Inactive [A] All of my search engines are not working

Status
Not open for further replies.
Hello,

All of my search engines (google, yahoo etc.) are not working. When I type in a direct link it works fine, or even if I click on a link it usually works. When I try to search this is what comes up:

"The connection was reset

The connection to the server was reset while the page was loading.

* The site could be temporarily unavailable or too busy. Try again in a few
moments.

* If you are unable to load any pages, check your computer's network
connection.

* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web."

I've tried every browser. Also, the DDS scan link is not working for me.

Here is my malwarebytes scan:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8357

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

12/14/2011 9:50:24 AM
mbam-log-2011-12-14 (09-50-24).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)
Objects scanned: 328717
Time elapsed: 26 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\i386\fsquirt.exe (Trojan.Dropper.BCM) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP356\A0084412.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP356\A0084413.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP372\A0090234.exe (Trojan.Dropper.BCM) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP372\A0090235.exe (Trojan.Dropper.BCM) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP372\A0090238.exe (Trojan.Dropper.BCM) -> Quarantined and deleted successfully.
c:\tdsskiller_quarantine\23.09.2011_11.54.12\mbr0000\tdlfs0000\tsk0004.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\tdsskiller_quarantine\23.09.2011_11.54.12\mbr0000\tdlfs0000\tsk0016.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\tdsskiller_quarantine\23.09.2011_11.54.12\mbr0000\tdlfs0000\tsk0017.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\tdsskiller_quarantine\23.09.2011_11.54.12\mbr0000\tdlfs0000\tsk0018.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\$ntservicepackuninstall$\fsquirt.exe (Trojan.Dropper.BCM) -> Quarantined and deleted successfully.
c:\WINDOWS\servicepackfiles\i386\fsquirt.exe (Trojan.Dropper.BCM) -> Quarantined and deleted successfully.

Here is my GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-14 12:50:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST316081 rev.3.AD
Running: v0n1dp4x.exe; Driver: C:\DOCUME~1\OFFICE~1\LOCALS~1\Temp\awlyyfow.sys


---- System - GMER 1.0.15 ----

SSDT 8978A8A0 ZwAlertResumeThread
SSDT 897A89E0 ZwAlertThread
SSDT 8980DA08 ZwAllocateVirtualMemory
SSDT 897F1738 ZwAssignProcessToJobObject
SSDT 89678E30 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA1C63020]
SSDT 89735720 ZwCreateMutant
SSDT 89ABA1F0 ZwCreateSymbolicLinkObject
SSDT 89768190 ZwCreateThread
SSDT 8980F908 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA1C632A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA1C63800]
SSDT 89795C58 ZwDuplicateObject
SSDT 8996B0B8 ZwFreeVirtualMemory
SSDT 89782B10 ZwImpersonateAnonymousToken
SSDT 8978CAB0 ZwImpersonateThread
SSDT 8967F4E8 ZwLoadDriver
SSDT 89A0F940 ZwMapViewOfSection
SSDT 89786318 ZwOpenEvent
SSDT 896CD378 ZwOpenProcess
SSDT 89A32D88 ZwOpenProcessToken
SSDT 89783F40 ZwOpenSection
SSDT 897C70D8 ZwOpenThread
SSDT 89A91428 ZwProtectVirtualMemory
SSDT 89B48E50 ZwResumeThread
SSDT 8977A0A8 ZwSetContextThread
SSDT 897C1800 ZwSetInformationProcess
SSDT 897AF990 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA1C63A50]
SSDT 89788198 ZwSuspendProcess
SSDT 8977D3B0 ZwSuspendThread
SSDT 899E73C8 ZwTerminateProcess
SSDT 8977EBC8 ZwTerminateThread
SSDT 89A31770 ZwUnmapViewOfSection
SSDT 8981CE80 ZwWriteVirtualMemory

Code \??\C:\DOCUME~1\OFFICE~1\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 4 Bytes CALL 94D9ADFD
? npissll.sys The system cannot find the file specified. !
.text iaStor.sys B9E7ECFC 1 Byte [CC] {INT 3 }
? SYMEFA.SYS The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA5631A00]
? C:\DOCUME~1\OFFICE~1\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\DOCUME~1\OFFICE~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\drivers\mbamswissarmy.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[2936] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1148] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
IAT C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1188] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010
IAT C:\Documents and Settings\Office Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1300] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:156] 89B99161
Thread System [4:400] 89A3FC30

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==========================================================

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
TDSS Log

08:08:20.0781 3896 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
08:08:21.0609 3896 ============================================================
08:08:21.0609 3896 Current date / time: 2011/12/19 08:08:21.0609
08:08:21.0609 3896 SystemInfo:
08:08:21.0609 3896
08:08:21.0609 3896 OS Version: 5.1.2600 ServicePack: 3.0
08:08:21.0609 3896 Product type: Workstation
08:08:21.0609 3896 ComputerName: STJAMESUMC
08:08:21.0609 3896 UserName: Office Administrator
08:08:21.0609 3896 Windows directory: C:\WINDOWS
08:08:21.0609 3896 System windows directory: C:\WINDOWS
08:08:21.0609 3896 Processor architecture: Intel x86
08:08:21.0609 3896 Number of processors: 2
08:08:21.0609 3896 Page size: 0x1000
08:08:21.0609 3896 Boot type: Normal boot
08:08:21.0609 3896 ============================================================
08:08:22.0546 3896 Initialize success
08:08:25.0234 3396 ============================================================
08:08:25.0234 3396 Scan started
08:08:25.0234 3396 Mode: Manual;
08:08:25.0234 3396 ============================================================
08:08:26.0140 3396 Abiosdsk - ok
08:08:26.0203 3396 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
08:08:26.0203 3396 abp480n5 - ok
08:08:26.0281 3396 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:08:26.0281 3396 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
08:08:26.0281 3396 ACPI ( Virus.Win32.Rloader.a ) - infected
08:08:26.0281 3396 ACPI - detected Virus.Win32.Rloader.a (0)
08:08:26.0296 3396 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:08:26.0296 3396 ACPIEC - ok
08:08:26.0343 3396 ADIHdAudAddService (0f0a69496989912351284bb1baa2ce57) C:\WINDOWS\system32\drivers\ADIHdAud.sys
08:08:26.0343 3396 ADIHdAudAddService - ok
08:08:26.0359 3396 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
08:08:26.0359 3396 adpu160m - ok
08:08:26.0406 3396 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:08:26.0406 3396 aec - ok
08:08:26.0484 3396 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:08:26.0484 3396 AFD - ok
08:08:26.0531 3396 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
08:08:26.0531 3396 agp440 - ok
08:08:26.0546 3396 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
08:08:26.0546 3396 agpCPQ - ok
08:08:26.0578 3396 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
08:08:26.0578 3396 Aha154x - ok
08:08:26.0625 3396 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
08:08:26.0625 3396 aic78u2 - ok
08:08:26.0703 3396 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
08:08:26.0703 3396 aic78xx - ok
08:08:26.0750 3396 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
08:08:26.0750 3396 AliIde - ok
08:08:26.0765 3396 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
08:08:26.0765 3396 alim1541 - ok
08:08:26.0765 3396 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
08:08:26.0781 3396 amdagp - ok
08:08:26.0781 3396 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
08:08:26.0781 3396 amsint - ok
08:08:26.0812 3396 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
08:08:26.0812 3396 asc - ok
08:08:26.0875 3396 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
08:08:26.0875 3396 asc3350p - ok
08:08:26.0875 3396 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
08:08:26.0890 3396 asc3550 - ok
08:08:26.0968 3396 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:08:26.0968 3396 AsyncMac - ok
08:08:27.0015 3396 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:08:27.0015 3396 atapi - ok
08:08:27.0031 3396 Atdisk - ok
08:08:27.0062 3396 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:08:27.0062 3396 Atmarpc - ok
08:08:27.0093 3396 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:08:27.0093 3396 audstub - ok
08:08:27.0109 3396 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
08:08:27.0109 3396 b57w2k - ok
08:08:27.0140 3396 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:08:27.0140 3396 Beep - ok
08:08:27.0265 3396 catchme - ok
08:08:27.0343 3396 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
08:08:27.0343 3396 cbidf - ok
08:08:27.0343 3396 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:08:27.0343 3396 cbidf2k - ok
08:08:27.0359 3396 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
08:08:27.0359 3396 cd20xrnt - ok
08:08:27.0375 3396 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:08:27.0375 3396 Cdaudio - ok
08:08:27.0421 3396 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:08:27.0421 3396 Cdfs - ok
08:08:27.0437 3396 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:08:27.0453 3396 Cdrom - ok
08:08:27.0453 3396 Changer - ok
08:08:27.0500 3396 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
08:08:27.0500 3396 CmdIde - ok
08:08:27.0546 3396 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
08:08:27.0546 3396 Cpqarray - ok
08:08:27.0671 3396 cpuz134 - ok
08:08:27.0703 3396 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
08:08:27.0703 3396 dac2w2k - ok
08:08:27.0750 3396 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
08:08:27.0750 3396 dac960nt - ok
08:08:27.0812 3396 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:08:27.0828 3396 Disk - ok
08:08:27.0859 3396 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
08:08:27.0859 3396 DLABMFSM - ok
08:08:27.0875 3396 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
08:08:27.0890 3396 DLABOIOM - ok
08:08:27.0906 3396 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
08:08:27.0906 3396 DLACDBHM - ok
08:08:27.0921 3396 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
08:08:27.0921 3396 DLADResM - ok
08:08:27.0921 3396 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
08:08:27.0921 3396 DLAIFS_M - ok
08:08:27.0937 3396 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
08:08:27.0937 3396 DLAOPIOM - ok
08:08:27.0953 3396 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
08:08:27.0953 3396 DLAPoolM - ok
08:08:27.0953 3396 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
08:08:27.0953 3396 DLARTL_M - ok
08:08:27.0968 3396 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
08:08:27.0968 3396 DLAUDFAM - ok
08:08:28.0000 3396 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
08:08:28.0000 3396 DLAUDF_M - ok
08:08:28.0093 3396 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:08:28.0093 3396 dmboot - ok
08:08:28.0156 3396 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:08:28.0156 3396 dmio - ok
08:08:28.0171 3396 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:08:28.0171 3396 dmload - ok
08:08:28.0203 3396 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:08:28.0203 3396 DMusic - ok
08:08:28.0218 3396 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
08:08:28.0218 3396 dpti2o - ok
08:08:28.0265 3396 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:08:28.0265 3396 drmkaud - ok
08:08:28.0328 3396 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
08:08:28.0328 3396 DRVMCDB - ok
08:08:28.0359 3396 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
08:08:28.0359 3396 DRVNDDM - ok
08:08:28.0406 3396 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
08:08:28.0406 3396 E100B - ok
08:08:28.0468 3396 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:08:28.0468 3396 Fastfat - ok
08:08:28.0484 3396 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:08:28.0484 3396 Fdc - ok
08:08:28.0515 3396 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:08:28.0515 3396 Fips - ok
08:08:28.0531 3396 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:08:28.0531 3396 Flpydisk - ok
08:08:28.0625 3396 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:08:28.0625 3396 FltMgr - ok
08:08:28.0671 3396 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:08:28.0671 3396 Fs_Rec - ok
08:08:28.0703 3396 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:08:28.0703 3396 Ftdisk - ok
08:08:28.0781 3396 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:08:28.0781 3396 GEARAspiWDM - ok
08:08:28.0859 3396 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:08:28.0859 3396 Gpc - ok
08:08:28.0890 3396 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:08:28.0890 3396 HDAudBus - ok
08:08:28.0937 3396 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:08:28.0937 3396 HidUsb - ok
08:08:28.0968 3396 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
08:08:28.0968 3396 hpn - ok
08:08:29.0078 3396 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
08:08:29.0078 3396 HPZid412 - ok
08:08:29.0125 3396 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
08:08:29.0125 3396 HPZipr12 - ok
08:08:29.0171 3396 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
08:08:29.0171 3396 HPZius12 - ok
08:08:29.0234 3396 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:08:29.0234 3396 HTTP - ok
08:08:29.0312 3396 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
08:08:29.0328 3396 i2omgmt - ok
08:08:29.0359 3396 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
08:08:29.0359 3396 i2omp - ok
08:08:29.0375 3396 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:08:29.0375 3396 i8042prt - ok
08:08:29.0562 3396 ialm (12c7f8d581c4a9f126f5f8f5683a1c29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
08:08:29.0750 3396 ialm - ok
08:08:29.0781 3396 iaStor (bdc361489a7f22e568060fa6fb3c960e) C:\WINDOWS\system32\drivers\iaStor.sys
08:08:29.0796 3396 iaStor - ok
08:08:29.0796 3396 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:08:29.0796 3396 Imapi - ok
08:08:29.0812 3396 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
08:08:29.0812 3396 ini910u - ok
08:08:29.0843 3396 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
08:08:29.0843 3396 IntelIde - ok
08:08:29.0906 3396 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:08:29.0906 3396 intelppm - ok
08:08:29.0937 3396 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:08:29.0953 3396 Ip6Fw - ok
08:08:29.0984 3396 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:08:29.0984 3396 IpFilterDriver - ok
08:08:30.0046 3396 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:08:30.0046 3396 IpInIp - ok
08:08:30.0078 3396 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:08:30.0078 3396 IpNat - ok
08:08:30.0109 3396 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:08:30.0109 3396 IPSec - ok
08:08:30.0140 3396 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:08:30.0140 3396 IRENUM - ok
08:08:30.0203 3396 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:08:30.0203 3396 isapnp - ok
08:08:30.0234 3396 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:08:30.0234 3396 Kbdclass - ok
08:08:30.0250 3396 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:08:30.0250 3396 kbdhid - ok
08:08:30.0281 3396 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:08:30.0281 3396 kmixer - ok
08:08:30.0312 3396 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:08:30.0312 3396 KSecDD - ok
08:08:30.0328 3396 lbrtfdc - ok
08:08:30.0343 3396 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:08:30.0343 3396 mnmdd - ok
08:08:30.0359 3396 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:08:30.0375 3396 Modem - ok
08:08:30.0468 3396 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:08:30.0468 3396 Mouclass - ok
08:08:30.0515 3396 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:08:30.0515 3396 mouhid - ok
08:08:30.0546 3396 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:08:30.0546 3396 MountMgr - ok
08:08:30.0609 3396 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
08:08:30.0609 3396 mraid35x - ok
08:08:30.0656 3396 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:08:30.0671 3396 MRxDAV - ok
08:08:30.0734 3396 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:08:30.0750 3396 MRxSmb - ok
08:08:30.0796 3396 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:08:30.0796 3396 Msfs - ok
08:08:30.0859 3396 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:08:30.0859 3396 MSKSSRV - ok
08:08:30.0875 3396 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:08:30.0890 3396 MSPCLOCK - ok
08:08:30.0906 3396 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:08:30.0906 3396 MSPQM - ok
08:08:30.0937 3396 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:08:30.0937 3396 mssmbios - ok
08:08:31.0000 3396 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:08:31.0000 3396 Mup - ok
08:08:31.0031 3396 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:08:31.0031 3396 NDIS - ok
08:08:31.0078 3396 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:08:31.0078 3396 NdisTapi - ok
08:08:31.0109 3396 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:08:31.0109 3396 Ndisuio - ok
08:08:31.0125 3396 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:08:31.0125 3396 NdisWan - ok
08:08:31.0187 3396 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:08:31.0187 3396 NDProxy - ok
08:08:31.0218 3396 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:08:31.0218 3396 NetBIOS - ok
08:08:31.0281 3396 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:08:31.0281 3396 NetBT - ok
08:08:31.0296 3396 Normandy - ok
08:08:31.0312 3396 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:08:31.0312 3396 Npfs - ok
08:08:31.0359 3396 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:08:31.0359 3396 Ntfs - ok
08:08:31.0390 3396 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:08:31.0406 3396 Null - ok
08:08:31.0453 3396 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:08:31.0515 3396 nv - ok
08:08:31.0546 3396 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:08:31.0546 3396 NwlnkFlt - ok
08:08:31.0562 3396 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:08:31.0562 3396 NwlnkFwd - ok
08:08:31.0656 3396 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:08:31.0656 3396 Parport - ok
08:08:31.0687 3396 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:08:31.0687 3396 PartMgr - ok
08:08:31.0718 3396 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:08:31.0718 3396 ParVdm - ok
08:08:31.0734 3396 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:08:31.0734 3396 PCI - ok
08:08:31.0750 3396 PCIDump - ok
08:08:31.0750 3396 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:08:31.0750 3396 PCIIde - ok
08:08:31.0796 3396 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:08:31.0796 3396 Pcmcia - ok
08:08:31.0796 3396 PDCOMP - ok
08:08:31.0812 3396 PDFRAME - ok
08:08:31.0812 3396 PDRELI - ok
08:08:31.0828 3396 PDRFRAME - ok
08:08:31.0859 3396 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
08:08:31.0859 3396 perc2 - ok
08:08:31.0890 3396 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
08:08:31.0890 3396 perc2hib - ok
08:08:31.0937 3396 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\WINDOWS\system32\DRIVERS\point32.sys
08:08:31.0937 3396 Point32 - ok
08:08:31.0984 3396 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:08:31.0984 3396 PptpMiniport - ok
08:08:32.0000 3396 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:08:32.0000 3396 PSched - ok
08:08:32.0093 3396 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
08:08:32.0093 3396 PSI - ok
08:08:32.0125 3396 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:08:32.0125 3396 Ptilink - ok
08:08:32.0140 3396 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:08:32.0140 3396 PxHelp20 - ok
08:08:32.0187 3396 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
08:08:32.0187 3396 ql1080 - ok
08:08:32.0234 3396 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
08:08:32.0250 3396 Ql10wnt - ok
08:08:32.0296 3396 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
08:08:32.0296 3396 ql12160 - ok
08:08:32.0359 3396 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
08:08:32.0375 3396 ql1240 - ok
08:08:32.0421 3396 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
08:08:32.0421 3396 ql1280 - ok
08:08:32.0453 3396 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:08:32.0453 3396 RasAcd - ok
08:08:32.0515 3396 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:08:32.0515 3396 Rasl2tp - ok
08:08:32.0531 3396 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:08:32.0531 3396 RasPppoe - ok
08:08:32.0578 3396 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:08:32.0578 3396 Raspti - ok
08:08:32.0625 3396 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:08:32.0625 3396 Rdbss - ok
08:08:32.0687 3396 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:08:32.0687 3396 RDPCDD - ok
08:08:32.0687 3396 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:08:32.0703 3396 rdpdr - ok
08:08:32.0734 3396 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
08:08:32.0734 3396 RDPWD - ok
08:08:32.0765 3396 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:08:32.0765 3396 redbook - ok
08:08:32.0828 3396 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:08:32.0828 3396 Secdrv - ok
08:08:32.0890 3396 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
08:08:32.0890 3396 SenFiltService - ok
08:08:32.0953 3396 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:08:32.0953 3396 serenum - ok
08:08:32.0968 3396 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:08:32.0968 3396 Serial - ok
08:08:32.0984 3396 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:08:32.0984 3396 Sfloppy - ok
08:08:33.0000 3396 Simbad - ok
08:08:33.0031 3396 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
08:08:33.0046 3396 sisagp - ok
08:08:33.0093 3396 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
08:08:33.0093 3396 Sparrow - ok
08:08:33.0171 3396 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:08:33.0171 3396 splitter - ok
08:08:33.0203 3396 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:08:33.0203 3396 sr - ok
08:08:33.0265 3396 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:08:33.0296 3396 Srv - ok
08:08:33.0343 3396 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:08:33.0343 3396 swenum - ok
08:08:33.0375 3396 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:08:33.0375 3396 swmidi - ok
08:08:33.0421 3396 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
08:08:33.0421 3396 symc810 - ok
08:08:33.0484 3396 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
08:08:33.0484 3396 symc8xx - ok
08:08:33.0531 3396 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
08:08:33.0531 3396 sym_hi - ok
08:08:33.0562 3396 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
08:08:33.0562 3396 sym_u3 - ok
08:08:33.0609 3396 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:08:33.0609 3396 sysaudio - ok
08:08:33.0703 3396 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:08:33.0703 3396 Tcpip - ok
08:08:33.0734 3396 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:08:33.0750 3396 TDPIPE - ok
08:08:33.0765 3396 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:08:33.0765 3396 TDTCP - ok
08:08:33.0796 3396 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:08:33.0796 3396 TermDD - ok
08:08:33.0843 3396 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
08:08:33.0843 3396 TosIde - ok
08:08:33.0921 3396 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\WINDOWS\system32\drivers\truecrypt.sys
08:08:33.0921 3396 truecrypt - ok
08:08:33.0968 3396 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:08:33.0968 3396 Udfs - ok
08:08:34.0015 3396 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
08:08:34.0015 3396 ultra - ok
08:08:34.0078 3396 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:08:34.0093 3396 Update - ok
08:08:34.0140 3396 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:08:34.0140 3396 USBAAPL - ok
08:08:34.0187 3396 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:08:34.0187 3396 usbccgp - ok
08:08:34.0203 3396 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:08:34.0203 3396 usbehci - ok
08:08:34.0234 3396 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:08:34.0234 3396 usbhub - ok
08:08:34.0250 3396 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:08:34.0250 3396 usbprint - ok
08:08:34.0265 3396 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:08:34.0265 3396 usbscan - ok
08:08:34.0296 3396 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:08:34.0296 3396 USBSTOR - ok
08:08:34.0328 3396 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:08:34.0328 3396 usbuhci - ok
08:08:34.0343 3396 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:08:34.0343 3396 VgaSave - ok
08:08:34.0390 3396 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
08:08:34.0390 3396 viaagp - ok
08:08:34.0453 3396 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
08:08:34.0453 3396 ViaIde - ok
08:08:34.0515 3396 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:08:34.0515 3396 VolSnap - ok
08:08:34.0546 3396 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:08:34.0546 3396 Wanarp - ok
08:08:34.0609 3396 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
08:08:34.0609 3396 Wdf01000 - ok
08:08:34.0625 3396 WDICA - ok
08:08:34.0656 3396 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:08:34.0656 3396 wdmaud - ok
08:08:34.0703 3396 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
08:08:34.0703 3396 WpdUsb - ok
08:08:34.0718 3396 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:08:34.0718 3396 WS2IFSL - ok
08:08:34.0796 3396 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:08:34.0796 3396 WudfPf - ok
08:08:34.0812 3396 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:08:34.0812 3396 WudfRd - ok
08:08:34.0859 3396 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:08:34.0968 3396 \Device\Harddisk0\DR0 - ok
08:08:34.0984 3396 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR3
08:08:34.0984 3396 \Device\Harddisk1\DR3 - ok
08:08:34.0984 3396 Boot (0x1200) (b4e43ea13fc4131bfefbca8dac020122) \Device\Harddisk0\DR0\Partition0
08:08:34.0984 3396 \Device\Harddisk0\DR0\Partition0 - ok
08:08:35.0000 3396 Boot (0x1200) (748c1069e791decc00a2baab35d02354) \Device\Harddisk1\DR3\Partition0
08:08:35.0000 3396 \Device\Harddisk1\DR3\Partition0 - ok
08:08:35.0000 3396 ============================================================
08:08:35.0000 3396 Scan finished
08:08:35.0000 3396 ============================================================
08:08:35.0000 3600 Detected object count: 1
08:08:35.0000 3600 Actual detected object count: 1
08:08:57.0468 3600 Backup copy found, using it..
08:08:57.0468 3600 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
08:08:57.0468 3600 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
08:09:07.0375 1432 Deinitialize success
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==========================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
aswMBR

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-21 10:16:17
-----------------------------
10:16:17.218 OS Version: Windows 5.1.2600 Service Pack 3
10:16:17.218 Number of processors: 2 586 0xF0D
10:16:17.218 ComputerName: STJAMESUMC UserName:
10:16:17.703 Initialize success
10:26:44.140 AVAST engine defs: 11122101
10:35:53.000 The log file has been saved successfully to "C:\Documents and Settings\Office Administrator\Desktop\aswMBR.txt"
 
Before you run Combofix run this...

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
bootkit

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
ComboFix

ComboFix 11-12-28.02 - Office Administrator 12/28/2011 7:34.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1537 [GMT -6:00]
Running from: c:\documents and settings\Office Administrator\My Documents\Downloads\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Office Administrator\Application Data\HPSU_48BitScanUpdate.log
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 )))))))))))))))))))))))))))))))
.
.
2011-12-21 14:09 . 2011-12-21 14:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-12-21 13:31 . 2011-12-26 19:04 -------- d-----w- c:\program files\McAfee Security Scan
2011-12-21 13:31 . 2011-12-21 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-12-19 15:14 . 2011-12-19 15:15 -------- d-----w- c:\program files\Advanced PC Tweaker
2011-12-19 14:35 . 2011-12-19 14:35 -------- d-----w- c:\documents and settings\Office Administrator\Local Settings\Application Data\PackageAware
2011-12-19 14:35 . 2011-12-19 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2011-12-19 13:37 . 2008-04-14 01:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-12-19 13:37 . 2001-08-18 04:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-12-19 13:37 . 2008-04-14 01:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-12-19 13:37 . 2001-08-18 04:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-12-19 13:37 . 2001-08-18 04:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-12-19 13:37 . 2011-12-19 13:37 75264 ----a-w- C:\spoolss.dll
2011-12-19 13:37 . 2001-08-18 04:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-12-19 13:37 . 2001-08-17 18:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-12-19 13:37 . 2004-08-04 04:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-12-19 13:37 . 2008-04-13 19:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-12-19 13:37 . 2004-08-04 04:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-12-19 13:37 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-12-19 13:35 . 2001-08-17 19:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2011-12-19 13:34 . 2004-08-04 11:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2011-12-19 13:34 . 2001-08-17 19:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2011-12-19 13:34 . 2001-08-17 18:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-12-19 13:34 . 2001-08-18 04:36 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2011-12-19 13:34 . 2001-08-17 18:51 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-12-19 13:34 . 2001-08-17 20:56 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2011-12-19 13:34 . 2001-08-17 18:51 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-12-19 13:34 . 2001-08-17 20:56 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2011-12-19 13:34 . 2001-08-17 18:12 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2011-12-19 13:34 . 2001-08-18 04:35 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll
2011-12-16 18:41 . 2008-04-14 01:12 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-12-16 18:41 . 2001-08-18 04:36 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2011-12-16 18:41 . 2001-08-17 20:02 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys
2011-12-16 18:39 . 2004-08-04 11:00 16896 ----a-w- c:\windows\system32\dllcache\status.dll
2011-12-16 18:38 . 2004-08-04 11:00 38912 ----a-w- c:\windows\system32\dllcache\sm9aw.dll
2011-12-16 18:37 . 2001-08-17 19:51 17280 ----a-w- c:\windows\system32\dllcache\scr111.sys
2011-12-16 18:36 . 2001-08-17 18:19 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2011-12-16 18:35 . 2001-08-17 20:04 173696 ----a-w- c:\windows\system32\dllcache\philcam2.sys
2011-12-16 18:34 . 2001-08-17 18:12 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys
2011-12-16 18:33 . 2001-08-17 18:11 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys
2011-12-16 18:32 . 2001-08-17 19:52 7424 ----a-w- c:\windows\system32\dllcache\mammoth.sys
2011-12-16 18:31 . 2001-08-17 19:49 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
2011-12-16 18:30 . 2001-08-17 19:28 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys
2011-12-16 18:29 . 2004-08-04 11:00 36864 ----a-w- c:\windows\system32\dllcache\hanjadic.dll
2011-12-16 18:28 . 2001-08-17 18:19 40704 ----a-w- c:\windows\system32\dllcache\es1371mp.sys
2011-12-16 18:27 . 2001-08-17 18:13 103044 ----a-w- c:\windows\system32\dllcache\digidxb.sys
2011-12-16 18:26 . 2001-08-17 19:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-12-16 18:06 . 2011-12-19 14:34 -------- d-----w- c:\program files\Support Tools
2011-12-16 17:56 . 2011-12-16 17:56 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-16 15:35 . 2011-12-16 15:37 -------- d-----w- C:\rei
2011-12-16 15:34 . 2011-12-16 15:34 -------- d-----w- c:\program files\Reimage
2011-12-16 14:52 . 2011-12-16 14:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-08 14:53 . 2011-12-21 13:43 67032 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
2011-12-08 14:53 . 2011-12-21 13:43 140760 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-12-08 14:53 . 2011-12-21 13:43 25560 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-12-08 14:53 . 2011-12-21 13:43 849368 ----a-w- c:\program files\Mozilla Firefox\js3250.dll
2011-12-08 14:53 . 2011-12-21 13:43 505816 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 13:43 . 2011-05-16 13:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-19 14:09 . 2004-08-04 05:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-12-16 14:52 . 2011-03-02 16:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-23 13:25 . 2004-08-11 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 16:41 . 2011-11-16 16:41 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-11-01 16:07 . 2004-08-11 23:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43 . 2004-08-11 23:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43 . 2004-08-11 23:00 17408 ------w- c:\windows\system32\corpol.dll
2011-10-28 05:31 . 2004-08-11 23:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-11 23:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 04:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13 . 2004-08-11 23:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2004-08-11 23:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-23_17.07.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-28 13:15 . 2011-12-28 13:15 16384 c:\windows\temp\Perflib_Perfdata_784.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 137752]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-27 178712]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-25 1036288]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-09-21 273528]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\Office Administrator\Start Menu\Programs\Startup\
Memeo AutoSync Launcher.lnk - c:\program files\Memeo\AutoSync\MemeoLauncher.exe [2007-7-6 125976]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
.
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [1/10/2011 8:24 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [1/10/2011 8:24 AM 399416]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/26/2009 8:26 AM 24652]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 2:30 AM 15544]
S3 cpuz134;cpuz134;\??\c:\docume~1\OFFICE~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\OFFICE~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 6:49 AM 227232]
S3 Normandy;Normandy SR2; [x]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 4:28 PM 31768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-180194154-1879011030-1930761945-1005Core.job
- c:\documents and settings\Office Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-08 21:35]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-180194154-1879011030-1930761945-1005UA.job
- c:\documents and settings\Office Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-08 21:35]
.
2011-12-19 c:\windows\Tasks\One-Click Tweak.job
- c:\program files\Advanced PC Tweaker\OneClick.exe [2011-12-19 16:02]
.
2011-12-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-180194154-1879011030-1930761945-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 20:22]
.
2011-12-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-180194154-1879011030-1930761945-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 20:22]
.
2011-12-28 c:\windows\Tasks\User_Feed_Synchronization-{DCAE1E01-07C9-4202-BC10-302079E4718E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Office Administrator\Application Data\Mozilla\Firefox\Profiles\i31b3kuf.default\
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Add to Amazon Wish List Button: amznUWL2@amazon.com - %profile%\extensions\amznUWL2@amazon.com
FF - Ext: ShopAtHome.com Toolbar: toolbar@shopathome.com - %profile%\extensions\toolbar@shopathome.com
FF - Ext: InstantFox: searchy@searchy - %profile%\extensions\searchy@searchy
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-28 07:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-12-28 07:40:43
ComboFix-quarantined-files.txt 2011-12-28 13:40
ComboFix2.txt 2011-12-23 17:09
ComboFix3.txt 2011-12-16 16:49
ComboFix4.txt 2011-12-14 16:11
ComboFix5.txt 2011-12-28 13:32
.
Pre-Run: 130,534,744,064 bytes free
Post-Run: 130,536,984,576 bytes free
.
- - End Of File - - F9F6F30F7CC19AB6D51C83CFB0811096
 
Looks clean.

How are the issues?

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

============================================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Status
Not open for further replies.
Back