Solved Cannot search or connect to Google with Firefox or IE

P

poohgc

Posts: 67   +0
Please find attached a highjackthis log. On this machine you cannot use IE 8 or Firefox 12 search bar to search for anything. This is an XP machine with all the patches there are. Before I sent you this log I used Malwarebytes and Spybot search and destroy which removed Double click, Fraud.Virus Remover2009, Medra Plex, Webtrends Live and Zedo. Can you see anything that would keep me from searching in the search bar? I can ping google.com and yahoo.com, but when I search with bing or google (I usually use just Firefox), it just sits there until it says "Connection reset".

Thanks,
Gale
 

Attachments

  • hijackthis.txt
    8 KB · Views: 2
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
MBAM Logs:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.08.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
admin :: CLARINED [administrator]

Protection: Enabled

5/8/2012 9:26:14 AM
mbam-log-2012-05-08 (09-26-14).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 367354
Time elapsed: 1 hour(s), 10 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
We don't use HJT around here anymore.


p4494882.gif
 
You're NOT paying attention because you certainly didn't read my initial reply #2 carefully.
 
I am to the step regarding GMER. When it first opens up it produces a small line of code. On the side there is then the option to scan. Am I supposed to push the scan button and let it go or do you only want to see the few lines it produces when it opens up?
 
Instructions are not clear, they state:

  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Warning! Please do not select the "Show all" checkbox during the scan.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
When I initially opened the program it produced a few lines of text then just sat there, there isn't any instructions to push the "scan" button. I did not receive a warning and was not asked to fully scan my system, it just sat there. I did NOT check the "Show All" checkbox. Do you just want the few lines that were produced when the program opened?
 
gmer.log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-05-08 17:06:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160815AS rev.4.ADA
Running: 48q3fqqh.exe; Driver: C:\DOCUME~1\cdegroot\LOCALS~1\Temp\pxldqpob.sys


---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice nlem32nt.sys

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:120] 89D5A16D
Thread System [4:368] 8995AB90

---- EOF - GMER 1.0.15 ----
 
DDS.text

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by cdegroot at 17:10:38 on 2012-05-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1330 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec AntiVirus\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = c:\winnt\system32\blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [RunNarrator] Narrator.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x4\programs\WPLauncher.hta
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242854494708
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{C13904D9-AE89-4F79-A267-7A6AF8B9F2EF} : NameServer = 192.168.2.4,192.168.2.5,192.168.2.6
Notify: igfxcui - igfxdev.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\cdegroot\application data\mozilla\firefox\profiles\8fnqr6fg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nlem32nt;NLEM32NT;c:\windows\system32\drivers\nlem32nt.sys [2009-10-16 69656]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-4-30 24064]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-10-23 16984]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-11-17 11165]
R2 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2005-5-20 106496]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-6-2 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-6-2 108392]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-6-2 654408]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2011-6-2 1839776]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-15 106104]
R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2009-4-30 176640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-6-2 22344]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120507.038\NAVENG.SYS [2012-5-8 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120507.038\NAVEX15.SYS [2012-5-8 1576312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-4 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 257696]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2011-6-2 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-4 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 129976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-08 20:25:40 -------- d-----w- c:\program files\Trend Micro
2012-05-08 19:50:36 -------- d-----w- c:\program files\blekkotb_soc
2012-05-08 17:47:56 -------- d-----w- c:\documents and settings\cdegroot\application data\blekkotb_019
2012-05-08 17:21:56 -------- d-sha-r- C:\cmdcons
2012-05-08 17:20:04 98816 ----a-w- c:\windows\sed.exe
2012-05-08 17:20:04 518144 ----a-w- c:\windows\SWREG.exe
2012-05-08 17:20:04 256000 ----a-w- c:\windows\PEV.exe
2012-05-08 17:20:04 208896 ----a-w- c:\windows\MBR.exe
2012-05-08 17:08:49 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2012-05-08 16:08:09 -------- d-----w- C:\ERDNT
2012-05-01 16:32:30 -------- d-----w- c:\documents and settings\cdegroot\local settings\application data\Citrix
.
==================== Find3M ====================
.
2012-05-05 05:58:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 05:58:07 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 23:37:59 848 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-02-21 14:39:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-21 14:39:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 17:10:58.17 ===============

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/20/2009 11:15:04 AM
System Uptime: 5/8/2012 4:07:37 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0T656F
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | CPU | 2493/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 122.263 GiB free.
D: is CDROM ()
H: is NetworkDisk (NTFS) - 298 GiB total, 231.626 GiB free.
N: is NetworkDisk (NTFS) - 466 GiB total, 252.389 GiB free.
S: is NetworkDisk (NTFS) - 298 GiB total, 261.372 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP343: 2/16/2012 3:00:18 AM - Software Distribution Service 3.0
RP344: 2/21/2012 8:39:18 AM - Removed Java(TM) 6 Update 11
RP345: 2/21/2012 8:39:46 AM - Installed Java(TM) 6 Update 31
RP346: 2/21/2012 12:46:35 PM - Installed Windows XP KB961118.
RP347: 2/21/2012 12:46:42 PM - Installed CCH Printer Update.
RP348: 3/2/2012 10:04:28 AM - Installed Windows XP KB961118.
RP349: 3/2/2012 10:04:36 AM - Installed CCH Printer Update.
RP350: 3/8/2012 5:03:34 PM - System Checkpoint
RP351: 3/9/2012 11:44:51 AM - Installed Windows XP KB961118.
RP352: 3/9/2012 11:44:59 AM - Installed CCH Printer Update.
RP353: 3/12/2012 9:02:25 AM - Installed Windows XP KB961118.
RP354: 3/12/2012 9:02:33 AM - Installed CCH Printer Update.
RP355: 3/14/2012 3:00:17 AM - Software Distribution Service 3.0
RP356: 3/16/2012 3:00:16 AM - Software Distribution Service 3.0
RP357: 3/17/2012 3:00:17 AM - Software Distribution Service 3.0
RP358: 3/22/2012 12:52:50 PM - Installed Windows XP KB961118.
RP359: 3/22/2012 12:52:58 PM - Installed CCH Printer Update.
RP360: 4/2/2012 9:30:02 AM - Installed Windows XP KB961118.
RP361: 4/2/2012 9:30:11 AM - Installed CCH Printer Update.
RP362: 4/12/2012 3:00:28 AM - Software Distribution Service 3.0
RP363: 4/13/2012 3:16:34 PM - Installed Windows XP KB961118.
RP364: 4/13/2012 3:16:42 PM - Installed CCH Printer Update.
RP365: 5/1/2012 12:11:16 PM - System Checkpoint
RP366: 5/8/2012 8:48:29 AM - Removed Bing Bar
RP367: 5/8/2012 8:51:04 AM - Removed Apple Application Support
RP368: 5/8/2012 8:53:06 AM - Removed Apple Mobile Device Support
RP369: 5/8/2012 8:54:11 AM - Removed Apple Software Update
RP370: 5/8/2012 8:54:29 AM - Removed Bonjour
RP371: 5/8/2012 8:55:36 AM - Removed iTunes
RP372: 5/8/2012 9:01:33 AM - Removed MobileMe Control Panel
RP373: 5/8/2012 9:02:23 AM - Removed Safari
RP374: 5/8/2012 2:51:42 PM - Removed Mozilla Firefox (en-US)
RP375: 5/8/2012 3:03:14 PM - Installed Mozilla Firefox (en-US)
RP376: 5/8/2012 3:15:10 PM - Installed Microsoft Fix it 50267
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
Broadcom Management Programs
Choice Guard
Corel WordPerfect Office - iFilter
Critical Update for Windows Media Player 11 (KB959772)
Crystal Reports Basic Runtime for Visual Studio 2008
Google Update Helper
GoToMeeting 4.5.0.457
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
LiveReg (Symantec Corporation)
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook 2003
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
OGA Notifier 2.0.0048.0
PowerDVD
QuickTime
RealPlayer
RealPopup
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
Symantec Endpoint Protection
Symantec pcAnywhere
TaxWise 2008 WorkStation
TaxWise 2009
TaxWise 2010
TaxWise 2011
Terminal Services Client
TWUpdate
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
WinZip
WordPerfect Lightning
WordPerfect Lightning - EN
WordPerfect Lightning - IPM
WordPerfect Lightning - Messages
WordPerfect Lightning - MSOM
WordPerfect Office X4
WordPerfect Office X4 - Common
WordPerfect Office X4 - Content
WordPerfect Office X4 - EN
WordPerfect Office X4 - Filters
WordPerfect Office X4 - Graphics
WordPerfect Office X4 - ICA
WordPerfect Office X4 - IPM
WordPerfect Office X4 - IPM EN
WordPerfect Office X4 - Migration Manager
WordPerfect Office X4 - PerfectExperts
WordPerfect Office X4 - PR
WordPerfect Office X4 - QP
WordPerfect Office X4 - Skins
WordPerfect Office X4 - System
WordPerfect Office X4 - WP
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
5/8/2012 4:43:46 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
5/8/2012 12:23:57 PM, error: NETLOGON [5719] - No Domain Controller is available for domain LSND due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
.
==== End Of File ===========================
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
TDSSKiller Log

17:22:55.0061 3796 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
17:22:55.0654 3796 ============================================================
17:22:55.0654 3796 Current date / time: 2012/05/08 17:22:55.0654
17:22:55.0654 3796 SystemInfo:
17:22:55.0654 3796
17:22:55.0654 3796 OS Version: 5.1.2600 ServicePack: 3.0
17:22:55.0654 3796 Product type: Workstation
17:22:55.0654 3796 ComputerName: CLARINED
17:22:55.0654 3796 UserName: cdegroot
17:22:55.0654 3796 Windows directory: C:\WINDOWS
17:22:55.0654 3796 System windows directory: C:\WINDOWS
17:22:55.0654 3796 Processor architecture: Intel x86
17:22:55.0654 3796 Number of processors: 2
17:22:55.0654 3796 Page size: 0x1000
17:22:55.0654 3796 Boot type: Normal boot
17:22:55.0654 3796 ============================================================
17:22:56.0918 3796 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:22:56.0965 3796 ============================================================
17:22:56.0965 3796 \Device\Harddisk0\DR0:
17:22:56.0965 3796 MBR partitions:
17:22:56.0965 3796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x129E99B5
17:22:56.0965 3796 ============================================================
17:22:57.0137 3796 C: <-> \Device\Harddisk0\DR0\Partition0
17:22:57.0137 3796 ============================================================
17:22:57.0137 3796 Initialize success
17:22:57.0137 3796 ============================================================
17:23:04.0502 2668 ============================================================
17:23:04.0502 2668 Scan started
17:23:04.0502 2668 Mode: Manual;
17:23:04.0502 2668 ============================================================
17:23:04.0736 2668 Abiosdsk - ok
17:23:04.0768 2668 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:23:04.0768 2668 abp480n5 - ok
17:23:04.0799 2668 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:23:04.0799 2668 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
17:23:04.0814 2668 ACPI ( Virus.Win32.Rloader.a ) - infected
17:23:04.0814 2668 ACPI - detected Virus.Win32.Rloader.a (0)
17:23:04.0814 2668 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:23:04.0814 2668 ACPIEC - ok
17:23:04.0877 2668 ADIHdAudAddService (803c7d4767132f2407431103055c9000) C:\WINDOWS\system32\drivers\ADIHdAud.sys
17:23:04.0877 2668 ADIHdAudAddService - ok
17:23:04.0955 2668 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:23:04.0955 2668 AdobeFlashPlayerUpdateSvc - ok
17:23:04.0986 2668 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:23:04.0986 2668 adpu160m - ok
17:23:05.0017 2668 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:23:05.0017 2668 aec - ok
17:23:05.0064 2668 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:23:05.0064 2668 AFD - ok
17:23:05.0064 2668 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:23:05.0064 2668 agp440 - ok
17:23:05.0095 2668 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:23:05.0095 2668 agpCPQ - ok
17:23:05.0095 2668 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:23:05.0095 2668 Aha154x - ok
17:23:05.0111 2668 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:23:05.0111 2668 aic78u2 - ok
17:23:05.0127 2668 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:23:05.0127 2668 aic78xx - ok
17:23:05.0142 2668 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:23:05.0158 2668 Alerter - ok
17:23:05.0173 2668 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:23:05.0173 2668 ALG - ok
17:23:05.0205 2668 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:23:05.0205 2668 AliIde - ok
17:23:05.0205 2668 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:23:05.0205 2668 alim1541 - ok
17:23:05.0220 2668 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:23:05.0220 2668 amdagp - ok
17:23:05.0220 2668 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:23:05.0220 2668 amsint - ok
17:23:05.0236 2668 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:23:05.0251 2668 AppMgmt - ok
17:23:05.0267 2668 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:23:05.0267 2668 asc - ok
17:23:05.0283 2668 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:23:05.0283 2668 asc3350p - ok
17:23:05.0298 2668 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:23:05.0298 2668 asc3550 - ok
17:23:05.0423 2668 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:23:05.0439 2668 aspnet_state - ok
17:23:05.0454 2668 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:23:05.0454 2668 AsyncMac - ok
17:23:05.0501 2668 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:23:05.0501 2668 atapi - ok
17:23:05.0501 2668 Atdisk - ok
17:23:05.0532 2668 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:23:05.0532 2668 Atmarpc - ok
17:23:05.0564 2668 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:23:05.0564 2668 AudioSrv - ok
17:23:05.0579 2668 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:23:05.0579 2668 audstub - ok
17:23:05.0626 2668 awecho (7305e36433ae7ce4a878ccc900bcf2a8) C:\WINDOWS\system32\drivers\awechomd.sys
17:23:05.0626 2668 awecho - ok
17:23:05.0766 2668 awhost32 (66847905242d7c66cd628643eb3413fe) C:\Program Files\Symantec\pcAnywhere\awhost32.exe
17:23:05.0782 2668 awhost32 - ok
17:23:05.0782 2668 awlegacy (1464f3daf223e7a204baf1b556ee7769) C:\WINDOWS\System32\Drivers\awlegacy.sys
17:23:05.0782 2668 awlegacy - ok
17:23:05.0782 2668 AW_HOST (71c32536b50136e9e439306a2e9296e2) C:\WINDOWS\system32\drivers\aw_host5.sys
17:23:05.0782 2668 AW_HOST - ok
17:23:05.0798 2668 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:23:05.0798 2668 Beep - ok
17:23:05.0860 2668 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:23:05.0876 2668 BITS - ok
17:23:05.0907 2668 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:23:05.0922 2668 Browser - ok
17:23:05.0922 2668 catchme - ok
17:23:05.0954 2668 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:23:05.0954 2668 cbidf - ok
17:23:05.0954 2668 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:23:05.0954 2668 cbidf2k - ok
17:23:06.0063 2668 ccEvtMgr (f3e5c6ceec35c3f65221100b00afb5f9) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
17:23:06.0063 2668 ccEvtMgr - ok
17:23:06.0078 2668 ccSetMgr (f3e5c6ceec35c3f65221100b00afb5f9) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
17:23:06.0078 2668 ccSetMgr - ok
17:23:06.0078 2668 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:23:06.0078 2668 cd20xrnt - ok
17:23:06.0078 2668 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:23:06.0078 2668 Cdaudio - ok
17:23:06.0125 2668 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:23:06.0125 2668 Cdfs - ok
17:23:06.0172 2668 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:23:06.0172 2668 Cdrom - ok
17:23:06.0188 2668 Changer - ok
17:23:06.0203 2668 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:23:06.0203 2668 CiSvc - ok
17:23:06.0235 2668 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:23:06.0235 2668 ClipSrv - ok
17:23:06.0328 2668 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:23:06.0328 2668 clr_optimization_v2.0.50727_32 - ok
17:23:06.0422 2668 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:23:06.0422 2668 clr_optimization_v4.0.30319_32 - ok
17:23:06.0453 2668 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:23:06.0453 2668 CmdIde - ok
17:23:06.0484 2668 COH_Mon (4f2dedeed7c091fafc4dada5534f3d37) C:\WINDOWS\system32\Drivers\COH_Mon.sys
17:23:06.0484 2668 COH_Mon - ok
17:23:06.0484 2668 COMSysApp - ok
17:23:06.0531 2668 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:23:06.0531 2668 Cpqarray - ok
17:23:06.0578 2668 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:23:06.0578 2668 CryptSvc - ok
17:23:06.0593 2668 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:23:06.0593 2668 dac2w2k - ok
17:23:06.0609 2668 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:23:06.0609 2668 dac960nt - ok
17:23:06.0656 2668 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:23:06.0656 2668 DcomLaunch - ok
17:23:06.0718 2668 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:23:06.0718 2668 Dhcp - ok
17:23:06.0765 2668 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:23:06.0765 2668 Disk - ok
17:23:06.0812 2668 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
17:23:06.0812 2668 DLABMFSM - ok
17:23:06.0828 2668 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
17:23:06.0828 2668 DLABOIOM - ok
17:23:06.0828 2668 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:23:06.0828 2668 DLACDBHM - ok
17:23:06.0828 2668 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
17:23:06.0828 2668 DLADResM - ok
17:23:06.0843 2668 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
17:23:06.0843 2668 DLAIFS_M - ok
17:23:06.0859 2668 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
17:23:06.0859 2668 DLAOPIOM - ok
17:23:06.0859 2668 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
17:23:06.0859 2668 DLAPoolM - ok
17:23:06.0874 2668 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
17:23:06.0874 2668 DLARTL_M - ok
17:23:06.0874 2668 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
17:23:06.0874 2668 DLAUDFAM - ok
17:23:06.0890 2668 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
17:23:06.0890 2668 DLAUDF_M - ok
17:23:06.0890 2668 dmadmin - ok
17:23:06.0937 2668 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:23:06.0937 2668 dmboot - ok
17:23:06.0952 2668 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:23:06.0952 2668 dmio - ok
17:23:06.0952 2668 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:23:06.0952 2668 dmload - ok
17:23:06.0984 2668 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:23:06.0984 2668 dmserver - ok
17:23:07.0015 2668 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:23:07.0015 2668 DMusic - ok
17:23:07.0046 2668 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:23:07.0046 2668 Dnscache - ok
17:23:07.0108 2668 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:23:07.0124 2668 Dot3svc - ok
17:23:07.0155 2668 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:23:07.0155 2668 dpti2o - ok
17:23:07.0186 2668 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:23:07.0186 2668 drmkaud - ok
17:23:07.0233 2668 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
17:23:07.0233 2668 DRVMCDB - ok
17:23:07.0233 2668 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
17:23:07.0233 2668 DRVNDDM - ok
17:23:07.0280 2668 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:23:07.0280 2668 EapHost - ok
17:23:07.0436 2668 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:23:07.0436 2668 eeCtrl - ok
17:23:07.0467 2668 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:23:07.0467 2668 EraserUtilRebootDrv - ok
17:23:07.0483 2668 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:23:07.0483 2668 ERSvc - ok
17:23:07.0530 2668 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:23:07.0530 2668 Eventlog - ok
17:23:07.0592 2668 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:23:07.0592 2668 EventSystem - ok
17:23:07.0639 2668 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:23:07.0639 2668 Fastfat - ok
17:23:07.0686 2668 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:23:07.0701 2668 FastUserSwitchingCompatibility - ok
17:23:07.0764 2668 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
17:23:07.0764 2668 Fax - ok
17:23:07.0764 2668 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:23:07.0764 2668 Fdc - ok
17:23:07.0779 2668 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:23:07.0795 2668 Fips - ok
17:23:07.0795 2668 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:23:07.0795 2668 Flpydisk - ok
17:23:07.0811 2668 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:23:07.0811 2668 FltMgr - ok
17:23:07.0951 2668 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:23:07.0967 2668 FontCache3.0.0.0 - ok
17:23:07.0967 2668 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:23:07.0967 2668 Fs_Rec - ok
17:23:07.0998 2668 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:23:07.0998 2668 Ftdisk - ok
17:23:07.0998 2668 Gernuwa (fd25177ced6751c14de170d8282ced90) C:\WINDOWS\system32\drivers\Gernuwa.sys
17:23:08.0014 2668 Gernuwa - ok
17:23:08.0029 2668 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:23:08.0029 2668 Gpc - ok
17:23:08.0185 2668 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:23:08.0185 2668 gupdate - ok
17:23:08.0185 2668 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:23:08.0201 2668 gupdatem - ok
17:23:08.0216 2668 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:23:08.0216 2668 HDAudBus - ok
17:23:08.0294 2668 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:23:08.0294 2668 helpsvc - ok
17:23:08.0310 2668 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
17:23:08.0310 2668 HidServ - ok
17:23:08.0341 2668 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:23:08.0341 2668 hidusb - ok
17:23:08.0357 2668 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:23:08.0357 2668 hkmsvc - ok
17:23:08.0388 2668 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:23:08.0388 2668 hpn - ok
17:23:08.0435 2668 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:23:08.0435 2668 HTTP - ok
17:23:08.0450 2668 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:23:08.0450 2668 HTTPFilter - ok
17:23:08.0450 2668 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:23:08.0450 2668 i2omgmt - ok
17:23:08.0497 2668 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:23:08.0497 2668 i2omp - ok
17:23:08.0763 2668 ialm (b2768350bb50469aeb1afe694372b613) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:23:08.0794 2668 ialm - ok
17:23:09.0028 2668 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:23:09.0028 2668 idsvc - ok
17:23:09.0106 2668 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:23:09.0106 2668 Imapi - ok
17:23:09.0153 2668 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:23:09.0153 2668 ImapiService - ok
17:23:09.0199 2668 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:23:09.0199 2668 ini910u - ok
17:23:09.0231 2668 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:23:09.0231 2668 IntelIde - ok
17:23:09.0262 2668 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:23:09.0262 2668 intelppm - ok
17:23:09.0278 2668 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:23:09.0278 2668 Ip6Fw - ok
17:23:09.0309 2668 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:23:09.0309 2668 IpFilterDriver - ok
17:23:09.0324 2668 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:23:09.0324 2668 IpInIp - ok
17:23:09.0356 2668 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:23:09.0356 2668 IpNat - ok
17:23:09.0356 2668 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:23:09.0371 2668 IPSec - ok
17:23:09.0387 2668 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:23:09.0387 2668 IRENUM - ok
17:23:09.0418 2668 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:23:09.0418 2668 isapnp - ok
17:23:09.0605 2668 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
17:23:09.0605 2668 JavaQuickStarterService - ok
17:23:09.0621 2668 k57w2k (cb46c36f55cdfe4d20d9833e0f267c84) C:\WINDOWS\system32\DRIVERS\k57xp32.sys
17:23:09.0636 2668 k57w2k - ok
17:23:09.0683 2668 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:23:09.0683 2668 Kbdclass - ok
17:23:09.0746 2668 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:23:09.0746 2668 kbdhid - ok
17:23:09.0746 2668 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:23:09.0761 2668 kmixer - ok
17:23:09.0777 2668 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:23:09.0777 2668 KSecDD - ok
17:23:09.0824 2668 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:23:09.0824 2668 LanmanServer - ok
17:23:09.0871 2668 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:23:09.0871 2668 lanmanworkstation - ok
17:23:09.0871 2668 lbrtfdc - ok
17:23:10.0089 2668 LiveUpdate (6abe9ecaab7dd0cc6f46ec830e0fe8fc) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
17:23:10.0105 2668 LiveUpdate - ok
17:23:10.0261 2668 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:23:10.0261 2668 LmHosts - ok
17:23:10.0307 2668 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
17:23:10.0307 2668 MBAMProtector - ok
17:23:10.0385 2668 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:23:10.0401 2668 MBAMService - ok
17:23:10.0526 2668 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
17:23:10.0526 2668 MDM - ok
17:23:10.0573 2668 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:23:10.0573 2668 Messenger - ok
17:23:10.0604 2668 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:23:10.0604 2668 mnmdd - ok
17:23:10.0635 2668 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:23:10.0635 2668 mnmsrvc - ok
17:23:10.0666 2668 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:23:10.0666 2668 Modem - ok
17:23:10.0713 2668 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:23:10.0713 2668 Mouclass - ok
17:23:10.0713 2668 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:23:10.0713 2668 mouhid - ok
17:23:10.0729 2668 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:23:10.0729 2668 MountMgr - ok
17:23:10.0776 2668 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:23:10.0776 2668 MozillaMaintenance - ok
17:23:10.0791 2668 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:23:10.0791 2668 mraid35x - ok
17:23:10.0822 2668 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:23:10.0822 2668 MRxDAV - ok
17:23:10.0885 2668 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:23:10.0885 2668 MRxSmb - ok
17:23:10.0900 2668 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:23:10.0900 2668 MSDTC - ok
17:23:10.0916 2668 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:23:10.0916 2668 Msfs - ok
17:23:10.0916 2668 MSIServer - ok
17:23:10.0963 2668 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:23:10.0963 2668 MSKSSRV - ok
17:23:10.0963 2668 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:23:10.0963 2668 MSPCLOCK - ok
17:23:10.0994 2668 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:23:10.0994 2668 MSPQM - ok
17:23:11.0010 2668 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:23:11.0010 2668 mssmbios - ok
17:23:11.0041 2668 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:23:11.0041 2668 Mup - ok
17:23:11.0072 2668 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:23:11.0088 2668 napagent - ok
17:23:11.0244 2668 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120507.038\NAVENG.SYS
17:23:11.0244 2668 NAVENG - ok
17:23:11.0306 2668 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120507.038\NAVEX15.SYS
17:23:11.0322 2668 NAVEX15 - ok
17:23:11.0478 2668 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:23:11.0478 2668 NDIS - ok
17:23:11.0525 2668 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:23:11.0525 2668 NdisTapi - ok
17:23:11.0540 2668 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:23:11.0540 2668 Ndisuio - ok
17:23:11.0540 2668 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:23:11.0540 2668 NdisWan - ok
17:23:11.0603 2668 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:23:11.0603 2668 NDProxy - ok
17:23:11.0603 2668 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:23:11.0603 2668 NetBIOS - ok
17:23:11.0618 2668 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:23:11.0618 2668 NetBT - ok
17:23:11.0728 2668 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:23:11.0728 2668 NetDDE - ok
17:23:11.0728 2668 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:23:11.0728 2668 NetDDEdsdm - ok
17:23:11.0743 2668 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:23:11.0743 2668 Netlogon - ok
17:23:11.0759 2668 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:23:11.0759 2668 Netman - ok
17:23:11.0899 2668 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:23:11.0899 2668 NetTcpPortSharing - ok
17:23:11.0930 2668 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:23:11.0930 2668 Nla - ok
17:23:11.0962 2668 nlem32nt (a3ad7925f1a18b379e1cc5ce2eeda86b) C:\WINDOWS\system32\drivers\nlem32nt.sys
17:23:11.0962 2668 nlem32nt - ok
17:23:11.0977 2668 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:23:11.0977 2668 Npfs - ok
17:23:12.0040 2668 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:23:12.0040 2668 Ntfs - ok
17:23:12.0040 2668 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:23:12.0040 2668 NtLmSsp - ok
17:23:12.0086 2668 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:23:12.0133 2668 NtmsSvc - ok
17:23:12.0149 2668 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:23:12.0149 2668 Null - ok
17:23:12.0180 2668 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:23:12.0180 2668 NwlnkFlt - ok
17:23:12.0196 2668 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:23:12.0196 2668 NwlnkFwd - ok
17:23:12.0367 2668 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:23:12.0383 2668 odserv - ok
17:23:12.0414 2668 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:23:12.0414 2668 ose - ok
17:23:12.0477 2668 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:23:12.0477 2668 Parport - ok
17:23:12.0477 2668 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:23:12.0477 2668 PartMgr - ok
17:23:12.0508 2668 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:23:12.0508 2668 ParVdm - ok
17:23:12.0523 2668 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:23:12.0523 2668 PCI - ok
17:23:12.0523 2668 PCIDump - ok
17:23:12.0586 2668 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:23:12.0586 2668 PCIIde - ok
17:23:12.0617 2668 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:23:12.0617 2668 Pcmcia - ok
17:23:12.0633 2668 PDCOMP - ok
17:23:12.0633 2668 PDFRAME - ok
17:23:12.0633 2668 PDRELI - ok
17:23:12.0633 2668 PDRFRAME - ok
17:23:12.0679 2668 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:23:12.0679 2668 perc2 - ok
17:23:12.0695 2668 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:23:12.0695 2668 perc2hib - ok
17:23:12.0757 2668 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:23:12.0757 2668 PlugPlay - ok
17:23:12.0789 2668 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:23:12.0789 2668 PolicyAgent - ok
17:23:12.0820 2668 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:23:12.0820 2668 PptpMiniport - ok
17:23:12.0820 2668 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:23:12.0820 2668 ProtectedStorage - ok
17:23:12.0820 2668 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:23:12.0835 2668 PSched - ok
17:23:12.0882 2668 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
17:23:12.0882 2668 PSI_SVC_2 - ok
17:23:12.0882 2668 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:23:12.0898 2668 Ptilink - ok
17:23:12.0945 2668 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:23:12.0945 2668 PxHelp20 - ok
17:23:12.0960 2668 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:23:12.0960 2668 ql1080 - ok
17:23:12.0976 2668 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:23:12.0976 2668 Ql10wnt - ok
17:23:12.0992 2668 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:23:12.0992 2668 ql12160 - ok
17:23:12.0992 2668 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:23:12.0992 2668 ql1240 - ok
17:23:13.0023 2668 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:23:13.0023 2668 ql1280 - ok
17:23:13.0038 2668 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:23:13.0054 2668 RasAcd - ok
17:23:13.0085 2668 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:23:13.0101 2668 RasAuto - ok
17:23:13.0132 2668 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:23:13.0132 2668 Rasl2tp - ok
17:23:13.0163 2668 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:23:13.0179 2668 RasMan - ok
17:23:13.0179 2668 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:23:13.0179 2668 RasPppoe - ok
17:23:13.0226 2668 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:23:13.0226 2668 Raspti - ok
17:23:13.0241 2668 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:23:13.0241 2668 Rdbss - ok
17:23:13.0241 2668 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:23:13.0241 2668 RDPCDD - ok
17:23:13.0257 2668 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:23:13.0257 2668 rdpdr - ok
17:23:13.0304 2668 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:23:13.0319 2668 RDPWD - ok
17:23:13.0350 2668 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:23:13.0350 2668 RDSessMgr - ok
17:23:13.0366 2668 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:23:13.0366 2668 redbook - ok
17:23:13.0397 2668 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:23:13.0397 2668 RemoteAccess - ok
17:23:13.0428 2668 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:23:13.0428 2668 RemoteRegistry - ok
17:23:13.0460 2668 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:23:13.0475 2668 RpcLocator - ok
17:23:13.0522 2668 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:23:13.0522 2668 RpcSs - ok
17:23:13.0553 2668 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:23:13.0553 2668 RSVP - ok
17:23:13.0585 2668 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:23:13.0585 2668 SamSs - ok
17:23:13.0616 2668 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:23:13.0616 2668 SCardSvr - ok
17:23:13.0631 2668 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:23:13.0647 2668 Schedule - ok
17:23:13.0694 2668 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:23:13.0694 2668 Secdrv - ok
17:23:13.0709 2668 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:23:13.0709 2668 seclogon - ok
17:23:13.0725 2668 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:23:13.0741 2668 SENS - ok
17:23:13.0741 2668 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:23:13.0741 2668 Serenum - ok
17:23:13.0756 2668 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:23:13.0756 2668 Serial - ok
17:23:13.0803 2668 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
17:23:13.0803 2668 SFAUDIO - ok
17:23:13.0803 2668 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:23:13.0819 2668 Sfloppy - ok
17:23:13.0865 2668 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:23:13.0881 2668 SharedAccess - ok
17:23:13.0928 2668 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:23:13.0928 2668 ShellHWDetection - ok
17:23:13.0928 2668 Simbad - ok
17:23:13.0959 2668 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:23:13.0959 2668 sisagp - ok
17:23:14.0146 2668 SmcService (8317ad0c7e640411c746d5664eb7957a) C:\Program Files\Symantec AntiVirus\Smc.exe
17:23:14.0162 2668 SmcService - ok
17:23:14.0224 2668 SNAC (95293a76341b1db125ee125474657728) C:\Program Files\Symantec AntiVirus\SNAC.EXE
17:23:14.0224 2668 SNAC - ok
17:23:14.0380 2668 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:23:14.0380 2668 Sparrow - ok
17:23:14.0443 2668 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
17:23:14.0443 2668 SPBBCDrv - ok
17:23:14.0474 2668 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:23:14.0474 2668 splitter - ok
17:23:14.0521 2668 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:23:14.0521 2668 Spooler - ok
17:23:14.0568 2668 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:23:14.0568 2668 sr - ok
17:23:14.0630 2668 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:23:14.0630 2668 srservice - ok
17:23:14.0692 2668 SRTSP (b36f8d6a02ff2b3a53e250a629782f29) C:\WINDOWS\system32\Drivers\SRTSP.SYS
17:23:14.0692 2668 SRTSP - ok
17:23:14.0739 2668 SRTSPL (e99bd98ac171a29fc1ba9376be87ae73) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
17:23:14.0739 2668 SRTSPL - ok
17:23:14.0786 2668 SRTSPX (1af34729898063e9b7df8d149d767e07) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
17:23:14.0786 2668 SRTSPX - ok
17:23:14.0849 2668 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:23:14.0849 2668 Srv - ok
17:23:14.0864 2668 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:23:14.0864 2668 SSDPSRV - ok
17:23:14.0927 2668 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:23:14.0942 2668 stisvc - ok
17:23:15.0020 2668 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
17:23:15.0020 2668 stllssvr - ok
17:23:15.0051 2668 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:23:15.0051 2668 swenum - ok
17:23:15.0067 2668 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:23:15.0067 2668 swmidi - ok
17:23:15.0083 2668 SwPrv - ok
17:23:15.0192 2668 Symantec AntiVirus (4402cf4959a30cb6a008099aba8f22a9) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
17:23:15.0207 2668 Symantec AntiVirus - ok
17:23:15.0332 2668 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:23:15.0332 2668 symc810 - ok
17:23:15.0348 2668 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:23:15.0348 2668 symc8xx - ok
17:23:15.0395 2668 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:23:15.0395 2668 SymEvent - ok
17:23:15.0442 2668 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
17:23:15.0442 2668 SYMREDRV - ok
17:23:15.0457 2668 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
17:23:15.0457 2668 SYMTDI - ok
17:23:15.0488 2668 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:23:15.0488 2668 sym_hi - ok
17:23:15.0504 2668 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:23:15.0504 2668 sym_u3 - ok
17:23:15.0566 2668 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:23:15.0566 2668 sysaudio - ok
17:23:15.0613 2668 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:23:15.0613 2668 SysmonLog - ok
17:23:15.0644 2668 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:23:15.0660 2668 TapiSrv - ok
17:23:15.0722 2668 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:23:15.0722 2668 Tcpip - ok
17:23:15.0754 2668 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:23:15.0754 2668 TDPIPE - ok
17:23:15.0769 2668 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:23:15.0769 2668 TDTCP - ok
17:23:15.0800 2668 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:23:15.0800 2668 TermDD - ok
17:23:15.0816 2668 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:23:15.0832 2668 TermService - ok
17:23:15.0878 2668 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:23:15.0878 2668 Themes - ok
17:23:15.0910 2668 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:23:15.0925 2668 TlntSvr - ok
17:23:15.0941 2668 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:23:15.0941 2668 TosIde - ok
17:23:15.0957 2668 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:23:15.0972 2668 TrkWks - ok
17:23:15.0988 2668 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:23:15.0988 2668 Udfs - ok
17:23:16.0019 2668 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:23:16.0019 2668 ultra - ok
17:23:16.0066 2668 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:23:16.0066 2668 Update - ok
17:23:16.0081 2668 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:23:16.0097 2668 upnphost - ok
17:23:16.0128 2668 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:23:16.0128 2668 UPS - ok
17:23:16.0128 2668 USBAAPL - ok
17:23:16.0144 2668 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:23:16.0144 2668 usbccgp - ok
17:23:16.0175 2668 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:23:16.0175 2668 usbehci - ok
17:23:16.0222 2668 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:23:16.0222 2668 usbhub - ok
17:23:16.0253 2668 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:23:16.0269 2668 usbscan - ok
17:23:16.0300 2668 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:23:16.0300 2668 USBSTOR - ok
17:23:16.0315 2668 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:23:16.0315 2668 usbuhci - ok
17:23:16.0315 2668 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:23:16.0331 2668 VgaSave - ok
17:23:16.0347 2668 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:23:16.0347 2668 viaagp - ok
17:23:16.0362 2668 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:23:16.0362 2668 ViaIde - ok
17:23:16.0393 2668 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:23:16.0393 2668 VolSnap - ok
17:23:16.0440 2668 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:23:16.0440 2668 VSS - ok
17:23:16.0487 2668 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:23:16.0487 2668 w32time - ok
17:23:16.0503 2668 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:23:16.0503 2668 Wanarp - ok
17:23:16.0503 2668 WDICA - ok
17:23:16.0550 2668 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:23:16.0550 2668 wdmaud - ok
17:23:16.0565 2668 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:23:16.0565 2668 WebClient - ok
17:23:16.0674 2668 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:23:16.0674 2668 winmgmt - ok
17:23:16.0737 2668 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:23:16.0737 2668 WmdmPmSN - ok
17:23:16.0815 2668 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:23:16.0815 2668 Wmi - ok
17:23:16.0846 2668 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:23:16.0846 2668 WmiApSrv - ok
17:23:17.0002 2668 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:23:17.0018 2668 WMPNetworkSvc - ok
17:23:17.0221 2668 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:23:17.0221 2668 WPFFontCache_v0400 - ok
17:23:17.0361 2668 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:23:17.0361 2668 WS2IFSL - ok
17:23:17.0408 2668 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:23:17.0408 2668 wscsvc - ok
17:23:17.0423 2668 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:23:17.0423 2668 wuauserv - ok
17:23:17.0470 2668 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:23:17.0470 2668 WudfPf - ok
17:23:17.0501 2668 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:23:17.0501 2668 WudfRd - ok
17:23:17.0517 2668 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:23:17.0517 2668 WudfSvc - ok
17:23:17.0548 2668 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:23:17.0548 2668 WZCSVC - ok
17:23:17.0579 2668 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:23:17.0595 2668 xmlprov - ok
17:23:17.0626 2668 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:23:17.0673 2668 \Device\Harddisk0\DR0 - ok
17:23:17.0689 2668 Boot (0x1200) (06a9a921ddabdd4df372a123c80a9552) \Device\Harddisk0\DR0\Partition0
17:23:17.0689 2668 \Device\Harddisk0\DR0\Partition0 - ok
17:23:17.0689 2668 ============================================================
17:23:17.0689 2668 Scan finished
17:23:17.0689 2668 ============================================================
17:23:17.0689 3044 Detected object count: 1
17:23:17.0689 3044 Actual detected object count: 1
17:23:46.0901 3044 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
17:23:48.0384 3044 Backup copy found, using it..
17:23:48.0431 3044 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
17:23:48.0431 3044 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
17:24:28.0161 3892 Deinitialize success
 
Good.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==============================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
After TDSSKiller found virus.win32.rloader.a and "cured" it, I am now able to search using bing, yahoo and google.
 
aswMBR log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-08 17:40:37
-----------------------------
17:40:37.404 OS Version: Windows 5.1.2600 Service Pack 3
17:40:37.404 Number of processors: 2 586 0x1706
17:40:37.404 ComputerName: CLARINED UserName: cdegroot
17:40:37.887 Initialize success
17:42:50.934 AVAST engine defs: 12050801
17:43:04.735 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:43:04.735 Disk 0 Vendor: ST3160815AS 4.ADA Size: 152587MB BusType: 3
17:43:04.750 Disk 0 MBR read successfully
17:43:04.750 Disk 0 MBR scan
17:43:04.782 Disk 0 Windows VISTA default MBR code
17:43:04.782 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
17:43:04.797 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152531 MB offset 112455
17:43:04.813 Disk 0 scanning sectors +312496380
17:43:04.891 Disk 0 scanning C:\WINDOWS\system32\drivers
17:43:14.520 Service scanning
17:43:33.280 Modules scanning
17:43:39.320 Disk 0 trace - called modules:
17:43:39.352 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:43:39.851 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89db6ab8]
17:43:39.851 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89db0d98]
17:43:40.241 AVAST engine scan C:\WINDOWS
17:43:54.662 AVAST engine scan C:\WINDOWS\system32
17:46:50.182 AVAST engine scan C:\WINDOWS\system32\drivers
17:47:04.796 AVAST engine scan C:\Documents and Settings\cdegroot
17:50:56.350 AVAST engine scan C:\Documents and Settings\All Users
17:52:00.004 Scan finished successfully
17:52:44.381 Disk 0 MBR has been saved successfully to "N:\Gale\CLARINE\MBR.dat"
17:52:45.600 The log file has been saved successfully to "N:\Gale\CLARINE\aswMBR.txt"
 
bootkit remover log:

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
Good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Combofix log:

ComboFix 12-05-08.02 - cdegroot 05/08/2012 18:16:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1169 [GMT -5:00]
Running from: c:\documents and settings\cdegroot\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-08 22:23 . 2012-05-08 22:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-08 20:25 . 2012-05-08 20:25 -------- d-----w- c:\program files\Trend Micro
2012-05-08 19:50 . 2012-05-08 19:50 -------- d-----w- c:\program files\blekkotb_soc
2012-05-08 17:47 . 2012-05-08 17:47 -------- d-----w- c:\documents and settings\cdegroot\Application Data\blekkotb_019
2012-05-08 17:08 . 2012-05-08 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
2012-05-08 16:08 . 2012-05-08 16:08 -------- d-----w- C:\ERDNT
2012-05-08 14:16 . 2012-05-08 14:16 -------- d-sh--w- c:\documents and settings\admin.LSND\IETldCache
2012-05-01 16:32 . 2012-05-01 16:32 -------- d-----w- c:\documents and settings\cdegroot\Local Settings\Application Data\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 22:26 . 2008-04-14 00:06 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-05-05 05:58 . 2012-03-29 15:55 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 05:58 . 2011-06-09 15:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 23:37 . 2009-05-20 21:16 848 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2012-04-04 20:56 . 2010-06-02 18:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-25 16:16 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-25 16:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-25 16:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-25 16:16 385024 ------w- c:\windows\system32\html.iec
2012-02-21 14:39 . 2012-02-21 14:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-21 14:39 . 2010-05-27 13:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-21 01:19 . 2012-05-08 20:06 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-08_17.35.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-08 22:27 . 2012-05-08 22:27 16384 c:\windows\Temp\Perflib_Perfdata_598.dat
+ 2012-05-08 22:44 . 2012-05-08 22:44 16384 c:\windows\Temp\Perflib_Perfdata_1b8.dat
- 2008-04-25 16:16 . 2012-04-12 08:09 89866 c:\windows\system32\perfc009.dat
+ 2008-04-25 16:16 . 2012-05-08 22:31 89866 c:\windows\system32\perfc009.dat
+ 2012-05-08 19:51 . 2012-05-08 19:51 25214 c:\windows\Installer\{4A1AC952-AE29-4B2E-9C1B-715E180ABE33}\firefox.3.6.12.0.ico.exe
- 2011-12-18 21:05 . 2011-12-18 21:05 25214 c:\windows\Installer\{4A1AC952-AE29-4B2E-9C1B-715E180ABE33}\firefox.3.6.12.0.ico.exe
- 2008-04-25 16:16 . 2012-04-12 08:09 507072 c:\windows\system32\perfh009.dat
+ 2008-04-25 16:16 . 2012-05-08 22:31 507072 c:\windows\system32\perfh009.dat
+ 2012-05-08 20:03 . 2012-05-08 20:03 647680 c:\windows\Installer\8a8f92.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-16 1044480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 141848]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-06-02 115560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2005-05-20 16:51 8704 ----a-w- c:\windows\system32\PCANotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1280154943-3072627930-680104954-1113\Scripts\Logoff\0\0]
"Script"=logoff.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1280154943-3072627930-680104954-1113\Scripts\Logon\0\0]
"Script"=login.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1280154943-3072627930-680104954-1126\Scripts\Logoff\0\0]
"Script"=logoff.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1280154943-3072627930-680104954-1126\Scripts\Logon\0\0]
"Script"=login.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 02:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2009-06-22 23:29 83232 ----a-w- c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 20:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-05-20 21:10 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 nlem32nt;NLEM32NT;c:\windows\system32\drivers\nlem32nt.sys [10/16/2009 3:32 PM 69656]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [4/30/2009 9:59 PM 24064]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/2/2010 1:58 PM 654408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/15/2012 12:14 PM 106104]
R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [4/30/2009 9:59 PM 176640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/2/2010 1:58 PM 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/4/2010 3:57 PM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/29/2012 10:55 AM 257696]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [6/2/2011 1:01 PM 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/4/2010 3:57 PM 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/8/2012 3:06 PM 129976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 66746339
*NewlyCreated* - ASWMBR
*Deregistered* - 66746339
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 05:58]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-04 20:57]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-04 20:57]
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\winnt\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
TCP: Interfaces\{C13904D9-AE89-4F79-A267-7A6AF8B9F2EF}: NameServer = 192.168.2.4,192.168.2.5,192.168.2.6
FF - ProfilePath - c:\documents and settings\cdegroot\Application Data\Mozilla\Firefox\Profiles\8fnqr6fg.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-66746339.sys
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-08 18:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1484)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2012-05-08 18:22:05
ComboFix-quarantined-files.txt 2012-05-08 23:21
ComboFix2.txt 2012-05-08 17:38
.
Pre-Run: 131,193,643,008 bytes free
Post-Run: 131,243,372,544 bytes free
.
- - End Of File - - DCC4345230688C630A65C7E56290D6D3
 
We have one system file missing.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code: 
    :filefind
i8042prt.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
You must log in or register to reply here.

Similar threads

J
Mozilla is evaluating Firefox usage by changing the default search engine to Bing
Replies
22
Views
2K
Danny101
Danny101
Julio Franco
The complete list of alternatives to all Google products
2 3 4
Replies
98
Views
34K
wizardB
wizardB
A
Solved Search Hijacker
Replies
18
Views
69K
Broni
Broni

Latest posts

Back