Jump to content

willd

Members
  • Posts

    19
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi screen317, Ill see what we can do as far as adding memory. I assume that everything is clear (if there ever was a problem) Is there anything I should clean up, delete or turn back on? If not then I guess you can close this topic. Again than you for all your help. I dont know where I would turn to for help if you all were not here. Thank You, willd
  2. Hello screen317, I'm Still here. This computer ran really fast right after I ran TFC but has gotten slower as time goes by. I know it is an old computer but I still think there is something going on with it.I guess its in the hardware if you havent seen anything going on with it. It is running well enough to use it at least. Any other suggestions you might have for me to try? (buying a new one is out by the way) :)If not then let me know what I need to do to put it all back the way I need to. Thank you for all your help by the way. willd
  3. Hope This is what your lookin for http://www.pcpitstop.com/betapit/sec.asp?conid=24601369
  4. Hello again, Ok I had to hold the power button to shut down the computer it completely froze on me. The Microsoft Security Essentials is turned off on reboot and it said my firewall is disabled. Now it is as slow or slower (if possible) than it was, before we did anything to it. It was running slow but it was workable before the ESET scan found those 2 items.
  5. Hi, Finally found something I think. Here are the results you requested. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=8b14228cf1c24d448e584995c7e2f78f # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-12 01:05:40 # local_time=2011-10-11 08:05:40 (-0600, Central Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5891 16776869 42 87 0 14351779 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=103698 # found=2 # cleaned=2 # scan_time=6720 C:\Program Files\PConPoint\PConPoint.exe a variant of Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP77\A0005653.exe a variant of Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Results of screen317's Security Check version 0.99.24 Windows XP Service Pack 3 x86 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Microsoft Security Essentials ``````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Malwarebytes' Anti-Malware Java 6 Update 26 Java SE Runtime Environment 6 Update 1 Java 6 Update 7 Java 2 Runtime Environment, SE v1.4.2_03 Out of date Java installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe America Online 9.0 aoltray.exe ``````````End of Log```````````` I noticed that my Microsoft security essentials turned its self on so I tried to update it but its stuck on installing it and the computer is really slow right now, Will reboot and let you know how it is then.
  6. This Time I hope TDSSKiller-DDS And ComboFix Logs.zip
  7. I'm Hopeing you can use what I just posed It does not look formatted correctly to me. I am attachibg the notepad files to this in a zip just incase. Sorry willD
  8. I dont know if it matters but I had Explorer.exe quit working do you want to send a report to Microsoft happen twice during this scan. Here is my ComboFix log ComboFix 11-10-10.04 - James Dean 10/10/2011 19:47:16.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.223 [GMT -5:00] Running from: c:\documents and settings\James Dean\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\SPL883.tmp c:\documents and settings\All Users\SPLA1.tmp c:\documents and settings\All Users\SPLD3.tmp c:\documents and settings\Bill Dean\Application Data\alot c:\documents and settings\James Dean\Application Data\alot c:\documents and settings\James Dean\Application Data\alot\BrowserSearch\BrowserSearch.xml c:\documents and settings\James Dean\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup c:\documents and settings\James Dean\Application Data\alot\Button_0\Button_0.xml c:\documents and settings\James Dean\Application Data\alot\Button_0\Button_0.xml.backup c:\documents and settings\James Dean\Application Data\alot\Button_1\Button_1.xml c:\documents and settings\James Dean\Application Data\alot\Button_1\Button_1.xml.backup c:\documents and settings\James Dean\Application Data\alot\Button_2\Button_2.xml c:\documents and settings\James Dean\Application Data\alot\Button_2\Button_2.xml.backup c:\documents and settings\James Dean\Application Data\alot\Button_3\Button_3.xml c:\documents and settings\James Dean\Application Data\alot\Button_3\Button_3.xml.backup c:\documents and settings\James Dean\Application Data\alot\Button_4\Button_4.xml c:\documents and settings\James Dean\Application Data\alot\Button_4\Button_4.xml.backup c:\documents and settings\James Dean\Application Data\alot\Button_5\Button_5.xml c:\documents and settings\James Dean\Application Data\alot\Button_5\Button_5.xml.backup c:\documents and settings\James Dean\Application Data\alot\Button_6\Button_6.xml c:\documents and settings\James Dean\Application Data\alot\Button_6\Button_6.xml.backup c:\documents and settings\James Dean\Application Data\alot\Button_7\Button_7.xml c:\documents and settings\James Dean\Application Data\alot\Button_7\Button_7.xml.backup c:\documents and settings\James Dean\Application Data\alot\Button_8\Button_8.xml c:\documents and settings\James Dean\Application Data\alot\Button_8\Button_8.xml.backup c:\documents and settings\James Dean\Application Data\alot\Button_9\Button_9.xml c:\documents and settings\James Dean\Application Data\alot\Button_9\Button_9.xml.backup c:\documents and settings\James Dean\Application Data\alot\configurator\configurator.xml c:\documents and settings\James Dean\Application Data\alot\configurator\configurator.xml.backup c:\documents and settings\James Dean\Application Data\alot\contextMenu\contextMenu.xml c:\documents and settings\James Dean\Application Data\alot\contextMenu\contextMenu.xml.backup c:\documents and settings\James Dean\Application Data\alot\ErrorSearch\ErrorSearch.xml c:\documents and settings\James Dean\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup c:\documents and settings\James Dean\Application Data\alot\postInstallLayout\postInstallLayout.xml c:\documents and settings\James Dean\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup c:\documents and settings\James Dean\Application Data\alot\preferencesLayout\preferencesLayout.xml c:\documents and settings\James Dean\Application Data\alot\preferencesLayout\preferencesLayout.xml.backup c:\documents and settings\James Dean\Application Data\alot\products\products.xml c:\documents and settings\James Dean\Application Data\alot\products\products.xml.backup c:\documents and settings\James Dean\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html c:\documents and settings\James Dean\Application Data\alot\Resources\BrowserSearch\images\favicon.ico c:\documents and settings\James Dean\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Button_0\images\alot_logo_button.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Button_1\images\alot_image_search.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Button_1\images\alot_news_search.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Button_1\images\alot_search_button.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Button_1\images\alot_shop_search.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Button_1\images\alot_videos_search.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Button_1\images\alot_web_search.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_2\images\alot_configure.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Button_2\images\alot_configure.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_3\images\default_1008_alot_map_widget_default.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Button_3\images\default_1008_alot_map_widget_default.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_4\images\1011_icon.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Button_4\images\1011_icon.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_5\images\default_1870_mrkt_traffic.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Button_5\images\default_1870_mrkt_traffic.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_6\images\alert-icon.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_6\images\clear.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_6\images\cloudy.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_6\images\default_1007_alot_weather_widget.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Button_6\images\default_1007_alot_weather_widget.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_6\images\mcloud.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_6\images\nclear.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_6\images\nmcloud.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_6\images\pcloud.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_6\images\rain.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_6\images\shower.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_6\images\tstorm.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_7\images\default_2254_email.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Button_7\images\default_2254_email.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_7\images\icon_configure.JPG c:\documents and settings\James Dean\Application Data\alot\Resources\Button_8\images\2775_icon.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Button_8\images\2775_icon.png c:\documents and settings\James Dean\Application Data\alot\Resources\Button_9\images\4712_icon.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Button_9\images\4712_icon.png c:\documents and settings\James Dean\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\contextMenu\images\alot_icon.png c:\documents and settings\James Dean\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png c:\documents and settings\James Dean\Application Data\alot\Resources\Shared\domains.dat c:\documents and settings\James Dean\Application Data\alot\Resources\Shared\images\alot_brand.png c:\documents and settings\James Dean\Application Data\alot\Resources\Shared\images\alot_splitter.png c:\documents and settings\James Dean\Application Data\alot\Resources\Shared\images\discover.png c:\documents and settings\James Dean\Application Data\alot\Resources\Shared\images\intro_popup.png c:\documents and settings\James Dean\Application Data\alot\Resources\Shared\images\spinner.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Shared\images\widget_bottom.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Shared\images\widget_btnconfig0.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Shared\images\widget_btnconfig1.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Shared\images\widget_btnrefresh0.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Shared\images\widget_btnrefresh1.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Shared\images\widget_caption.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Shared\images\widget_error_close.bmp c:\documents and settings\James Dean\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp c:\documents and settings\James Dean\Application Data\alot\TimerManager\TimerManager.xml c:\documents and settings\James Dean\Application Data\alot\TimerManager\TimerManager.xml.backup c:\documents and settings\James Dean\Application Data\alot\toolbar.xml c:\documents and settings\James Dean\Application Data\alot\toolbar.xml.backup c:\documents and settings\James Dean\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml c:\documents and settings\James Dean\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup c:\documents and settings\James Dean\Application Data\alot\ToolbarSearch\ToolbarSearch.xml c:\documents and settings\James Dean\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup c:\documents and settings\James Dean\Application Data\alot\Updater\Updater.xml c:\documents and settings\James Dean\Application Data\alot\Updater\Updater.xml.backup c:\documents and settings\James Dean\WINDOWS c:\windows\system32\_000005_.tmp.dll c:\windows\system32\bszip.dll . . ((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 ))))))))))))))))))))))))))))))) . . 2011-10-11 00:01 . 2011-10-11 00:02 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64585DC6-5F4A-4467-A0B1-50934309035C}\MpKsl770cbfff.sys 2011-10-10 23:52 . 2011-10-10 23:52 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64585DC6-5F4A-4467-A0B1-50934309035C}\MpKsl3abd3ed7.sys 2011-10-10 23:47 . 2011-10-11 00:00 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64585DC6-5F4A-4467-A0B1-50934309035C}\offreg.dll 2011-10-10 23:46 . 2011-09-12 23:14 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64585DC6-5F4A-4467-A0B1-50934309035C}\mpengine.dll 2011-09-24 20:20 . 2011-09-24 20:20 -------- d-----w- c:\documents and settings\James Dean\Local Settings\Application Data\FixItCenter 2011-09-24 19:34 . 2011-09-24 19:34 -------- d-----w- c:\windows\MATS 2011-09-24 19:33 . 2011-09-24 19:35 -------- d-----w- c:\program files\Microsoft Fix it Center . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-12 23:14 . 2011-02-03 22:17 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-09-09 09:12 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-08-31 22:00 . 2011-06-25 11:56 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-12 02:44 . 2011-08-23 08:02 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll 2011-07-19 19:38 . 2007-07-01 19:16 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-07-19 19:38 . 2011-07-19 19:40 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-15 13:29 . 2005-10-13 14:56 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2004-07-30 15:56 . 2005-11-07 20:23 90112 ----a-w- c:\program files\Common Files\PCSBclean.exe 2004-07-26 21:30 . 2005-11-07 19:57 291840 ----a-w- c:\program files\Common Files\PCSBoff.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-10-13 26112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-10-13 98304] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-07-22 430080] "MemoryCardManager"="c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2005-06-27 282624] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "MBBalloon"="c:\program files\HOTALBUMMyBOX\MBBalloon.exe" [2008-11-26 791392] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 69632] "basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-10-13 156784] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-13 24576] Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2008-1-14 442368] MediaChecker.lnk - c:\program files\HOTALBUMMyBOX\MediaChecker.exe [2007-2-13 917344] Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= . R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [3/20/2007 2:45 PM 15172] R1 MpKsl3abd3ed7;MpKsl3abd3ed7;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64585DC6-5F4A-4467-A0B1-50934309035C}\MpKsl3abd3ed7.sys [10/10/2011 6:52 PM 28752] R1 MpKsl770cbfff;MpKsl770cbfff;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64585DC6-5F4A-4467-A0B1-50934309035C}\MpKsl770cbfff.sys [10/10/2011 7:01 PM 28752] R1 MpKsl7d72fc0f;MpKsl7d72fc0f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55E42509-3977-4CBA-B0C7-8CF779727A7B}\MpKsl7d72fc0f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55E42509-3977-4CBA-B0C7-8CF779727A7B}\MpKsl7d72fc0f.sys [?] R1 MpKsld049f697;MpKsld049f697;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55E42509-3977-4CBA-B0C7-8CF779727A7B}\MpKsld049f697.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55E42509-3977-4CBA-B0C7-8CF779727A7B}\MpKsld049f697.sys [?] R2 HPFECP12;HPFECP12;c:\windows\system32\drivers\HPFecp12.sys [10/19/1998 5:19 AM 52800] S1 MpKsl07d5673d;MpKsl07d5673d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CC29F7E-E807-40EE-98C2-F49133E1EDFF}\MpKsl07d5673d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CC29F7E-E807-40EE-98C2-F49133E1EDFF}\MpKsl07d5673d.sys [?] S1 MpKsl12d948c9;MpKsl12d948c9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{736465DF-7C4D-49BF-84B3-0E420C9222F0}\MpKsl12d948c9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{736465DF-7C4D-49BF-84B3-0E420C9222F0}\MpKsl12d948c9.sys [?] S1 MpKsl20aabb81;MpKsl20aabb81;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27066BCC-6916-49B9-838D-286BA653B910}\MpKsl20aabb81.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27066BCC-6916-49B9-838D-286BA653B910}\MpKsl20aabb81.sys [?] S1 MpKsl421cd748;MpKsl421cd748;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{410505E5-BE2E-44B6-8215-72D117DA82E4}\MpKsl421cd748.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{410505E5-BE2E-44B6-8215-72D117DA82E4}\MpKsl421cd748.sys [?] S1 MpKsl5972f8a4;MpKsl5972f8a4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{48DDF77E-2577-4674-986E-AD3928CE2070}\MpKsl5972f8a4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{48DDF77E-2577-4674-986E-AD3928CE2070}\MpKsl5972f8a4.sys [?] S1 MpKsl63233f3d;MpKsl63233f3d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55E42509-3977-4CBA-B0C7-8CF779727A7B}\MpKsl63233f3d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55E42509-3977-4CBA-B0C7-8CF779727A7B}\MpKsl63233f3d.sys [?] S1 MpKsl6eaf2a50;MpKsl6eaf2a50;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{736465DF-7C4D-49BF-84B3-0E420C9222F0}\MpKsl6eaf2a50.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{736465DF-7C4D-49BF-84B3-0E420C9222F0}\MpKsl6eaf2a50.sys [?] S1 MpKsl8364c35f;MpKsl8364c35f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B702766-A459-4691-A96A-2E2E030520A9}\MpKsl8364c35f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B702766-A459-4691-A96A-2E2E030520A9}\MpKsl8364c35f.sys [?] S1 MpKsl8f49281a;MpKsl8f49281a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0EFF2FA7-DCC6-4787-BC12-2DAC21E766A3}\MpKsl8f49281a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0EFF2FA7-DCC6-4787-BC12-2DAC21E766A3}\MpKsl8f49281a.sys [?] S1 MpKsl95cd5031;MpKsl95cd5031;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{736465DF-7C4D-49BF-84B3-0E420C9222F0}\MpKsl95cd5031.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{736465DF-7C4D-49BF-84B3-0E420C9222F0}\MpKsl95cd5031.sys [?] S1 MpKsla98db9d8;MpKsla98db9d8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CC29F7E-E807-40EE-98C2-F49133E1EDFF}\MpKsla98db9d8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CC29F7E-E807-40EE-98C2-F49133E1EDFF}\MpKsla98db9d8.sys [?] S1 MpKslba1d1f4a;MpKslba1d1f4a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04015F3E-10BC-4392-9DCD-B84AEF628570}\MpKslba1d1f4a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04015F3E-10BC-4392-9DCD-B84AEF628570}\MpKslba1d1f4a.sys [?] S1 MpKslc2e1e80a;MpKslc2e1e80a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{46748694-BEF1-4654-A646-11C26FA420EE}\MpKslc2e1e80a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{46748694-BEF1-4654-A646-11C26FA420EE}\MpKslc2e1e80a.sys [?] S1 MpKslc585ef58;MpKslc585ef58;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7DFEA5F9-1D42-470B-AC0C-DB0AB2D2766F}\MpKslc585ef58.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7DFEA5F9-1D42-470B-AC0C-DB0AB2D2766F}\MpKslc585ef58.sys [?] S1 MpKsldbd3fc6e;MpKsldbd3fc6e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6576914-5675-4007-AF23-40F16E9D54A5}\MpKsldbd3fc6e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6576914-5675-4007-AF23-40F16E9D54A5}\MpKsldbd3fc6e.sys [?] S1 MpKslded52ce6;MpKslded52ce6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{717B0574-E912-4046-A1B3-C45735E9450D}\MpKslded52ce6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{717B0574-E912-4046-A1B3-C45735E9450D}\MpKslded52ce6.sys [?] S1 MpKsle34509d4;MpKsle34509d4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{410505E5-BE2E-44B6-8215-72D117DA82E4}\MpKsle34509d4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{410505E5-BE2E-44B6-8215-72D117DA82E4}\MpKsle34509d4.sys [?] S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 7:44 PM 580992] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL770CBFFF . Contents of the 'Scheduled Tasks' folder . 2011-10-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 20:25] . 2011-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:02] . 2011-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:02] . 2011-10-11 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39] . . ------- Supplementary Scan ------- . uStart Page = hxxp://forums.malwarebytes.org/index.php?app=core&module=search&do=user_activity&mid=63778 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html Trusted Zone: comcast.net\www TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-10 20:12 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-4273664986-2362186299-283807526-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . Completion time: 2011-10-10 20:20:20 ComboFix-quarantined-files.txt 2011-10-11 01:20 . Pre-Run: 41,827,512,320 bytes free Post-Run: 42,557,120,512 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 149A535EF65F4C0BB5BA943425C26735 Here is my DDS report: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by James Dean at 20:21:36 on 2011-10-10 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.179 [GMT -5:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\dlcdcoms.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://forums.malwarebytes.org/index.php?app=core&module=search&do=user_activity&mid=63778 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [dlcdmon.exe] "c:\program files\dell photo aio printer 944\dlcdmon.exe" mRun: [MemoryCardManager] c:\program files\dell photo aio printer 944\memcard.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [MBBalloon] c:\program files\hotalbummybox\MBBalloon.exe mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [DLCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCDtime.dll,_RunDLLEntry@16 mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\printmaster\PMremind.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mediac~1.lnk - c:\program files\hotalbummybox\MediaChecker.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: comcast.net\www DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} - hxxp://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{CDDA4564-75E9-4B7B-9132-C07332E415A0} : DhcpNameServer = 192.168.1.1 Notify: igfxcui - igfxdev.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ============= SERVICES / DRIVERS =============== . R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2007-3-20 15172] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 MpKsl3abd3ed7;MpKsl3abd3ed7;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{64585dc6-5f4a-4467-a0b1-50934309035c}\MpKsl3abd3ed7.sys [2011-10-10 28752] R1 MpKsl770cbfff;MpKsl770cbfff;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{64585dc6-5f4a-4467-a0b1-50934309035c}\MpKsl770cbfff.sys [2011-10-10 28752] R1 MpKsl7d72fc0f;MpKsl7d72fc0f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{55e42509-3977-4cba-b0c7-8cf779727a7b}\mpksl7d72fc0f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{55e42509-3977-4cba-b0c7-8cf779727a7b}\MpKsl7d72fc0f.sys [?] R1 MpKsld049f697;MpKsld049f697;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{55e42509-3977-4cba-b0c7-8cf779727a7b}\mpksld049f697.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{55e42509-3977-4cba-b0c7-8cf779727a7b}\MpKsld049f697.sys [?] R2 HPFECP12;HPFECP12;c:\windows\system32\drivers\HPFecp12.sys [1998-10-19 52800] R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?] S1 MpKsl07d5673d;MpKsl07d5673d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8cc29f7e-e807-40ee-98c2-f49133e1edff}\mpksl07d5673d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8cc29f7e-e807-40ee-98c2-f49133e1edff}\MpKsl07d5673d.sys [?] S1 MpKsl12d948c9;MpKsl12d948c9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{736465df-7c4d-49bf-84b3-0e420c9222f0}\mpksl12d948c9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{736465df-7c4d-49bf-84b3-0e420c9222f0}\MpKsl12d948c9.sys [?] S1 MpKsl20aabb81;MpKsl20aabb81;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27066bcc-6916-49b9-838d-286ba653b910}\mpksl20aabb81.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27066bcc-6916-49b9-838d-286ba653b910}\MpKsl20aabb81.sys [?] S1 MpKsl421cd748;MpKsl421cd748;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{410505e5-be2e-44b6-8215-72d117da82e4}\mpksl421cd748.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{410505e5-be2e-44b6-8215-72d117da82e4}\MpKsl421cd748.sys [?] S1 MpKsl5972f8a4;MpKsl5972f8a4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{48ddf77e-2577-4674-986e-ad3928ce2070}\mpksl5972f8a4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{48ddf77e-2577-4674-986e-ad3928ce2070}\MpKsl5972f8a4.sys [?] S1 MpKsl63233f3d;MpKsl63233f3d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{55e42509-3977-4cba-b0c7-8cf779727a7b}\mpksl63233f3d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{55e42509-3977-4cba-b0c7-8cf779727a7b}\MpKsl63233f3d.sys [?] S1 MpKsl6eaf2a50;MpKsl6eaf2a50;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{736465df-7c4d-49bf-84b3-0e420c9222f0}\mpksl6eaf2a50.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{736465df-7c4d-49bf-84b3-0e420c9222f0}\MpKsl6eaf2a50.sys [?] S1 MpKsl8364c35f;MpKsl8364c35f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b702766-a459-4691-a96a-2e2e030520a9}\mpksl8364c35f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b702766-a459-4691-a96a-2e2e030520a9}\MpKsl8364c35f.sys [?] S1 MpKsl8f49281a;MpKsl8f49281a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0eff2fa7-dcc6-4787-bc12-2dac21e766a3}\mpksl8f49281a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0eff2fa7-dcc6-4787-bc12-2dac21e766a3}\MpKsl8f49281a.sys [?] S1 MpKsl95cd5031;MpKsl95cd5031;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{736465df-7c4d-49bf-84b3-0e420c9222f0}\mpksl95cd5031.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{736465df-7c4d-49bf-84b3-0e420c9222f0}\MpKsl95cd5031.sys [?] S1 MpKsla98db9d8;MpKsla98db9d8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8cc29f7e-e807-40ee-98c2-f49133e1edff}\mpksla98db9d8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8cc29f7e-e807-40ee-98c2-f49133e1edff}\MpKsla98db9d8.sys [?] S1 MpKslba1d1f4a;MpKslba1d1f4a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{04015f3e-10bc-4392-9dcd-b84aef628570}\mpkslba1d1f4a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{04015f3e-10bc-4392-9dcd-b84aef628570}\MpKslba1d1f4a.sys [?] S1 MpKslc2e1e80a;MpKslc2e1e80a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{46748694-bef1-4654-a646-11c26fa420ee}\mpkslc2e1e80a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{46748694-bef1-4654-a646-11c26fa420ee}\MpKslc2e1e80a.sys [?] S1 MpKslc585ef58;MpKslc585ef58;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7dfea5f9-1d42-470b-ac0c-db0ab2d2766f}\mpkslc585ef58.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7dfea5f9-1d42-470b-ac0c-db0ab2d2766f}\MpKslc585ef58.sys [?] S1 MpKsldbd3fc6e;MpKsldbd3fc6e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d6576914-5675-4007-af23-40f16e9d54a5}\mpksldbd3fc6e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d6576914-5675-4007-af23-40f16e9d54a5}\MpKsldbd3fc6e.sys [?] S1 MpKslded52ce6;MpKslded52ce6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{717b0574-e912-4046-a1b3-c45735e9450d}\mpkslded52ce6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{717b0574-e912-4046-a1b3-c45735e9450d}\MpKslded52ce6.sys [?] S1 MpKsle34509d4;MpKsle34509d4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{410505e5-be2e-44b6-8215-72d117da82e4}\mpksle34509d4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{410505e5-be2e-44b6-8215-72d117da82e4}\MpKsle34509d4.sys [?] S2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664] S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568] . =============== Created Last 30 ================ . 2011-10-11 00:40:29 -------- d-sha-r- C:\cmdcons 2011-10-11 00:14:11 98816 ----a-w- c:\windows\sed.exe 2011-10-11 00:14:11 518144 ----a-w- c:\windows\SWREG.exe 2011-10-11 00:14:11 256000 ----a-w- c:\windows\PEV.exe 2011-10-11 00:14:11 208896 ----a-w- c:\windows\MBR.exe 2011-10-11 00:01:59 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{64585dc6-5f4a-4467-a0b1-50934309035c}\MpKsl770cbfff.sys 2011-10-10 23:52:55 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{64585dc6-5f4a-4467-a0b1-50934309035c}\MpKsl3abd3ed7.sys 2011-10-10 23:47:54 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{64585dc6-5f4a-4467-a0b1-50934309035c}\offreg.dll 2011-10-10 23:46:33 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{64585dc6-5f4a-4467-a0b1-50934309035c}\mpengine.dll 2011-09-24 20:20:02 -------- d-----w- c:\documents and settings\james dean\local settings\application data\FixItCenter 2011-09-24 19:34:20 -------- d-----w- c:\windows\MATS 2011-09-24 19:33:22 -------- d-----w- c:\program files\Microsoft Fix it Center . ==================== Find3M ==================== . 2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-19 19:38:48 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-07-19 19:38:46 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2004-07-30 15:56:22 90112 ----a-w- c:\program files\common files\PCSBclean.exe 2004-07-26 21:30:14 291840 ----a-w- c:\program files\common files\PCSBoff.exe . ============= FINISH: 20:22:46.20 =============== attach.zip
  9. Hello Screen317, Thank you for helping me with this. MBAM gave me a BSOD 29 minutes into the scan so I have no log for it. Here is my TDSS Report 07:40:36.0671 1336 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06 07:40:37.0343 1336 ============================================================ 07:40:37.0343 1336 Current date / time: 2011/10/10 07:40:37.0343 07:40:37.0343 1336 SystemInfo: 07:40:37.0343 1336 07:40:37.0343 1336 OS Version: 5.1.2600 ServicePack: 3.0 07:40:37.0343 1336 Product type: Workstation 07:40:37.0375 1336 ComputerName: DADSCOMPUTER 07:40:37.0375 1336 UserName: James Dean 07:40:37.0375 1336 Windows directory: C:\WINDOWS 07:40:37.0375 1336 System windows directory: C:\WINDOWS 07:40:37.0375 1336 Processor architecture: Intel x86 07:40:37.0375 1336 Number of processors: 1 07:40:37.0375 1336 Page size: 0x1000 07:40:37.0375 1336 Boot type: Normal boot 07:40:37.0375 1336 ============================================================ 07:41:09.0796 1336 Initialize success 07:41:19.0890 3412 ============================================================ 07:41:19.0890 3412 Scan started 07:41:19.0890 3412 Mode: Manual; 07:41:19.0890 3412 ============================================================ 07:41:41.0109 3412 Abiosdsk - ok 07:41:42.0984 3412 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 07:41:43.0171 3412 abp480n5 - ok 07:41:44.0984 3412 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 07:41:45.0468 3412 ACPI - ok 07:41:46.0937 3412 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 07:41:47.0046 3412 ACPIEC - ok 07:41:48.0828 3412 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 07:41:49.0140 3412 adpu160m - ok 07:41:50.0968 3412 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 07:41:51.0375 3412 aec - ok 07:41:53.0015 3412 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys 07:41:53.0046 3412 Afc - ok 07:41:54.0796 3412 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 07:41:55.0093 3412 AFD - ok 07:41:56.0859 3412 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 07:41:57.0000 3412 agp440 - ok 07:41:58.0703 3412 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 07:41:58.0781 3412 agpCPQ - ok 07:42:00.0484 3412 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 07:42:00.0593 3412 Aha154x - ok 07:42:02.0156 3412 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 07:42:02.0406 3412 aic78u2 - ok 07:42:04.0078 3412 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 07:42:04.0203 3412 aic78xx - ok 07:42:05.0765 3412 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 07:42:05.0921 3412 AliIde - ok 07:42:07.0343 3412 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 07:42:07.0531 3412 alim1541 - ok 07:42:09.0250 3412 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 07:42:09.0375 3412 amdagp - ok 07:42:11.0031 3412 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 07:42:11.0125 3412 amsint - ok 07:42:15.0453 3412 APL531 (1fc8a7e5c3aed31f00940c6ab2fd9b49) C:\WINDOWS\system32\Drivers\ov550i.sys 07:42:16.0718 3412 APL531 - ok 07:42:18.0843 3412 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 07:42:19.0062 3412 asc - ok 07:42:20.0687 3412 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 07:42:20.0843 3412 asc3350p - ok 07:42:22.0359 3412 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 07:42:22.0375 3412 asc3550 - ok 07:42:23.0703 3412 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 07:42:23.0796 3412 ASCTRM - ok 07:42:25.0281 3412 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 07:42:25.0390 3412 AsyncMac - ok 07:42:26.0875 3412 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 07:42:26.0875 3412 atapi - ok 07:42:29.0078 3412 Atdisk - ok 07:42:34.0109 3412 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 07:42:34.0203 3412 Atmarpc - ok 07:42:36.0687 3412 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 07:42:36.0953 3412 audstub - ok 07:42:40.0453 3412 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 07:42:40.0703 3412 Beep - ok 07:42:42.0375 3412 bvrp_pci - ok 07:42:44.0156 3412 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 07:42:44.0390 3412 cbidf - ok 07:42:46.0062 3412 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 07:42:46.0062 3412 cbidf2k - ok 07:42:47.0609 3412 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 07:42:47.0796 3412 CCDECODE - ok 07:42:49.0234 3412 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 07:42:49.0453 3412 cd20xrnt - ok 07:42:52.0359 3412 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 07:42:52.0484 3412 Cdaudio - ok 07:42:55.0515 3412 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 07:42:55.0656 3412 Cdfs - ok 07:42:57.0843 3412 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 07:42:58.0000 3412 Cdrom - ok 07:42:59.0312 3412 Changer - ok 07:43:01.0250 3412 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 07:43:01.0468 3412 CmdIde - ok 07:43:04.0984 3412 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 07:43:05.0062 3412 Cpqarray - ok 07:43:09.0218 3412 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 07:43:09.0609 3412 dac2w2k - ok 07:43:11.0296 3412 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 07:43:11.0390 3412 dac960nt - ok 07:43:12.0593 3412 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 07:43:12.0718 3412 Disk - ok 07:43:15.0312 3412 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 07:43:16.0609 3412 dmboot - ok 07:43:17.0640 3412 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 07:43:17.0953 3412 dmio - ok 07:43:19.0625 3412 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 07:43:19.0718 3412 dmload - ok 07:43:21.0062 3412 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 07:43:21.0218 3412 DMusic - ok 07:43:23.0000 3412 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 07:43:23.0093 3412 dpti2o - ok 07:43:24.0359 3412 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 07:43:24.0437 3412 drmkaud - ok 07:43:26.0140 3412 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys 07:43:26.0343 3412 drvmcdb - ok 07:43:27.0656 3412 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys 07:43:27.0687 3412 drvnddm - ok 07:43:28.0750 3412 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 07:43:28.0859 3412 DSproct - ok 07:43:30.0000 3412 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 07:43:30.0093 3412 dsunidrv - ok 07:43:32.0218 3412 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys 07:43:32.0500 3412 E100B - ok 07:43:34.0156 3412 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 07:43:34.0500 3412 Fastfat - ok 07:43:35.0171 3412 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 07:43:35.0281 3412 Fdc - ok 07:43:35.0953 3412 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 07:43:36.0125 3412 Fips - ok 07:43:37.0031 3412 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 07:43:37.0109 3412 Flpydisk - ok 07:43:37.0890 3412 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 07:43:38.0156 3412 FltMgr - ok 07:43:39.0437 3412 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 07:43:39.0484 3412 Fs_Rec - ok 07:43:42.0234 3412 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 07:43:42.0437 3412 Ftdisk - ok 07:43:46.0531 3412 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 07:43:46.0687 3412 GEARAspiWDM - ok 07:43:48.0296 3412 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 07:43:48.0437 3412 Gpc - ok 07:43:50.0187 3412 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 07:43:50.0281 3412 HidUsb - ok 07:43:51.0906 3412 HPFECP12 (17e53c5a710b0d47f86a86f22b04f682) C:\WINDOWS\System32\drivers\HPFECP12.SYS 07:43:51.0968 3412 HPFECP12 - ok 07:43:53.0812 3412 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 07:43:53.0906 3412 hpn - ok 07:43:56.0062 3412 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 07:43:56.0734 3412 HSFHWBS2 - ok 07:43:59.0281 3412 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 07:44:00.0593 3412 HSF_DP - ok 07:44:02.0671 3412 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 07:44:03.0031 3412 HTTP - ok 07:44:04.0265 3412 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 07:44:04.0296 3412 i2omgmt - ok 07:44:05.0515 3412 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 07:44:05.0640 3412 i2omp - ok 07:44:07.0984 3412 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 07:44:08.0078 3412 i8042prt - ok 07:44:09.0562 3412 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 07:44:12.0531 3412 ialm - ok 07:44:13.0578 3412 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 07:44:13.0609 3412 Imapi - ok 07:44:15.0171 3412 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 07:44:15.0265 3412 ini910u - ok 07:44:16.0656 3412 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 07:44:16.0703 3412 IntelIde - ok 07:44:17.0687 3412 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 07:44:17.0750 3412 intelppm - ok 07:44:19.0203 3412 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 07:44:19.0375 3412 Ip6Fw - ok 07:44:20.0937 3412 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 07:44:21.0125 3412 IpFilterDriver - ok 07:44:23.0093 3412 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 07:44:23.0140 3412 IpInIp - ok 07:44:24.0265 3412 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 07:44:24.0343 3412 IpNat - ok 07:44:25.0453 3412 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 07:44:25.0531 3412 IPSec - ok 07:44:26.0593 3412 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 07:44:26.0640 3412 IRENUM - ok 07:44:27.0859 3412 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 07:44:28.0093 3412 isapnp - ok 07:44:31.0015 3412 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 07:44:32.0828 3412 Kbdclass - ok 07:44:34.0406 3412 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 07:44:34.0625 3412 kbdhid - ok 07:44:35.0812 3412 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 07:44:35.0906 3412 kmixer - ok 07:44:37.0234 3412 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 07:44:37.0406 3412 KSecDD - ok 07:44:38.0312 3412 lbrtfdc - ok 07:44:39.0468 3412 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 07:44:39.0500 3412 mdmxsdk - ok 07:44:40.0421 3412 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 07:44:40.0531 3412 mnmdd - ok 07:44:41.0390 3412 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 07:44:41.0421 3412 Modem - ok 07:44:42.0171 3412 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 07:44:42.0203 3412 MODEMCSA - ok 07:44:43.0437 3412 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 07:44:43.0484 3412 Mouclass - ok 07:44:45.0265 3412 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 07:44:45.0343 3412 MountMgr - ok 07:44:46.0468 3412 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 07:44:46.0687 3412 MpFilter - ok 07:44:47.0406 3412 MpKsl07d5673d - ok 07:44:47.0937 3412 MpKsl12d948c9 - ok 07:44:48.0843 3412 MpKsl20aabb81 - ok 07:44:49.0375 3412 MpKsl421cd748 - ok 07:44:50.0078 3412 MpKsl5972f8a4 - ok 07:44:50.0796 3412 MpKsl63233f3d (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55E42509-3977-4CBA-B0C7-8CF779727A7B}\MpKsl63233f3d.sys 07:44:51.0046 3412 MpKsl63233f3d - ok 07:44:51.0843 3412 MpKsl6eaf2a50 - ok 07:44:52.0468 3412 MpKsl8364c35f - ok 07:44:53.0187 3412 MpKsl8f49281a - ok 07:44:54.0062 3412 MpKsl95cd5031 - ok 07:44:54.0796 3412 MpKsla98db9d8 - ok 07:44:55.0484 3412 MpKslba1d1f4a - ok 07:44:56.0734 3412 MpKslc2e1e80a - ok 07:44:57.0406 3412 MpKslc585ef58 - ok 07:44:58.0078 3412 MpKsldbd3fc6e - ok 07:44:58.0406 3412 MpKslded52ce6 - ok 07:44:58.0796 3412 MpKsle34509d4 - ok 07:45:00.0812 3412 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 07:45:00.0984 3412 mraid35x - ok 07:45:03.0843 3412 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 07:45:04.0171 3412 MRxDAV - ok 07:45:07.0625 3412 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 07:45:08.0812 3412 MRxSmb - ok 07:45:10.0296 3412 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 07:45:10.0312 3412 Msfs - ok 07:45:11.0468 3412 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 07:45:11.0500 3412 MSKSSRV - ok 07:45:12.0750 3412 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 07:45:12.0812 3412 MSPCLOCK - ok 07:45:14.0000 3412 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 07:45:14.0046 3412 MSPQM - ok 07:45:15.0187 3412 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 07:45:15.0281 3412 mssmbios - ok 07:45:16.0171 3412 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 07:45:16.0187 3412 MSTEE - ok 07:45:17.0843 3412 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 07:45:18.0406 3412 Mup - ok 07:45:23.0375 3412 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 07:45:23.0812 3412 NABTSFEC - ok 07:45:25.0937 3412 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 07:45:26.0156 3412 NDIS - ok 07:45:27.0218 3412 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 07:45:27.0265 3412 NdisIP - ok 07:45:28.0343 3412 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 07:45:28.0437 3412 NdisTapi - ok 07:45:29.0531 3412 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 07:45:29.0609 3412 Ndisuio - ok 07:45:32.0015 3412 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 07:45:32.0500 3412 NdisWan - ok 07:45:35.0593 3412 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 07:45:35.0921 3412 NDProxy - ok 07:45:36.0984 3412 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 07:45:37.0015 3412 NetBIOS - ok 07:45:38.0218 3412 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 07:45:38.0406 3412 NetBT - ok 07:45:39.0625 3412 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 07:45:39.0687 3412 Npfs - ok 07:45:41.0343 3412 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 07:45:41.0765 3412 Ntfs - ok 07:45:43.0203 3412 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 07:45:43.0234 3412 Null - ok 07:45:46.0437 3412 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 07:45:48.0250 3412 nv - ok 07:45:49.0203 3412 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 07:45:49.0500 3412 NwlnkFlt - ok 07:45:50.0859 3412 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 07:45:50.0875 3412 NwlnkFwd - ok 07:45:51.0906 3412 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 07:45:52.0031 3412 Parport - ok 07:45:53.0187 3412 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 07:45:53.0218 3412 PartMgr - ok 07:45:54.0359 3412 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 07:45:54.0484 3412 ParVdm - ok 07:45:55.0515 3412 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 07:45:55.0593 3412 PCI - ok 07:45:56.0687 3412 PCIDump - ok 07:45:58.0031 3412 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 07:45:58.0046 3412 PCIIde - ok 07:46:00.0687 3412 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 07:46:01.0312 3412 Pcmcia - ok 07:46:03.0390 3412 PDCOMP - ok 07:46:04.0906 3412 PDFRAME - ok 07:46:05.0656 3412 PDRELI - ok 07:46:07.0093 3412 PDRELI - ok 07:46:08.0250 3412 PDRFRAME - ok 07:46:10.0156 3412 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 07:46:10.0187 3412 perc2 - ok 07:46:13.0078 3412 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 07:46:13.0265 3412 perc2hib - ok 07:46:15.0062 3412 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 07:46:15.0203 3412 PptpMiniport - ok 07:46:16.0281 3412 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 07:46:16.0453 3412 PSched - ok 07:46:17.0265 3412 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 07:46:17.0343 3412 Ptilink - ok 07:46:18.0046 3412 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys 07:46:18.0156 3412 PxHelp20 - ok 07:46:19.0062 3412 PzWDM (36cf3653d367cbc72a38625543f3d4d1) C:\WINDOWS\system32\Drivers\PzWDM.sys 07:46:19.0156 3412 PzWDM - ok 07:46:20.0140 3412 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 07:46:20.0937 3412 ql1080 - ok 07:46:22.0781 3412 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 07:46:22.0843 3412 Ql10wnt - ok 07:46:25.0781 3412 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 07:46:25.0953 3412 ql12160 - ok 07:46:27.0484 3412 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 07:46:27.0578 3412 ql1240 - ok 07:46:28.0781 3412 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 07:46:28.0812 3412 ql1280 - ok 07:46:29.0812 3412 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 07:46:29.0890 3412 RasAcd - ok 07:46:30.0937 3412 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 07:46:31.0093 3412 Rasl2tp - ok 07:46:32.0015 3412 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 07:46:32.0171 3412 RasPppoe - ok 07:46:32.0843 3412 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 07:46:32.0875 3412 Raspti - ok 07:46:33.0765 3412 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 07:46:34.0218 3412 Rdbss - ok 07:46:35.0125 3412 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 07:46:35.0140 3412 RDPCDD - ok 07:46:36.0015 3412 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 07:46:36.0078 3412 rdpdr - ok 07:46:37.0187 3412 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 07:46:37.0390 3412 RDPWD - ok 07:46:38.0531 3412 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 07:46:38.0625 3412 redbook - ok 07:46:39.0781 3412 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 07:46:39.0890 3412 Secdrv - ok 07:46:41.0093 3412 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys 07:46:41.0953 3412 senfilt - ok 07:46:42.0796 3412 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 07:46:42.0875 3412 serenum - ok 07:46:43.0781 3412 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 07:46:43.0828 3412 Serial - ok 07:46:45.0328 3412 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 07:46:45.0500 3412 Sfloppy - ok 07:46:46.0156 3412 Simbad - ok 07:46:47.0015 3412 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 07:46:47.0171 3412 sisagp - ok 07:46:47.0984 3412 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 07:46:48.0046 3412 SLIP - ok 07:46:49.0078 3412 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys 07:46:49.0531 3412 smwdm - ok 07:46:50.0531 3412 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 07:46:50.0671 3412 Sparrow - ok 07:46:51.0343 3412 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 07:46:51.0406 3412 splitter - ok 07:46:52.0171 3412 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 07:46:52.0343 3412 sr - ok 07:46:53.0343 3412 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 07:46:53.0593 3412 Srv - ok 07:46:55.0187 3412 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys 07:46:55.0281 3412 sscdbhk5 - ok 07:46:56.0453 3412 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys 07:46:56.0484 3412 ssrtln - ok 07:46:57.0484 3412 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 07:46:57.0625 3412 streamip - ok 07:46:59.0687 3412 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 07:46:59.0703 3412 swenum - ok 07:47:02.0671 3412 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 07:47:02.0734 3412 swmidi - ok 07:47:04.0515 3412 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 07:47:04.0796 3412 symc810 - ok 07:47:07.0093 3412 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 07:47:07.0171 3412 symc8xx - ok 07:47:08.0468 3412 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 07:47:08.0625 3412 sym_hi - ok 07:47:09.0656 3412 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 07:47:09.0734 3412 sym_u3 - ok 07:47:12.0000 3412 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 07:47:12.0125 3412 sysaudio - ok 07:47:15.0671 3412 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 07:47:16.0406 3412 Tcpip - ok 07:47:18.0890 3412 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 07:47:18.0953 3412 TDPIPE - ok 07:47:19.0640 3412 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 07:47:19.0750 3412 TDTCP - ok 07:47:20.0812 3412 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 07:47:20.0921 3412 TermDD - ok 07:47:21.0718 3412 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys 07:47:21.0859 3412 tfsnboio - ok 07:47:23.0125 3412 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys 07:47:23.0203 3412 tfsncofs - ok 07:47:24.0062 3412 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys 07:47:24.0078 3412 tfsndrct - ok 07:47:26.0187 3412 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys 07:47:26.0203 3412 tfsndres - ok 07:47:27.0109 3412 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys 07:47:27.0203 3412 tfsnifs - ok 07:47:28.0031 3412 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys 07:47:28.0078 3412 tfsnopio - ok 07:47:28.0968 3412 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys 07:47:29.0000 3412 tfsnpool - ok 07:47:30.0968 3412 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys 07:47:31.0109 3412 tfsnudf - ok 07:47:33.0437 3412 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys 07:47:33.0656 3412 tfsnudfa - ok 07:47:34.0500 3412 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 07:47:34.0531 3412 TosIde - ok 07:47:35.0375 3412 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 07:47:35.0515 3412 Udfs - ok 07:47:36.0296 3412 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 07:47:36.0328 3412 ultra - ok 07:47:37.0609 3412 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 07:47:37.0953 3412 Update - ok 07:47:39.0328 3412 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 07:47:39.0593 3412 usbccgp - ok 07:47:40.0687 3412 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 07:47:40.0765 3412 usbehci - ok 07:47:41.0750 3412 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 07:47:41.0843 3412 usbhub - ok 07:47:42.0718 3412 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 07:47:42.0781 3412 usbprint - ok 07:47:43.0968 3412 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 07:47:44.0015 3412 usbscan - ok 07:47:46.0281 3412 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 07:47:46.0312 3412 USBSTOR - ok 07:47:47.0859 3412 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 07:47:47.0937 3412 usbuhci - ok 07:47:49.0296 3412 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 07:47:49.0312 3412 VgaSave - ok 07:47:50.0625 3412 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 07:47:50.0687 3412 ViaIde - ok 07:47:51.0718 3412 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 07:47:51.0984 3412 VolSnap - ok 07:47:53.0562 3412 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 07:47:53.0671 3412 Wanarp - ok 07:47:55.0718 3412 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 07:47:55.0750 3412 wanatw - ok 07:47:57.0109 3412 WDICA - ok 07:48:00.0421 3412 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 07:48:00.0500 3412 wdmaud - ok 07:48:02.0281 3412 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 07:48:02.0875 3412 winachsf - ok 07:48:04.0453 3412 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 07:48:04.0625 3412 WSTCODEC - ok 07:48:04.0734 3412 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0 07:48:04.0796 3412 \Device\Harddisk0\DR0 - ok 07:48:04.0843 3412 Boot (0x1200) (d25647e6cfaa361407e23272a3debffd) \Device\Harddisk0\DR0\Partition0 07:48:04.0937 3412 \Device\Harddisk0\DR0\Partition0 - ok 07:48:04.0937 3412 ============================================================ 07:48:04.0937 3412 Scan finished 07:48:04.0937 3412 ============================================================ 07:48:05.0015 1512 Detected object count: 0 07:48:05.0015 1512 Actual detected object count: 0 07:56:39.0890 3192 Deinitialize success
  10. Hello and thank you in advance for your help. This is my dads computer and I am trying to fix it but am in over my head now. I thought I had it going a few months ago but what ever it was came back twice as bad. I can not get Malwarebytes to run it freezes mid scan and my Microsoft Security is disabled along with the firewall when I boot up. The Microsoft anti virus will not update just freezes this computer. I did run DeFogger and I managed to get DDS to run but when I tried GMER the first time it said it encountered an error and had to close. I tried to run it a second time and I got a BSOD. Here is my report: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by James Dean at 19:49:30 on 2011-10-04 . ============== Running Processes =============== . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\WINDOWS\system32\dlcdcoms.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\James Dean\Desktop\dds.com C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.comcast.net/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE uDefault_Page_URL = hxxp://www.dell4me.com/myway uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie mURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [dlcdmon.exe] "c:\program files\dell photo aio printer 944\dlcdmon.exe" mRun: [MemoryCardManager] c:\program files\dell photo aio printer 944\memcard.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [MBBalloon] c:\program files\hotalbummybox\MBBalloon.exe mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [DLCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCDtime.dll,_RunDLLEntry@16 mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: comcast.net\www DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} - hxxp://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{CDDA4564-75E9-4B7B-9132-C07332E415A0} : DhcpNameServer = 192.168.1.1 Notify: igfxcui - igfxdev.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ============= SERVICES / DRIVERS =============== . R? APL531;OVT Scanner R? gupdate;Google Update Service (gupdate) R? gupdatem;Google Update Service (gupdatem) R? MatSvc;Microsoft Automated Troubleshooting Service R? MpKsl07d5673d;MpKsl07d5673d R? MpKsl12d948c9;MpKsl12d948c9 R? MpKsl20aabb81;MpKsl20aabb81 R? MpKsl421cd748;MpKsl421cd748 R? MpKsl5972f8a4;MpKsl5972f8a4 R? MpKsl63233f3d;MpKsl63233f3d R? MpKsl6eaf2a50;MpKsl6eaf2a50 R? MpKsl8364c35f;MpKsl8364c35f R? MpKsl8f49281a;MpKsl8f49281a R? MpKsl95cd5031;MpKsl95cd5031 R? MpKsla98db9d8;MpKsla98db9d8 R? MpKslba1d1f4a;MpKslba1d1f4a R? MpKslc2e1e80a;MpKslc2e1e80a R? MpKslc585ef58;MpKslc585ef58 R? MpKsldbd3fc6e;MpKsldbd3fc6e R? MpKslded52ce6;MpKslded52ce6 R? MpKsle34509d4;MpKsle34509d4 S? aawservice;Lavasoft Ad-Aware Service S? dlcd_device;dlcd_device S? HPFECP12;HPFECP12 S? MpFilter;Microsoft Malware Protection Driver S? MpKsl5558cfde;MpKsl5558cfde S? MpKsl87b1c2fd;MpKsl87b1c2fd S? MpKsle37c99af;MpKsle37c99af S? MpKslfd534c2d;MpKslfd534c2d S? PzWDM;PzWDM . =============== Created Last 30 ================ . 2011-10-05 00:48:18 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{55e42509-3977-4cba-b0c7-8cf779727a7b}\MpKslfd534c2d.sys 2011-10-05 00:41:40 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{55e42509-3977-4cba-b0c7-8cf779727a7b}\MpKsl63233f3d.sys 2011-10-05 00:18:46 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{55e42509-3977-4cba-b0c7-8cf779727a7b}\MpKsle37c99af.sys 2011-10-05 00:16:23 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{55e42509-3977-4cba-b0c7-8cf779727a7b}\MpKsl5558cfde.sys 2011-10-05 00:06:54 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{55e42509-3977-4cba-b0c7-8cf779727a7b}\MpKsl87b1c2fd.sys 2011-10-02 14:25:15 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{55e42509-3977-4cba-b0c7-8cf779727a7b}\offreg.dll 2011-10-01 20:08:32 7269712 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{55e42509-3977-4cba-b0c7-8cf779727a7b}\mpengine.dll 2011-09-24 20:20:02 -------- d-----w- c:\documents and settings\james dean\local settings\application data\FixItCenter 2011-09-24 19:34:20 -------- d-----w- c:\windows\MATS 2011-09-24 19:33:22 -------- d-----w- c:\program files\Microsoft Fix it Center . ==================== Find3M ==================== . 2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-19 19:38:48 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-07-19 19:38:46 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2004-07-30 15:56:22 90112 ----a-w- c:\program files\common files\PCSBclean.exe 2004-07-26 21:30:14 291840 ----a-w- c:\program files\common files\PCSBoff.exe . ============= FINISH: 19:56:27.78 =============== attach.zip
  11. Good morning LDTate, I want to thank you again for helping me fix this computer it appears to be running great. It is very refreshing to run across people willing to help other people in need Have a GREAT DAY, Willd
  12. Good Morning LDTate, Two things Ive noticed, when I open Internet Explorer it says it closed unexpectedly last time and askes if you want to resume where it left off and that it is not the defalt browser whether I check it to be or not. Also when I ran combofix the last two times it keeps installing the recovery console says not installed and another instance of it needs to be updated. I just keep installing it. I am working my second job the next two nights so I will try to be on after I get off work. I will try to run whatever commands you tell me to and post before I go to bed but no guarantees there. ComboFix 10-12-26.01 - Owner 12/27/2010 21:47:28.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.163 [GMT -6:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt FILE :: "c:\windows\system32\drivers\bekr.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_adwikxd ((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-28 ))))))))))))))))))))))))))))))) . 2010-12-25 23:56 . 2010-12-25 23:56 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-12-25 23:56 . 2010-12-25 23:56 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-12-25 19:14 . 2010-12-25 19:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2010-12-25 18:14 . 2010-12-25 18:58 -------- d-----w- C:\ee6b30a673b1b541293562ab4ca0d8 2010-12-25 16:30 . 2010-12-25 16:30 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2010-12-25 16:30 . 2010-12-25 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-12-25 16:30 . 2010-12-25 16:31 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-12-25 09:03 . 2010-12-25 09:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2010-12-25 04:20 . 2010-12-25 21:01 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-12-25 04:20 . 2010-12-25 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-12-25 03:19 . 2010-12-25 03:19 -------- d-----w- c:\program files\Loaris 2010-12-25 00:12 . 2010-12-25 00:12 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics 2010-12-24 23:26 . 2010-12-24 23:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FixItCenter 2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\windows\MATS 2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\program files\Microsoft Fix it Center 2010-12-24 22:32 . 2008-04-14 11:42 155136 ------w- c:\windows\system32\mssha.dll 2010-12-24 22:18 . 2010-12-24 22:18 -------- d-----w- c:\windows\EHome 2010-12-24 14:40 . 2010-12-25 00:31 -------- d-----w- c:\program files\Windows Live Safety Center 2010-12-24 14:26 . 2010-12-24 14:26 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache 2010-12-24 14:09 . 2010-12-24 14:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-12-24 05:53 . 2010-10-19 16:41 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-12-11 21:23 . 2010-12-11 21:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-12-03 22:36 . 2010-12-03 22:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2010-12-03 22:35 . 2010-12-03 22:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-21 00:09 . 2010-11-17 22:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2010-11-17 22:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-16 07:10 . 2010-11-16 07:10 65328 ----a-w- c:\windows\apppatch\matsshim.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-16 180269] "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168] "ShowWnd"="ShowWnd.exe" [2003-09-19 36864] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "CHotkey"="zHotkey.exe" [2004-05-18 543232] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-12 344064] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\pokher\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 1:10 AM 267568] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2010-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2005-04-05 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 11:42] 2005-04-05 c:\windows\Tasks\ISP signup reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 11:42] 2005-04-05 c:\windows\Tasks\ISP signup reminder 3.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 11:42] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uSearchAssistant = Trusted Zone: live.com\onecare . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-27 21:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(408) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2752) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\windows\zHotkey.exe c:\program files\Lexmark X6100 Series\lxbfbmon.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-12-27 22:00:26 - machine was rebooted ComboFix-quarantined-files.txt 2010-12-28 04:00 ComboFix2.txt 2010-12-28 03:09 ComboFix3.txt 2010-12-28 02:32 Pre-Run: 124,309,282,816 bytes free Post-Run: 124,317,319,168 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 360A27C9E17D980162F6DD747A280DCA
  13. The computer seems to be running a lot faster. I can now get to Microsoft Windows Update site(couldnt before). Seems like I am not getting redirected to other web sites when clicking search results in Google but I now have 2 icons on my desktop for Internet Explorer one just called Internet and shows the short cut symbol and brings up a regular properties short cut box when going to properties the other says Internet Explorer with no short cut symbol and brings up the internet Explorer properties box like it should. ComboFix 10-12-26.01 - Owner 12/27/2010 20:55:50.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.131 [GMT -6:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt FILE :: "c:\windows\002788_.tmp" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\0219c6c091bc11352e6d91 c:\0219c6c091bc11352e6d91\compappscontent.dll c:\0219c6c091bc11352e6d91\en-us\amhelp.chm c:\0219c6c091bc11352e6d91\en-us\epploc.cab c:\0219c6c091bc11352e6d91\en-us\epploc_x86.msi c:\0219c6c091bc11352e6d91\en-us\eula.rtf c:\0219c6c091bc11352e6d91\en-us\setupres.dll.mui c:\0219c6c091bc11352e6d91\epplauncher.exe c:\0219c6c091bc11352e6d91\eppmanifest.dll c:\0219c6c091bc11352e6d91\setup.ini c:\0219c6c091bc11352e6d91\setupres.dll c:\0219c6c091bc11352e6d91\x86\dw20shared.msi c:\0219c6c091bc11352e6d91\x86\epp.msi c:\0219c6c091bc11352e6d91\x86\legitlib.dll c:\0219c6c091bc11352e6d91\x86\mp_ambits.msi c:\0219c6c091bc11352e6d91\x86\setup.exe c:\0219c6c091bc11352e6d91\x86\sqmapi.dll c:\0219c6c091bc11352e6d91\x86\windows6.0-kb981889-v2.msu c:\0219c6c091bc11352e6d91\x86\windows6.1-kb981889.msu C:\08156ec3aa9500a47e c:\08156ec3aa9500a47e\compappscontent.dll c:\08156ec3aa9500a47e\en-us\amhelp.chm c:\08156ec3aa9500a47e\en-us\epploc.cab c:\08156ec3aa9500a47e\en-us\epploc_x86.msi c:\08156ec3aa9500a47e\en-us\eula.rtf c:\08156ec3aa9500a47e\en-us\setupres.dll.mui c:\08156ec3aa9500a47e\epplauncher.exe c:\08156ec3aa9500a47e\eppmanifest.dll c:\08156ec3aa9500a47e\setup.ini c:\08156ec3aa9500a47e\setupres.dll c:\08156ec3aa9500a47e\x86\dw20shared.msi c:\08156ec3aa9500a47e\x86\epp.msi c:\08156ec3aa9500a47e\x86\legitlib.dll c:\08156ec3aa9500a47e\x86\mp_ambits.msi c:\08156ec3aa9500a47e\x86\setup.exe c:\08156ec3aa9500a47e\x86\sqmapi.dll c:\08156ec3aa9500a47e\x86\windows6.0-kb981889-v2.msu c:\08156ec3aa9500a47e\x86\windows6.1-kb981889.msu C:\0dd941d7f2610f30b7d323a55326 c:\0dd941d7f2610f30b7d323a55326\compappscontent.dll c:\0dd941d7f2610f30b7d323a55326\en-us\amhelp.chm c:\0dd941d7f2610f30b7d323a55326\en-us\epploc.cab c:\0dd941d7f2610f30b7d323a55326\en-us\epploc_x86.msi c:\0dd941d7f2610f30b7d323a55326\en-us\eula.rtf c:\0dd941d7f2610f30b7d323a55326\en-us\setupres.dll.mui c:\0dd941d7f2610f30b7d323a55326\epplauncher.exe c:\0dd941d7f2610f30b7d323a55326\eppmanifest.dll c:\0dd941d7f2610f30b7d323a55326\setup.ini c:\0dd941d7f2610f30b7d323a55326\setupres.dll c:\0dd941d7f2610f30b7d323a55326\x86\legitlib.dll C:\13f53ddf082dc6787a140ba7 c:\13f53ddf082dc6787a140ba7\mrtstub.exe C:\1fe66f0e39f02e4b019637a4df013928 c:\1fe66f0e39f02e4b019637a4df013928\compappscontent.dll c:\1fe66f0e39f02e4b019637a4df013928\en-us\amhelp.chm c:\1fe66f0e39f02e4b019637a4df013928\en-us\epploc.cab c:\1fe66f0e39f02e4b019637a4df013928\en-us\epploc_x86.msi c:\1fe66f0e39f02e4b019637a4df013928\en-us\eula.rtf c:\1fe66f0e39f02e4b019637a4df013928\en-us\setupres.dll.mui c:\1fe66f0e39f02e4b019637a4df013928\epplauncher.exe c:\1fe66f0e39f02e4b019637a4df013928\eppmanifest.dll c:\1fe66f0e39f02e4b019637a4df013928\setup.ini c:\1fe66f0e39f02e4b019637a4df013928\setupres.dll c:\1fe66f0e39f02e4b019637a4df013928\x86\legitlib.dll c:\1fe66f0e39f02e4b019637a4df013928\x86\setup.exe c:\1fe66f0e39f02e4b019637a4df013928\x86\sqmapi.dll C:\2aaeaeff91a25884dc00e8 c:\2aaeaeff91a25884dc00e8\compappscontent.dll c:\2aaeaeff91a25884dc00e8\eppmanifest.dll C:\31925ef44076c8c61d69 c:\31925ef44076c8c61d69\compappscontent.dll c:\31925ef44076c8c61d69\eppmanifest.dll C:\3750f0569d0635b1411e1f2cb15517ac c:\3750f0569d0635b1411e1f2cb15517ac\compappscontent.dll c:\3750f0569d0635b1411e1f2cb15517ac\en-us\amhelp.chm c:\3750f0569d0635b1411e1f2cb15517ac\en-us\epploc.cab c:\3750f0569d0635b1411e1f2cb15517ac\en-us\epploc_x86.msi c:\3750f0569d0635b1411e1f2cb15517ac\en-us\eula.rtf c:\3750f0569d0635b1411e1f2cb15517ac\en-us\setupres.dll.mui c:\3750f0569d0635b1411e1f2cb15517ac\epplauncher.exe c:\3750f0569d0635b1411e1f2cb15517ac\eppmanifest.dll c:\3750f0569d0635b1411e1f2cb15517ac\setup.ini c:\3750f0569d0635b1411e1f2cb15517ac\setupres.dll c:\3750f0569d0635b1411e1f2cb15517ac\x86\dw20shared.msi c:\3750f0569d0635b1411e1f2cb15517ac\x86\epp.msi c:\3750f0569d0635b1411e1f2cb15517ac\x86\legitlib.dll c:\3750f0569d0635b1411e1f2cb15517ac\x86\mp_ambits.msi c:\3750f0569d0635b1411e1f2cb15517ac\x86\setup.exe c:\3750f0569d0635b1411e1f2cb15517ac\x86\sqmapi.dll c:\3750f0569d0635b1411e1f2cb15517ac\x86\windows6.0-kb981889-v2.msu c:\3750f0569d0635b1411e1f2cb15517ac\x86\windows6.1-kb981889.msu C:\487a6b61adb0c567cb c:\487a6b61adb0c567cb\compappscontent.dll c:\487a6b61adb0c567cb\epplauncher.exe c:\487a6b61adb0c567cb\eppmanifest.dll c:\487a6b61adb0c567cb\setupres.dll C:\5088597288c1ba94e3 c:\5088597288c1ba94e3\compappscontent.dll c:\5088597288c1ba94e3\en-us\amhelp.chm c:\5088597288c1ba94e3\en-us\epploc.cab c:\5088597288c1ba94e3\en-us\epploc_x86.msi c:\5088597288c1ba94e3\en-us\eula.rtf c:\5088597288c1ba94e3\en-us\setupres.dll.mui c:\5088597288c1ba94e3\epplauncher.exe c:\5088597288c1ba94e3\eppmanifest.dll c:\5088597288c1ba94e3\setup.ini c:\5088597288c1ba94e3\setupres.dll c:\5088597288c1ba94e3\x86\dw20shared.msi c:\5088597288c1ba94e3\x86\epp.msi c:\5088597288c1ba94e3\x86\legitlib.dll c:\5088597288c1ba94e3\x86\mp_ambits.msi c:\5088597288c1ba94e3\x86\setup.exe c:\5088597288c1ba94e3\x86\sqmapi.dll c:\5088597288c1ba94e3\x86\windows6.0-kb981889-v2.msu c:\5088597288c1ba94e3\x86\windows6.1-kb981889.msu C:\571aaf439bdc918cee53a21c5ec8c032 c:\571aaf439bdc918cee53a21c5ec8c032\compappscontent.dll c:\571aaf439bdc918cee53a21c5ec8c032\en-us\amhelp.chm c:\571aaf439bdc918cee53a21c5ec8c032\en-us\epploc.cab c:\571aaf439bdc918cee53a21c5ec8c032\en-us\epploc_x86.msi c:\571aaf439bdc918cee53a21c5ec8c032\en-us\eula.rtf c:\571aaf439bdc918cee53a21c5ec8c032\en-us\setupres.dll.mui c:\571aaf439bdc918cee53a21c5ec8c032\epplauncher.exe c:\571aaf439bdc918cee53a21c5ec8c032\eppmanifest.dll c:\571aaf439bdc918cee53a21c5ec8c032\setup.ini c:\571aaf439bdc918cee53a21c5ec8c032\setupres.dll c:\571aaf439bdc918cee53a21c5ec8c032\x86\dw20shared.msi c:\571aaf439bdc918cee53a21c5ec8c032\x86\epp.msi c:\571aaf439bdc918cee53a21c5ec8c032\x86\legitlib.dll c:\571aaf439bdc918cee53a21c5ec8c032\x86\mp_ambits.msi c:\571aaf439bdc918cee53a21c5ec8c032\x86\setup.exe c:\571aaf439bdc918cee53a21c5ec8c032\x86\sqmapi.dll c:\571aaf439bdc918cee53a21c5ec8c032\x86\windows6.0-kb981889-v2.msu c:\571aaf439bdc918cee53a21c5ec8c032\x86\windows6.1-kb981889.msu C:\57f3331fb5c8dbb83238abb4b325c9be c:\57f3331fb5c8dbb83238abb4b325c9be\compappscontent.dll c:\57f3331fb5c8dbb83238abb4b325c9be\en-us\amhelp.chm c:\57f3331fb5c8dbb83238abb4b325c9be\en-us\epploc.cab c:\57f3331fb5c8dbb83238abb4b325c9be\en-us\epploc_x86.msi c:\57f3331fb5c8dbb83238abb4b325c9be\en-us\eula.rtf c:\57f3331fb5c8dbb83238abb4b325c9be\en-us\setupres.dll.mui c:\57f3331fb5c8dbb83238abb4b325c9be\epplauncher.exe c:\57f3331fb5c8dbb83238abb4b325c9be\eppmanifest.dll c:\57f3331fb5c8dbb83238abb4b325c9be\setup.ini c:\57f3331fb5c8dbb83238abb4b325c9be\setupres.dll c:\57f3331fb5c8dbb83238abb4b325c9be\x86\dw20shared.msi c:\57f3331fb5c8dbb83238abb4b325c9be\x86\epp.msi c:\57f3331fb5c8dbb83238abb4b325c9be\x86\legitlib.dll c:\57f3331fb5c8dbb83238abb4b325c9be\x86\mp_ambits.msi c:\57f3331fb5c8dbb83238abb4b325c9be\x86\setup.exe c:\57f3331fb5c8dbb83238abb4b325c9be\x86\sqmapi.dll c:\57f3331fb5c8dbb83238abb4b325c9be\x86\windows6.0-kb981889-v2.msu c:\57f3331fb5c8dbb83238abb4b325c9be\x86\windows6.1-kb981889.msu C:\70c4babbaf749f43a4 c:\70c4babbaf749f43a4\compappscontent.dll c:\70c4babbaf749f43a4\en-us\amhelp.chm c:\70c4babbaf749f43a4\en-us\epploc.cab c:\70c4babbaf749f43a4\en-us\epploc_x86.msi c:\70c4babbaf749f43a4\en-us\eula.rtf c:\70c4babbaf749f43a4\en-us\setupres.dll.mui c:\70c4babbaf749f43a4\epplauncher.exe c:\70c4babbaf749f43a4\eppmanifest.dll c:\70c4babbaf749f43a4\setup.ini c:\70c4babbaf749f43a4\setupres.dll c:\70c4babbaf749f43a4\x86\dw20shared.msi c:\70c4babbaf749f43a4\x86\epp.msi c:\70c4babbaf749f43a4\x86\legitlib.dll c:\70c4babbaf749f43a4\x86\mp_ambits.msi c:\70c4babbaf749f43a4\x86\setup.exe c:\70c4babbaf749f43a4\x86\sqmapi.dll c:\70c4babbaf749f43a4\x86\windows6.0-kb981889-v2.msu c:\70c4babbaf749f43a4\x86\windows6.1-kb981889.msu C:\718f3e9d89c2bd59606e c:\718f3e9d89c2bd59606e\compappscontent.dll c:\718f3e9d89c2bd59606e\eppmanifest.dll c:\718f3e9d89c2bd59606e\setupres.dll C:\893ffd6facbecd1bdae1 C:\c6783c46a2fe735c7d298838b81471 c:\c6783c46a2fe735c7d298838b81471\compappscontent.dll c:\c6783c46a2fe735c7d298838b81471\en-us\amhelp.chm c:\c6783c46a2fe735c7d298838b81471\en-us\epploc.cab c:\c6783c46a2fe735c7d298838b81471\en-us\epploc_x86.msi c:\c6783c46a2fe735c7d298838b81471\en-us\eula.rtf c:\c6783c46a2fe735c7d298838b81471\en-us\setupres.dll.mui c:\c6783c46a2fe735c7d298838b81471\epplauncher.exe c:\c6783c46a2fe735c7d298838b81471\eppmanifest.dll c:\c6783c46a2fe735c7d298838b81471\setup.ini c:\c6783c46a2fe735c7d298838b81471\setupres.dll c:\c6783c46a2fe735c7d298838b81471\x86\dw20shared.msi c:\c6783c46a2fe735c7d298838b81471\x86\epp.msi c:\c6783c46a2fe735c7d298838b81471\x86\legitlib.dll c:\c6783c46a2fe735c7d298838b81471\x86\mp_ambits.msi c:\c6783c46a2fe735c7d298838b81471\x86\setup.exe c:\c6783c46a2fe735c7d298838b81471\x86\sqmapi.dll c:\c6783c46a2fe735c7d298838b81471\x86\windows6.0-kb981889-v2.msu c:\c6783c46a2fe735c7d298838b81471\x86\windows6.1-kb981889.msu C:\ce472f0a452fcd55f1a101c5f3af8b C:\da0db74252d895d3143228 c:\da0db74252d895d3143228\compappscontent.dll c:\da0db74252d895d3143228\en-us\amhelp.chm c:\da0db74252d895d3143228\en-us\epploc.cab c:\da0db74252d895d3143228\en-us\epploc_x86.msi c:\da0db74252d895d3143228\en-us\eula.rtf c:\da0db74252d895d3143228\en-us\setupres.dll.mui c:\da0db74252d895d3143228\epplauncher.exe c:\da0db74252d895d3143228\eppmanifest.dll c:\da0db74252d895d3143228\setup.ini c:\da0db74252d895d3143228\setupres.dll c:\da0db74252d895d3143228\x86\legitlib.dll c:\da0db74252d895d3143228\x86\setup.exe c:\da0db74252d895d3143228\x86\sqmapi.dll C:\f43a6c60d2d752d174b3b450d2 c:\f43a6c60d2d752d174b3b450d2\compappscontent.dll c:\f43a6c60d2d752d174b3b450d2\eppmanifest.dll c:\f43a6c60d2d752d174b3b450d2\setupres.dll c:\windows\002788_.tmp . ((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-28 ))))))))))))))))))))))))))))))) . 2010-12-25 23:56 . 2010-12-25 23:56 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-12-25 23:56 . 2010-12-25 23:56 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-12-25 19:14 . 2010-12-25 19:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2010-12-25 18:14 . 2010-12-25 18:58 -------- d-----w- C:\ee6b30a673b1b541293562ab4ca0d8 2010-12-25 16:30 . 2010-12-25 16:30 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2010-12-25 16:30 . 2010-12-25 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-12-25 16:30 . 2010-12-25 16:31 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-12-25 09:03 . 2010-12-25 09:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2010-12-25 04:20 . 2010-12-25 21:01 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-12-25 04:20 . 2010-12-25 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-12-25 03:19 . 2010-12-25 03:19 -------- d-----w- c:\program files\Loaris 2010-12-25 00:12 . 2010-12-25 00:12 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics 2010-12-24 23:26 . 2010-12-24 23:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FixItCenter 2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\windows\MATS 2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\program files\Microsoft Fix it Center 2010-12-24 22:32 . 2008-04-14 11:42 155136 ------w- c:\windows\system32\mssha.dll 2010-12-24 22:18 . 2010-12-24 22:18 -------- d-----w- c:\windows\EHome 2010-12-24 14:40 . 2010-12-25 00:31 -------- d-----w- c:\program files\Windows Live Safety Center 2010-12-24 14:26 . 2010-12-24 14:26 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache 2010-12-24 14:09 . 2010-12-24 14:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-12-24 05:53 . 2010-10-19 16:41 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-12-11 21:23 . 2010-12-11 21:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-12-03 22:36 . 2010-12-03 22:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2010-12-03 22:35 . 2010-12-03 22:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-21 00:09 . 2010-11-17 22:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2010-11-17 22:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-16 07:10 . 2010-11-16 07:10 65328 ----a-w- c:\windows\apppatch\matsshim.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-16 180269] "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168] "ShowWnd"="ShowWnd.exe" [2003-09-19 36864] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "CHotkey"="zHotkey.exe" [2004-05-18 543232] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-12 344064] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\pokher\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656] S0 adwikxd;adwikxd;c:\windows\system32\drivers\bekr.sys --> c:\windows\system32\drivers\bekr.sys [?] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 1:10 AM 267568] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2010-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2005-04-05 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 11:42] 2005-04-05 c:\windows\Tasks\ISP signup reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 11:42] 2005-04-05 c:\windows\Tasks\ISP signup reminder 3.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 11:42] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uSearchAssistant = Trusted Zone: live.com\onecare . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-27 21:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(408) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2908) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\windows\system32\wdfmgr.exe c:\windows\zHotkey.exe c:\program files\Lexmark X6100 Series\lxbfbmon.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-12-27 21:09:01 - machine was rebooted ComboFix-quarantined-files.txt 2010-12-28 03:08 ComboFix2.txt 2010-12-28 02:32 Pre-Run: 124,406,018,048 bytes free Post-Run: 124,331,634,688 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - CCA3DBA795AE55E7489C2D4DF3C81682
  14. If I havent said Hello and Thank You yet, Hello and Thank You. Scan installed Recovery console and ran ok(as far as I know anyway). ComboFix 10-12-26.01 - Owner 12/27/2010 20:10:06.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.135 [GMT -6:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Application Data\completescan c:\documents and settings\Owner\My Documents\iexplore.exe c:\windows\Downloaded Program Files\CpnMgr.dll c:\windows\system32\Oeminfo.ini c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NNSERV -------\Service_NNServ ((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-28 ))))))))))))))))))))))))))))))) . 2010-12-25 23:56 . 2010-12-25 23:56 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-12-25 23:56 . 2010-12-25 23:56 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-12-25 19:14 . 2010-12-25 19:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2010-12-25 18:14 . 2010-12-25 18:58 -------- d-----w- C:\ee6b30a673b1b541293562ab4ca0d8 2010-12-25 16:30 . 2010-12-25 16:30 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2010-12-25 16:30 . 2010-12-25 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-12-25 16:30 . 2010-12-25 16:31 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-12-25 09:03 . 2010-12-25 09:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2010-12-25 04:20 . 2010-12-25 21:01 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-12-25 04:20 . 2010-12-25 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-12-25 03:19 . 2010-12-25 03:19 -------- d-----w- c:\program files\Loaris 2010-12-25 00:12 . 2010-12-25 00:12 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics 2010-12-24 23:26 . 2010-12-24 23:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FixItCenter 2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\windows\MATS 2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\program files\Microsoft Fix it Center 2010-12-24 22:32 . 2008-04-14 11:42 155136 ------w- c:\windows\system32\mssha.dll 2010-12-24 22:24 . 2006-12-29 06:31 19569 ----a-w- c:\windows\002788_.tmp 2010-12-24 22:18 . 2010-12-24 22:18 -------- d-----w- c:\windows\EHome 2010-12-24 14:40 . 2010-12-25 00:31 -------- d-----w- c:\program files\Windows Live Safety Center 2010-12-24 14:26 . 2010-12-24 14:26 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache 2010-12-24 14:09 . 2010-12-24 14:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-12-24 05:53 . 2010-10-19 16:41 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-12-24 05:23 . 2010-12-24 05:23 -------- d-----w- C:\0dd941d7f2610f30b7d323a55326 2010-12-24 05:23 . 2010-12-24 05:23 -------- d-----w- C:\2aaeaeff91a25884dc00e8 2010-12-24 05:23 . 2010-12-24 05:23 -------- d-----w- C:\487a6b61adb0c567cb 2010-12-24 05:23 . 2010-12-24 05:23 -------- d-----w- C:\c6783c46a2fe735c7d298838b81471 2010-12-24 05:23 . 2010-12-24 05:23 -------- d-----w- C:\70c4babbaf749f43a4 2010-12-24 04:18 . 2010-12-24 04:18 -------- d-----w- C:\0219c6c091bc11352e6d91 2010-12-24 04:17 . 2010-12-24 04:17 -------- d-----w- C:\5088597288c1ba94e3 2010-12-24 04:16 . 2010-12-24 04:16 -------- d-----w- C:\893ffd6facbecd1bdae1 2010-12-24 04:16 . 2010-12-24 04:16 -------- d-----w- C:\08156ec3aa9500a47e 2010-12-24 04:16 . 2010-12-24 04:16 -------- d-----w- C:\571aaf439bdc918cee53a21c5ec8c032 2010-12-24 04:15 . 2010-12-24 04:15 -------- d-----w- C:\3750f0569d0635b1411e1f2cb15517ac 2010-12-24 04:15 . 2010-12-24 04:15 -------- d-----w- C:\57f3331fb5c8dbb83238abb4b325c9be 2010-12-24 04:14 . 2010-12-24 04:14 -------- d-----w- C:\1fe66f0e39f02e4b019637a4df013928 2010-12-24 04:14 . 2010-12-24 04:14 -------- d-----w- C:\31925ef44076c8c61d69 2010-12-24 04:13 . 2010-12-24 04:13 -------- d-----w- C:\da0db74252d895d3143228 2010-12-24 04:13 . 2010-12-24 04:13 -------- d-----w- C:\f43a6c60d2d752d174b3b450d2 2010-12-24 02:15 . 2010-12-24 02:15 -------- d-----w- C:\718f3e9d89c2bd59606e 2010-12-24 02:14 . 2010-12-24 02:14 -------- d-----w- C:\ce472f0a452fcd55f1a101c5f3af8b 2010-12-24 02:14 . 2010-12-25 17:22 -------- d-----w- C:\13f53ddf082dc6787a140ba7 2010-12-11 21:23 . 2010-12-11 21:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-12-03 22:36 . 2010-12-03 22:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2010-12-03 22:35 . 2010-12-03 22:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-21 00:09 . 2010-11-17 22:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-21 00:08 . 2010-11-17 22:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-16 07:10 . 2010-11-16 07:10 65328 ----a-w- c:\windows\apppatch\matsshim.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-16 180269] "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168] "ShowWnd"="ShowWnd.exe" [2003-09-19 36864] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "CHotkey"="zHotkey.exe" [2004-05-18 543232] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-12 344064] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\pokher\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656] S0 adwikxd;adwikxd;c:\windows\system32\drivers\bekr.sys --> c:\windows\system32\drivers\bekr.sys [?] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 1:10 AM 267568] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2010-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2005-04-05 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 11:42] 2005-04-05 c:\windows\Tasks\ISP signup reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 11:42] 2005-04-05 c:\windows\Tasks\ISP signup reminder 3.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 11:42] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uSearchAssistant = Trusted Zone: live.com\onecare . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) HKCU-Run-DW6 - (no file) HKLM-Run-BearShare - c:\program files\BearShare\BearShare.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-27 20:28 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(408) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3648) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\zHotkey.exe c:\program files\Lexmark X6100 Series\lxbfbmon.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\windows\system32\wdfmgr.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-12-27 20:32:42 - machine was rebooted ComboFix-quarantined-files.txt 2010-12-28 02:32 Pre-Run: 122,866,352,128 bytes free Post-Run: 124,386,492,416 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - F8B27DA671B1F66A3862954F5447271A
  15. Ok, Here is the new log. Did not find anything. 2010/12/27 19:45:28.0390 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46 2010/12/27 19:45:28.0390 ================================================================================ 2010/12/27 19:45:28.0390 SystemInfo: 2010/12/27 19:45:28.0390 2010/12/27 19:45:28.0390 OS Version: 5.1.2600 ServicePack: 3.0 2010/12/27 19:45:28.0390 Product type: Workstation 2010/12/27 19:45:28.0390 ComputerName: QUIGLEY 2010/12/27 19:45:28.0390 UserName: Owner 2010/12/27 19:45:28.0390 Windows directory: C:\WINDOWS 2010/12/27 19:45:28.0390 System windows directory: C:\WINDOWS 2010/12/27 19:45:28.0390 Processor architecture: Intel x86 2010/12/27 19:45:28.0390 Number of processors: 1 2010/12/27 19:45:28.0390 Page size: 0x1000 2010/12/27 19:45:28.0390 Boot type: Normal boot 2010/12/27 19:45:28.0390 ================================================================================ 2010/12/27 19:45:28.0609 Initialize success 2010/12/27 19:45:31.0515 ================================================================================ 2010/12/27 19:45:31.0515 Scan started 2010/12/27 19:45:31.0515 Mode: Manual; 2010/12/27 19:45:31.0515 ================================================================================ 2010/12/27 19:45:32.0640 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2010/12/27 19:45:32.0734 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/12/27 19:45:32.0937 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/12/27 19:45:33.0093 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2010/12/27 19:45:33.0281 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/12/27 19:45:33.0390 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/12/27 19:45:33.0593 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2010/12/27 19:45:34.0031 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2010/12/27 19:45:34.0375 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2010/12/27 19:45:34.0578 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2010/12/27 19:45:34.0750 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2010/12/27 19:45:34.0968 ALCXWDM (933933288df5ed26d1928215c97d05c7) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2010/12/27 19:45:35.0218 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2010/12/27 19:45:35.0328 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2010/12/27 19:45:35.0562 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2010/12/27 19:45:35.0750 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2010/12/27 19:45:35.0843 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/12/27 19:45:35.0937 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2010/12/27 19:45:35.0984 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2010/12/27 19:45:36.0015 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2010/12/27 19:45:36.0093 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/12/27 19:45:36.0234 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/12/27 19:45:36.0406 ati2mtag (dcd26b36ce305b718e2f1c56c19df668) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2010/12/27 19:45:36.0640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/12/27 19:45:36.0812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/12/27 19:45:36.0859 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/12/27 19:45:36.0968 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2010/12/27 19:45:37.0093 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/12/27 19:45:37.0171 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2010/12/27 19:45:37.0218 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/12/27 19:45:37.0281 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/12/27 19:45:37.0406 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/12/27 19:45:37.0593 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2010/12/27 19:45:37.0796 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2010/12/27 19:45:38.0000 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2010/12/27 19:45:38.0187 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2010/12/27 19:45:38.0328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/12/27 19:45:38.0609 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/12/27 19:45:38.0937 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/12/27 19:45:39.0140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/12/27 19:45:39.0265 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/12/27 19:45:39.0500 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2010/12/27 19:45:39.0703 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/12/27 19:45:39.0859 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/12/27 19:45:40.0062 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/12/27 19:45:40.0171 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/12/27 19:45:40.0281 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/12/27 19:45:40.0406 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/12/27 19:45:40.0531 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/12/27 19:45:40.0578 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/12/27 19:45:40.0687 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2010/12/27 19:45:40.0812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/12/27 19:45:40.0921 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/12/27 19:45:41.0125 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2010/12/27 19:45:41.0265 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 2010/12/27 19:45:41.0515 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 2010/12/27 19:45:41.0765 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/12/27 19:45:41.0984 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2010/12/27 19:45:42.0078 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2010/12/27 19:45:42.0203 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/12/27 19:45:42.0328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/12/27 19:45:42.0437 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2010/12/27 19:45:42.0625 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/12/27 19:45:42.0812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/12/27 19:45:43.0000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/12/27 19:45:43.0187 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/12/27 19:45:43.0343 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/12/27 19:45:43.0578 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/12/27 19:45:43.0781 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/12/27 19:45:43.0890 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/12/27 19:45:44.0015 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/12/27 19:45:44.0125 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/12/27 19:45:44.0328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/12/27 19:45:44.0609 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys 2010/12/27 19:45:44.0718 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2010/12/27 19:45:44.0828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/12/27 19:45:44.0937 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/12/27 19:45:45.0046 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/12/27 19:45:45.0171 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/12/27 19:45:45.0265 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2010/12/27 19:45:45.0390 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/12/27 19:45:45.0625 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/12/27 19:45:45.0843 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/12/27 19:45:45.0953 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/12/27 19:45:46.0062 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/12/27 19:45:46.0171 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/12/27 19:45:46.0296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/12/27 19:45:46.0421 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/12/27 19:45:46.0515 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys 2010/12/27 19:45:46.0656 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/12/27 19:45:46.0859 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/12/27 19:45:46.0968 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/12/27 19:45:47.0078 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/12/27 19:45:47.0187 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/12/27 19:45:47.0296 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/12/27 19:45:47.0406 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/12/27 19:45:47.0640 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/12/27 19:45:47.0843 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/12/27 19:45:47.0984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/12/27 19:45:48.0203 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/12/27 19:45:48.0343 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2010/12/27 19:45:48.0578 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/12/27 19:45:48.0687 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/12/27 19:45:48.0812 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/12/27 19:45:48.0921 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys 2010/12/27 19:45:49.0031 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/12/27 19:45:49.0140 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/12/27 19:45:49.0234 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/12/27 19:45:49.0359 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/12/27 19:45:49.0609 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/12/27 19:45:49.0828 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/12/27 19:45:50.0156 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2010/12/27 19:45:50.0265 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2010/12/27 19:45:50.0406 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys 2010/12/27 19:45:50.0531 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/12/27 19:45:50.0656 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2010/12/27 19:45:50.0765 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/12/27 19:45:50.0875 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/12/27 19:45:51.0078 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2010/12/27 19:45:51.0187 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2010/12/27 19:45:51.0296 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2010/12/27 19:45:51.0421 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2010/12/27 19:45:51.0531 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2010/12/27 19:45:51.0671 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/12/27 19:45:51.0781 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/12/27 19:45:51.0906 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/12/27 19:45:52.0015 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/12/27 19:45:52.0125 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/12/27 19:45:52.0328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/12/27 19:45:52.0453 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/12/27 19:45:52.0656 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/12/27 19:45:52.0859 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/12/27 19:45:53.0000 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2010/12/27 19:45:53.0125 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2010/12/27 19:45:53.0140 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2010/12/27 19:45:53.0343 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/12/27 19:45:53.0468 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/12/27 19:45:53.0671 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/12/27 19:45:53.0812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/12/27 19:45:54.0031 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2010/12/27 19:45:54.0234 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2010/12/27 19:45:54.0359 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/12/27 19:45:54.0515 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/12/27 19:45:54.0718 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/12/27 19:45:54.0937 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys 2010/12/27 19:45:55.0046 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/12/27 19:45:55.0156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/12/27 19:45:55.0265 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2010/12/27 19:45:55.0375 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2010/12/27 19:45:55.0578 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2010/12/27 19:45:55.0687 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2010/12/27 19:45:55.0812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/12/27 19:45:55.0953 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/12/27 19:45:56.0140 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/12/27 19:45:56.0250 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/12/27 19:45:56.0375 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/12/27 19:45:56.0609 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2010/12/27 19:45:56.0734 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/12/27 19:45:56.0937 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2010/12/27 19:45:57.0109 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/12/27 19:45:57.0312 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys 2010/12/27 19:45:57.0421 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/12/27 19:45:57.0546 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/12/27 19:45:57.0656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/12/27 19:45:57.0781 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2010/12/27 19:45:57.0890 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/12/27 19:45:58.0000 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/12/27 19:45:58.0140 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/12/27 19:45:58.0250 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/12/27 19:45:58.0296 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/12/27 19:45:58.0421 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2010/12/27 19:45:58.0609 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/12/27 19:45:58.0750 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/12/27 19:45:58.0875 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/12/27 19:45:58.0984 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/12/27 19:45:59.0140 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2010/12/27 19:45:59.0328 ================================================================================ 2010/12/27 19:45:59.0328 Scan finished 2010/12/27 19:45:59.0328 ================================================================================ 2010/12/27 19:46:17.0765 Deinitialize success
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.