 3068 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

19:22:30.0015 3068 wdmaud - ok

19:22:30.0062 3068 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

19:22:30.0062 3068 WebClient - ok

19:22:30.0156 3068 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

19:22:30.0156 3068 winmgmt - ok

19:22:30.0203 3068 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

19:22:30.0203 3068 WmdmPmSN - ok

19:22:30.0250 3068 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

19:22:30.0250 3068 Wmi - ok

19:22:30.0265 3068 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

19:22:30.0265 3068 WmiAcpi - ok

19:22:30.0296 3068 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

19:22:30.0296 3068 WmiApSrv - ok

19:22:30.0375 3068 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

19:22:30.0390 3068 WMPNetworkSvc - ok

19:22:30.0406 3068 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys

19:22:30.0406 3068 WpdUsb - ok

19:22:30.0468 3068 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

19:22:30.0484 3068 WPFFontCache_v0400 - ok

19:22:30.0515 3068 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

19:22:30.0515 3068 wscsvc - ok

19:22:30.0531 3068 WSearch - ok

19:22:30.0546 3068 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

19:22:30.0562 3068 wuauserv - ok

19:22:30.0593 3068 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

19:22:30.0593 3068 WudfPf - ok

19:22:30.0609 3068 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

19:22:30.0609 3068 WudfRd - ok

19:22:30.0640 3068 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

19:22:30.0640 3068 WudfSvc - ok

19:22:30.0703 3068 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

19:22:30.0703 3068 WZCSVC - ok

19:22:30.0734 3068 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

19:22:30.0734 3068 xmlprov - ok

19:22:30.0734 3068 ================ Scan global ===============================

19:22:30.0765 3068 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

19:22:30.0828 3068 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll

19:22:30.0828 3068 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll

19:22:30.0843 3068 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

19:22:30.0859 3068 [Global] - ok

19:22:30.0859 3068 ================ Scan MBR ==================================

19:22:30.0875 3068 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

19:22:31.0078 3068 \Device\Harddisk0\DR0 - ok

19:22:31.0078 3068 ================ Scan VBR ==================================

19:22:31.0078 3068 [ 9D46ACBAC9406B60D9766121FAA9F5D8 ] \Device\Harddisk0\DR0\Partition1

19:22:31.0078 3068 \Device\Harddisk0\DR0\Partition1 - ok

19:22:31.0078 3068 ============================================================

19:22:31.0078 3068 Scan finished

19:22:31.0078 3068 ============================================================

19:22:31.0093 3416 Detected object count: 0

19:22:31.0093 3416 Actual detected object count: 0

19:22:40.0015 3480 Deinitialize success

[stanmich]

Malwarebytes: Congratulations. No cleanup required.

mbar log:

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

www.malwarebytes.org

Database version: v2013.05.23.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Admin :: HP-P4 [administrator]

5/23/2013 8:54:06 AM

mbar-log-2013-05-23 (08-54-06).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 27356

Time elapsed: 32 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

system-log:

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 3.192000 GHz

Memory total: 2138415104, free: 1069068288

------------ Kernel report ------------

05/22/2013 19:26:16

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

PartMgr.sys

VolSnap.sys

atapi.sys

disk.sys

\WINDOWS\System32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

Mup.sys

\SystemRoot\system32\DRIVERS\ialmnt5.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\System32\DRIVERS\b57xp32.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\System32\DRIVERS\mouclass.sys

\SystemRoot\System32\DRIVERS\kbdclass.sys

\SystemRoot\System32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\System32\DRIVERS\imapi.sys

\SystemRoot\System32\DRIVERS\cdrom.sys

\SystemRoot\System32\DRIVERS\redbook.sys

\SystemRoot\System32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\System32\DRIVERS\wmiacpi.sys

\SystemRoot\System32\DRIVERS\audstub.sys

\SystemRoot\System32\Drivers\RootMdm.sys

\SystemRoot\System32\Drivers\Modem.SYS

\SystemRoot\System32\DRIVERS\rasl2tp.sys

\SystemRoot\System32\DRIVERS\ndistapi.sys

\SystemRoot\System32\DRIVERS\ndiswan.sys

\SystemRoot\System32\DRIVERS\raspppoe.sys

\SystemRoot\System32\DRIVERS\raspptp.sys

\SystemRoot\System32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\psched.sys

\SystemRoot\System32\DRIVERS\msgpc.sys

\SystemRoot\System32\DRIVERS\ptilink.sys

\SystemRoot\System32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\RimSerial.sys

\SystemRoot\system32\DRIVERS\WDFLDR.SYS

\SystemRoot\System32\Drivers\wdf01000.sys

\SystemRoot\System32\DRIVERS\rdpdr.sys

\SystemRoot\System32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\mcdbus.sys

\SystemRoot\system32\DRIVERS\SCSIPORT.SYS

\SystemRoot\System32\DRIVERS\swenum.sys

\SystemRoot\System32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RtkHDAud.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\DRIVERS\rasacd.sys

\SystemRoot\System32\DRIVERS\ipsec.sys

\SystemRoot\System32\DRIVERS\tcpip.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbios.sys

\SystemRoot\System32\DRIVERS\rdbss.sys

\SystemRoot\System32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\System32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\system32\DRIVERS\ODWGU.sys

\SystemRoot\system32\DRIVERS\usbscan.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\ialmdnt5.dll

\SystemRoot\System32\ialmrnt5.dll

\SystemRoot\System32\ialmdev5.DLL

\SystemRoot\System32\ialmdd5.DLL

\SystemRoot\System32\ATMFD.DLL

\??\C:\WINDOWS\system32\drivers\mbam.sys

\SystemRoot\System32\DRIVERS\ndisuio.sys

\SystemRoot\System32\DRIVERS\mrxdav.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\System32\Drivers\ParVdm.SYS

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\ipfltdrv.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\drivers\kmixer.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8a866ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-e\

Lower Device Object: 0xffffffff8a89fd98

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Initialization returned 0x0

Load Function returned 0x0

Downloaded database version: v2013.05.22.10

Downloaded database version: v2013.05.14.03

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8a866ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a8cce08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a866ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a8a09e8, DeviceName: \Device\00000067\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8a89fd98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-e\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xffffffffe36a36f8, 0xffffffff8a866ab8, 0xffffffff89739040

Lower DeviceData: 0xffffffffe407dc30, 0xffffffff8a89fd98, 0xffffffff898b3590

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\WINDOWS\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 6D796D79

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 156296322

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 80026361856 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 3.192000 GHz

Memory total: 2138415104, free: 970670080

------------ Kernel report ------------

05/23/2013 08:21:08

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

PartMgr.sys

VolSnap.sys

atapi.sys

disk.sys

\WINDOWS\System32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

Mup.sys

\SystemRoot\system32\DRIVERS\ialmnt5.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\System32\DRIVERS\b57xp32.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\System32\DRIVERS\mouclass.sys

\SystemRoot\System32\DRIVERS\kbdclass.sys

\SystemRoot\System32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\System32\DRIVERS\imapi.sys

\SystemRoot\System32\DRIVERS\cdrom.sys

\SystemRoot\System32\DRIVERS\redbook.sys

\SystemRoot\System32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\System32\DRIVERS\wmiacpi.sys

\SystemRoot\System32\DRIVERS\audstub.sys

\SystemRoot\System32\Drivers\RootMdm.sys

\SystemRoot\System32\Drivers\Modem.SYS

\SystemRoot\System32\DRIVERS\rasl2tp.sys

\SystemRoot\System32\DRIVERS\ndistapi.sys

\SystemRoot\System32\DRIVERS\ndiswan.sys

\SystemRoot\System32\DRIVERS\raspppoe.sys

\SystemRoot\System32\DRIVERS\raspptp.sys

\SystemRoot\System32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\psched.sys

\SystemRoot\System32\DRIVERS\msgpc.sys

\SystemRoot\System32\DRIVERS\ptilink.sys

\SystemRoot\System32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\RimSerial.sys

\SystemRoot\system32\DRIVERS\WDFLDR.SYS

\SystemRoot\System32\Drivers\wdf01000.sys

\SystemRoot\System32\DRIVERS\rdpdr.sys

\SystemRoot\System32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\mcdbus.sys

\SystemRoot\system32\DRIVERS\SCSIPORT.SYS

\SystemRoot\System32\DRIVERS\swenum.sys

\SystemRoot\System32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RtkHDAud.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\DRIVERS\rasacd.sys

\SystemRoot\System32\DRIVERS\ipsec.sys

\SystemRoot\System32\DRIVERS\tcpip.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbios.sys

\SystemRoot\System32\DRIVERS\rdbss.sys

\SystemRoot\System32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\System32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\system32\DRIVERS\ODWGU.sys

\SystemRoot\system32\DRIVERS\usbscan.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\ialmdnt5.dll

\SystemRoot\System32\ialmrnt5.dll

\SystemRoot\System32\ialmdev5.DLL

\SystemRoot\System32\ialmdd5.DLL

\SystemRoot\System32\ATMFD.DLL

\??\C:\WINDOWS\system32\drivers\mbam.sys

\SystemRoot\System32\DRIVERS\ndisuio.sys

\SystemRoot\System32\DRIVERS\mrxdav.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\System32\Drivers\ParVdm.SYS

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\ipfltdrv.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\SystemRoot\system32\drivers\kmixer.sys

\SystemRoot\System32\DRIVERS\USBSTOR.SYS

\SystemRoot\System32\Drivers\Fastfat.SYS

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR6

Upper Device Object: 0xffffffff89476a10

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000082\

Lower Device Object: 0xffffffff89782530

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8a866ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-e\

Lower Device Object: 0xffffffff8a89fd98

Lower Device Driver Name: \Driver\atapi\

Device already Exists: 0xffffffff898b3590

Downloaded database version: v2013.05.23.01

Downloaded database version: v2013.05.23.02

Downloaded database version: v2013.05.23.03

Downloaded database version: v2013.05.23.04

Downloaded database version: v2013.05.23.05

Downloaded database version: v2013.05.22.01

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8a866ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a8cce08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a866ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a8a09e8, DeviceName: \Device\00000067\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8a89fd98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-e\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xffffffffe1102c10, 0xffffffff8a866ab8, 0xffffffff89739040

Lower DeviceData: 0xffffffffe4a63be8, 0xffffffff8a89fd98, 0xffffffff898b3590

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\WINDOWS\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 6D796D79

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 156296322

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 80026361856 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xffffffff89476a10, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8935c020, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff89476a10, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff89782530, DeviceName: \Device\00000082\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\

Upper DeviceData: 0xffffffffe49c9548, 0xffffffff89476a10, 0xffffffff896c5ab8

Lower DeviceData: 0xffffffffe3daab38, 0xffffffff89782530, 0xffffffff897e2040

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)

Partition is NOT ACTIVE.

Partition starts at LBA: 2192 Numsec = 15660912

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 8019509248 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

[stanmich]

<p><strong>Security Check's checkup.txt:</strong></p>

<p> </p>

<p> </p>

<div> Results of screen317's Security Check version 0.99.64  </div>

<div> Windows XP Service Pack 3 x86   </div>

<div> Internet Explorer 8  </div>

<div>``````````````Antivirus/Firewall Check:`````````````` </div>

<div> Windows Firewall Disabled!  </div>

<div>Please wait while WMIC compiles updated MOF files. </div>

<div> WMI entry may not exist for antivirus; attempting automatic update. </div>

<div>`````````Anti-malware/Other Utilities Check:````````` </div>

<div> Malwarebytes Anti-Malware version 1.75.0.1300  </div>

<div> Java 7 Update 21  </div>

<div> Adobe Flash Player 10 Flash Player out of Date! </div>

<div> Adobe Reader XI  </div>

<div> Google Chrome 26.0.1410.43  </div>

<div> Google Chrome 26.0.1410.64  </div>

<div>````````Process Check: objlist.exe by Laurent````````  </div>

<div> Malwarebytes Anti-Malware mbamservice.exe  </div>

<div> Malwarebytes Anti-Malware mbamgui.exe  </div>

<div> Malwarebytes' Anti-Malware mbamscheduler.exe   </div>

<div>`````````````````System Health check````````````````` </div>

<div> Total Fragmentation on Drive C:: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)</div>

<div>````````````````````End of Log`````````````````````` </div>

<div> </div>

[D-FRED-BROWN]

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

[stanmich]

Okay...on a whim I re-ran MalwareBytes and it deleted one problem. Sweetpacks no longer is forcing itself to be my homepage on either Chrome or IE, like it was before. We may have solved the problem...maybe?

Thanks for your help and time, D-FRED-BROWN!

[D-FRED-BROWN]

I would go ahead and run ComboFix to see if there's any more malware on the computer, but the choice is yours.

[D-FRED-BROWN]

(bump)

Are you still with me? Are there any remaining issues?

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!