TechSpot

[A] All of my search engines are not working

By anjelita13
Dec 16, 2011
  1. Hello,

    All of my search engines (google, yahoo etc.) are not working. When I type in a direct link it works fine, or even if I click on a link it usually works. When I try to search this is what comes up:

    "The connection was reset

    The connection to the server was reset while the page was loading.

    * The site could be temporarily unavailable or too busy. Try again in a few
    moments.

    * If you are unable to load any pages, check your computer's network
    connection.

    * If your computer or network is protected by a firewall or proxy, make sure
    that Firefox is permitted to access the Web."

    I've tried every browser. Also, the DDS scan link is not working for me.

    Here is my malwarebytes scan:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8357

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 7.0.5730.13

    12/14/2011 9:50:24 AM
    mbam-log-2011-12-14 (09-50-24).txt

    Scan type: Full scan (C:\|D:\|E:\|G:\|)
    Objects scanned: 328717
    Time elapsed: 26 minute(s), 0 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 12

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\i386\fsquirt.exe (Trojan.Dropper.BCM) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP356\A0084412.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP356\A0084413.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP372\A0090234.exe (Trojan.Dropper.BCM) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP372\A0090235.exe (Trojan.Dropper.BCM) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP372\A0090238.exe (Trojan.Dropper.BCM) -> Quarantined and deleted successfully.
    c:\tdsskiller_quarantine\23.09.2011_11.54.12\mbr0000\tdlfs0000\tsk0004.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\tdsskiller_quarantine\23.09.2011_11.54.12\mbr0000\tdlfs0000\tsk0016.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\tdsskiller_quarantine\23.09.2011_11.54.12\mbr0000\tdlfs0000\tsk0017.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\tdsskiller_quarantine\23.09.2011_11.54.12\mbr0000\tdlfs0000\tsk0018.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\WINDOWS\$ntservicepackuninstall$\fsquirt.exe (Trojan.Dropper.BCM) -> Quarantined and deleted successfully.
    c:\WINDOWS\servicepackfiles\i386\fsquirt.exe (Trojan.Dropper.BCM) -> Quarantined and deleted successfully.

    Here is my GMER log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-14 12:50:43
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST316081 rev.3.AD
    Running: v0n1dp4x.exe; Driver: C:\DOCUME~1\OFFICE~1\LOCALS~1\Temp\awlyyfow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8978A8A0 ZwAlertResumeThread
    SSDT 897A89E0 ZwAlertThread
    SSDT 8980DA08 ZwAllocateVirtualMemory
    SSDT 897F1738 ZwAssignProcessToJobObject
    SSDT 89678E30 ZwConnectPort
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA1C63020]
    SSDT 89735720 ZwCreateMutant
    SSDT 89ABA1F0 ZwCreateSymbolicLinkObject
    SSDT 89768190 ZwCreateThread
    SSDT 8980F908 ZwDebugActiveProcess
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA1C632A0]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA1C63800]
    SSDT 89795C58 ZwDuplicateObject
    SSDT 8996B0B8 ZwFreeVirtualMemory
    SSDT 89782B10 ZwImpersonateAnonymousToken
    SSDT 8978CAB0 ZwImpersonateThread
    SSDT 8967F4E8 ZwLoadDriver
    SSDT 89A0F940 ZwMapViewOfSection
    SSDT 89786318 ZwOpenEvent
    SSDT 896CD378 ZwOpenProcess
    SSDT 89A32D88 ZwOpenProcessToken
    SSDT 89783F40 ZwOpenSection
    SSDT 897C70D8 ZwOpenThread
    SSDT 89A91428 ZwProtectVirtualMemory
    SSDT 89B48E50 ZwResumeThread
    SSDT 8977A0A8 ZwSetContextThread
    SSDT 897C1800 ZwSetInformationProcess
    SSDT 897AF990 ZwSetSystemInformation
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA1C63A50]
    SSDT 89788198 ZwSuspendProcess
    SSDT 8977D3B0 ZwSuspendThread
    SSDT 899E73C8 ZwTerminateProcess
    SSDT 8977EBC8 ZwTerminateThread
    SSDT 89A31770 ZwUnmapViewOfSection
    SSDT 8981CE80 ZwWriteVirtualMemory

    Code \??\C:\DOCUME~1\OFFICE~1\LOCALS~1\Temp\catchme.sys pIofCallDriver

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 4 Bytes CALL 94D9ADFD
    ? npissll.sys The system cannot find the file specified. !
    .text iaStor.sys B9E7ECFC 1 Byte [CC] {INT 3 }
    ? SYMEFA.SYS The system cannot find the file specified. !
    init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA5631A00]
    ? C:\DOCUME~1\OFFICE~1\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !
    ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
    ? C:\DOCUME~1\OFFICE~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
    ? C:\WINDOWS\system32\drivers\mbamswissarmy.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
    .text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2936] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
    IAT C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
    IAT C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:156] 89B99161
    Thread System [4:400] 89A3FC30

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

    ---- EOF - GMER 1.0.15 ----
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==========================================================

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  3. anjelita13

    anjelita13 TS Rookie Topic Starter

    TDSS Log

    08:08:20.0781 3896 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
    08:08:21.0609 3896 ============================================================
    08:08:21.0609 3896 Current date / time: 2011/12/19 08:08:21.0609
    08:08:21.0609 3896 SystemInfo:
    08:08:21.0609 3896
    08:08:21.0609 3896 OS Version: 5.1.2600 ServicePack: 3.0
    08:08:21.0609 3896 Product type: Workstation
    08:08:21.0609 3896 ComputerName: STJAMESUMC
    08:08:21.0609 3896 UserName: Office Administrator
    08:08:21.0609 3896 Windows directory: C:\WINDOWS
    08:08:21.0609 3896 System windows directory: C:\WINDOWS
    08:08:21.0609 3896 Processor architecture: Intel x86
    08:08:21.0609 3896 Number of processors: 2
    08:08:21.0609 3896 Page size: 0x1000
    08:08:21.0609 3896 Boot type: Normal boot
    08:08:21.0609 3896 ============================================================
    08:08:22.0546 3896 Initialize success
    08:08:25.0234 3396 ============================================================
    08:08:25.0234 3396 Scan started
    08:08:25.0234 3396 Mode: Manual;
    08:08:25.0234 3396 ============================================================
    08:08:26.0140 3396 Abiosdsk - ok
    08:08:26.0203 3396 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    08:08:26.0203 3396 abp480n5 - ok
    08:08:26.0281 3396 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    08:08:26.0281 3396 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
    08:08:26.0281 3396 ACPI ( Virus.Win32.Rloader.a ) - infected
    08:08:26.0281 3396 ACPI - detected Virus.Win32.Rloader.a (0)
    08:08:26.0296 3396 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    08:08:26.0296 3396 ACPIEC - ok
    08:08:26.0343 3396 ADIHdAudAddService (0f0a69496989912351284bb1baa2ce57) C:\WINDOWS\system32\drivers\ADIHdAud.sys
    08:08:26.0343 3396 ADIHdAudAddService - ok
    08:08:26.0359 3396 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    08:08:26.0359 3396 adpu160m - ok
    08:08:26.0406 3396 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    08:08:26.0406 3396 aec - ok
    08:08:26.0484 3396 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    08:08:26.0484 3396 AFD - ok
    08:08:26.0531 3396 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    08:08:26.0531 3396 agp440 - ok
    08:08:26.0546 3396 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    08:08:26.0546 3396 agpCPQ - ok
    08:08:26.0578 3396 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    08:08:26.0578 3396 Aha154x - ok
    08:08:26.0625 3396 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    08:08:26.0625 3396 aic78u2 - ok
    08:08:26.0703 3396 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    08:08:26.0703 3396 aic78xx - ok
    08:08:26.0750 3396 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    08:08:26.0750 3396 AliIde - ok
    08:08:26.0765 3396 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    08:08:26.0765 3396 alim1541 - ok
    08:08:26.0765 3396 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    08:08:26.0781 3396 amdagp - ok
    08:08:26.0781 3396 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    08:08:26.0781 3396 amsint - ok
    08:08:26.0812 3396 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    08:08:26.0812 3396 asc - ok
    08:08:26.0875 3396 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    08:08:26.0875 3396 asc3350p - ok
    08:08:26.0875 3396 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    08:08:26.0890 3396 asc3550 - ok
    08:08:26.0968 3396 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    08:08:26.0968 3396 AsyncMac - ok
    08:08:27.0015 3396 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    08:08:27.0015 3396 atapi - ok
    08:08:27.0031 3396 Atdisk - ok
    08:08:27.0062 3396 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    08:08:27.0062 3396 Atmarpc - ok
    08:08:27.0093 3396 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    08:08:27.0093 3396 audstub - ok
    08:08:27.0109 3396 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    08:08:27.0109 3396 b57w2k - ok
    08:08:27.0140 3396 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    08:08:27.0140 3396 Beep - ok
    08:08:27.0265 3396 catchme - ok
    08:08:27.0343 3396 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    08:08:27.0343 3396 cbidf - ok
    08:08:27.0343 3396 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    08:08:27.0343 3396 cbidf2k - ok
    08:08:27.0359 3396 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    08:08:27.0359 3396 cd20xrnt - ok
    08:08:27.0375 3396 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    08:08:27.0375 3396 Cdaudio - ok
    08:08:27.0421 3396 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    08:08:27.0421 3396 Cdfs - ok
    08:08:27.0437 3396 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    08:08:27.0453 3396 Cdrom - ok
    08:08:27.0453 3396 Changer - ok
    08:08:27.0500 3396 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    08:08:27.0500 3396 CmdIde - ok
    08:08:27.0546 3396 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    08:08:27.0546 3396 Cpqarray - ok
    08:08:27.0671 3396 cpuz134 - ok
    08:08:27.0703 3396 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    08:08:27.0703 3396 dac2w2k - ok
    08:08:27.0750 3396 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    08:08:27.0750 3396 dac960nt - ok
    08:08:27.0812 3396 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    08:08:27.0828 3396 Disk - ok
    08:08:27.0859 3396 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
    08:08:27.0859 3396 DLABMFSM - ok
    08:08:27.0875 3396 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    08:08:27.0890 3396 DLABOIOM - ok
    08:08:27.0906 3396 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    08:08:27.0906 3396 DLACDBHM - ok
    08:08:27.0921 3396 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
    08:08:27.0921 3396 DLADResM - ok
    08:08:27.0921 3396 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    08:08:27.0921 3396 DLAIFS_M - ok
    08:08:27.0937 3396 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    08:08:27.0937 3396 DLAOPIOM - ok
    08:08:27.0953 3396 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    08:08:27.0953 3396 DLAPoolM - ok
    08:08:27.0953 3396 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
    08:08:27.0953 3396 DLARTL_M - ok
    08:08:27.0968 3396 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    08:08:27.0968 3396 DLAUDFAM - ok
    08:08:28.0000 3396 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    08:08:28.0000 3396 DLAUDF_M - ok
    08:08:28.0093 3396 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    08:08:28.0093 3396 dmboot - ok
    08:08:28.0156 3396 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    08:08:28.0156 3396 dmio - ok
    08:08:28.0171 3396 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    08:08:28.0171 3396 dmload - ok
    08:08:28.0203 3396 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    08:08:28.0203 3396 DMusic - ok
    08:08:28.0218 3396 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    08:08:28.0218 3396 dpti2o - ok
    08:08:28.0265 3396 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    08:08:28.0265 3396 drmkaud - ok
    08:08:28.0328 3396 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    08:08:28.0328 3396 DRVMCDB - ok
    08:08:28.0359 3396 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    08:08:28.0359 3396 DRVNDDM - ok
    08:08:28.0406 3396 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    08:08:28.0406 3396 E100B - ok
    08:08:28.0468 3396 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    08:08:28.0468 3396 Fastfat - ok
    08:08:28.0484 3396 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    08:08:28.0484 3396 Fdc - ok
    08:08:28.0515 3396 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    08:08:28.0515 3396 Fips - ok
    08:08:28.0531 3396 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    08:08:28.0531 3396 Flpydisk - ok
    08:08:28.0625 3396 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    08:08:28.0625 3396 FltMgr - ok
    08:08:28.0671 3396 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    08:08:28.0671 3396 Fs_Rec - ok
    08:08:28.0703 3396 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    08:08:28.0703 3396 Ftdisk - ok
    08:08:28.0781 3396 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    08:08:28.0781 3396 GEARAspiWDM - ok
    08:08:28.0859 3396 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    08:08:28.0859 3396 Gpc - ok
    08:08:28.0890 3396 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    08:08:28.0890 3396 HDAudBus - ok
    08:08:28.0937 3396 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    08:08:28.0937 3396 HidUsb - ok
    08:08:28.0968 3396 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    08:08:28.0968 3396 hpn - ok
    08:08:29.0078 3396 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    08:08:29.0078 3396 HPZid412 - ok
    08:08:29.0125 3396 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    08:08:29.0125 3396 HPZipr12 - ok
    08:08:29.0171 3396 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    08:08:29.0171 3396 HPZius12 - ok
    08:08:29.0234 3396 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    08:08:29.0234 3396 HTTP - ok
    08:08:29.0312 3396 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    08:08:29.0328 3396 i2omgmt - ok
    08:08:29.0359 3396 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    08:08:29.0359 3396 i2omp - ok
    08:08:29.0375 3396 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    08:08:29.0375 3396 i8042prt - ok
    08:08:29.0562 3396 ialm (12c7f8d581c4a9f126f5f8f5683a1c29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    08:08:29.0750 3396 ialm - ok
    08:08:29.0781 3396 iaStor (bdc361489a7f22e568060fa6fb3c960e) C:\WINDOWS\system32\drivers\iaStor.sys
    08:08:29.0796 3396 iaStor - ok
    08:08:29.0796 3396 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    08:08:29.0796 3396 Imapi - ok
    08:08:29.0812 3396 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    08:08:29.0812 3396 ini910u - ok
    08:08:29.0843 3396 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    08:08:29.0843 3396 IntelIde - ok
    08:08:29.0906 3396 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    08:08:29.0906 3396 intelppm - ok
    08:08:29.0937 3396 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    08:08:29.0953 3396 Ip6Fw - ok
    08:08:29.0984 3396 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    08:08:29.0984 3396 IpFilterDriver - ok
    08:08:30.0046 3396 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    08:08:30.0046 3396 IpInIp - ok
    08:08:30.0078 3396 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    08:08:30.0078 3396 IpNat - ok
    08:08:30.0109 3396 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    08:08:30.0109 3396 IPSec - ok
    08:08:30.0140 3396 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    08:08:30.0140 3396 IRENUM - ok
    08:08:30.0203 3396 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    08:08:30.0203 3396 isapnp - ok
    08:08:30.0234 3396 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    08:08:30.0234 3396 Kbdclass - ok
    08:08:30.0250 3396 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    08:08:30.0250 3396 kbdhid - ok
    08:08:30.0281 3396 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    08:08:30.0281 3396 kmixer - ok
    08:08:30.0312 3396 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    08:08:30.0312 3396 KSecDD - ok
    08:08:30.0328 3396 lbrtfdc - ok
    08:08:30.0343 3396 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    08:08:30.0343 3396 mnmdd - ok
    08:08:30.0359 3396 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    08:08:30.0375 3396 Modem - ok
    08:08:30.0468 3396 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    08:08:30.0468 3396 Mouclass - ok
    08:08:30.0515 3396 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    08:08:30.0515 3396 mouhid - ok
    08:08:30.0546 3396 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    08:08:30.0546 3396 MountMgr - ok
    08:08:30.0609 3396 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    08:08:30.0609 3396 mraid35x - ok
    08:08:30.0656 3396 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    08:08:30.0671 3396 MRxDAV - ok
    08:08:30.0734 3396 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    08:08:30.0750 3396 MRxSmb - ok
    08:08:30.0796 3396 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    08:08:30.0796 3396 Msfs - ok
    08:08:30.0859 3396 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    08:08:30.0859 3396 MSKSSRV - ok
    08:08:30.0875 3396 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    08:08:30.0890 3396 MSPCLOCK - ok
    08:08:30.0906 3396 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    08:08:30.0906 3396 MSPQM - ok
    08:08:30.0937 3396 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    08:08:30.0937 3396 mssmbios - ok
    08:08:31.0000 3396 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    08:08:31.0000 3396 Mup - ok
    08:08:31.0031 3396 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    08:08:31.0031 3396 NDIS - ok
    08:08:31.0078 3396 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    08:08:31.0078 3396 NdisTapi - ok
    08:08:31.0109 3396 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    08:08:31.0109 3396 Ndisuio - ok
    08:08:31.0125 3396 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    08:08:31.0125 3396 NdisWan - ok
    08:08:31.0187 3396 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    08:08:31.0187 3396 NDProxy - ok
    08:08:31.0218 3396 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    08:08:31.0218 3396 NetBIOS - ok
    08:08:31.0281 3396 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    08:08:31.0281 3396 NetBT - ok
    08:08:31.0296 3396 Normandy - ok
    08:08:31.0312 3396 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    08:08:31.0312 3396 Npfs - ok
    08:08:31.0359 3396 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    08:08:31.0359 3396 Ntfs - ok
    08:08:31.0390 3396 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    08:08:31.0406 3396 Null - ok
    08:08:31.0453 3396 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    08:08:31.0515 3396 nv - ok
    08:08:31.0546 3396 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    08:08:31.0546 3396 NwlnkFlt - ok
    08:08:31.0562 3396 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    08:08:31.0562 3396 NwlnkFwd - ok
    08:08:31.0656 3396 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    08:08:31.0656 3396 Parport - ok
    08:08:31.0687 3396 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    08:08:31.0687 3396 PartMgr - ok
    08:08:31.0718 3396 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    08:08:31.0718 3396 ParVdm - ok
    08:08:31.0734 3396 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    08:08:31.0734 3396 PCI - ok
    08:08:31.0750 3396 PCIDump - ok
    08:08:31.0750 3396 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    08:08:31.0750 3396 PCIIde - ok
    08:08:31.0796 3396 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    08:08:31.0796 3396 Pcmcia - ok
    08:08:31.0796 3396 PDCOMP - ok
    08:08:31.0812 3396 PDFRAME - ok
    08:08:31.0812 3396 PDRELI - ok
    08:08:31.0828 3396 PDRFRAME - ok
    08:08:31.0859 3396 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    08:08:31.0859 3396 perc2 - ok
    08:08:31.0890 3396 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    08:08:31.0890 3396 perc2hib - ok
    08:08:31.0937 3396 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\WINDOWS\system32\DRIVERS\point32.sys
    08:08:31.0937 3396 Point32 - ok
    08:08:31.0984 3396 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    08:08:31.0984 3396 PptpMiniport - ok
    08:08:32.0000 3396 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    08:08:32.0000 3396 PSched - ok
    08:08:32.0093 3396 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
    08:08:32.0093 3396 PSI - ok
    08:08:32.0125 3396 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    08:08:32.0125 3396 Ptilink - ok
    08:08:32.0140 3396 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    08:08:32.0140 3396 PxHelp20 - ok
    08:08:32.0187 3396 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    08:08:32.0187 3396 ql1080 - ok
    08:08:32.0234 3396 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    08:08:32.0250 3396 Ql10wnt - ok
    08:08:32.0296 3396 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    08:08:32.0296 3396 ql12160 - ok
    08:08:32.0359 3396 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    08:08:32.0375 3396 ql1240 - ok
    08:08:32.0421 3396 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    08:08:32.0421 3396 ql1280 - ok
    08:08:32.0453 3396 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    08:08:32.0453 3396 RasAcd - ok
    08:08:32.0515 3396 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    08:08:32.0515 3396 Rasl2tp - ok
    08:08:32.0531 3396 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    08:08:32.0531 3396 RasPppoe - ok
    08:08:32.0578 3396 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    08:08:32.0578 3396 Raspti - ok
    08:08:32.0625 3396 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    08:08:32.0625 3396 Rdbss - ok
    08:08:32.0687 3396 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    08:08:32.0687 3396 RDPCDD - ok
    08:08:32.0687 3396 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    08:08:32.0703 3396 rdpdr - ok
    08:08:32.0734 3396 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    08:08:32.0734 3396 RDPWD - ok
    08:08:32.0765 3396 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    08:08:32.0765 3396 redbook - ok
    08:08:32.0828 3396 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    08:08:32.0828 3396 Secdrv - ok
    08:08:32.0890 3396 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
    08:08:32.0890 3396 SenFiltService - ok
    08:08:32.0953 3396 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    08:08:32.0953 3396 serenum - ok
    08:08:32.0968 3396 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    08:08:32.0968 3396 Serial - ok
    08:08:32.0984 3396 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    08:08:32.0984 3396 Sfloppy - ok
    08:08:33.0000 3396 Simbad - ok
    08:08:33.0031 3396 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    08:08:33.0046 3396 sisagp - ok
    08:08:33.0093 3396 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    08:08:33.0093 3396 Sparrow - ok
    08:08:33.0171 3396 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    08:08:33.0171 3396 splitter - ok
    08:08:33.0203 3396 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    08:08:33.0203 3396 sr - ok
    08:08:33.0265 3396 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    08:08:33.0296 3396 Srv - ok
    08:08:33.0343 3396 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    08:08:33.0343 3396 swenum - ok
    08:08:33.0375 3396 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    08:08:33.0375 3396 swmidi - ok
    08:08:33.0421 3396 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    08:08:33.0421 3396 symc810 - ok
    08:08:33.0484 3396 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    08:08:33.0484 3396 symc8xx - ok
    08:08:33.0531 3396 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    08:08:33.0531 3396 sym_hi - ok
    08:08:33.0562 3396 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    08:08:33.0562 3396 sym_u3 - ok
    08:08:33.0609 3396 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    08:08:33.0609 3396 sysaudio - ok
    08:08:33.0703 3396 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    08:08:33.0703 3396 Tcpip - ok
    08:08:33.0734 3396 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    08:08:33.0750 3396 TDPIPE - ok
    08:08:33.0765 3396 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    08:08:33.0765 3396 TDTCP - ok
    08:08:33.0796 3396 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    08:08:33.0796 3396 TermDD - ok
    08:08:33.0843 3396 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    08:08:33.0843 3396 TosIde - ok
    08:08:33.0921 3396 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\WINDOWS\system32\drivers\truecrypt.sys
    08:08:33.0921 3396 truecrypt - ok
    08:08:33.0968 3396 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    08:08:33.0968 3396 Udfs - ok
    08:08:34.0015 3396 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    08:08:34.0015 3396 ultra - ok
    08:08:34.0078 3396 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    08:08:34.0093 3396 Update - ok
    08:08:34.0140 3396 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    08:08:34.0140 3396 USBAAPL - ok
    08:08:34.0187 3396 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    08:08:34.0187 3396 usbccgp - ok
    08:08:34.0203 3396 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    08:08:34.0203 3396 usbehci - ok
    08:08:34.0234 3396 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    08:08:34.0234 3396 usbhub - ok
    08:08:34.0250 3396 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    08:08:34.0250 3396 usbprint - ok
    08:08:34.0265 3396 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    08:08:34.0265 3396 usbscan - ok
    08:08:34.0296 3396 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    08:08:34.0296 3396 USBSTOR - ok
    08:08:34.0328 3396 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    08:08:34.0328 3396 usbuhci - ok
    08:08:34.0343 3396 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    08:08:34.0343 3396 VgaSave - ok
    08:08:34.0390 3396 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    08:08:34.0390 3396 viaagp - ok
    08:08:34.0453 3396 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    08:08:34.0453 3396 ViaIde - ok
    08:08:34.0515 3396 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    08:08:34.0515 3396 VolSnap - ok
    08:08:34.0546 3396 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    08:08:34.0546 3396 Wanarp - ok
    08:08:34.0609 3396 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    08:08:34.0609 3396 Wdf01000 - ok
    08:08:34.0625 3396 WDICA - ok
    08:08:34.0656 3396 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    08:08:34.0656 3396 wdmaud - ok
    08:08:34.0703 3396 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    08:08:34.0703 3396 WpdUsb - ok
    08:08:34.0718 3396 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    08:08:34.0718 3396 WS2IFSL - ok
    08:08:34.0796 3396 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    08:08:34.0796 3396 WudfPf - ok
    08:08:34.0812 3396 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    08:08:34.0812 3396 WudfRd - ok
    08:08:34.0859 3396 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    08:08:34.0968 3396 \Device\Harddisk0\DR0 - ok
    08:08:34.0984 3396 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR3
    08:08:34.0984 3396 \Device\Harddisk1\DR3 - ok
    08:08:34.0984 3396 Boot (0x1200) (b4e43ea13fc4131bfefbca8dac020122) \Device\Harddisk0\DR0\Partition0
    08:08:34.0984 3396 \Device\Harddisk0\DR0\Partition0 - ok
    08:08:35.0000 3396 Boot (0x1200) (748c1069e791decc00a2baab35d02354) \Device\Harddisk1\DR3\Partition0
    08:08:35.0000 3396 \Device\Harddisk1\DR3\Partition0 - ok
    08:08:35.0000 3396 ============================================================
    08:08:35.0000 3396 Scan finished
    08:08:35.0000 3396 ============================================================
    08:08:35.0000 3600 Detected object count: 1
    08:08:35.0000 3600 Actual detected object count: 1
    08:08:57.0468 3600 Backup copy found, using it..
    08:08:57.0468 3600 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
    08:08:57.0468 3600 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
    08:09:07.0375 1432 Deinitialize success
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==========================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. anjelita13

    anjelita13 TS Rookie Topic Starter

    aswMBR

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-21 10:16:17
    -----------------------------
    10:16:17.218 OS Version: Windows 5.1.2600 Service Pack 3
    10:16:17.218 Number of processors: 2 586 0xF0D
    10:16:17.218 ComputerName: STJAMESUMC UserName:
    10:16:17.703 Initialize success
    10:26:44.140 AVAST engine defs: 11122101
    10:35:53.000 The log file has been saved successfully to "C:\Documents and Settings\Office Administrator\Desktop\aswMBR.txt"
     
  6. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Before you run Combofix run this...

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  7. anjelita13

    anjelita13 TS Rookie Topic Starter

    bootkit

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  8. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Go on with Combofix.
     
  9. anjelita13

    anjelita13 TS Rookie Topic Starter

    ComboFix

    ComboFix 11-12-28.02 - Office Administrator 12/28/2011 7:34.8.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1537 [GMT -6:00]
    Running from: c:\documents and settings\Office Administrator\My Documents\Downloads\ComboFix.exe
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Office Administrator\Application Data\HPSU_48BitScanUpdate.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-21 14:09 . 2011-12-21 14:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2011-12-21 13:31 . 2011-12-26 19:04 -------- d-----w- c:\program files\McAfee Security Scan
    2011-12-21 13:31 . 2011-12-21 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
    2011-12-19 15:14 . 2011-12-19 15:15 -------- d-----w- c:\program files\Advanced PC Tweaker
    2011-12-19 14:35 . 2011-12-19 14:35 -------- d-----w- c:\documents and settings\Office Administrator\Local Settings\Application Data\PackageAware
    2011-12-19 14:35 . 2011-12-19 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
    2011-12-19 13:37 . 2008-04-14 01:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2011-12-19 13:37 . 2001-08-18 04:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2011-12-19 13:37 . 2008-04-14 01:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2011-12-19 13:37 . 2001-08-18 04:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2011-12-19 13:37 . 2001-08-18 04:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2011-12-19 13:37 . 2011-12-19 13:37 75264 ----a-w- C:\spoolss.dll
    2011-12-19 13:37 . 2001-08-18 04:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
    2011-12-19 13:37 . 2001-08-17 18:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
    2011-12-19 13:37 . 2004-08-04 04:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2011-12-19 13:37 . 2008-04-13 19:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
    2011-12-19 13:37 . 2004-08-04 04:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2011-12-19 13:37 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
    2011-12-19 13:35 . 2001-08-17 19:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
    2011-12-19 13:34 . 2004-08-04 11:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
    2011-12-19 13:34 . 2001-08-17 19:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
    2011-12-19 13:34 . 2001-08-17 18:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
    2011-12-19 13:34 . 2001-08-18 04:36 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
    2011-12-19 13:34 . 2001-08-17 18:51 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
    2011-12-19 13:34 . 2001-08-17 20:56 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
    2011-12-19 13:34 . 2001-08-17 18:51 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
    2011-12-19 13:34 . 2001-08-17 20:56 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
    2011-12-19 13:34 . 2001-08-17 18:12 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
    2011-12-19 13:34 . 2001-08-18 04:35 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll
    2011-12-16 18:41 . 2008-04-14 01:12 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
    2011-12-16 18:41 . 2001-08-18 04:36 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
    2011-12-16 18:41 . 2001-08-17 20:02 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys
    2011-12-16 18:39 . 2004-08-04 11:00 16896 ----a-w- c:\windows\system32\dllcache\status.dll
    2011-12-16 18:38 . 2004-08-04 11:00 38912 ----a-w- c:\windows\system32\dllcache\sm9aw.dll
    2011-12-16 18:37 . 2001-08-17 19:51 17280 ----a-w- c:\windows\system32\dllcache\scr111.sys
    2011-12-16 18:36 . 2001-08-17 18:19 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
    2011-12-16 18:35 . 2001-08-17 20:04 173696 ----a-w- c:\windows\system32\dllcache\philcam2.sys
    2011-12-16 18:34 . 2001-08-17 18:12 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys
    2011-12-16 18:33 . 2001-08-17 18:11 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys
    2011-12-16 18:32 . 2001-08-17 19:52 7424 ----a-w- c:\windows\system32\dllcache\mammoth.sys
    2011-12-16 18:31 . 2001-08-17 19:49 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
    2011-12-16 18:30 . 2001-08-17 19:28 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys
    2011-12-16 18:29 . 2004-08-04 11:00 36864 ----a-w- c:\windows\system32\dllcache\hanjadic.dll
    2011-12-16 18:28 . 2001-08-17 18:19 40704 ----a-w- c:\windows\system32\dllcache\es1371mp.sys
    2011-12-16 18:27 . 2001-08-17 18:13 103044 ----a-w- c:\windows\system32\dllcache\digidxb.sys
    2011-12-16 18:26 . 2001-08-17 19:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
    2011-12-16 18:06 . 2011-12-19 14:34 -------- d-----w- c:\program files\Support Tools
    2011-12-16 17:56 . 2011-12-16 17:56 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-12-16 15:35 . 2011-12-16 15:37 -------- d-----w- C:\rei
    2011-12-16 15:34 . 2011-12-16 15:34 -------- d-----w- c:\program files\Reimage
    2011-12-16 14:52 . 2011-12-16 14:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-12-08 14:53 . 2011-12-21 13:43 67032 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
    2011-12-08 14:53 . 2011-12-21 13:43 140760 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
    2011-12-08 14:53 . 2011-12-21 13:43 25560 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
    2011-12-08 14:53 . 2011-12-21 13:43 849368 ----a-w- c:\program files\Mozilla Firefox\js3250.dll
    2011-12-08 14:53 . 2011-12-21 13:43 505816 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-21 13:43 . 2011-05-16 13:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-19 14:09 . 2004-08-04 05:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
    2011-12-16 14:52 . 2011-03-02 16:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-23 13:25 . 2004-08-11 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-16 16:41 . 2011-11-16 16:41 398760 ----a-r- c:\windows\system32\cpnprt2.cid
    2011-11-01 16:07 . 2004-08-11 23:00 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-31 23:43 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2011-10-31 23:43 . 2004-08-11 23:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
    2011-10-31 23:43 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-10-31 23:43 . 2004-08-11 23:00 17408 ------w- c:\windows\system32\corpol.dll
    2011-10-28 05:31 . 2004-08-11 23:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37 . 2004-08-11 23:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2004-08-04 04:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-18 11:13 . 2004-08-11 23:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2004-08-11 23:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-12-23_17.07.24 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-12-28 13:15 . 2011-12-28 13:15 16384 c:\windows\temp\Perflib_Perfdata_784.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162328]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 137752]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-27 178712]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-25 1036288]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 213936]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
    "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-09-21 273528]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    .
    c:\documents and settings\Office Administrator\Start Menu\Programs\Startup\
    Memeo AutoSync Launcher.lnk - c:\program files\Memeo\AutoSync\MemeoLauncher.exe [2007-7-6 125976]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    .
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [1/10/2011 8:24 AM 993848]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [1/10/2011 8:24 AM 399416]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/26/2009 8:26 AM 24652]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 2:30 AM 15544]
    S3 cpuz134;cpuz134;\??\c:\docume~1\OFFICE~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\OFFICE~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 6:49 AM 227232]
    S3 Normandy;Normandy SR2; [x]
    S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 4:28 PM 31768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPService REG_MULTI_SZ HPSLPSVC
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2011-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-180194154-1879011030-1930761945-1005Core.job
    - c:\documents and settings\Office Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-08 21:35]
    .
    2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-180194154-1879011030-1930761945-1005UA.job
    - c:\documents and settings\Office Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-08 21:35]
    .
    2011-12-19 c:\windows\Tasks\One-Click Tweak.job
    - c:\program files\Advanced PC Tweaker\OneClick.exe [2011-12-19 16:02]
    .
    2011-12-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-180194154-1879011030-1930761945-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 20:22]
    .
    2011-12-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-180194154-1879011030-1930761945-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 20:22]
    .
    2011-12-28 c:\windows\Tasks\User_Feed_Synchronization-{DCAE1E01-07C9-4202-BC10-302079E4718E}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
    TCP: DhcpNameServer = 10.0.0.1
    FF - ProfilePath - c:\documents and settings\Office Administrator\Application Data\Mozilla\Firefox\Profiles\i31b3kuf.default\
    FF - prefs.js: browser.startup.homepage - www.hotmail.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Add to Amazon Wish List Button: amznUWL2@amazon.com - %profile%\extensions\amznUWL2@amazon.com
    FF - Ext: ShopAtHome.com Toolbar: toolbar@shopathome.com - %profile%\extensions\toolbar@shopathome.com
    FF - Ext: InstantFox: searchy@searchy - %profile%\extensions\searchy@searchy
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-28 07:38
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2011-12-28 07:40:43
    ComboFix-quarantined-files.txt 2011-12-28 13:40
    ComboFix2.txt 2011-12-23 17:09
    ComboFix3.txt 2011-12-16 16:49
    ComboFix4.txt 2011-12-14 16:11
    ComboFix5.txt 2011-12-28 13:32
    .
    Pre-Run: 130,534,744,064 bytes free
    Post-Run: 130,536,984,576 bytes free
    .
    - - End Of File - - F9F6F30F7CC19AB6D51C83CFB0811096
     
  10. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Looks clean.

    How are the issues?

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

    ============================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...