TechSpot

Cannot search or connect to Google with Firefox or IE

Solved
By poohgc
May 8, 2012
  1. Please find attached a highjackthis log. On this machine you cannot use IE 8 or Firefox 12 search bar to search for anything. This is an XP machine with all the patches there are. Before I sent you this log I used Malwarebytes and Spybot search and destroy which removed Double click, Fraud.Virus Remover2009, Medra Plex, Webtrends Live and Zedo. Can you see anything that would keep me from searching in the search bar? I can ping google.com and yahoo.com, but when I search with bing or google (I usually use just Firefox), it just sits there until it says "Connection reset".

    Thanks,
    Gale
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 47,159   +264

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    [HJT log removed by Broni]
     
  4. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    MBAM Logs:

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.08.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    admin :: CLARINED [administrator]

    Protection: Enabled

    5/8/2012 9:26:14 AM
    mbam-log-2012-05-08 (09-26-14).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 367354
    Time elapsed: 1 hour(s), 10 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  5. Broni

    Broni Malware Annihilator Posts: 47,159   +264

    We don't use HJT around here anymore.


    [​IMG]
     
  6. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

  7. Broni

    Broni Malware Annihilator Posts: 47,159   +264

    You're NOT paying attention because you certainly didn't read my initial reply #2 carefully.
     
  8. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    I am to the step regarding GMER. When it first opens up it produces a small line of code. On the side there is then the option to scan. Am I supposed to push the scan button and let it go or do you only want to see the few lines it produces when it opens up?
     
  9. Broni

    Broni Malware Annihilator Posts: 47,159   +264

    You can find all needed info on instructions page.
     
  10. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    Instructions are not clear, they state:

    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Warning! Please do not select the "Show all" checkbox during the scan.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    When I initially opened the program it produced a few lines of text then just sat there, there isn't any instructions to push the "scan" button. I did not receive a warning and was not asked to fully scan my system, it just sat there. I did NOT check the "Show All" checkbox. Do you just want the few lines that were produced when the program opened?
     
  11. Broni

    Broni Malware Annihilator Posts: 47,159   +264

    Go ahead and let me know what info GMER produced.
     
     
  12. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    gmer.log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-05-08 17:06:24
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160815AS rev.4.ADA
    Running: 48q3fqqh.exe; Driver: C:\DOCUME~1\cdegroot\LOCALS~1\Temp\pxldqpob.sys


    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice nlem32nt.sys

    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:120] 89D5A16D
    Thread System [4:368] 8995AB90

    ---- EOF - GMER 1.0.15 ----
     
  13. Broni

    Broni Malware Annihilator Posts: 47,159   +264

    That's the log I needed.

    Go ahead with DDS.
     
  14. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    DDS.text

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
    Run by cdegroot at 17:10:38 on 2012-05-08
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1330 [GMT -5:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Symantec AntiVirus\Smc.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec AntiVirus\SmcGui.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\ctfmon.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uLocal Page = c:\winnt\system32\blank.htm
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRunOnce: [RunNarrator] Narrator.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: Open with WordPerfect - c:\program files\corel\wordperfect office x4\programs\WPLauncher.hta
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242854494708
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{C13904D9-AE89-4F79-A267-7A6AF8B9F2EF} : NameServer = 192.168.2.4,192.168.2.5,192.168.2.6
    Notify: igfxcui - igfxdev.dll
    Notify: PCANotify - PCANotify.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\cdegroot\application data\mozilla\firefox\profiles\8fnqr6fg.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 nlem32nt;NLEM32NT;c:\windows\system32\drivers\nlem32nt.sys [2009-10-16 69656]
    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-4-30 24064]
    R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-10-23 16984]
    R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-11-17 11165]
    R2 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2005-5-20 106496]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-6-2 108392]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-6-2 108392]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-6-2 654408]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2011-6-2 1839776]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-15 106104]
    R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2009-4-30 176640]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-6-2 22344]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120507.038\NAVENG.SYS [2012-5-8 86136]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120507.038\NAVEX15.SYS [2012-5-8 1576312]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-4 135664]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 257696]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2011-6-2 23888]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-4 135664]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 129976]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-05-08 20:25:40 -------- d-----w- c:\program files\Trend Micro
    2012-05-08 19:50:36 -------- d-----w- c:\program files\blekkotb_soc
    2012-05-08 17:47:56 -------- d-----w- c:\documents and settings\cdegroot\application data\blekkotb_019
    2012-05-08 17:21:56 -------- d-sha-r- C:\cmdcons
    2012-05-08 17:20:04 98816 ----a-w- c:\windows\sed.exe
    2012-05-08 17:20:04 518144 ----a-w- c:\windows\SWREG.exe
    2012-05-08 17:20:04 256000 ----a-w- c:\windows\PEV.exe
    2012-05-08 17:20:04 208896 ----a-w- c:\windows\MBR.exe
    2012-05-08 17:08:49 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
    2012-05-08 16:08:09 -------- d-----w- C:\ERDNT
    2012-05-01 16:32:30 -------- d-----w- c:\documents and settings\cdegroot\local settings\application data\Citrix
    .
    ==================== Find3M ====================
    .
    2012-05-05 05:58:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-05 05:58:07 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-04 23:37:59 848 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
    2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
    2012-02-21 14:39:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-02-21 14:39:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
    .
    ============= FINISH: 17:10:58.17 ===============

    attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/20/2009 11:15:04 AM
    System Uptime: 5/8/2012 4:07:37 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0T656F
    Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | CPU | 2493/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 122.263 GiB free.
    D: is CDROM ()
    H: is NetworkDisk (NTFS) - 298 GiB total, 231.626 GiB free.
    N: is NetworkDisk (NTFS) - 466 GiB total, 252.389 GiB free.
    S: is NetworkDisk (NTFS) - 298 GiB total, 261.372 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP343: 2/16/2012 3:00:18 AM - Software Distribution Service 3.0
    RP344: 2/21/2012 8:39:18 AM - Removed Java(TM) 6 Update 11
    RP345: 2/21/2012 8:39:46 AM - Installed Java(TM) 6 Update 31
    RP346: 2/21/2012 12:46:35 PM - Installed Windows XP KB961118.
    RP347: 2/21/2012 12:46:42 PM - Installed CCH Printer Update.
    RP348: 3/2/2012 10:04:28 AM - Installed Windows XP KB961118.
    RP349: 3/2/2012 10:04:36 AM - Installed CCH Printer Update.
    RP350: 3/8/2012 5:03:34 PM - System Checkpoint
    RP351: 3/9/2012 11:44:51 AM - Installed Windows XP KB961118.
    RP352: 3/9/2012 11:44:59 AM - Installed CCH Printer Update.
    RP353: 3/12/2012 9:02:25 AM - Installed Windows XP KB961118.
    RP354: 3/12/2012 9:02:33 AM - Installed CCH Printer Update.
    RP355: 3/14/2012 3:00:17 AM - Software Distribution Service 3.0
    RP356: 3/16/2012 3:00:16 AM - Software Distribution Service 3.0
    RP357: 3/17/2012 3:00:17 AM - Software Distribution Service 3.0
    RP358: 3/22/2012 12:52:50 PM - Installed Windows XP KB961118.
    RP359: 3/22/2012 12:52:58 PM - Installed CCH Printer Update.
    RP360: 4/2/2012 9:30:02 AM - Installed Windows XP KB961118.
    RP361: 4/2/2012 9:30:11 AM - Installed CCH Printer Update.
    RP362: 4/12/2012 3:00:28 AM - Software Distribution Service 3.0
    RP363: 4/13/2012 3:16:34 PM - Installed Windows XP KB961118.
    RP364: 4/13/2012 3:16:42 PM - Installed CCH Printer Update.
    RP365: 5/1/2012 12:11:16 PM - System Checkpoint
    RP366: 5/8/2012 8:48:29 AM - Removed Bing Bar
    RP367: 5/8/2012 8:51:04 AM - Removed Apple Application Support
    RP368: 5/8/2012 8:53:06 AM - Removed Apple Mobile Device Support
    RP369: 5/8/2012 8:54:11 AM - Removed Apple Software Update
    RP370: 5/8/2012 8:54:29 AM - Removed Bonjour
    RP371: 5/8/2012 8:55:36 AM - Removed iTunes
    RP372: 5/8/2012 9:01:33 AM - Removed MobileMe Control Panel
    RP373: 5/8/2012 9:02:23 AM - Removed Safari
    RP374: 5/8/2012 2:51:42 PM - Removed Mozilla Firefox (en-US)
    RP375: 5/8/2012 3:03:14 PM - Installed Mozilla Firefox (en-US)
    RP376: 5/8/2012 3:15:10 PM - Installed Microsoft Fix it 50267
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.5
    Broadcom Management Programs
    Choice Guard
    Corel WordPerfect Office - iFilter
    Critical Update for Windows Media Player 11 (KB959772)
    Crystal Reports Basic Runtime for Visual Studio 2008
    Google Update Helper
    GoToMeeting 4.5.0.457
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB953955)
    Hotfix for Windows XP (KB954434)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB958347)
    Hotfix for Windows XP (KB959252)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 31
    Junk Mail filter update
    LiveReg (Symantec Corporation)
    LiveUpdate 3.3 (Symantec Corporation)
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook 2003
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB927977)
    OGA Notifier 2.0.0048.0
    PowerDVD
    QuickTime
    RealPlayer
    RealPopup
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2416400)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2482017)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2497640)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2530548)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2559049)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2586448)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618444)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647516)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Sonic CinePlayer Decoder Pack
    Spybot - Search & Destroy
    Symantec Endpoint Protection
    Symantec pcAnywhere
    TaxWise 2008 WorkStation
    TaxWise 2009
    TaxWise 2010
    TaxWise 2011
    Terminal Services Client
    TWUpdate
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB980182)
    Visual C++ 8.0 ATL (x86) WinSXS MSM
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    WinZip
    WordPerfect Lightning
    WordPerfect Lightning - EN
    WordPerfect Lightning - IPM
    WordPerfect Lightning - Messages
    WordPerfect Lightning - MSOM
    WordPerfect Office X4
    WordPerfect Office X4 - Common
    WordPerfect Office X4 - Content
    WordPerfect Office X4 - EN
    WordPerfect Office X4 - Filters
    WordPerfect Office X4 - Graphics
    WordPerfect Office X4 - ICA
    WordPerfect Office X4 - IPM
    WordPerfect Office X4 - IPM EN
    WordPerfect Office X4 - Migration Manager
    WordPerfect Office X4 - PerfectExperts
    WordPerfect Office X4 - PR
    WordPerfect Office X4 - QP
    WordPerfect Office X4 - Skins
    WordPerfect Office X4 - System
    WordPerfect Office X4 - WP
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/8/2012 4:43:46 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    5/8/2012 12:23:57 PM, error: NETLOGON [5719] - No Domain Controller is available for domain LSND due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    .
    ==== End Of File ===========================
     
  15. Broni

    Broni Malware Annihilator Posts: 47,159   +264

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  16. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    TDSSKiller Log

    17:22:55.0061 3796 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
    17:22:55.0654 3796 ============================================================
    17:22:55.0654 3796 Current date / time: 2012/05/08 17:22:55.0654
    17:22:55.0654 3796 SystemInfo:
    17:22:55.0654 3796
    17:22:55.0654 3796 OS Version: 5.1.2600 ServicePack: 3.0
    17:22:55.0654 3796 Product type: Workstation
    17:22:55.0654 3796 ComputerName: CLARINED
    17:22:55.0654 3796 UserName: cdegroot
    17:22:55.0654 3796 Windows directory: C:\WINDOWS
    17:22:55.0654 3796 System windows directory: C:\WINDOWS
    17:22:55.0654 3796 Processor architecture: Intel x86
    17:22:55.0654 3796 Number of processors: 2
    17:22:55.0654 3796 Page size: 0x1000
    17:22:55.0654 3796 Boot type: Normal boot
    17:22:55.0654 3796 ============================================================
    17:22:56.0918 3796 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    17:22:56.0965 3796 ============================================================
    17:22:56.0965 3796 \Device\Harddisk0\DR0:
    17:22:56.0965 3796 MBR partitions:
    17:22:56.0965 3796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x129E99B5
    17:22:56.0965 3796 ============================================================
    17:22:57.0137 3796 C: <-> \Device\Harddisk0\DR0\Partition0
    17:22:57.0137 3796 ============================================================
    17:22:57.0137 3796 Initialize success
    17:22:57.0137 3796 ============================================================
    17:23:04.0502 2668 ============================================================
    17:23:04.0502 2668 Scan started
    17:23:04.0502 2668 Mode: Manual;
    17:23:04.0502 2668 ============================================================
    17:23:04.0736 2668 Abiosdsk - ok
    17:23:04.0768 2668 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    17:23:04.0768 2668 abp480n5 - ok
    17:23:04.0799 2668 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    17:23:04.0799 2668 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
    17:23:04.0814 2668 ACPI ( Virus.Win32.Rloader.a ) - infected
    17:23:04.0814 2668 ACPI - detected Virus.Win32.Rloader.a (0)
    17:23:04.0814 2668 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    17:23:04.0814 2668 ACPIEC - ok
    17:23:04.0877 2668 ADIHdAudAddService (803c7d4767132f2407431103055c9000) C:\WINDOWS\system32\drivers\ADIHdAud.sys
    17:23:04.0877 2668 ADIHdAudAddService - ok
    17:23:04.0955 2668 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    17:23:04.0955 2668 AdobeFlashPlayerUpdateSvc - ok
    17:23:04.0986 2668 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    17:23:04.0986 2668 adpu160m - ok
    17:23:05.0017 2668 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    17:23:05.0017 2668 aec - ok
    17:23:05.0064 2668 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    17:23:05.0064 2668 AFD - ok
    17:23:05.0064 2668 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    17:23:05.0064 2668 agp440 - ok
    17:23:05.0095 2668 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    17:23:05.0095 2668 agpCPQ - ok
    17:23:05.0095 2668 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    17:23:05.0095 2668 Aha154x - ok
    17:23:05.0111 2668 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    17:23:05.0111 2668 aic78u2 - ok
    17:23:05.0127 2668 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    17:23:05.0127 2668 aic78xx - ok
    17:23:05.0142 2668 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    17:23:05.0158 2668 Alerter - ok
    17:23:05.0173 2668 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    17:23:05.0173 2668 ALG - ok
    17:23:05.0205 2668 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    17:23:05.0205 2668 AliIde - ok
    17:23:05.0205 2668 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    17:23:05.0205 2668 alim1541 - ok
    17:23:05.0220 2668 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    17:23:05.0220 2668 amdagp - ok
    17:23:05.0220 2668 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    17:23:05.0220 2668 amsint - ok
    17:23:05.0236 2668 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    17:23:05.0251 2668 AppMgmt - ok
    17:23:05.0267 2668 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    17:23:05.0267 2668 asc - ok
    17:23:05.0283 2668 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    17:23:05.0283 2668 asc3350p - ok
    17:23:05.0298 2668 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    17:23:05.0298 2668 asc3550 - ok
    17:23:05.0423 2668 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    17:23:05.0439 2668 aspnet_state - ok
    17:23:05.0454 2668 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    17:23:05.0454 2668 AsyncMac - ok
    17:23:05.0501 2668 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    17:23:05.0501 2668 atapi - ok
    17:23:05.0501 2668 Atdisk - ok
    17:23:05.0532 2668 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    17:23:05.0532 2668 Atmarpc - ok
    17:23:05.0564 2668 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    17:23:05.0564 2668 AudioSrv - ok
    17:23:05.0579 2668 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    17:23:05.0579 2668 audstub - ok
    17:23:05.0626 2668 awecho (7305e36433ae7ce4a878ccc900bcf2a8) C:\WINDOWS\system32\drivers\awechomd.sys
    17:23:05.0626 2668 awecho - ok
    17:23:05.0766 2668 awhost32 (66847905242d7c66cd628643eb3413fe) C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    17:23:05.0782 2668 awhost32 - ok
    17:23:05.0782 2668 awlegacy (1464f3daf223e7a204baf1b556ee7769) C:\WINDOWS\System32\Drivers\awlegacy.sys
    17:23:05.0782 2668 awlegacy - ok
    17:23:05.0782 2668 AW_HOST (71c32536b50136e9e439306a2e9296e2) C:\WINDOWS\system32\drivers\aw_host5.sys
    17:23:05.0782 2668 AW_HOST - ok
    17:23:05.0798 2668 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    17:23:05.0798 2668 Beep - ok
    17:23:05.0860 2668 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    17:23:05.0876 2668 BITS - ok
    17:23:05.0907 2668 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    17:23:05.0922 2668 Browser - ok
    17:23:05.0922 2668 catchme - ok
    17:23:05.0954 2668 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    17:23:05.0954 2668 cbidf - ok
    17:23:05.0954 2668 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    17:23:05.0954 2668 cbidf2k - ok
    17:23:06.0063 2668 ccEvtMgr (f3e5c6ceec35c3f65221100b00afb5f9) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    17:23:06.0063 2668 ccEvtMgr - ok
    17:23:06.0078 2668 ccSetMgr (f3e5c6ceec35c3f65221100b00afb5f9) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    17:23:06.0078 2668 ccSetMgr - ok
    17:23:06.0078 2668 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    17:23:06.0078 2668 cd20xrnt - ok
    17:23:06.0078 2668 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    17:23:06.0078 2668 Cdaudio - ok
    17:23:06.0125 2668 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    17:23:06.0125 2668 Cdfs - ok
    17:23:06.0172 2668 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    17:23:06.0172 2668 Cdrom - ok
    17:23:06.0188 2668 Changer - ok
    17:23:06.0203 2668 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    17:23:06.0203 2668 CiSvc - ok
    17:23:06.0235 2668 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    17:23:06.0235 2668 ClipSrv - ok
    17:23:06.0328 2668 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:23:06.0328 2668 clr_optimization_v2.0.50727_32 - ok
    17:23:06.0422 2668 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:23:06.0422 2668 clr_optimization_v4.0.30319_32 - ok
    17:23:06.0453 2668 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    17:23:06.0453 2668 CmdIde - ok
    17:23:06.0484 2668 COH_Mon (4f2dedeed7c091fafc4dada5534f3d37) C:\WINDOWS\system32\Drivers\COH_Mon.sys
    17:23:06.0484 2668 COH_Mon - ok
    17:23:06.0484 2668 COMSysApp - ok
    17:23:06.0531 2668 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    17:23:06.0531 2668 Cpqarray - ok
    17:23:06.0578 2668 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    17:23:06.0578 2668 CryptSvc - ok
    17:23:06.0593 2668 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    17:23:06.0593 2668 dac2w2k - ok
    17:23:06.0609 2668 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    17:23:06.0609 2668 dac960nt - ok
    17:23:06.0656 2668 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    17:23:06.0656 2668 DcomLaunch - ok
    17:23:06.0718 2668 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    17:23:06.0718 2668 Dhcp - ok
    17:23:06.0765 2668 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    17:23:06.0765 2668 Disk - ok
    17:23:06.0812 2668 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
    17:23:06.0812 2668 DLABMFSM - ok
    17:23:06.0828 2668 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
    17:23:06.0828 2668 DLABOIOM - ok
    17:23:06.0828 2668 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    17:23:06.0828 2668 DLACDBHM - ok
    17:23:06.0828 2668 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
    17:23:06.0828 2668 DLADResM - ok
    17:23:06.0843 2668 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
    17:23:06.0843 2668 DLAIFS_M - ok
    17:23:06.0859 2668 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
    17:23:06.0859 2668 DLAOPIOM - ok
    17:23:06.0859 2668 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
    17:23:06.0859 2668 DLAPoolM - ok
    17:23:06.0874 2668 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
    17:23:06.0874 2668 DLARTL_M - ok
    17:23:06.0874 2668 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
    17:23:06.0874 2668 DLAUDFAM - ok
    17:23:06.0890 2668 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
    17:23:06.0890 2668 DLAUDF_M - ok
    17:23:06.0890 2668 dmadmin - ok
    17:23:06.0937 2668 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    17:23:06.0937 2668 dmboot - ok
    17:23:06.0952 2668 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    17:23:06.0952 2668 dmio - ok
    17:23:06.0952 2668 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    17:23:06.0952 2668 dmload - ok
    17:23:06.0984 2668 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    17:23:06.0984 2668 dmserver - ok
    17:23:07.0015 2668 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    17:23:07.0015 2668 DMusic - ok
    17:23:07.0046 2668 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    17:23:07.0046 2668 Dnscache - ok
    17:23:07.0108 2668 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    17:23:07.0124 2668 Dot3svc - ok
    17:23:07.0155 2668 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    17:23:07.0155 2668 dpti2o - ok
    17:23:07.0186 2668 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    17:23:07.0186 2668 drmkaud - ok
    17:23:07.0233 2668 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    17:23:07.0233 2668 DRVMCDB - ok
    17:23:07.0233 2668 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    17:23:07.0233 2668 DRVNDDM - ok
    17:23:07.0280 2668 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    17:23:07.0280 2668 EapHost - ok
    17:23:07.0436 2668 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    17:23:07.0436 2668 eeCtrl - ok
    17:23:07.0467 2668 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    17:23:07.0467 2668 EraserUtilRebootDrv - ok
    17:23:07.0483 2668 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    17:23:07.0483 2668 ERSvc - ok
    17:23:07.0530 2668 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    17:23:07.0530 2668 Eventlog - ok
    17:23:07.0592 2668 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    17:23:07.0592 2668 EventSystem - ok
    17:23:07.0639 2668 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    17:23:07.0639 2668 Fastfat - ok
    17:23:07.0686 2668 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    17:23:07.0701 2668 FastUserSwitchingCompatibility - ok
    17:23:07.0764 2668 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
    17:23:07.0764 2668 Fax - ok
    17:23:07.0764 2668 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    17:23:07.0764 2668 Fdc - ok
    17:23:07.0779 2668 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    17:23:07.0795 2668 Fips - ok
    17:23:07.0795 2668 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    17:23:07.0795 2668 Flpydisk - ok
    17:23:07.0811 2668 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    17:23:07.0811 2668 FltMgr - ok
    17:23:07.0951 2668 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    17:23:07.0967 2668 FontCache3.0.0.0 - ok
    17:23:07.0967 2668 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    17:23:07.0967 2668 Fs_Rec - ok
    17:23:07.0998 2668 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    17:23:07.0998 2668 Ftdisk - ok
    17:23:07.0998 2668 Gernuwa (fd25177ced6751c14de170d8282ced90) C:\WINDOWS\system32\drivers\Gernuwa.sys
    17:23:08.0014 2668 Gernuwa - ok
    17:23:08.0029 2668 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    17:23:08.0029 2668 Gpc - ok
    17:23:08.0185 2668 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    17:23:08.0185 2668 gupdate - ok
    17:23:08.0185 2668 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    17:23:08.0201 2668 gupdatem - ok
    17:23:08.0216 2668 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    17:23:08.0216 2668 HDAudBus - ok
    17:23:08.0294 2668 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    17:23:08.0294 2668 helpsvc - ok
    17:23:08.0310 2668 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
    17:23:08.0310 2668 HidServ - ok
    17:23:08.0341 2668 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    17:23:08.0341 2668 hidusb - ok
    17:23:08.0357 2668 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    17:23:08.0357 2668 hkmsvc - ok
    17:23:08.0388 2668 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    17:23:08.0388 2668 hpn - ok
    17:23:08.0435 2668 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    17:23:08.0435 2668 HTTP - ok
    17:23:08.0450 2668 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    17:23:08.0450 2668 HTTPFilter - ok
    17:23:08.0450 2668 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    17:23:08.0450 2668 i2omgmt - ok
    17:23:08.0497 2668 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    17:23:08.0497 2668 i2omp - ok
    17:23:08.0763 2668 ialm (b2768350bb50469aeb1afe694372b613) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    17:23:08.0794 2668 ialm - ok
    17:23:09.0028 2668 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    17:23:09.0028 2668 idsvc - ok
    17:23:09.0106 2668 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    17:23:09.0106 2668 Imapi - ok
    17:23:09.0153 2668 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    17:23:09.0153 2668 ImapiService - ok
    17:23:09.0199 2668 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    17:23:09.0199 2668 ini910u - ok
    17:23:09.0231 2668 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    17:23:09.0231 2668 IntelIde - ok
    17:23:09.0262 2668 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    17:23:09.0262 2668 intelppm - ok
    17:23:09.0278 2668 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    17:23:09.0278 2668 Ip6Fw - ok
    17:23:09.0309 2668 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    17:23:09.0309 2668 IpFilterDriver - ok
    17:23:09.0324 2668 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    17:23:09.0324 2668 IpInIp - ok
    17:23:09.0356 2668 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    17:23:09.0356 2668 IpNat - ok
    17:23:09.0356 2668 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    17:23:09.0371 2668 IPSec - ok
    17:23:09.0387 2668 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    17:23:09.0387 2668 IRENUM - ok
    17:23:09.0418 2668 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    17:23:09.0418 2668 isapnp - ok
    17:23:09.0605 2668 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
    17:23:09.0605 2668 JavaQuickStarterService - ok
    17:23:09.0621 2668 k57w2k (cb46c36f55cdfe4d20d9833e0f267c84) C:\WINDOWS\system32\DRIVERS\k57xp32.sys
    17:23:09.0636 2668 k57w2k - ok
    17:23:09.0683 2668 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    17:23:09.0683 2668 Kbdclass - ok
    17:23:09.0746 2668 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    17:23:09.0746 2668 kbdhid - ok
    17:23:09.0746 2668 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    17:23:09.0761 2668 kmixer - ok
    17:23:09.0777 2668 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    17:23:09.0777 2668 KSecDD - ok
    17:23:09.0824 2668 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    17:23:09.0824 2668 LanmanServer - ok
    17:23:09.0871 2668 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    17:23:09.0871 2668 lanmanworkstation - ok
    17:23:09.0871 2668 lbrtfdc - ok
    17:23:10.0089 2668 LiveUpdate (6abe9ecaab7dd0cc6f46ec830e0fe8fc) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    17:23:10.0105 2668 LiveUpdate - ok
    17:23:10.0261 2668 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    17:23:10.0261 2668 LmHosts - ok
    17:23:10.0307 2668 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
    17:23:10.0307 2668 MBAMProtector - ok
    17:23:10.0385 2668 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    17:23:10.0401 2668 MBAMService - ok
    17:23:10.0526 2668 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    17:23:10.0526 2668 MDM - ok
    17:23:10.0573 2668 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    17:23:10.0573 2668 Messenger - ok
    17:23:10.0604 2668 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    17:23:10.0604 2668 mnmdd - ok
    17:23:10.0635 2668 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    17:23:10.0635 2668 mnmsrvc - ok
    17:23:10.0666 2668 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    17:23:10.0666 2668 Modem - ok
    17:23:10.0713 2668 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    17:23:10.0713 2668 Mouclass - ok
    17:23:10.0713 2668 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    17:23:10.0713 2668 mouhid - ok
    17:23:10.0729 2668 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    17:23:10.0729 2668 MountMgr - ok
    17:23:10.0776 2668 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    17:23:10.0776 2668 MozillaMaintenance - ok
    17:23:10.0791 2668 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    17:23:10.0791 2668 mraid35x - ok
    17:23:10.0822 2668 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    17:23:10.0822 2668 MRxDAV - ok
    17:23:10.0885 2668 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    17:23:10.0885 2668 MRxSmb - ok
    17:23:10.0900 2668 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    17:23:10.0900 2668 MSDTC - ok
    17:23:10.0916 2668 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    17:23:10.0916 2668 Msfs - ok
    17:23:10.0916 2668 MSIServer - ok
    17:23:10.0963 2668 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    17:23:10.0963 2668 MSKSSRV - ok
    17:23:10.0963 2668 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    17:23:10.0963 2668 MSPCLOCK - ok
    17:23:10.0994 2668 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    17:23:10.0994 2668 MSPQM - ok
    17:23:11.0010 2668 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    17:23:11.0010 2668 mssmbios - ok
    17:23:11.0041 2668 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    17:23:11.0041 2668 Mup - ok
    17:23:11.0072 2668 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    17:23:11.0088 2668 napagent - ok
    17:23:11.0244 2668 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120507.038\NAVENG.SYS
    17:23:11.0244 2668 NAVENG - ok
    17:23:11.0306 2668 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120507.038\NAVEX15.SYS
    17:23:11.0322 2668 NAVEX15 - ok
    17:23:11.0478 2668 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    17:23:11.0478 2668 NDIS - ok
    17:23:11.0525 2668 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    17:23:11.0525 2668 NdisTapi - ok
    17:23:11.0540 2668 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    17:23:11.0540 2668 Ndisuio - ok
    17:23:11.0540 2668 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    17:23:11.0540 2668 NdisWan - ok
    17:23:11.0603 2668 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    17:23:11.0603 2668 NDProxy - ok
    17:23:11.0603 2668 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    17:23:11.0603 2668 NetBIOS - ok
    17:23:11.0618 2668 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    17:23:11.0618 2668 NetBT - ok
    17:23:11.0728 2668 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    17:23:11.0728 2668 NetDDE - ok
    17:23:11.0728 2668 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    17:23:11.0728 2668 NetDDEdsdm - ok
    17:23:11.0743 2668 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    17:23:11.0743 2668 Netlogon - ok
    17:23:11.0759 2668 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    17:23:11.0759 2668 Netman - ok
    17:23:11.0899 2668 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    17:23:11.0899 2668 NetTcpPortSharing - ok
    17:23:11.0930 2668 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    17:23:11.0930 2668 Nla - ok
    17:23:11.0962 2668 nlem32nt (a3ad7925f1a18b379e1cc5ce2eeda86b) C:\WINDOWS\system32\drivers\nlem32nt.sys
    17:23:11.0962 2668 nlem32nt - ok
    17:23:11.0977 2668 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    17:23:11.0977 2668 Npfs - ok
    17:23:12.0040 2668 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    17:23:12.0040 2668 Ntfs - ok
    17:23:12.0040 2668 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    17:23:12.0040 2668 NtLmSsp - ok
    17:23:12.0086 2668 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    17:23:12.0133 2668 NtmsSvc - ok
    17:23:12.0149 2668 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    17:23:12.0149 2668 Null - ok
    17:23:12.0180 2668 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    17:23:12.0180 2668 NwlnkFlt - ok
    17:23:12.0196 2668 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    17:23:12.0196 2668 NwlnkFwd - ok
    17:23:12.0367 2668 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    17:23:12.0383 2668 odserv - ok
    17:23:12.0414 2668 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    17:23:12.0414 2668 ose - ok
    17:23:12.0477 2668 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    17:23:12.0477 2668 Parport - ok
    17:23:12.0477 2668 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    17:23:12.0477 2668 PartMgr - ok
    17:23:12.0508 2668 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    17:23:12.0508 2668 ParVdm - ok
    17:23:12.0523 2668 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    17:23:12.0523 2668 PCI - ok
    17:23:12.0523 2668 PCIDump - ok
    17:23:12.0586 2668 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    17:23:12.0586 2668 PCIIde - ok
    17:23:12.0617 2668 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    17:23:12.0617 2668 Pcmcia - ok
    17:23:12.0633 2668 PDCOMP - ok
    17:23:12.0633 2668 PDFRAME - ok
    17:23:12.0633 2668 PDRELI - ok
    17:23:12.0633 2668 PDRFRAME - ok
    17:23:12.0679 2668 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    17:23:12.0679 2668 perc2 - ok
    17:23:12.0695 2668 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    17:23:12.0695 2668 perc2hib - ok
    17:23:12.0757 2668 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    17:23:12.0757 2668 PlugPlay - ok
    17:23:12.0789 2668 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    17:23:12.0789 2668 PolicyAgent - ok
    17:23:12.0820 2668 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    17:23:12.0820 2668 PptpMiniport - ok
    17:23:12.0820 2668 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    17:23:12.0820 2668 ProtectedStorage - ok
    17:23:12.0820 2668 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    17:23:12.0835 2668 PSched - ok
    17:23:12.0882 2668 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    17:23:12.0882 2668 PSI_SVC_2 - ok
    17:23:12.0882 2668 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    17:23:12.0898 2668 Ptilink - ok
    17:23:12.0945 2668 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    17:23:12.0945 2668 PxHelp20 - ok
    17:23:12.0960 2668 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    17:23:12.0960 2668 ql1080 - ok
    17:23:12.0976 2668 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    17:23:12.0976 2668 Ql10wnt - ok
    17:23:12.0992 2668 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    17:23:12.0992 2668 ql12160 - ok
    17:23:12.0992 2668 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    17:23:12.0992 2668 ql1240 - ok
    17:23:13.0023 2668 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    17:23:13.0023 2668 ql1280 - ok
    17:23:13.0038 2668 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    17:23:13.0054 2668 RasAcd - ok
    17:23:13.0085 2668 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    17:23:13.0101 2668 RasAuto - ok
    17:23:13.0132 2668 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    17:23:13.0132 2668 Rasl2tp - ok
    17:23:13.0163 2668 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    17:23:13.0179 2668 RasMan - ok
    17:23:13.0179 2668 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    17:23:13.0179 2668 RasPppoe - ok
    17:23:13.0226 2668 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    17:23:13.0226 2668 Raspti - ok
    17:23:13.0241 2668 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    17:23:13.0241 2668 Rdbss - ok
    17:23:13.0241 2668 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    17:23:13.0241 2668 RDPCDD - ok
    17:23:13.0257 2668 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    17:23:13.0257 2668 rdpdr - ok
    17:23:13.0304 2668 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    17:23:13.0319 2668 RDPWD - ok
    17:23:13.0350 2668 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    17:23:13.0350 2668 RDSessMgr - ok
    17:23:13.0366 2668 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    17:23:13.0366 2668 redbook - ok
    17:23:13.0397 2668 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    17:23:13.0397 2668 RemoteAccess - ok
    17:23:13.0428 2668 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    17:23:13.0428 2668 RemoteRegistry - ok
    17:23:13.0460 2668 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    17:23:13.0475 2668 RpcLocator - ok
    17:23:13.0522 2668 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
    17:23:13.0522 2668 RpcSs - ok
    17:23:13.0553 2668 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    17:23:13.0553 2668 RSVP - ok
    17:23:13.0585 2668 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    17:23:13.0585 2668 SamSs - ok
    17:23:13.0616 2668 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    17:23:13.0616 2668 SCardSvr - ok
    17:23:13.0631 2668 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    17:23:13.0647 2668 Schedule - ok
    17:23:13.0694 2668 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    17:23:13.0694 2668 Secdrv - ok
    17:23:13.0709 2668 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    17:23:13.0709 2668 seclogon - ok
    17:23:13.0725 2668 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    17:23:13.0741 2668 SENS - ok
    17:23:13.0741 2668 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    17:23:13.0741 2668 Serenum - ok
    17:23:13.0756 2668 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    17:23:13.0756 2668 Serial - ok
    17:23:13.0803 2668 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
    17:23:13.0803 2668 SFAUDIO - ok
    17:23:13.0803 2668 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    17:23:13.0819 2668 Sfloppy - ok
    17:23:13.0865 2668 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    17:23:13.0881 2668 SharedAccess - ok
    17:23:13.0928 2668 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    17:23:13.0928 2668 ShellHWDetection - ok
    17:23:13.0928 2668 Simbad - ok
    17:23:13.0959 2668 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    17:23:13.0959 2668 sisagp - ok
    17:23:14.0146 2668 SmcService (8317ad0c7e640411c746d5664eb7957a) C:\Program Files\Symantec AntiVirus\Smc.exe
    17:23:14.0162 2668 SmcService - ok
    17:23:14.0224 2668 SNAC (95293a76341b1db125ee125474657728) C:\Program Files\Symantec AntiVirus\SNAC.EXE
    17:23:14.0224 2668 SNAC - ok
    17:23:14.0380 2668 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    17:23:14.0380 2668 Sparrow - ok
    17:23:14.0443 2668 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    17:23:14.0443 2668 SPBBCDrv - ok
    17:23:14.0474 2668 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    17:23:14.0474 2668 splitter - ok
    17:23:14.0521 2668 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    17:23:14.0521 2668 Spooler - ok
    17:23:14.0568 2668 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    17:23:14.0568 2668 sr - ok
    17:23:14.0630 2668 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    17:23:14.0630 2668 srservice - ok
    17:23:14.0692 2668 SRTSP (b36f8d6a02ff2b3a53e250a629782f29) C:\WINDOWS\system32\Drivers\SRTSP.SYS
    17:23:14.0692 2668 SRTSP - ok
    17:23:14.0739 2668 SRTSPL (e99bd98ac171a29fc1ba9376be87ae73) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
    17:23:14.0739 2668 SRTSPL - ok
    17:23:14.0786 2668 SRTSPX (1af34729898063e9b7df8d149d767e07) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
    17:23:14.0786 2668 SRTSPX - ok
    17:23:14.0849 2668 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    17:23:14.0849 2668 Srv - ok
    17:23:14.0864 2668 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    17:23:14.0864 2668 SSDPSRV - ok
    17:23:14.0927 2668 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    17:23:14.0942 2668 stisvc - ok
    17:23:15.0020 2668 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    17:23:15.0020 2668 stllssvr - ok
    17:23:15.0051 2668 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    17:23:15.0051 2668 swenum - ok
    17:23:15.0067 2668 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    17:23:15.0067 2668 swmidi - ok
    17:23:15.0083 2668 SwPrv - ok
    17:23:15.0192 2668 Symantec AntiVirus (4402cf4959a30cb6a008099aba8f22a9) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    17:23:15.0207 2668 Symantec AntiVirus - ok
    17:23:15.0332 2668 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    17:23:15.0332 2668 symc810 - ok
    17:23:15.0348 2668 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    17:23:15.0348 2668 symc8xx - ok
    17:23:15.0395 2668 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    17:23:15.0395 2668 SymEvent - ok
    17:23:15.0442 2668 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
    17:23:15.0442 2668 SYMREDRV - ok
    17:23:15.0457 2668 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
    17:23:15.0457 2668 SYMTDI - ok
    17:23:15.0488 2668 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    17:23:15.0488 2668 sym_hi - ok
    17:23:15.0504 2668 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    17:23:15.0504 2668 sym_u3 - ok
    17:23:15.0566 2668 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    17:23:15.0566 2668 sysaudio - ok
    17:23:15.0613 2668 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    17:23:15.0613 2668 SysmonLog - ok
    17:23:15.0644 2668 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    17:23:15.0660 2668 TapiSrv - ok
    17:23:15.0722 2668 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    17:23:15.0722 2668 Tcpip - ok
    17:23:15.0754 2668 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    17:23:15.0754 2668 TDPIPE - ok
    17:23:15.0769 2668 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    17:23:15.0769 2668 TDTCP - ok
    17:23:15.0800 2668 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    17:23:15.0800 2668 TermDD - ok
    17:23:15.0816 2668 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    17:23:15.0832 2668 TermService - ok
    17:23:15.0878 2668 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    17:23:15.0878 2668 Themes - ok
    17:23:15.0910 2668 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    17:23:15.0925 2668 TlntSvr - ok
    17:23:15.0941 2668 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    17:23:15.0941 2668 TosIde - ok
    17:23:15.0957 2668 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    17:23:15.0972 2668 TrkWks - ok
    17:23:15.0988 2668 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    17:23:15.0988 2668 Udfs - ok
    17:23:16.0019 2668 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    17:23:16.0019 2668 ultra - ok
    17:23:16.0066 2668 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    17:23:16.0066 2668 Update - ok
    17:23:16.0081 2668 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    17:23:16.0097 2668 upnphost - ok
    17:23:16.0128 2668 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    17:23:16.0128 2668 UPS - ok
    17:23:16.0128 2668 USBAAPL - ok
    17:23:16.0144 2668 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    17:23:16.0144 2668 usbccgp - ok
    17:23:16.0175 2668 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    17:23:16.0175 2668 usbehci - ok
    17:23:16.0222 2668 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    17:23:16.0222 2668 usbhub - ok
    17:23:16.0253 2668 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    17:23:16.0269 2668 usbscan - ok
    17:23:16.0300 2668 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    17:23:16.0300 2668 USBSTOR - ok
    17:23:16.0315 2668 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    17:23:16.0315 2668 usbuhci - ok
    17:23:16.0315 2668 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    17:23:16.0331 2668 VgaSave - ok
    17:23:16.0347 2668 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    17:23:16.0347 2668 viaagp - ok
    17:23:16.0362 2668 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    17:23:16.0362 2668 ViaIde - ok
    17:23:16.0393 2668 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    17:23:16.0393 2668 VolSnap - ok
    17:23:16.0440 2668 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    17:23:16.0440 2668 VSS - ok
    17:23:16.0487 2668 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    17:23:16.0487 2668 w32time - ok
    17:23:16.0503 2668 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    17:23:16.0503 2668 Wanarp - ok
    17:23:16.0503 2668 WDICA - ok
    17:23:16.0550 2668 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    17:23:16.0550 2668 wdmaud - ok
    17:23:16.0565 2668 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    17:23:16.0565 2668 WebClient - ok
    17:23:16.0674 2668 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    17:23:16.0674 2668 winmgmt - ok
    17:23:16.0737 2668 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    17:23:16.0737 2668 WmdmPmSN - ok
    17:23:16.0815 2668 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    17:23:16.0815 2668 Wmi - ok
    17:23:16.0846 2668 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    17:23:16.0846 2668 WmiApSrv - ok
    17:23:17.0002 2668 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
    17:23:17.0018 2668 WMPNetworkSvc - ok
    17:23:17.0221 2668 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    17:23:17.0221 2668 WPFFontCache_v0400 - ok
    17:23:17.0361 2668 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    17:23:17.0361 2668 WS2IFSL - ok
    17:23:17.0408 2668 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
    17:23:17.0408 2668 wscsvc - ok
    17:23:17.0423 2668 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    17:23:17.0423 2668 wuauserv - ok
    17:23:17.0470 2668 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    17:23:17.0470 2668 WudfPf - ok
    17:23:17.0501 2668 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    17:23:17.0501 2668 WudfRd - ok
    17:23:17.0517 2668 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    17:23:17.0517 2668 WudfSvc - ok
    17:23:17.0548 2668 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    17:23:17.0548 2668 WZCSVC - ok
    17:23:17.0579 2668 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    17:23:17.0595 2668 xmlprov - ok
    17:23:17.0626 2668 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    17:23:17.0673 2668 \Device\Harddisk0\DR0 - ok
    17:23:17.0689 2668 Boot (0x1200) (06a9a921ddabdd4df372a123c80a9552) \Device\Harddisk0\DR0\Partition0
    17:23:17.0689 2668 \Device\Harddisk0\DR0\Partition0 - ok
    17:23:17.0689 2668 ============================================================
    17:23:17.0689 2668 Scan finished
    17:23:17.0689 2668 ============================================================
    17:23:17.0689 3044 Detected object count: 1
    17:23:17.0689 3044 Actual detected object count: 1
    17:23:46.0901 3044 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
    17:23:48.0384 3044 Backup copy found, using it..
    17:23:48.0431 3044 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
    17:23:48.0431 3044 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
    17:24:28.0161 3892 Deinitialize success
     
  17. Broni

    Broni Malware Annihilator Posts: 47,159   +264

    Good.

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==============================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  18. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    After TDSSKiller found virus.win32.rloader.a and "cured" it, I am now able to search using bing, yahoo and google.
     
  19. Broni

    Broni Malware Annihilator Posts: 47,159   +264

    Good news :)
    Go on...
     
  20. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    aswMBR log:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-05-08 17:40:37
    -----------------------------
    17:40:37.404 OS Version: Windows 5.1.2600 Service Pack 3
    17:40:37.404 Number of processors: 2 586 0x1706
    17:40:37.404 ComputerName: CLARINED UserName: cdegroot
    17:40:37.887 Initialize success
    17:42:50.934 AVAST engine defs: 12050801
    17:43:04.735 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    17:43:04.735 Disk 0 Vendor: ST3160815AS 4.ADA Size: 152587MB BusType: 3
    17:43:04.750 Disk 0 MBR read successfully
    17:43:04.750 Disk 0 MBR scan
    17:43:04.782 Disk 0 Windows VISTA default MBR code
    17:43:04.782 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
    17:43:04.797 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152531 MB offset 112455
    17:43:04.813 Disk 0 scanning sectors +312496380
    17:43:04.891 Disk 0 scanning C:\WINDOWS\system32\drivers
    17:43:14.520 Service scanning
    17:43:33.280 Modules scanning
    17:43:39.320 Disk 0 trace - called modules:
    17:43:39.352 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    17:43:39.851 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89db6ab8]
    17:43:39.851 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89db0d98]
    17:43:40.241 AVAST engine scan C:\WINDOWS
    17:43:54.662 AVAST engine scan C:\WINDOWS\system32
    17:46:50.182 AVAST engine scan C:\WINDOWS\system32\drivers
    17:47:04.796 AVAST engine scan C:\Documents and Settings\cdegroot
    17:50:56.350 AVAST engine scan C:\Documents and Settings\All Users
    17:52:00.004 Scan finished successfully
    17:52:44.381 Disk 0 MBR has been saved successfully to "N:\Gale\CLARINE\MBR.dat"
    17:52:45.600 The log file has been saved successfully to "N:\Gale\CLARINE\aswMBR.txt"
     
  21. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    bootkit remover log:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  22. Broni

    Broni Malware Annihilator Posts: 47,159   +264

    Good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  23. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    Combofix log:

    ComboFix 12-05-08.02 - cdegroot 05/08/2012 18:16:34.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1169 [GMT -5:00]
    Running from: c:\documents and settings\cdegroot\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-08 22:23 . 2012-05-08 22:23 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-05-08 20:25 . 2012-05-08 20:25 -------- d-----w- c:\program files\Trend Micro
    2012-05-08 19:50 . 2012-05-08 19:50 -------- d-----w- c:\program files\blekkotb_soc
    2012-05-08 17:47 . 2012-05-08 17:47 -------- d-----w- c:\documents and settings\cdegroot\Application Data\blekkotb_019
    2012-05-08 17:08 . 2012-05-08 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
    2012-05-08 16:08 . 2012-05-08 16:08 -------- d-----w- C:\ERDNT
    2012-05-08 14:16 . 2012-05-08 14:16 -------- d-sh--w- c:\documents and settings\admin.LSND\IETldCache
    2012-05-01 16:32 . 2012-05-01 16:32 -------- d-----w- c:\documents and settings\cdegroot\Local Settings\Application Data\Citrix
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-08 22:26 . 2008-04-14 00:06 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
    2012-05-05 05:58 . 2012-03-29 15:55 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-05 05:58 . 2011-06-09 15:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-04 23:37 . 2009-05-20 21:16 848 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2012-04-04 20:56 . 2010-06-02 18:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-01 11:01 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:01 . 2008-04-25 16:16 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10 . 2008-04-25 16:16 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10 . 2008-04-25 16:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17 . 2008-04-25 16:16 385024 ------w- c:\windows\system32\html.iec
    2012-02-21 14:39 . 2012-02-21 14:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-02-21 14:39 . 2010-05-27 13:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-21 01:19 . 2012-05-08 20:06 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-05-08_17.35.56 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-05-08 22:27 . 2012-05-08 22:27 16384 c:\windows\Temp\Perflib_Perfdata_598.dat
    + 2012-05-08 22:44 . 2012-05-08 22:44 16384 c:\windows\Temp\Perflib_Perfdata_1b8.dat
    - 2008-04-25 16:16 . 2012-04-12 08:09 89866 c:\windows\system32\perfc009.dat
    + 2008-04-25 16:16 . 2012-05-08 22:31 89866 c:\windows\system32\perfc009.dat
    + 2012-05-08 19:51 . 2012-05-08 19:51 25214 c:\windows\Installer\{4A1AC952-AE29-4B2E-9C1B-715E180ABE33}\firefox.3.6.12.0.ico.exe
    - 2011-12-18 21:05 . 2011-12-18 21:05 25214 c:\windows\Installer\{4A1AC952-AE29-4B2E-9C1B-715E180ABE33}\firefox.3.6.12.0.ico.exe
    - 2008-04-25 16:16 . 2012-04-12 08:09 507072 c:\windows\system32\perfh009.dat
    + 2008-04-25 16:16 . 2012-05-08 22:31 507072 c:\windows\system32\perfh009.dat
    + 2012-05-08 20:03 . 2012-05-08 20:03 647680 c:\windows\Installer\8a8f92.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-16 1044480]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 141848]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-06-02 115560]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
    2005-05-20 16:51 8704 ----a-w- c:\windows\system32\PCANotify.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1280154943-3072627930-680104954-1113\Scripts\Logoff\0\0]
    "Script"=logoff.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1280154943-3072627930-680104954-1113\Scripts\Logon\0\0]
    "Script"=login.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1280154943-3072627930-680104954-1126\Scripts\Logoff\0\0]
    "Script"=logoff.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1280154943-3072627930-680104954-1126\Scripts\Logon\0\0]
    "Script"=login.bat
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2008-12-03 02:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
    2009-06-22 23:29 83232 ----a-w- c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-18 20:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-05-20 21:10 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    .
    R0 nlem32nt;NLEM32NT;c:\windows\system32\drivers\nlem32nt.sys [10/16/2009 3:32 PM 69656]
    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [4/30/2009 9:59 PM 24064]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/2/2010 1:58 PM 654408]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/15/2012 12:14 PM 106104]
    R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [4/30/2009 9:59 PM 176640]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/2/2010 1:58 PM 22344]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/4/2010 3:57 PM 135664]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/29/2012 10:55 AM 257696]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [6/2/2011 1:01 PM 23888]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/4/2010 3:57 PM 135664]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/8/2012 3:06 PM 129976]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 66746339
    *NewlyCreated* - ASWMBR
    *Deregistered* - 66746339
    *Deregistered* - aswMBR
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 05:58]
    .
    2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-04 20:57]
    .
    2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-04 20:57]
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\winnt\system32\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
    TCP: Interfaces\{C13904D9-AE89-4F79-A267-7A6AF8B9F2EF}: NameServer = 192.168.2.4,192.168.2.5,192.168.2.6
    FF - ProfilePath - c:\documents and settings\cdegroot\Application Data\Mozilla\Firefox\Profiles\8fnqr6fg.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-66746339.sys
    AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-08 18:20
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1484)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\hccutils.DLL
    .
    Completion time: 2012-05-08 18:22:05
    ComboFix-quarantined-files.txt 2012-05-08 23:21
    ComboFix2.txt 2012-05-08 17:38
    .
    Pre-Run: 131,193,643,008 bytes free
    Post-Run: 131,243,372,544 bytes free
    .
    - - End Of File - - DCC4345230688C630A65C7E56290D6D3
     
  24. Broni

    Broni Malware Annihilator Posts: 47,159   +264

    We have one system file missing.

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      i8042prt.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  25. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    I tried to run it by pressing look and it stated "Script Required" and didn't do anything.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.