Jump to content

Recommended Posts

Hello, I can not run Malwarebytes, HiJackThis, SuperAntiSpyware. The icons for these on the desktop are a white box. Error message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." I was getting occasional popups in IE. -Thanks!

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-10-03 10:24:50

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250310AS rev.4.ADA

Running: gmer.exe; Driver: C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\kxlyapow.sys

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- EOF - GMER 1.0.15 ----

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Michelle Gamblin at 8:56:03 on 2011-10-03

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1594 [GMT -7:00]

.

AV: a-squared Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://google.com/

uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4081106

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"

mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe

mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

TCP: DhcpNameServer = 192.168.10.1

TCP: Interfaces\{F5FD7061-3C49-449A-81AB-79D359DF9B56} : DhcpNameServer = 192.168.10.1

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S3 getPlus® Installer;getPlus® Installer;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-5-20 59552]

S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2008-11-13 15576]

.

=============== Created Last 30 ================

.

2011-09-30 23:04:32 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys

2011-09-30 23:04:32 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2011-09-30 23:02:39 -------- d-sha-r- C:\cmdcons

2011-09-30 22:59:52 98816 ----a-w- c:\windows\sed.exe

2011-09-30 22:59:52 518144 ----a-w- c:\windows\SWREG.exe

2011-09-30 22:59:52 256000 ----a-w- c:\windows\PEV.exe

2011-09-30 22:59:52 208896 ----a-w- c:\windows\MBR.exe

2011-09-30 22:20:55 388096 ----a-r- c:\documents and settings\michelle gamblin\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-09-30 22:19:12 -------- d-----w- c:\program files\Trend Micro

2011-09-30 22:09:39 -------- d--h--w- c:\windows\PIF

2011-09-30 19:47:54 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-30 16:32:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-30 16:31:44 -------- d-----w- c:\documents and settings\michelle gamblin\application data\SUPERAntiSpyware.com

2011-09-30 16:31:25 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-09-30 16:31:25 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-09-30 16:25:52 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-30 16:25:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-09-16 18:34:14 2516 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys

2011-09-16 18:34:13 88 --sh--r- c:\documents and settings\all users\application data\8C099A68A8.sys

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

.

============= FINISH: 8:56:41.85 ===============

attach.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Computer seems to be working good now. I can open the scanning tools now. Let me know if you see anything else in the logs. Thank you!

08:12:21.0625 1588 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06

08:12:21.0968 1588 ============================================================

08:12:21.0968 1588 Current date / time: 2011/10/10 08:12:21.0968

08:12:21.0968 1588 SystemInfo:

08:12:21.0968 1588

08:12:21.0968 1588 OS Version: 5.1.2600 ServicePack: 3.0

08:12:21.0968 1588 Product type: Workstation

08:12:21.0968 1588 ComputerName: D9FH8PH1

08:12:21.0968 1588 UserName: Michelle Gamblin

08:12:21.0968 1588 Windows directory: C:\WINDOWS

08:12:21.0968 1588 System windows directory: C:\WINDOWS

08:12:21.0968 1588 Processor architecture: Intel x86

08:12:21.0968 1588 Number of processors: 2

08:12:21.0968 1588 Page size: 0x1000

08:12:21.0968 1588 Boot type: Normal boot

08:12:21.0968 1588 ============================================================

08:12:23.0218 1588 Initialize success

08:12:36.0062 3152 ============================================================

08:12:36.0062 3152 Scan started

08:12:36.0062 3152 Mode: Manual;

08:12:36.0062 3152 ============================================================

08:12:36.0656 3152 Abiosdsk - ok

08:12:36.0703 3152 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

08:12:36.0703 3152 abp480n5 - ok

08:12:36.0734 3152 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

08:12:36.0734 3152 ACPI - ok

08:12:36.0734 3152 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

08:12:36.0734 3152 ACPIEC - ok

08:12:36.0781 3152 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

08:12:36.0781 3152 adpu160m - ok

08:12:36.0828 3152 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

08:12:36.0828 3152 aec - ok

08:12:36.0875 3152 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

08:12:36.0890 3152 AFD - ok

08:12:36.0921 3152 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

08:12:36.0937 3152 agp440 - ok

08:12:36.0937 3152 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

08:12:36.0937 3152 agpCPQ - ok

08:12:36.0937 3152 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

08:12:36.0937 3152 Aha154x - ok

08:12:36.0953 3152 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

08:12:36.0953 3152 aic78u2 - ok

08:12:36.0953 3152 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

08:12:36.0953 3152 aic78xx - ok

08:12:36.0984 3152 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

08:12:36.0984 3152 AliIde - ok

08:12:37.0000 3152 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

08:12:37.0000 3152 alim1541 - ok

08:12:37.0015 3152 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

08:12:37.0015 3152 amdagp - ok

08:12:37.0031 3152 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

08:12:37.0031 3152 amsint - ok

08:12:37.0046 3152 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

08:12:37.0046 3152 asc - ok

08:12:37.0062 3152 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

08:12:37.0062 3152 asc3350p - ok

08:12:37.0062 3152 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

08:12:37.0062 3152 asc3550 - ok

08:12:37.0109 3152 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:12:37.0109 3152 AsyncMac - ok

08:12:37.0156 3152 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

08:12:37.0156 3152 atapi - ok

08:12:37.0171 3152 Atdisk - ok

08:12:37.0171 3152 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:12:37.0171 3152 Atmarpc - ok

08:12:37.0187 3152 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

08:12:37.0187 3152 audstub - ok

08:12:37.0203 3152 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

08:12:37.0203 3152 Beep - ok

08:12:37.0203 3152 catchme - ok

08:12:37.0250 3152 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

08:12:37.0250 3152 cbidf - ok

08:12:37.0250 3152 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

08:12:37.0250 3152 cbidf2k - ok

08:12:37.0265 3152 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

08:12:37.0265 3152 cd20xrnt - ok

08:12:37.0281 3152 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

08:12:37.0281 3152 Cdaudio - ok

08:12:37.0296 3152 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

08:12:37.0296 3152 Cdfs - ok

08:12:37.0328 3152 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

08:12:37.0328 3152 Cdrom - ok

08:12:37.0328 3152 Changer - ok

08:12:37.0406 3152 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

08:12:37.0406 3152 CmdIde - ok

08:12:37.0437 3152 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

08:12:37.0437 3152 Compbatt - ok

08:12:37.0484 3152 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

08:12:37.0484 3152 Cpqarray - ok

08:12:37.0500 3152 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

08:12:37.0500 3152 dac2w2k - ok

08:12:37.0500 3152 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

08:12:37.0515 3152 dac960nt - ok

08:12:37.0531 3152 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

08:12:37.0531 3152 Disk - ok

08:12:37.0546 3152 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS

08:12:37.0546 3152 DLABMFSM - ok

08:12:37.0546 3152 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS

08:12:37.0546 3152 DLABOIOM - ok

08:12:37.0562 3152 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

08:12:37.0562 3152 DLACDBHM - ok

08:12:37.0562 3152 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS

08:12:37.0562 3152 DLADResM - ok

08:12:37.0593 3152 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS

08:12:37.0593 3152 DLAIFS_M - ok

08:12:37.0609 3152 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS

08:12:37.0609 3152 DLAOPIOM - ok

08:12:37.0625 3152 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS

08:12:37.0625 3152 DLAPoolM - ok

08:12:37.0640 3152 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

08:12:37.0640 3152 DLARTL_M - ok

08:12:37.0640 3152 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS

08:12:37.0656 3152 DLAUDFAM - ok

08:12:37.0671 3152 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS

08:12:37.0671 3152 DLAUDF_M - ok

08:12:37.0750 3152 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

08:12:37.0765 3152 dmboot - ok

08:12:37.0890 3152 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

08:12:37.0890 3152 dmio - ok

08:12:37.0906 3152 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

08:12:37.0906 3152 dmload - ok

08:12:37.0953 3152 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

08:12:37.0953 3152 DMusic - ok

08:12:38.0000 3152 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

08:12:38.0000 3152 dpti2o - ok

08:12:38.0031 3152 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

08:12:38.0031 3152 drmkaud - ok

08:12:38.0093 3152 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

08:12:38.0093 3152 DRVMCDB - ok

08:12:38.0109 3152 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

08:12:38.0109 3152 DRVNDDM - ok

08:12:38.0156 3152 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

08:12:38.0156 3152 e1express - ok

08:12:38.0218 3152 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

08:12:38.0218 3152 Fastfat - ok

08:12:38.0234 3152 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

08:12:38.0234 3152 Fdc - ok

08:12:38.0250 3152 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

08:12:38.0250 3152 Fips - ok

08:12:38.0265 3152 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

08:12:38.0265 3152 Flpydisk - ok

08:12:38.0281 3152 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

08:12:38.0296 3152 FltMgr - ok

08:12:38.0296 3152 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

08:12:38.0296 3152 Fs_Rec - ok

08:12:38.0328 3152 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:12:38.0328 3152 Ftdisk - ok

08:12:38.0375 3152 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

08:12:38.0375 3152 Gpc - ok

08:12:38.0390 3152 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

08:12:38.0390 3152 HDAudBus - ok

08:12:38.0421 3152 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys

08:12:38.0421 3152 HidBatt - ok

08:12:38.0468 3152 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

08:12:38.0468 3152 hidusb - ok

08:12:38.0500 3152 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

08:12:38.0500 3152 hpn - ok

08:12:38.0546 3152 HSFHWBS2 (ac04fc91b57b27086ccf02086fd3f4cb) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

08:12:38.0546 3152 HSFHWBS2 - ok

08:12:38.0562 3152 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

08:12:38.0609 3152 HSF_DPV - ok

08:12:38.0671 3152 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

08:12:38.0671 3152 HTTP - ok

08:12:38.0718 3152 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

08:12:38.0718 3152 i2omgmt - ok

08:12:38.0750 3152 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

08:12:38.0750 3152 i2omp - ok

08:12:38.0890 3152 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

08:12:39.0031 3152 ialm - ok

08:12:39.0078 3152 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys

08:12:39.0078 3152 iaStor - ok

08:12:39.0140 3152 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

08:12:39.0140 3152 Imapi - ok

08:12:39.0171 3152 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

08:12:39.0171 3152 ini910u - ok

08:12:39.0281 3152 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys

08:12:39.0375 3152 IntcAzAudAddService - ok

08:12:39.0421 3152 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

08:12:39.0421 3152 IntelIde - ok

08:12:39.0484 3152 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

08:12:39.0484 3152 intelppm - ok

08:12:39.0531 3152 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

08:12:39.0531 3152 Ip6Fw - ok

08:12:39.0562 3152 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:12:39.0562 3152 IpFilterDriver - ok

08:12:39.0578 3152 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

08:12:39.0593 3152 IpInIp - ok

08:12:39.0593 3152 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

08:12:39.0593 3152 IpNat - ok

08:12:39.0656 3152 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

08:12:39.0656 3152 IPSec - ok

08:12:39.0703 3152 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

08:12:39.0703 3152 IRENUM - ok

08:12:39.0796 3152 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

08:12:39.0796 3152 isapnp - ok

08:12:39.0859 3152 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:12:39.0859 3152 Kbdclass - ok

08:12:39.0890 3152 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

08:12:39.0890 3152 kbdhid - ok

08:12:39.0953 3152 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

08:12:39.0953 3152 kmixer - ok

08:12:40.0015 3152 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

08:12:40.0015 3152 KSecDD - ok

08:12:40.0140 3152 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

08:12:40.0140 3152 Lavasoft Kernexplorer - ok

08:12:40.0296 3152 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys

08:12:40.0296 3152 Lbd - ok

08:12:40.0328 3152 lbrtfdc - ok

08:12:40.0375 3152 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

08:12:40.0375 3152 LHidFilt - ok

08:12:40.0390 3152 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

08:12:40.0390 3152 LMouFilt - ok

08:12:40.0390 3152 MBAMSwissArmy - ok

08:12:40.0437 3152 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

08:12:40.0437 3152 mdmxsdk - ok

08:12:40.0500 3152 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

08:12:40.0500 3152 mnmdd - ok

08:12:40.0515 3152 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

08:12:40.0515 3152 Modem - ok

08:12:40.0546 3152 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

08:12:40.0562 3152 Mouclass - ok

08:12:40.0562 3152 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

08:12:40.0562 3152 mouhid - ok

08:12:40.0578 3152 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

08:12:40.0593 3152 MountMgr - ok

08:12:40.0625 3152 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

08:12:40.0625 3152 mraid35x - ok

08:12:40.0656 3152 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:12:40.0671 3152 MRxDAV - ok

08:12:40.0703 3152 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:12:40.0703 3152 MRxSmb - ok

08:12:40.0765 3152 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

08:12:40.0765 3152 Msfs - ok

08:12:40.0812 3152 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

08:12:40.0812 3152 MSKSSRV - ok

08:12:40.0828 3152 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:12:40.0828 3152 MSPCLOCK - ok

08:12:40.0843 3152 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

08:12:40.0843 3152 MSPQM - ok

08:12:40.0875 3152 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:12:40.0875 3152 mssmbios - ok

08:12:40.0921 3152 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

08:12:40.0921 3152 Mup - ok

08:12:40.0984 3152 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

08:12:40.0984 3152 NDIS - ok

08:12:41.0031 3152 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:12:41.0031 3152 NdisTapi - ok

08:12:41.0046 3152 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:12:41.0046 3152 Ndisuio - ok

08:12:41.0062 3152 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:12:41.0062 3152 NdisWan - ok

08:12:41.0109 3152 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

08:12:41.0109 3152 NDProxy - ok

08:12:41.0156 3152 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

08:12:41.0156 3152 NetBIOS - ok

08:12:41.0203 3152 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

08:12:41.0218 3152 NetBT - ok

08:12:41.0218 3152 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

08:12:41.0218 3152 Npfs - ok

08:12:41.0281 3152 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

08:12:41.0296 3152 Ntfs - ok

08:12:41.0328 3152 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

08:12:41.0328 3152 Null - ok

08:12:41.0359 3152 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:12:41.0359 3152 NwlnkFlt - ok

08:12:41.0375 3152 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:12:41.0390 3152 NwlnkFwd - ok

08:12:41.0390 3152 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

08:12:41.0390 3152 Parport - ok

08:12:41.0421 3152 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

08:12:41.0421 3152 PartMgr - ok

08:12:41.0453 3152 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

08:12:41.0453 3152 ParVdm - ok

08:12:41.0468 3152 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

08:12:41.0468 3152 PCI - ok

08:12:41.0468 3152 PCIDump - ok

08:12:41.0484 3152 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

08:12:41.0484 3152 PCIIde - ok

08:12:41.0515 3152 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

08:12:41.0515 3152 Pcmcia - ok

08:12:41.0515 3152 PDCOMP - ok

08:12:41.0531 3152 PDFRAME - ok

08:12:41.0531 3152 PDRELI - ok

08:12:41.0546 3152 PDRFRAME - ok

08:12:41.0562 3152 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

08:12:41.0562 3152 perc2 - ok

08:12:41.0562 3152 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

08:12:41.0562 3152 perc2hib - ok

08:12:41.0593 3152 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

08:12:41.0593 3152 PptpMiniport - ok

08:12:41.0609 3152 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

08:12:41.0609 3152 PSched - ok

08:12:41.0609 3152 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

08:12:41.0609 3152 Ptilink - ok

08:12:41.0656 3152 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

08:12:41.0656 3152 PxHelp20 - ok

08:12:41.0687 3152 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

08:12:41.0687 3152 ql1080 - ok

08:12:41.0703 3152 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

08:12:41.0703 3152 Ql10wnt - ok

08:12:41.0734 3152 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

08:12:41.0734 3152 ql12160 - ok

08:12:41.0734 3152 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

08:12:41.0734 3152 ql1240 - ok

08:12:41.0750 3152 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

08:12:41.0750 3152 ql1280 - ok

08:12:41.0781 3152 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

08:12:41.0781 3152 RasAcd - ok

08:12:41.0781 3152 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:12:41.0796 3152 Rasl2tp - ok

08:12:41.0796 3152 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:12:41.0796 3152 RasPppoe - ok

08:12:41.0812 3152 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

08:12:41.0812 3152 Raspti - ok

08:12:41.0828 3152 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

08:12:41.0828 3152 Rdbss - ok

08:12:41.0828 3152 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:12:41.0828 3152 RDPCDD - ok

08:12:41.0859 3152 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

08:12:41.0859 3152 rdpdr - ok

08:12:41.0890 3152 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

08:12:41.0906 3152 RDPWD - ok

08:12:41.0937 3152 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

08:12:41.0937 3152 redbook - ok

08:12:41.0968 3152 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

08:12:41.0984 3152 Secdrv - ok

08:12:42.0015 3152 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

08:12:42.0015 3152 Serial - ok

08:12:42.0031 3152 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

08:12:42.0031 3152 Sfloppy - ok

08:12:42.0031 3152 Simbad - ok

08:12:42.0046 3152 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

08:12:42.0046 3152 sisagp - ok

08:12:42.0078 3152 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

08:12:42.0078 3152 Sparrow - ok

08:12:42.0125 3152 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

08:12:42.0125 3152 splitter - ok

08:12:42.0171 3152 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

08:12:42.0171 3152 sr - ok

08:12:42.0234 3152 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

08:12:42.0234 3152 Srv - ok

08:12:42.0296 3152 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

08:12:42.0296 3152 swenum - ok

08:12:42.0343 3152 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

08:12:42.0343 3152 swmidi - ok

08:12:42.0375 3152 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

08:12:42.0375 3152 symc810 - ok

08:12:42.0390 3152 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

08:12:42.0390 3152 symc8xx - ok

08:12:42.0421 3152 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

08:12:42.0421 3152 sym_hi - ok

08:12:42.0421 3152 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

08:12:42.0421 3152 sym_u3 - ok

08:12:42.0468 3152 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

08:12:42.0468 3152 sysaudio - ok

08:12:42.0531 3152 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

08:12:42.0531 3152 Tcpip - ok

08:12:42.0578 3152 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

08:12:42.0578 3152 TDPIPE - ok

08:12:42.0593 3152 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

08:12:42.0593 3152 TDTCP - ok

08:12:42.0625 3152 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

08:12:42.0625 3152 TermDD - ok

08:12:42.0625 3152 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

08:12:42.0625 3152 TosIde - ok

08:12:42.0640 3152 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

08:12:42.0640 3152 Udfs - ok

08:12:42.0656 3152 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

08:12:42.0656 3152 ultra - ok

08:12:42.0671 3152 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

08:12:42.0671 3152 Update - ok

08:12:42.0687 3152 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:12:42.0687 3152 usbccgp - ok

08:12:42.0703 3152 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

08:12:42.0703 3152 usbehci - ok

08:12:42.0734 3152 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

08:12:42.0734 3152 usbhub - ok

08:12:42.0765 3152 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

08:12:42.0765 3152 usbprint - ok

08:12:42.0781 3152 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

08:12:42.0781 3152 usbscan - ok

08:12:42.0828 3152 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:12:42.0828 3152 USBSTOR - ok

08:12:42.0875 3152 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

08:12:42.0875 3152 usbuhci - ok

08:12:42.0921 3152 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

08:12:42.0921 3152 VgaSave - ok

08:12:42.0968 3152 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

08:12:42.0968 3152 viaagp - ok

08:12:42.0984 3152 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

08:12:42.0984 3152 ViaIde - ok

08:12:43.0000 3152 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

08:12:43.0000 3152 VolSnap - ok

08:12:43.0046 3152 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

08:12:43.0062 3152 Wanarp - ok

08:12:43.0109 3152 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

08:12:43.0109 3152 Wdf01000 - ok

08:12:43.0125 3152 WDICA - ok

08:12:43.0156 3152 Wdm1 (2f4b3c0e58d4a7bd8e38d1cd9ca47691) C:\WINDOWS\system32\Drivers\usbbc.sys

08:12:43.0156 3152 Wdm1 - ok

08:12:43.0203 3152 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

08:12:43.0203 3152 wdmaud - ok

08:12:43.0234 3152 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

08:12:43.0250 3152 winachsf - ok

08:12:43.0296 3152 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

08:12:43.0312 3152 WudfPf - ok

08:12:43.0312 3152 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

08:12:43.0312 3152 WudfRd - ok

08:12:43.0328 3152 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

08:12:43.0343 3152 \Device\Harddisk0\DR0 - ok

08:12:43.0343 3152 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3

08:12:43.0343 3152 \Device\Harddisk1\DR3 - ok

08:12:43.0359 3152 Boot (0x1200) (a9c6d041b6e3bee984906e8f3072ccc2) \Device\Harddisk0\DR0\Partition0

08:12:43.0359 3152 \Device\Harddisk0\DR0\Partition0 - ok

08:12:43.0359 3152 Boot (0x1200) (8a43db1b70393a591a8721c8eaf39f0e) \Device\Harddisk1\DR3\Partition0

08:12:43.0359 3152 \Device\Harddisk1\DR3\Partition0 - ok

08:12:43.0359 3152 ============================================================

08:12:43.0359 3152 Scan finished

08:12:43.0359 3152 ============================================================

08:12:43.0359 2316 Detected object count: 0

08:12:43.0359 2316 Actual detected object count: 0

08:13:00.0921 4008 Deinitialize success

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7916

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/10/2011 8:26:15 AM

mbam-log-2011-10-10 (08-26-15).txt

Scan type: Quick scan

Objects scanned: 182882

Time elapsed: 2 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix 11-10-10.01 - Michelle Gamblin 10/10/2011 8:31.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1364 [GMT -7:00]

Running from: c:\documents and settings\Michelle Gamblin\Desktop\ComboFix.exe

AV: a-squared Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\MICHEL~1\LOCALS~1\Temp\SAS3B.tmp

c:\documents and settings\Michelle Gamblin\Local Settings\temp\SAS3B.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 )))))))))))))))))))))))))))))))

.

.

2011-10-08 00:37 . 2011-10-08 00:37 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2011-10-07 23:55 . 2011-10-07 23:55 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-10-07 23:45 . 2011-10-07 23:45 -------- d-----w- c:\windows\LastGood

2011-10-07 23:45 . 2011-08-18 22:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-10-07 23:45 . 2011-10-07 23:45 -------- d-----w- c:\program files\Lavasoft

2011-10-07 23:13 . 2011-10-07 23:13 -------- d-----w- C:\Hi

2011-10-07 22:30 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-07 21:39 . 2011-10-07 21:39 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-10-05 00:03 . 2011-10-05 00:03 -------- d-----w- c:\windows\system32\wbem\Repository

2011-10-04 22:49 . 2011-10-07 16:28 -------- d-----w- c:\program files\ERUNT

2011-10-04 18:58 . 2011-10-04 18:58 -------- d-----w- c:\documents and settings\Michelle Gamblin\Local Settings\Application Data\Sun

2011-09-30 23:04 . 2008-04-14 12:00 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys

2011-09-30 23:04 . 2008-04-14 12:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2011-09-30 22:09 . 2011-09-30 22:09 -------- d--h--w- c:\windows\PIF

2011-09-30 19:47 . 2011-09-30 19:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-30 16:31 . 2011-10-08 00:02 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-09-30 16:25 . 2011-10-07 22:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-26 20:52 . 2011-09-26 20:52 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-07 23:34 . 2011-06-16 21:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-16 18:34 . 2009-05-20 21:27 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys

2011-09-16 18:34 . 2009-05-20 21:27 88 --sh--r- c:\documents and settings\All Users\Application Data\8C099A68A8.sys

2011-09-09 09:12 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-07-15 13:29 . 2008-04-25 16:16 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]

"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-08 188416]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-01-22 16712]

"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2009-01-22 532808]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-11-14 25214]

APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-11-18 221247]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-5 50688]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-20 813584]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Corel MEDIA FOLDERS INDEXER 8.LNK]

path=c:\docume~1\ALLUSE~1\Start Menu\Programs\Startup\Corel MEDIA FOLDERS INDEXER 8.LNK

backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

2008-04-23 10:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-28 00:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2007-01-12 11:09 488984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

2007-01-12 11:12 244512 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2008-02-26 15:57 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-31 00:45 313472 ----a-w- c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\WINDOWS\\system32\\LMabcoms.exe"=

"c:\\WINDOWS\\system32\\mshta.exe"=

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/7/2011 4:45 PM 64512]

RUnknown SASKUTIL;SASKUTIL; [x]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 3:25 PM 2151640]

S3 getPlus® Installer;getPlus® Installer;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/20/2009 1:16 PM 59552]

S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [11/13/2008 9:21 PM 15576]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 91832968

*NewlyCreated* - ASWMBR

*NewlyCreated* - LAVASOFT_AD-AWARE_SERVICE

*NewlyCreated* - LAVASOFT_KERNEXPLORER

*Deregistered* - 91832968

*Deregistered* - aswMBR

*Deregistered* - Lavasoft Kernexplorer

*Deregistered* - MBAMSwissArmy

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 23:55]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://google.com/

uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4081106

TCP: DhcpNameServer = 192.168.10.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-10 08:34

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(732)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

.

Completion time: 2011-10-10 08:35:18

ComboFix-quarantined-files.txt 2011-10-10 15:35

.

Pre-Run: 222,404,759,552 bytes free

Post-Run: 222,437,916,672 bytes free

.

- - End Of File - - 8D4FCC33FAD4136AB3824010AD32D414

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Michelle Gamblin at 11:37:26 on 2011-10-10

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1209 [GMT -7:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: a-squared Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Hi\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://google.com/

uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4081106

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"

mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe

mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

TCP: DhcpNameServer = 192.168.10.1

TCP: Interfaces\{F5FD7061-3C49-449A-81AB-79D359DF9B56} : DhcpNameServer = 192.168.10.1

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll

Notify: igfxcui - igfxdev.dll

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-10-7 64512]

RUnknown SASKUTIL;SASKUTIL; [x]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]

S3 getPlus® Installer;getPlus® Installer;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-5-20 59552]

S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2008-11-13 15576]

.

=============== Created Last 30 ================

.

2011-10-10 15:30:07 98816 ----a-w- c:\windows\sed.exe

2011-10-10 15:30:07 518144 ----a-w- c:\windows\SWREG.exe

2011-10-10 15:30:07 256000 ----a-w- c:\windows\PEV.exe

2011-10-10 15:30:07 208896 ----a-w- c:\windows\MBR.exe

2011-10-07 23:55:26 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-10-07 23:45:32 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-10-07 23:45:26 -------- d-----w- c:\program files\Lavasoft

2011-10-07 23:13:57 -------- d-----w- C:\Hi

2011-10-07 22:30:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-05 00:03:18 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-10-05 00:03:18 -------- d-----w- c:\windows\system32\wbem\Repository

2011-10-04 18:58:08 -------- d-----w- c:\documents and settings\michelle gamblin\local settings\application data\Sun

2011-09-30 23:04:32 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys

2011-09-30 23:04:32 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2011-09-30 23:02:39 -------- d-sha-r- C:\cmdcons

2011-09-30 22:09:39 -------- d--h--w- c:\windows\PIF

2011-09-30 19:47:54 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-30 16:31:25 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-09-30 16:25:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-10-07 23:34:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-16 18:34:14 2516 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys

2011-09-16 18:34:13 88 --sh--r- c:\documents and settings\all users\application data\8C099A68A8.sys

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

============= FINISH: 11:37:39.23 ===============

attach.txt

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.