Jump to content

Malwarebytes

Google searches are redirecting to Yahoo developers site

- - - - -
Started by sjd, May 05 2012 10:31 AM
google redirect yahoo

6 replies to this topic

#1
sjd
Posted 05 May 2012 - 10:31 AM

    New Member

  • Members
  • Pip
  • 3 posts
Also google mail is had lost the labels from the on screen button, buttons function correctly but display is bare. Ran a malware bytes Pro quick scan, nothing detected. Ran dds.scr and here are the 2 logs:



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Valued Customer at 11:08:16 on 2012-04-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.226 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Documents and Settings\Valued Customer\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WorkForce 610(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\docume~1\valued~1\locals~1\temp\E_S12.tmp" /EF "HKCU"
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\valued customer\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\68syx7ol.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-26 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-26 22344]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-04-09 13:43:49 -------- d-----w- c:\program files\iPod
2012-04-09 13:43:22 -------- d-----w- c:\program files\iTunes
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-18 23:48:35 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 23:48:35 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-12 10:46:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 11:08:33.71 ===============

Attached Files


#2
Elise
Posted 06 May 2012 - 03:23 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,720 posts
  • Gender:Female
  • Location:Romania
Hello and :welcome:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image

#3
sjd
Posted 07 May 2012 - 06:03 PM

    New Member

  • Members
  • Pip
  • 3 posts
Thanks for the help.

I ran tdss and the scan found nothing. Here's the log.

18:58:56.0921 4080 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
18:58:57.0218 4080 ============================================================
18:58:57.0218 4080 Current date / time: 2012/04/06 18:58:57.0218
18:58:57.0218 4080 SystemInfo:
18:58:57.0218 4080
18:58:57.0218 4080 OS Version: 5.1.2600 ServicePack: 3.0
18:58:57.0218 4080 Product type: Workstation
18:58:57.0218 4080 ComputerName: SUEDELLGX280
18:58:57.0218 4080 UserName: Valued Customer
18:58:57.0218 4080 Windows directory: C:\WINDOWS
18:58:57.0218 4080 System windows directory: C:\WINDOWS
18:58:57.0218 4080 Processor architecture: Intel x86
18:58:57.0218 4080 Number of processors: 2
18:58:57.0218 4080 Page size: 0x1000
18:58:57.0218 4080 Boot type: Normal boot
18:58:57.0218 4080 ============================================================
18:58:59.0703 4080 Drive \Device\Harddisk0\DR0 - Size: 0x953C94000 (37.31 Gb), SectorSize: 0x200, Cylinders: 0x1306, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:58:59.0703 4080 ============================================================
18:58:59.0703 4080 \Device\Harddisk0\DR0:
18:58:59.0703 4080 MBR partitions:
18:58:59.0703 4080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A98C86
18:58:59.0703 4080 ============================================================
18:58:59.0734 4080 C: <-> \Device\Harddisk0\DR0\Partition0
18:58:59.0750 4080 ============================================================
18:58:59.0750 4080 Initialize success
18:58:59.0750 4080 ============================================================
18:59:20.0421 3520 ============================================================
18:59:20.0421 3520 Scan started
18:59:20.0421 3520 Mode: Manual;
18:59:20.0421 3520 ============================================================
18:59:20.0609 3520 Abiosdsk - ok
18:59:20.0609 3520 abp480n5 - ok
18:59:20.0671 3520 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:59:20.0687 3520 ACPI - ok
18:59:20.0718 3520 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:59:20.0718 3520 ACPIEC - ok
18:59:20.0718 3520 adpu160m - ok
18:59:20.0765 3520 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:59:20.0765 3520 aec - ok
18:59:20.0828 3520 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:59:20.0828 3520 AFD - ok
18:59:20.0828 3520 Aha154x - ok
18:59:20.0843 3520 aic78u2 - ok
18:59:20.0843 3520 aic78xx - ok
18:59:20.0890 3520 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:59:20.0890 3520 Alerter - ok
18:59:20.0906 3520 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:59:20.0921 3520 ALG - ok
18:59:20.0921 3520 AliIde - ok
18:59:20.0937 3520 amsint - ok
18:59:21.0078 3520 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:59:21.0078 3520 Apple Mobile Device - ok
18:59:21.0125 3520 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:59:21.0140 3520 AppMgmt - ok
18:59:21.0156 3520 asc - ok
18:59:21.0156 3520 asc3350p - ok
18:59:21.0171 3520 asc3550 - ok
18:59:21.0296 3520 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:59:21.0343 3520 aspnet_state - ok
18:59:21.0375 3520 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:59:21.0375 3520 AsyncMac - ok
18:59:21.0390 3520 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:59:21.0390 3520 atapi - ok
18:59:21.0406 3520 Atdisk - ok
18:59:21.0437 3520 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:59:21.0484 3520 Atmarpc - ok
18:59:21.0531 3520 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:59:21.0531 3520 AudioSrv - ok
18:59:21.0562 3520 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:59:21.0562 3520 audstub - ok
18:59:21.0625 3520 b57w2k (ea377a8e8e1000877210259750cbbf5f) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
18:59:21.0640 3520 b57w2k - ok
18:59:21.0687 3520 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:59:21.0687 3520 Beep - ok
18:59:21.0734 3520 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:59:21.0937 3520 BITS - ok
18:59:22.0031 3520 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:59:22.0046 3520 Bonjour Service - ok
18:59:22.0093 3520 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:59:22.0109 3520 Browser - ok
18:59:22.0140 3520 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:59:22.0140 3520 cbidf2k - ok
18:59:22.0156 3520 cd20xrnt - ok
18:59:22.0187 3520 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:59:22.0187 3520 Cdaudio - ok
18:59:22.0203 3520 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:59:22.0218 3520 Cdfs - ok
18:59:22.0265 3520 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:59:22.0265 3520 Cdrom - ok
18:59:22.0312 3520 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
18:59:22.0312 3520 cercsr6 - ok
18:59:22.0312 3520 Changer - ok
18:59:22.0359 3520 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:59:22.0359 3520 CiSvc - ok
18:59:22.0359 3520 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:59:22.0359 3520 ClipSrv - ok
18:59:22.0453 3520 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:59:22.0484 3520 clr_optimization_v2.0.50727_32 - ok
18:59:22.0484 3520 CmdIde - ok
18:59:22.0500 3520 COMSysApp - ok
18:59:22.0515 3520 Cpqarray - ok
18:59:22.0562 3520 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:59:22.0562 3520 CryptSvc - ok
18:59:22.0578 3520 dac2w2k - ok
18:59:22.0578 3520 dac960nt - ok
18:59:22.0640 3520 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:59:22.0687 3520 DcomLaunch - ok
18:59:22.0734 3520 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:59:22.0750 3520 Dhcp - ok
18:59:22.0765 3520 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:59:22.0781 3520 Disk - ok
18:59:22.0781 3520 dmadmin - ok
18:59:22.0859 3520 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:59:22.0906 3520 dmboot - ok
18:59:22.0937 3520 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:59:22.0953 3520 dmio - ok
18:59:22.0984 3520 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:59:22.0984 3520 dmload - ok
18:59:23.0109 3520 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:59:23.0125 3520 dmserver - ok
18:59:23.0125 3520 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:59:23.0140 3520 DMusic - ok
18:59:23.0187 3520 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:59:23.0203 3520 Dnscache - ok
18:59:23.0250 3520 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:59:23.0281 3520 Dot3svc - ok
18:59:23.0296 3520 dpti2o - ok
18:59:23.0328 3520 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:59:23.0328 3520 drmkaud - ok
18:59:23.0375 3520 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:59:23.0375 3520 EapHost - ok
18:59:23.0500 3520 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
18:59:23.0515 3520 EpsonBidirectionalService - ok
18:59:23.0562 3520 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:59:23.0562 3520 ERSvc - ok
18:59:23.0609 3520 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:59:23.0625 3520 Eventlog - ok
18:59:23.0687 3520 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:59:23.0718 3520 EventSystem - ok
18:59:23.0734 3520 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:59:23.0750 3520 Fastfat - ok
18:59:23.0796 3520 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:59:23.0812 3520 FastUserSwitchingCompatibility - ok
18:59:23.0859 3520 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:59:23.0859 3520 Fdc - ok
18:59:23.0875 3520 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:59:23.0875 3520 Fips - ok
18:59:23.0953 3520 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:59:23.0984 3520 FLEXnet Licensing Service - ok
18:59:24.0000 3520 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:59:24.0000 3520 Flpydisk - ok
18:59:24.0046 3520 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:59:24.0062 3520 FltMgr - ok
18:59:24.0156 3520 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:59:24.0171 3520 FontCache3.0.0.0 - ok
18:59:24.0203 3520 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:59:24.0203 3520 Fs_Rec - ok
18:59:24.0250 3520 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:59:24.0265 3520 Ftdisk - ok
18:59:24.0281 3520 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:59:24.0296 3520 GEARAspiWDM - ok
18:59:24.0343 3520 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:59:24.0343 3520 Gpc - ok
18:59:24.0406 3520 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:59:24.0421 3520 gusvc - ok
18:59:24.0546 3520 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:59:24.0546 3520 helpsvc - ok
18:59:24.0546 3520 HidServ - ok
18:59:24.0593 3520 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:59:24.0593 3520 hidusb - ok
18:59:24.0640 3520 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:59:24.0656 3520 hkmsvc - ok
18:59:24.0656 3520 hpn - ok
18:59:24.0703 3520 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:59:24.0718 3520 HTTP - ok
18:59:24.0750 3520 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:59:24.0796 3520 HTTPFilter - ok
18:59:24.0796 3520 i2omgmt - ok
18:59:24.0796 3520 i2omp - ok
18:59:24.0828 3520 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
18:59:24.0828 3520 i8042prt - ok
18:59:25.0234 3520 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:59:25.0453 3520 ialm - ok
18:59:25.0687 3520 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:59:25.0765 3520 idsvc - ok
18:59:25.0875 3520 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:59:25.0875 3520 Imapi - ok
18:59:25.0937 3520 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:59:25.0953 3520 ImapiService - ok
18:59:25.0968 3520 ini910u - ok
18:59:26.0015 3520 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:59:26.0015 3520 IntelIde - ok
18:59:26.0062 3520 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:59:26.0062 3520 intelppm - ok
18:59:26.0093 3520 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:59:26.0093 3520 Ip6Fw - ok
18:59:26.0140 3520 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:59:26.0140 3520 IpFilterDriver - ok
18:59:26.0171 3520 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:59:26.0171 3520 IpInIp - ok
18:59:26.0203 3520 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:59:26.0203 3520 IpNat - ok
18:59:26.0328 3520 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
18:59:26.0375 3520 iPod Service - ok
18:59:26.0390 3520 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:59:26.0390 3520 IPSec - ok
18:59:26.0421 3520 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:59:26.0421 3520 IRENUM - ok
18:59:26.0453 3520 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:59:26.0468 3520 isapnp - ok
18:59:26.0468 3520 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:59:26.0468 3520 Kbdclass - ok
18:59:26.0484 3520 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:59:26.0484 3520 kbdhid - ok
18:59:26.0546 3520 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:59:26.0562 3520 kmixer - ok
18:59:26.0593 3520 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:59:26.0609 3520 KSecDD - ok
18:59:26.0656 3520 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:59:26.0671 3520 lanmanserver - ok
18:59:26.0687 3520 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:59:26.0703 3520 lanmanworkstation - ok
18:59:26.0703 3520 lbrtfdc - ok
18:59:26.0765 3520 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:59:26.0765 3520 LmHosts - ok
18:59:26.0796 3520 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
18:59:26.0796 3520 MBAMProtector - ok
18:59:26.0937 3520 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:59:26.0968 3520 MBAMService - ok
18:59:27.0031 3520 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:59:27.0031 3520 Messenger - ok
18:59:27.0078 3520 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:59:27.0078 3520 mnmdd - ok
18:59:27.0125 3520 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:59:27.0140 3520 mnmsrvc - ok
18:59:27.0171 3520 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:59:27.0171 3520 Modem - ok
18:59:27.0218 3520 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:59:27.0218 3520 Mouclass - ok
18:59:27.0234 3520 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:59:27.0234 3520 mouhid - ok
18:59:27.0281 3520 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:59:27.0296 3520 MountMgr - ok
18:59:27.0296 3520 mraid35x - ok
18:59:27.0343 3520 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:59:27.0359 3520 MRxDAV - ok
18:59:27.0421 3520 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:59:27.0500 3520 MRxSmb - ok
18:59:27.0546 3520 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:59:27.0546 3520 MSDTC - ok
18:59:27.0578 3520 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:59:27.0578 3520 Msfs - ok
18:59:27.0578 3520 MSIServer - ok
18:59:27.0609 3520 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:59:27.0609 3520 MSKSSRV - ok
18:59:27.0640 3520 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:59:27.0640 3520 MSPCLOCK - ok
18:59:27.0640 3520 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:59:27.0640 3520 MSPQM - ok
18:59:27.0687 3520 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:59:27.0687 3520 mssmbios - ok
18:59:27.0750 3520 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:59:27.0750 3520 Mup - ok
18:59:27.0812 3520 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:59:27.0828 3520 napagent - ok
18:59:27.0875 3520 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:59:27.0890 3520 NDIS - ok
18:59:27.0937 3520 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:59:27.0937 3520 NdisTapi - ok
18:59:27.0984 3520 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:59:27.0984 3520 Ndisuio - ok
18:59:28.0000 3520 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:59:28.0000 3520 NdisWan - ok
18:59:28.0062 3520 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:59:28.0062 3520 NDProxy - ok
18:59:28.0093 3520 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:59:28.0093 3520 NetBIOS - ok
18:59:28.0156 3520 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:59:28.0171 3520 NetBT - ok
18:59:28.0250 3520 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:59:28.0281 3520 NetDDE - ok
18:59:28.0296 3520 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:59:28.0296 3520 NetDDEdsdm - ok
18:59:28.0359 3520 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:59:28.0359 3520 Netlogon - ok
18:59:28.0406 3520 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:59:28.0421 3520 Netman - ok
18:59:28.0562 3520 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:59:28.0593 3520 NetTcpPortSharing - ok
18:59:28.0687 3520 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:59:28.0687 3520 Nla - ok
18:59:28.0734 3520 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:59:28.0734 3520 Npfs - ok
18:59:28.0812 3520 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:59:28.0843 3520 Ntfs - ok
18:59:28.0843 3520 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:59:28.0843 3520 NtLmSsp - ok
18:59:28.0906 3520 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:59:28.0937 3520 NtmsSvc - ok
18:59:28.0968 3520 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:59:28.0968 3520 Null - ok
18:59:29.0015 3520 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:59:29.0015 3520 NwlnkFlt - ok
18:59:29.0046 3520 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:59:29.0046 3520 NwlnkFwd - ok
18:59:29.0203 3520 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:59:29.0234 3520 odserv - ok
18:59:29.0296 3520 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:59:29.0312 3520 ose - ok
18:59:29.0390 3520 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:59:29.0406 3520 Parport - ok
18:59:29.0421 3520 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:59:29.0421 3520 PartMgr - ok
18:59:29.0453 3520 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:59:29.0453 3520 ParVdm - ok
18:59:29.0468 3520 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:59:29.0484 3520 PCI - ok
18:59:29.0484 3520 PCIDump - ok
18:59:29.0546 3520 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
18:59:29.0546 3520 PCIIde - ok
18:59:29.0578 3520 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:59:29.0593 3520 Pcmcia - ok
18:59:29.0593 3520 PDCOMP - ok
18:59:29.0593 3520 PDFRAME - ok
18:59:29.0609 3520 PDRELI - ok
18:59:29.0609 3520 PDRFRAME - ok
18:59:29.0625 3520 perc2 - ok
18:59:29.0625 3520 perc2hib - ok
18:59:29.0703 3520 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:59:29.0703 3520 PlugPlay - ok
18:59:29.0750 3520 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:59:29.0750 3520 PolicyAgent - ok
18:59:29.0750 3520 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:59:29.0765 3520 PptpMiniport - ok
18:59:29.0765 3520 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:59:29.0765 3520 ProtectedStorage - ok
18:59:29.0781 3520 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:59:29.0796 3520 PSched - ok
18:59:29.0843 3520 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:59:29.0843 3520 Ptilink - ok
18:59:29.0843 3520 ql1080 - ok
18:59:29.0859 3520 Ql10wnt - ok
18:59:29.0859 3520 ql12160 - ok
18:59:29.0875 3520 ql1240 - ok
18:59:29.0875 3520 ql1280 - ok
18:59:29.0890 3520 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:59:29.0890 3520 RasAcd - ok
18:59:29.0953 3520 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:59:29.0953 3520 RasAuto - ok
18:59:29.0968 3520 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:59:29.0968 3520 Rasl2tp - ok
18:59:30.0031 3520 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:59:30.0046 3520 RasMan - ok
18:59:30.0078 3520 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:59:30.0093 3520 RasPppoe - ok
18:59:30.0140 3520 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:59:30.0140 3520 Raspti - ok
18:59:30.0203 3520 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:59:30.0203 3520 Rdbss - ok
18:59:30.0265 3520 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:59:30.0265 3520 RDPCDD - ok
18:59:30.0328 3520 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:59:30.0343 3520 rdpdr - ok
18:59:30.0390 3520 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:59:30.0390 3520 RDPWD - ok
18:59:30.0437 3520 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:59:30.0453 3520 RDSessMgr - ok
18:59:30.0468 3520 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:59:30.0484 3520 redbook - ok
18:59:30.0531 3520 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:59:30.0531 3520 RemoteAccess - ok
18:59:30.0593 3520 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:59:30.0609 3520 RemoteRegistry - ok
18:59:30.0656 3520 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:59:30.0656 3520 RpcLocator - ok
18:59:30.0734 3520 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:59:30.0734 3520 RpcSs - ok
18:59:30.0796 3520 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:59:30.0812 3520 RSVP - ok
18:59:30.0843 3520 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:59:30.0859 3520 SamSs - ok
18:59:30.0906 3520 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:59:30.0906 3520 SCardSvr - ok
18:59:30.0968 3520 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:59:30.0984 3520 Schedule - ok
18:59:31.0062 3520 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:59:31.0093 3520 Secdrv - ok
18:59:31.0187 3520 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:59:31.0187 3520 seclogon - ok
18:59:31.0281 3520 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
18:59:31.0343 3520 senfilt - ok
18:59:31.0359 3520 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:59:31.0359 3520 SENS - ok
18:59:31.0375 3520 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:59:31.0375 3520 serenum - ok
18:59:31.0437 3520 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:59:31.0453 3520 Serial - ok
18:59:31.0468 3520 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:59:31.0468 3520 Sfloppy - ok
18:59:31.0531 3520 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:59:31.0546 3520 SharedAccess - ok
18:59:31.0609 3520 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:59:31.0609 3520 ShellHWDetection - ok
18:59:31.0609 3520 Simbad - ok
18:59:31.0671 3520 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
18:59:31.0687 3520 smwdm - ok
18:59:31.0703 3520 Sparrow - ok
18:59:31.0750 3520 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:59:31.0750 3520 splitter - ok
18:59:31.0796 3520 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:59:31.0796 3520 Spooler - ok
18:59:31.0843 3520 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:59:31.0859 3520 sr - ok
18:59:31.0921 3520 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:59:31.0937 3520 srservice - ok
18:59:31.0984 3520 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:59:32.0015 3520 Srv - ok
18:59:32.0062 3520 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:59:32.0062 3520 SSDPSRV - ok
18:59:32.0125 3520 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:59:32.0156 3520 stisvc - ok
18:59:32.0171 3520 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:59:32.0171 3520 swenum - ok
18:59:32.0218 3520 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:59:32.0234 3520 swmidi - ok
18:59:32.0234 3520 SwPrv - ok
18:59:32.0250 3520 symc810 - ok
18:59:32.0250 3520 symc8xx - ok
18:59:32.0265 3520 sym_hi - ok
18:59:32.0265 3520 sym_u3 - ok
18:59:32.0281 3520 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:59:32.0281 3520 sysaudio - ok
18:59:32.0328 3520 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:59:32.0328 3520 SysmonLog - ok
18:59:32.0390 3520 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:59:32.0406 3520 TapiSrv - ok
18:59:32.0468 3520 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:59:32.0500 3520 Tcpip - ok
18:59:32.0531 3520 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:59:32.0531 3520 TDPIPE - ok
18:59:32.0531 3520 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:59:32.0531 3520 TDTCP - ok
18:59:32.0562 3520 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:59:32.0562 3520 TermDD - ok
18:59:32.0625 3520 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:59:32.0640 3520 TermService - ok
18:59:32.0703 3520 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:59:32.0703 3520 Themes - ok
18:59:32.0750 3520 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:59:32.0750 3520 TlntSvr - ok
18:59:32.0765 3520 TosIde - ok
18:59:32.0828 3520 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:59:32.0828 3520 TrkWks - ok
18:59:32.0859 3520 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:59:32.0859 3520 Udfs - ok
18:59:32.0875 3520 ultra - ok
18:59:32.0937 3520 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:59:33.0000 3520 Update - ok
18:59:33.0062 3520 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:59:33.0109 3520 upnphost - ok
18:59:33.0156 3520 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:59:33.0171 3520 UPS - ok
18:59:33.0203 3520 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:59:33.0218 3520 USBAAPL - ok
18:59:33.0250 3520 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:59:33.0265 3520 usbehci - ok
18:59:33.0328 3520 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:59:33.0328 3520 usbhub - ok
18:59:33.0375 3520 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:59:33.0375 3520 usbscan - ok
18:59:33.0406 3520 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:59:33.0406 3520 USBSTOR - ok
18:59:33.0453 3520 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:59:33.0453 3520 usbuhci - ok
18:59:33.0468 3520 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:59:33.0468 3520 VgaSave - ok
18:59:33.0468 3520 ViaIde - ok
18:59:33.0484 3520 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:59:33.0500 3520 VolSnap - ok
18:59:33.0562 3520 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:59:33.0578 3520 VSS - ok
18:59:33.0625 3520 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:59:33.0640 3520 W32Time - ok
18:59:33.0687 3520 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:59:33.0703 3520 Wanarp - ok
18:59:33.0734 3520 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
18:59:33.0734 3520 WDC_SAM - ok
18:59:33.0750 3520 WDICA - ok
18:59:33.0765 3520 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:59:33.0765 3520 wdmaud - ok
18:59:33.0828 3520 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:59:33.0828 3520 WebClient - ok
18:59:33.0921 3520 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:59:33.0968 3520 winmgmt - ok
18:59:34.0031 3520 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
18:59:34.0046 3520 WmdmPmSN - ok
18:59:34.0125 3520 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:59:34.0156 3520 Wmi - ok
18:59:34.0218 3520 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:59:34.0218 3520 WmiApSrv - ok
18:59:34.0281 3520 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:59:34.0281 3520 wscsvc - ok
18:59:34.0296 3520 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:59:34.0328 3520 wuauserv - ok
18:59:34.0437 3520 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:59:34.0500 3520 WZCSVC - ok
18:59:34.0531 3520 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:59:34.0546 3520 xmlprov - ok
18:59:34.0562 3520 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:59:34.0750 3520 \Device\Harddisk0\DR0 - ok
18:59:34.0750 3520 Boot (0x1200) (6424ff92796dc7b5135e0a1fa9574d67) \Device\Harddisk0\DR0\Partition0
18:59:34.0750 3520 \Device\Harddisk0\DR0\Partition0 - ok
18:59:34.0750 3520 ============================================================
18:59:34.0750 3520 Scan finished
18:59:34.0750 3520 ============================================================
18:59:34.0765 3280 Detected object count: 0
18:59:34.0765 3280 Actual detected object count: 0
19:00:04.0593 0592 Deinitialize success

#4
Elise
Posted 08 May 2012 - 01:11 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,720 posts
  • Gender:Female
  • Location:Romania
Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image

#5
sjd
Posted 08 May 2012 - 07:30 AM

    New Member

  • Members
  • Pip
  • 3 posts
Ok, done. Here is the combo-fix log:

ComboFix 12-05-08.01 - Valued Customer 04/07/2012 8:13.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.133 [GMT -4:00]
Running from: c:\documents and settings\Valued Customer\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-16 16:01 . 2012-04-16 16:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-04-11 15:42 . 2012-04-11 15:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-04-09 13:43 . 2012-04-09 13:43 -------- d-----w- c:\program files\iPod
2012-04-09 13:43 . 2012-04-09 13:44 -------- d-----w- c:\program files\iTunes
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-18 23:48 . 2012-03-18 23:48 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 23:48 . 2012-03-18 23:48 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-07-26 17:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2006-03-03 22:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 05:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 05:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 05:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 05:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2004-08-04 05:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-12 10:46 . 2011-07-27 03:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-11 19:06 . 2012-02-20 16:57 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2011-01-06 20:30 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-18 23:48 . 2011-07-26 17:34 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-10-06 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-08-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\documents and settings\Valued Customer\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Valued Customer\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/26/2011 1:24 PM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/26/2011 1:23 PM 22344]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 99592903
*Deregistered* - 99592903
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\68syx7ol.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-07 08:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-04-07 08:28:14
ComboFix-quarantined-files.txt 2012-04-07 12:28
.
Pre-Run: 7,514,894,336 bytes free
Post-Run: 9,937,002,496 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3A75D3E951155F715CCC8AF52D2E2A18

#6
Elise
Posted 08 May 2012 - 07:58 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,720 posts
  • Gender:Female
  • Location:Romania
Are you still experiencing redirects at this point?
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image

#7
Maurice Naggar
Posted 11 June 2012 - 07:57 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,146 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
~Maurice Naggar

I close my threads if there is 5 days without a response.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us