Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

recurring Rootkit TDSS.v3


  • This topic is locked This topic is locked
11 replies to this topic

#1 BigRedDog

BigRedDog

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Location:Seattle, WA
  • Local time:06:33 PM

Posted 17 May 2012 - 12:26 AM

-> clicked on link in email that looked like it was from LinkedIn, new IE window opened, started downloading, fake virus scanner window popped up, clicked "x" and tried to close everything ASAP... too late.

-> Blank (black) desktop, start menu empty, tried to launch web browser from Program Files but it appears all file folders are empty. Cannot access internet with usual user account "Paul" which has administrator privilages.

-> Can logon as Guest and can run .exe files with "run as" then using Paul account name and password.

-> Running XP Professional, SpywareDoctor with AntiVirus which finds TDSS rootkit but of course cannot remove with reboot. Same for Malwarebytes.

-> Performed the following before being directed to the preparation guide:

-> Ran Security Check run. Window popped up with red x in header and following text:

Autolt Error
Line-1: Error Variable must be of type "object"

When finished "Preparing Done" on black screen (no text file?)

-> Ran Super Anti Spyware
while running program a window popped up reading:

Are you sure you want to navigate away from this page.

another window popped up:
Virus found on your computer. You need to clean your computer to prevent the system crash
[OK] button on bottom of window.

DID not click on either window.

-> Launched SuperAntiSpyware program after reboot and NO scan log.

-> Launched SuperAntiSpyware program again and retrieved this log:

Generated 05/04/2012 at 04:45 PM

Application Version : 5.0.1148

Core Rules Database Version : 8558
Trace Rules Database Version: 6370

Scan type : Complete Scan
Total Scan Time : 03:49:46

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 634
Memory threats detected : 0
Registry items scanned : 37057
Registry threats detected : 2
File items scanned : 130557
File threats detected : 127

Trojan.Agent/Gen-AppX
[UCTLmONMNDgUV.exe] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\UCTLMONMNDGUV.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\UCTLMONMNDGUV.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\2FNREB5CBJOXO3.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\BERFK7CBE5RV24.EXE
C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\QUICK

LAUNCH\DATA_RECOVERY.LNK
C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\DESKTOP\DATA_RECOVERY.LNK
C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\LOCAL SETTINGS\TEMP\SMTMP\2\DATA_RECOVERY.LNK
C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\START MENU\PROGRAMS\DATA RECOVERY\DATA

RECOVERY.LNK
C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\START MENU\PROGRAMS\DATA RECOVERY\UNINSTALL DATA

RECOVERY.LNK
C:\SYSTEM VOLUME

INFORMATION\_RESTORE{71A21305-B22E-4690-A53E-8380FFED2CC3}\RP912\A0270727.LNK

Adware.Tracking Cookie
C:\Documents and Settings\Paul Thompson\Cookies\Y6CNI8YQ.txt [ /mm.chitika.net ]
C:\Documents and Settings\Paul Thompson\Cookies\JBQARZU2.txt [ /adxpose.com ]
C:\Documents and Settings\Paul Thompson\Cookies\PF5Q8B27.txt [ /lucidmedia.com ]
C:\Documents and Settings\Paul Thompson\Cookies\RDERMFT4.txt [ /www5.kingcounty.gov ]
C:\Documents and Settings\Paul Thompson\Cookies\1NQ51O6G.txt [ /amazon-adsystem.com ]
C:\Documents and Settings\Paul Thompson\Cookies\3AMA1YE3.txt [ /c.atdmt.com ]
C:\Documents and Settings\Paul Thompson\Cookies\AYOQ6DWM.txt [ /atdmt.com ]
C:\Documents and Settings\Paul Thompson\Cookies\S52450Y0.txt [ /imrworldwide.com ]
C:\Documents and Settings\Paul Thompson\Cookies\J17K223U.txt [

/fidelity.rotator.hadj7.adjuggler.net ]
C:\Documents and Settings\Paul Thompson\Cookies\3XW58FQN.txt [ /www.fasttrafficmachine.com

]
C:\Documents and Settings\Paul Thompson\Cookies\J69D5DYX.txt [

/life.myaccount.pacificlife.com ]
C:\Documents and Settings\Paul Thompson\Cookies\RTIFZC7F.txt [ /sbmediareprints.com ]
C:\Documents and Settings\Paul Thompson\Cookies\D2XVPCFL.txt [ /ads.saymedia.com ]
C:\Documents and Settings\Paul Thompson\Cookies\VJ66YS3L.txt [ /stats.premera.com ]
C:\Documents and Settings\Paul Thompson\Cookies\1VSVRJGR.txt [ /kingcounty.gov ]
C:\Documents and Settings\Paul Thompson\Cookies\PB9HXSRE.txt [ /steelhousemedia.com ]
C:\Documents and Settings\Paul Thompson\Cookies\VZ9O5Q3C.txt [ /lfstmedia.com ]
C:\Documents and Settings\Paul Thompson\Cookies\VOLM2O8L.txt [ /list.sbmedianews.com ]
C:\Documents and Settings\Paul Thompson\Cookies\TP6D73CU.txt [ /accounts.youtube.com ]
C:\Documents and Settings\Paul Thompson\Cookies\XX7A4WPP.txt [ /pointroll.com ]
C:\Documents and Settings\Paul Thompson\Cookies\6G18LRMY.txt [ /ads.undertone.com ]
C:\Documents and Settings\Paul Thompson\Cookies\59V4YZCP.txt [ /media6degrees.com ]
C:\Documents and Settings\Paul Thompson\Cookies\CM995VY4.txt [ /ads.neudesicmediagroup.com

]
C:\Documents and Settings\Paul Thompson\Cookies\IPNV81F6.txt [ /collective-media.net ]
C:\Documents and Settings\Paul Thompson\Cookies\FFWEGTEU.txt [ /doubleclick.net ]
C:\Documents and Settings\Paul Thompson\Cookies\YGDRZJEP.txt [ /www.skagitcounty.net ]
C:\Documents and Settings\Paul Thompson\Cookies\L4LVRA3J.txt [ /cn.clickable.net ]
C:\Documents and Settings\Paul Thompson\Cookies\0TM5K4GB.txt [ /in.getclicky.com ]
C:\Documents and Settings\Paul Thompson\Cookies\MNEOORRR.txt [ /a1.interclick.com ]
C:\Documents and Settings\Paul Thompson\Cookies\AUM167YD.txt [ /accounts.google.com ]
C:\Documents and Settings\Paul Thompson\Cookies\1PMBQH03.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\Paul Thompson\Cookies\GFKFJ8JF.txt [ /akamai.interclickproxy.com

]
C:\Documents and Settings\Paul Thompson\Cookies\Y0SC83XZ.txt [

/list.summitbusinessmedia.com ]
C:\Documents and Settings\Paul Thompson\Cookies\C1O366A1.txt [ /clickbooth.com ]
C:\Documents and Settings\Paul Thompson\Cookies\UWOS4UXG.txt [ /track.ringcentral.com ]
C:\Documents and Settings\Paul Thompson\Cookies\H5KMFFI8.txt [ /interclick.com ]
C:\Documents and Settings\Paul Thompson\Cookies\LYSQG754.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Paul Thompson\Cookies\LD0YHQGW.txt [ /crackle.com ]
C:\Documents and Settings\Paul Thompson\Cookies\WVKZKY0Q.txt [ /ad.360yield.com ]
C:\Documents and Settings\Paul Thompson\Cookies\VPQ2ERK2.txt [ /eastsideentrepreneurs.com

]
C:\Documents and Settings\Paul Thompson\Cookies\JCCCVD51.txt [ /www.bizrate.com ]
C:\Documents and Settings\Paul Thompson\Cookies\V3NY2X62.txt [ /bizrate.com ]
C:\Documents and Settings\Paul Thompson\Cookies\GU2936GO.txt [

/click.expandsearchanswers.com ]
C:\Documents and Settings\Paul Thompson\Cookies\QSKO3YIY.txt [ /ondemand.questionmark.com

]
C:\Documents and Settings\Paul Thompson\Cookies\BUX32R2A.txt [ /eyewonder.com ]
C:\Documents and Settings\Paul Thompson\Cookies\VQZK6B88.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Paul Thompson\Cookies\Q18JH93W.txt [ /adserving.autotrader.com ]
C:\Documents and Settings\Paul Thompson\Cookies\ONY09W3Q.txt [ /legolas-media.com ]
C:\Documents and Settings\Paul Thompson\Cookies\0110CCFP.txt [ /trackzz.com ]
C:\Documents and Settings\Paul Thompson\Cookies\K24J3DFW.txt [ /survey.g.doubleclick.net ]
C:\Documents and Settings\Paul Thompson\Cookies\SJXUIS11.txt [ /www.skagitcounty.net ]
C:\Documents and Settings\Paul Thompson\Cookies\3YNYUQSC.txt [

/e-2dj6wmmiojc5mcq.stats.esomniture.com ]
C:\Documents and Settings\Paul Thompson\Cookies\QMJC6MDW.txt [ /adinterax.com ]
C:\Documents and Settings\Paul Thompson\Cookies\TDJOHP5Y.txt [ /www.sexplaycam.com ]
C:\Documents and Settings\Paul Thompson\Cookies\EPRN2P3L.txt [

/www.healthinsurancefinders.com ]
C:\Documents and Settings\Paul Thompson\Cookies\CSL22CSZ.txt [ /enews.sbmedianews.com ]
C:\Documents and Settings\Paul Thompson\Cookies\GIT54GZ1.txt [ /sexplaycam.com ]
C:\Documents and Settings\Paul Thompson\Cookies\BK691KGR.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Paul Thompson\Cookies\THCT7HB2.txt [ /dc.tremormedia.com ]
C:\Documents and Settings\Paul Thompson\Cookies\ZF7BET1P.txt [ /dealtime.com ]
C:\Documents and Settings\Paul Thompson\Cookies\T93SY51Y.txt [

/adserver.lakeontariounited.com ]
C:\Documents and Settings\Paul Thompson\Cookies\L12JO5ZM.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Paul Thompson\Cookies\2OW8L4DX.txt [ /stats.paypal.com ]
C:\Documents and Settings\Paul Thompson\Cookies\JJPMGLGJ.txt [ /sleepcountry.com ]
C:\Documents and Settings\Paul Thompson\Cookies\A1FASD5H.txt [ /www.crackle.com ]
C:\Documents and Settings\Paul Thompson\Cookies\GIEPAQYA.txt [ /tracking.3gnet.de ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\1V70K7QT.txt [ Cookie:guest@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\DT07SQ98.txt [

Cookie:guest@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\F5KVHQWH.txt [ Cookie:guest@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\VKRVAKVX.txt [ Cookie:guest@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\FW7CPDS7.txt [ Cookie:guest@crackle.com/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\VEXZO5FR.txt [ Cookie:guest@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\M8DG06AS.txt [ Cookie:guest@www.crackle.com/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\LS4HQO9O.txt [ Cookie:guest@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\4IALWN4V.txt [ Cookie:guest@collective-media.net/

]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\AZEHXZLX.txt [ Cookie:guest@1sadx.net/ ]
C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\Cookies\EK94S85C.txt [ Cookie:paul

thompson@google.com/accounts/recovery/ ]
C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\Cookies\2NCKTHKU.txt [ Cookie:paul

thompson@www.google.com/accounts ]
C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\Cookies\CZ0U3QPW.txt [ Cookie:paul

thompson@www.google.com/accounts/recovery ]
C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\Cookies\5WGTS0OR.txt [ Cookie:paul

thompson@google.com/ads/ ]
C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\Cookies\3CYVYAHP.txt [ Cookie:paul

thompson@adsonar.com/adserving ]
accounts.key.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7NAWKVC5 ]
webtrack.bestsoftware.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\YU1U8CWC.DEFAULT\COOKIES.SQLITE ]
accounts.key.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\YU1U8CWC.DEFAULT\COOKIES.SQLITE ]
crackle.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MACROMEDIA\FLASH

PLAYER\#SHAREDOBJECTS\MB6635KS ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MACROMEDIA\FLASH

PLAYER\#SHAREDOBJECTS\MB6635KS ]
accounts.key.com [ C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEB6BJ65 ]
cdn1.static.pornhub.phncdn.com [ C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEB6BJ65 ]
cdn1.wearehairy.com [ C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEB6BJ65 ]
crackle.com [ C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION DATA\MACROMEDIA\FLASH

PLAYER\#SHAREDOBJECTS\WEB6BJ65 ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEB6BJ65 ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEB6BJ65 ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEB6BJ65 ]
www.fasttrafficmachine.com [ C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WEB6BJ65 ]
.vibraporn.com [ C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\WC9ZI4M7.DEFAULT\COOKIES.SQLITE ]
.vibraporn.com [ C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\WC9ZI4M7.DEFAULT\COOKIES.SQLITE ]
.adultadworld.com [ C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\WC9ZI4M7.DEFAULT\COOKIES.SQLITE ]
.thesexbomb.com [ C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\WC9ZI4M7.DEFAULT\COOKIES.SQLITE ]
accounts.key.com [ C:\O\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7NAWKVC5 ]
webtrack.bestsoftware.com [ C:\O\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\YU1U8CWC.DEFAULT\COOKIES.SQLITE ]
accounts.key.com [ C:\O\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION

DATA\MOZILLA\FIREFOX\PROFILES\YU1U8CWC.DEFAULT\COOKIES.SQLITE ]
C:\O\DOCUMENTS AND SETTINGS\ADMINISTRATOR\COOKIES\ADMINISTRATOR@ADS.SUN[2].TXT [ /ADS.SUN

]
accounts.key.com [ C:\O\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XG24594S ]
cdn4.specificclick.net [ C:\O\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XG24594S ]
content.oddcast.com [ C:\O\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XG24594S ]
interclick.com [ C:\O\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XG24594S ]
media.tattomedia.com [ C:\O\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XG24594S ]
objects.tremormedia.com [ C:\O\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XG24594S ]
pornotube.com [ C:\O\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XG24594S ]
sas-origin.onstreammedia.com [ C:\O\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XG24594S ]
spe.atdmt.com [ C:\O\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XG24594S ]
udn.specificclick.net [ C:\O\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XG24594S ]
www.amateurpornblog.com [ C:\O\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XG24594S ]
www.pornhub.com [ C:\O\DOCUMENTS AND SETTINGS\PAUL THOMPSON\APPLICATION

DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XG24594S ]
C:\O\DOCUMENTS AND SETTINGS\PAUL THOMPSON\COOKIES\PAUL_THOMPSON@247REALMEDIA[1].TXT [

/247REALMEDIA ]
C:\O\DOCUMENTS AND SETTINGS\PAUL THOMPSON\COOKIES\PAUL_THOMPSON@2O7[2].TXT [ /2O7 ]
C:\O\DOCUMENTS AND SETTINGS\PAUL THOMPSON\COOKIES\PAUL_THOMPSON@AD.YIELDMANAGER[2].TXT [

/AD.YIELDMANAGER ]

Heur.Agent/Gen-WhiteBox
C:\DOCUMENTS AND SETTINGS\PAUL THOMPSON\LOCAL SETTINGS\TEMP\INSTALLMANAGER.EXE

System.BrokenFileAssociation
HKCR\.com



-> Downloaded and Ran Malwarebytes, log below.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.05.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Guest :: HEINO [limited]

Protection: Disabled

5/4/2012 5:20:41 PM
mbam-log-2012-05-04 (17-20-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 158467
Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|load (Trojan.Agent) -> Data: C:\DOCUME~1\Guest\LOCALS~1\Temp\msaaua.exe -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|19545 (Trojan.Agent) -> Data: C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msyooeh.com -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\All Users\Local Settings\Temp\msyooeh.com (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Guest\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)


-> Downloaded GMER, launched program, saved Gmer.log to desktop but it is not visible there. Downloaded and ran program again, saved log to desktop but again still not visible on desktop after saved.




-> -> -> Was directed to the Preparation Guide and to start at #6.



-> downloaded defogger and launched program

-> downloaded but could not launch dds. The icon on the desktop looks like unknown file, name is "dds.scr"

-> downloaded GMER to desktop, launch program and received following error message:

"LoadDriver("C:/DOCUME~1\PAULTH~1\LOCALS~1\Temp\uxtdipog.sys") error 0xC000010E: Cannot create a stable subkey under a volatile parent"

hit 'scan' button and was able to run program and save log as directed as "ark.txt" see below:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-16 21:49:03
Windows 5.1.2600 Service Pack 3
Running: yqdxpdw3.exe; Driver: C:\DOCUME~1\PAULTH~1\LOCALS~1\Temp\uxtdipog.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1

---- EOF - GMER 1.0.15 ----

thank you for your assistance! , Paul

BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:33 AM

Posted 18 May 2012 - 12:33 PM

Hello and welcome to BleepingComputer! :)



I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce.


As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us.

If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature).
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.



Please generate another DDS log (download it from here if you haven't already) and post it in your next reply along with other changes that may have occured since you last posted.
Also download and run GMER from this link: GMER download link.



Thank you very much for your patience.




Regards,

Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 BigRedDog

BigRedDog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Location:Seattle, WA
  • Local time:06:33 PM

Posted 19 May 2012 - 12:37 PM

IE running very slow... I have not used this computer at all except to log in to email to get your reply and login to bleeping computer.

here is the dds.txt. I downloaded to desktop but the file was named dds.scr I renamed to dds.exe and was able to launch program
I saved the other dds file (attachment.txt) to desktop but it is now not visible on the desktop??? and not visible when trying to attach

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Paul Thompson at 9:33:58 on 2012-05-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.660 [GMT -7:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\hpb2ksrv.exe
C:\WINDOWS\system32\hpbhksrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = https://eagent.farmersinsurance.com/
uInternet Connection Wizard,ShellNext =

hxxp://www.pctools.com/en/spyware-doctor/purchase/?cclick=Register_11&product=Spyware%20Doctor&subproduct=NRM&vers

ion=6%2E1%2E0%2E447&code=0%2D0%2D0%2D0&suversion=6%2E1%2E0%2E38&osversion=5%2E1%2E2600%2E2&osspack=Service%20Pack%

202&sulang=en&platform=32
uInternet Settings,ProxyOverride = <local>;*.local;localhost
uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware

doctor\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware

doctor\bdt\PCTBrowserDefender.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware

doctor\bdt\PCTBrowserDefender.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Spark] c:\program files\spark\Spark.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [APL] "c:\program files\act\act for win 7\APL.exe"
mRun: [HP Network Registry Agent] c:\windows\system32\hpnra.exe
mRun: [HP Status] c:\windows\system32\hpstatus.exe
mRun: [HP Proxy Server] c:\program files\hewlett-packard\proxyservice\ProxyService.lnk
mRun: [PCTools FGuard] c:\program files\spyware doctor\bdt\FGuard.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsGui.exe" /hideGUI
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: 360-value.com
Trusted Zone: bankofamerica.com\homeloanbusiness
Trusted Zone: billerweb.com
Trusted Zone: bristolwest.com
Trusted Zone: bwproducers.com
Trusted Zone: cisgroup.com
Trusted Zone: co-optimum.com
Trusted Zone: farmers.com
Trusted Zone: farmersces.com
Trusted Zone: farmersflood.com
Trusted Zone: farmersinsurance.com
Trusted Zone: farmersleadcenter.com
Trusted Zone: farmerslife.com
Trusted Zone: farmersmarketpoint.com
Trusted Zone: foremostfarmers.com
Trusted Zone: foremoststar.com
Trusted Zone: msbexpress.net
Trusted Zone: postoffice.net
Trusted Zone: seccas.com
Trusted Zone: zurich.com
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} -

hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} -

hxxps://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab
DPF: {19529B56-E206-4F0B-B44E-97B5F4861E6A} -

hxxps://eagent.farmersinsurance.com/PLA/eAgent/icms/viewers/crystalreportviewers115/ActiveXControls/PrintControl.c

ab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {354D91A8-E3C9-491F-BB89-0FB27DEEED86} -

hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXTwain61.cab
DPF: {3D03AEAF-38CC-4DB5-9FA1-1C3538B1CA85} -

hxxps://eagent.farmersinsurance.com/PLA/eAgent/icms/viewers/crystalreportviewers11/ActiveXControls/PrintControl.ca

b
DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} -

hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXDialog61.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250369543156
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250369228593
DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} -

hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgX61.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -

hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {ABA23149-06BA-440D-88FF-69203B966083} -

hxxps://bie.farmersinsurance.com/prweb/PRServletLDAP1/8gYJ4DHQrCXUTefMjim_tw%5B%5B*/openauthoring.cab
DPF: {B2D168E0-5597-101D-843A-DA16297B4C87} -

hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/rm2.cab
DPF: {BE8EEE38-A7C5-4674-A6C4-C2D7421FDD10} -

hxxps://bie.farmersinsurance.com/prweb/PRServletLDAP1/8gYJ4DHQrCXUTefMjim_tw%5B%5B*/prvisiointerface.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553512000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF261D07-7E99-11D4-B2C7-009027A1F18A} - hxxp://mobius.farmersinsurance.com/Agent/content/iejpwenu.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{F390C42B-BCB6-4235-8B4B-960C923059BB} : DhcpNameServer = 208.67.222.222 208.67.220.220 4.4.4.3
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program

files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 pctBTFix;PC Tools Boot Fix Driver;c:\windows\system32\drivers\pctBTFix.sys [2011-11-17 17848]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-17 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-1-6 341656]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-1-6 660992]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-11-17 54328]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-11-17 574424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-8-17 252840]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-11-17 185560]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware

doctor\bdt\BDTUpdateService.exe [2010-1-20 542672]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-1-17 12184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-4 654408]
R2 MSSQL$ACT7;MSSQL$ACT7;c:\program files\microsoft sql server\mssql$act7\binn\sqlservr.exe -sact7 --> c:\program

files\microsoft sql server\mssql$act7\binn\sqlservr.exe -sACT7 [?]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-14 402336]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-14 1117624]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-4 22344]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2011-11-17 56840]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-8-17 70536]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-11-17 35264]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program

files\spyware doctor\tfengine\TFService.exe service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-9 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update

Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 253088]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [2009-8-15 54272]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-9 136176]
S3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\microsoft sql server\mssql$act7\binn\sqlagent.exe -i act7 -->

c:\program files\microsoft sql server\mssql$act7\binn\sqlagent.EXE -i ACT7 [?]
.
=============== File Associations ===============
.
.reg=reg_auto_file
.txt=
.
=============== Created Last 30 ================
.
2012-05-05 00:11:41 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-05 00:11:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-04 19:18:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-04 19:18:44 -------- d-----w- c:\documents and settings\all users\application

data\SUPERAntiSpyware.com
2012-04-30 21:07:56 -------- d--h--w- c:\program files\SecurityXploded
2012-04-30 21:05:21 -------- d--h--w- C:\FirePasswordViewer
2012-04-30 21:05:21 -------- d--h--w- \FirePasswordViewer
2012-04-23 18:51:34 -------- d--h--w- c:\program files\iPod
2012-04-23 18:51:25 -------- d--h--w- c:\program files\iTunes
.
==================== Find3M ====================
.
2012-04-14 13:47:33 418464 ---ha-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 13:47:32 70304 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-14 13:47:12 4126368 ---ha-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-03-01 11:01:32 916992 ---ha-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ---h--w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ---ha-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ---ha-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ---h--w- c:\windows\system32\html.iec
.
============= FINISH: 9:42:57.03 ===============


GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-18 22:44:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\PAULTH~1\LOCALS~1\Temp\uxtdipog.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1

---- EOF - GMER 1.0.15 ----


SORRY, I know this is supposed to be zipped but I cannot see on the desktop after I save it so I copied and pasted.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/15/2009 12:44:41 PM
System Uptime: 5/19/2012 9:23:37 AM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0XF826
Processor: Intel® Pentium® 4 CPU

2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 63.325 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP862: 3/11/2012 9:00:10 AM - System Checkpoint
RP863: 3/12/2012 10:22:30 AM - System Checkpoint
RP864: 3/13/2012 10:30:36 AM - System Checkpoint
RP865: 3/14/2012 11:13:35 AM - System Checkpoint
RP866: 3/15/2012 3:00:26 AM - Software Distribution

Service 3.0
RP867: 3/16/2012 3:27:40 AM - System Checkpoint
RP868: 3/17/2012 4:27:40 AM - System Checkpoint
RP869: 3/18/2012 5:15:47 AM - System Checkpoint
RP870: 3/19/2012 5:50:57 AM - System Checkpoint
RP871: 3/20/2012 6:14:57 AM - System Checkpoint
RP872: 3/21/2012 6:15:13 AM - System Checkpoint
RP873: 3/22/2012 7:15:13 AM - System Checkpoint
RP874: 3/23/2012 8:15:09 AM - System Checkpoint
RP875: 3/24/2012 9:15:09 AM - System Checkpoint
RP876: 3/25/2012 9:51:10 AM - System Checkpoint
RP877: 3/26/2012 3:27:26 PM - System Checkpoint
RP878: 3/27/2012 3:57:41 PM - System Checkpoint
RP879: 3/28/2012 4:09:49 PM - System Checkpoint
RP880: 3/29/2012 5:40:52 PM - System Checkpoint
RP881: 3/30/2012 11:31:38 AM - Installed Microsoft

Visual C++ 2005 Redistributable
RP882: 3/31/2012 12:17:55 PM - System Checkpoint
RP883: 4/1/2012 3:54:22 PM - System Checkpoint
RP884: 4/2/2012 4:18:20 PM - System Checkpoint
RP885: 4/3/2012 5:23:14 PM - System Checkpoint
RP886: 4/4/2012 6:18:26 PM - System Checkpoint
RP887: 4/5/2012 7:18:29 PM - System Checkpoint
RP888: 4/6/2012 8:18:27 PM - System Checkpoint
RP889: 4/7/2012 10:03:24 PM - System Checkpoint
RP890: 4/8/2012 10:47:42 PM - System Checkpoint
RP891: 4/9/2012 11:47:46 PM - System Checkpoint
RP892: 4/10/2012 11:48:01 PM - System Checkpoint
RP893: 4/11/2012 3:00:53 AM - Software Distribution

Service 3.0
RP894: 4/12/2012 3:36:45 AM - System Checkpoint
RP895: 4/13/2012 3:37:03 AM - System Checkpoint
RP896: 4/14/2012 4:36:17 AM - System Checkpoint
RP897: 4/15/2012 8:25:20 AM - System Checkpoint
RP898: 4/16/2012 8:48:23 AM - System Checkpoint
RP899: 4/17/2012 9:48:23 AM - System Checkpoint
RP900: 4/18/2012 9:48:35 AM - System Checkpoint
RP901: 4/19/2012 1:22:00 PM - System Checkpoint
RP902: 4/20/2012 2:25:24 PM - System Checkpoint
RP903: 4/21/2012 4:48:42 PM - System Checkpoint
RP904: 4/22/2012 5:33:11 PM - System Checkpoint
RP905: 4/23/2012 6:33:09 PM - System Checkpoint
RP906: 4/24/2012 6:33:27 PM - System Checkpoint
RP907: 4/25/2012 7:33:32 PM - System Checkpoint
RP908: 4/26/2012 8:33:31 PM - System Checkpoint
RP909: 4/27/2012 9:33:31 PM - System Checkpoint
RP910: 4/28/2012 10:33:32 PM - System Checkpoint
RP911: 4/30/2012 12:11:32 AM - System Checkpoint
RP912: 4/30/2012 12:59:59 PM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP913: 4/30/2012 1:25:39 PM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP914: 4/30/2012 2:02:10 PM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP915: 4/30/2012 2:09:46 PM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP916: 5/1/2012 2:27:55 PM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP917: 5/1/2012 3:15:59 PM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP918: 5/2/2012 10:54:10 AM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP919: 5/3/2012 1:58:22 PM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP920: 5/4/2012 11:56:58 AM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP921: 5/5/2012 12:38:23 PM - System Checkpoint
RP922: 5/6/2012 12:47:20 PM - System Checkpoint
RP923: 5/7/2012 3:22:53 PM - System Checkpoint
RP924: 5/8/2012 10:04:33 AM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP925: 5/9/2012 10:23:24 AM - System Checkpoint
RP926: 5/10/2012 11:47:55 AM - System Checkpoint
RP927: 5/11/2012 1:12:25 PM - System Checkpoint
RP928: 5/16/2012 9:36:31 PM - System Checkpoint
RP929: 5/18/2012 10:29:09 PM - System Checkpoint
.
==== Installed Programs ======================
.
7-PDF Split & Merge Version 2.0.0 (Build 178)
ACT!
ACT! 2005
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Agency Forecaster
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.14 (Unicode)
Bonjour
Browser Defender 4.0
Canon MP Drivers
Canon MP Toolbox 4.1
Carbonite
CoffeeCup HTML Editor
Compatibility Pack for the 2007 Office system
Dell Driver Reset Tool
ePad-ink For Farmers
eReg
EZDetach (remove only)
Flickr Uploadr 3.2.1
Google Earth
Google Update Helper
GoToMeeting 4.0.0.320
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp color LaserJet 2500 Uninstaller
Infix 5.03
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Connections Drivers
iTunes
Java Auto Updater
Java™ 6 Update 26
LAME v3.99.3 (for Windows)
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.61.0.1400
Media Player Codec Pack Lite 3.9.5
MessageSave (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 ATL Update kb973923 - x86

8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86

9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 -

x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.6161
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
OGA Notifier 2.0.0048.0
PC Tools Spyware Doctor with AntiVirus 9.0
Pdf995
ProductRecommendation
Quicken 2009
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1

(KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7

(KB2183461)
Security Update for Windows Internet Explorer 7

(KB2360131)
Security Update for Windows Internet Explorer 7

(KB2416400)
Security Update for Windows Internet Explorer 7

(KB938127-v2)
Security Update for Windows Internet Explorer 7

(KB972260)
Security Update for Windows Internet Explorer 7

(KB974455)
Security Update for Windows Internet Explorer 7

(KB976325)
Security Update for Windows Internet Explorer 7

(KB978207)
Security Update for Windows Internet Explorer 7

(KB982381)
Security Update for Windows Internet Explorer 8

(KB2482017)
Security Update for Windows Internet Explorer 8

(KB2497640)
Security Update for Windows Internet Explorer 8

(KB2510531)
Security Update for Windows Internet Explorer 8

(KB2530548)
Security Update for Windows Internet Explorer 8

(KB2544521)
Security Update for Windows Internet Explorer 8

(KB2559049)
Security Update for Windows Internet Explorer 8

(KB2586448)
Security Update for Windows Internet Explorer 8

(KB2618444)
Security Update for Windows Internet Explorer 8

(KB2647516)
Security Update for Windows Internet Explorer 8

(KB2675157)
Security Update for Windows Internet Explorer 8

(KB971961)
Security Update for Windows Internet Explorer 8

(KB981332)
Security Update for Windows Internet Explorer 8

(KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SimplyFile (remove only)
Software Update for Web Folders
Spark 2.5.8
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 Runtime (x86)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
5/18/2012 9:22:26 PM, error: Service Control Manager

[7026] - The following boot-start or system-start

driver(s) failed to load: IntelIde
.
==== End Of File ===========================

#4 BigRedDog

BigRedDog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Location:Seattle, WA
  • Local time:06:33 PM

Posted 19 May 2012 - 12:37 PM

IE running very slow... I have not used this computer at all except to log in to email to get your reply and login to bleeping computer.

here is the dds.txt. I downloaded to desktop but the file was named dds.scr I renamed to dds.exe and was able to launch program
I saved the other dds file (attachment.txt) to desktop but it is now not visible on the desktop??? and not visible when trying to attach

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Paul Thompson at 9:33:58 on 2012-05-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.660 [GMT -7:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\hpb2ksrv.exe
C:\WINDOWS\system32\hpbhksrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = https://eagent.farmersinsurance.com/
uInternet Connection Wizard,ShellNext =

hxxp://www.pctools.com/en/spyware-doctor/purchase/?cclick=Register_11&product=Spyware%20Doctor&subproduct=NRM&vers

ion=6%2E1%2E0%2E447&code=0%2D0%2D0%2D0&suversion=6%2E1%2E0%2E38&osversion=5%2E1%2E2600%2E2&osspack=Service%20Pack%

202&sulang=en&platform=32
uInternet Settings,ProxyOverride = <local>;*.local;localhost
uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware

doctor\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware

doctor\bdt\PCTBrowserDefender.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware

doctor\bdt\PCTBrowserDefender.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Spark] c:\program files\spark\Spark.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [APL] "c:\program files\act\act for win 7\APL.exe"
mRun: [HP Network Registry Agent] c:\windows\system32\hpnra.exe
mRun: [HP Status] c:\windows\system32\hpstatus.exe
mRun: [HP Proxy Server] c:\program files\hewlett-packard\proxyservice\ProxyService.lnk
mRun: [PCTools FGuard] c:\program files\spyware doctor\bdt\FGuard.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsGui.exe" /hideGUI
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: 360-value.com
Trusted Zone: bankofamerica.com\homeloanbusiness
Trusted Zone: billerweb.com
Trusted Zone: bristolwest.com
Trusted Zone: bwproducers.com
Trusted Zone: cisgroup.com
Trusted Zone: co-optimum.com
Trusted Zone: farmers.com
Trusted Zone: farmersces.com
Trusted Zone: farmersflood.com
Trusted Zone: farmersinsurance.com
Trusted Zone: farmersleadcenter.com
Trusted Zone: farmerslife.com
Trusted Zone: farmersmarketpoint.com
Trusted Zone: foremostfarmers.com
Trusted Zone: foremoststar.com
Trusted Zone: msbexpress.net
Trusted Zone: postoffice.net
Trusted Zone: seccas.com
Trusted Zone: zurich.com
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} -

hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} -

hxxps://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab
DPF: {19529B56-E206-4F0B-B44E-97B5F4861E6A} -

hxxps://eagent.farmersinsurance.com/PLA/eAgent/icms/viewers/crystalreportviewers115/ActiveXControls/PrintControl.c

ab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {354D91A8-E3C9-491F-BB89-0FB27DEEED86} -

hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXTwain61.cab
DPF: {3D03AEAF-38CC-4DB5-9FA1-1C3538B1CA85} -

hxxps://eagent.farmersinsurance.com/PLA/eAgent/icms/viewers/crystalreportviewers11/ActiveXControls/PrintControl.ca

b
DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} -

hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXDialog61.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250369543156
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250369228593
DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} -

hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgX61.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -

hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {ABA23149-06BA-440D-88FF-69203B966083} -

hxxps://bie.farmersinsurance.com/prweb/PRServletLDAP1/8gYJ4DHQrCXUTefMjim_tw%5B%5B*/openauthoring.cab
DPF: {B2D168E0-5597-101D-843A-DA16297B4C87} -

hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/rm2.cab
DPF: {BE8EEE38-A7C5-4674-A6C4-C2D7421FDD10} -

hxxps://bie.farmersinsurance.com/prweb/PRServletLDAP1/8gYJ4DHQrCXUTefMjim_tw%5B%5B*/prvisiointerface.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553512000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF261D07-7E99-11D4-B2C7-009027A1F18A} - hxxp://mobius.farmersinsurance.com/Agent/content/iejpwenu.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{F390C42B-BCB6-4235-8B4B-960C923059BB} : DhcpNameServer = 208.67.222.222 208.67.220.220 4.4.4.3
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program

files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 pctBTFix;PC Tools Boot Fix Driver;c:\windows\system32\drivers\pctBTFix.sys [2011-11-17 17848]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-17 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-1-6 341656]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-1-6 660992]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-11-17 54328]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-11-17 574424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-8-17 252840]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-11-17 185560]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware

doctor\bdt\BDTUpdateService.exe [2010-1-20 542672]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-1-17 12184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-4 654408]
R2 MSSQL$ACT7;MSSQL$ACT7;c:\program files\microsoft sql server\mssql$act7\binn\sqlservr.exe -sact7 --> c:\program

files\microsoft sql server\mssql$act7\binn\sqlservr.exe -sACT7 [?]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-14 402336]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-14 1117624]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-4 22344]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2011-11-17 56840]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-8-17 70536]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-11-17 35264]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program

files\spyware doctor\tfengine\TFService.exe service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-9 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update

Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 253088]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [2009-8-15 54272]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-9 136176]
S3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\microsoft sql server\mssql$act7\binn\sqlagent.exe -i act7 -->

c:\program files\microsoft sql server\mssql$act7\binn\sqlagent.EXE -i ACT7 [?]
.
=============== File Associations ===============
.
.reg=reg_auto_file
.txt=
.
=============== Created Last 30 ================
.
2012-05-05 00:11:41 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-05 00:11:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-04 19:18:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-04 19:18:44 -------- d-----w- c:\documents and settings\all users\application

data\SUPERAntiSpyware.com
2012-04-30 21:07:56 -------- d--h--w- c:\program files\SecurityXploded
2012-04-30 21:05:21 -------- d--h--w- C:\FirePasswordViewer
2012-04-30 21:05:21 -------- d--h--w- \FirePasswordViewer
2012-04-23 18:51:34 -------- d--h--w- c:\program files\iPod
2012-04-23 18:51:25 -------- d--h--w- c:\program files\iTunes
.
==================== Find3M ====================
.
2012-04-14 13:47:33 418464 ---ha-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 13:47:32 70304 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-14 13:47:12 4126368 ---ha-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-03-01 11:01:32 916992 ---ha-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ---h--w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ---ha-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ---ha-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ---h--w- c:\windows\system32\html.iec
.
============= FINISH: 9:42:57.03 ===============


GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-18 22:44:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\PAULTH~1\LOCALS~1\Temp\uxtdipog.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1

---- EOF - GMER 1.0.15 ----


SORRY, I know this is supposed to be zipped but I cannot see on the desktop after I save it so I copied and pasted.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/15/2009 12:44:41 PM
System Uptime: 5/19/2012 9:23:37 AM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0XF826
Processor: Intel® Pentium® 4 CPU

2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 63.325 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP862: 3/11/2012 9:00:10 AM - System Checkpoint
RP863: 3/12/2012 10:22:30 AM - System Checkpoint
RP864: 3/13/2012 10:30:36 AM - System Checkpoint
RP865: 3/14/2012 11:13:35 AM - System Checkpoint
RP866: 3/15/2012 3:00:26 AM - Software Distribution

Service 3.0
RP867: 3/16/2012 3:27:40 AM - System Checkpoint
RP868: 3/17/2012 4:27:40 AM - System Checkpoint
RP869: 3/18/2012 5:15:47 AM - System Checkpoint
RP870: 3/19/2012 5:50:57 AM - System Checkpoint
RP871: 3/20/2012 6:14:57 AM - System Checkpoint
RP872: 3/21/2012 6:15:13 AM - System Checkpoint
RP873: 3/22/2012 7:15:13 AM - System Checkpoint
RP874: 3/23/2012 8:15:09 AM - System Checkpoint
RP875: 3/24/2012 9:15:09 AM - System Checkpoint
RP876: 3/25/2012 9:51:10 AM - System Checkpoint
RP877: 3/26/2012 3:27:26 PM - System Checkpoint
RP878: 3/27/2012 3:57:41 PM - System Checkpoint
RP879: 3/28/2012 4:09:49 PM - System Checkpoint
RP880: 3/29/2012 5:40:52 PM - System Checkpoint
RP881: 3/30/2012 11:31:38 AM - Installed Microsoft

Visual C++ 2005 Redistributable
RP882: 3/31/2012 12:17:55 PM - System Checkpoint
RP883: 4/1/2012 3:54:22 PM - System Checkpoint
RP884: 4/2/2012 4:18:20 PM - System Checkpoint
RP885: 4/3/2012 5:23:14 PM - System Checkpoint
RP886: 4/4/2012 6:18:26 PM - System Checkpoint
RP887: 4/5/2012 7:18:29 PM - System Checkpoint
RP888: 4/6/2012 8:18:27 PM - System Checkpoint
RP889: 4/7/2012 10:03:24 PM - System Checkpoint
RP890: 4/8/2012 10:47:42 PM - System Checkpoint
RP891: 4/9/2012 11:47:46 PM - System Checkpoint
RP892: 4/10/2012 11:48:01 PM - System Checkpoint
RP893: 4/11/2012 3:00:53 AM - Software Distribution

Service 3.0
RP894: 4/12/2012 3:36:45 AM - System Checkpoint
RP895: 4/13/2012 3:37:03 AM - System Checkpoint
RP896: 4/14/2012 4:36:17 AM - System Checkpoint
RP897: 4/15/2012 8:25:20 AM - System Checkpoint
RP898: 4/16/2012 8:48:23 AM - System Checkpoint
RP899: 4/17/2012 9:48:23 AM - System Checkpoint
RP900: 4/18/2012 9:48:35 AM - System Checkpoint
RP901: 4/19/2012 1:22:00 PM - System Checkpoint
RP902: 4/20/2012 2:25:24 PM - System Checkpoint
RP903: 4/21/2012 4:48:42 PM - System Checkpoint
RP904: 4/22/2012 5:33:11 PM - System Checkpoint
RP905: 4/23/2012 6:33:09 PM - System Checkpoint
RP906: 4/24/2012 6:33:27 PM - System Checkpoint
RP907: 4/25/2012 7:33:32 PM - System Checkpoint
RP908: 4/26/2012 8:33:31 PM - System Checkpoint
RP909: 4/27/2012 9:33:31 PM - System Checkpoint
RP910: 4/28/2012 10:33:32 PM - System Checkpoint
RP911: 4/30/2012 12:11:32 AM - System Checkpoint
RP912: 4/30/2012 12:59:59 PM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP913: 4/30/2012 1:25:39 PM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP914: 4/30/2012 2:02:10 PM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP915: 4/30/2012 2:09:46 PM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP916: 5/1/2012 2:27:55 PM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP917: 5/1/2012 3:15:59 PM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP918: 5/2/2012 10:54:10 AM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP919: 5/3/2012 1:58:22 PM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP920: 5/4/2012 11:56:58 AM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP921: 5/5/2012 12:38:23 PM - System Checkpoint
RP922: 5/6/2012 12:47:20 PM - System Checkpoint
RP923: 5/7/2012 3:22:53 PM - System Checkpoint
RP924: 5/8/2012 10:04:33 AM - PC Tools Spyware Doctor

with AntiVirus: Cleaning Threats
RP925: 5/9/2012 10:23:24 AM - System Checkpoint
RP926: 5/10/2012 11:47:55 AM - System Checkpoint
RP927: 5/11/2012 1:12:25 PM - System Checkpoint
RP928: 5/16/2012 9:36:31 PM - System Checkpoint
RP929: 5/18/2012 10:29:09 PM - System Checkpoint
.
==== Installed Programs ======================
.
7-PDF Split & Merge Version 2.0.0 (Build 178)
ACT!
ACT! 2005
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Agency Forecaster
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.14 (Unicode)
Bonjour
Browser Defender 4.0
Canon MP Drivers
Canon MP Toolbox 4.1
Carbonite
CoffeeCup HTML Editor
Compatibility Pack for the 2007 Office system
Dell Driver Reset Tool
ePad-ink For Farmers
eReg
EZDetach (remove only)
Flickr Uploadr 3.2.1
Google Earth
Google Update Helper
GoToMeeting 4.0.0.320
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp color LaserJet 2500 Uninstaller
Infix 5.03
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Connections Drivers
iTunes
Java Auto Updater
Java™ 6 Update 26
LAME v3.99.3 (for Windows)
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.61.0.1400
Media Player Codec Pack Lite 3.9.5
MessageSave (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 ATL Update kb973923 - x86

8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86

9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 -

x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.6161
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
OGA Notifier 2.0.0048.0
PC Tools Spyware Doctor with AntiVirus 9.0
Pdf995
ProductRecommendation
Quicken 2009
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1

(KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7

(KB2183461)
Security Update for Windows Internet Explorer 7

(KB2360131)
Security Update for Windows Internet Explorer 7

(KB2416400)
Security Update for Windows Internet Explorer 7

(KB938127-v2)
Security Update for Windows Internet Explorer 7

(KB972260)
Security Update for Windows Internet Explorer 7

(KB974455)
Security Update for Windows Internet Explorer 7

(KB976325)
Security Update for Windows Internet Explorer 7

(KB978207)
Security Update for Windows Internet Explorer 7

(KB982381)
Security Update for Windows Internet Explorer 8

(KB2482017)
Security Update for Windows Internet Explorer 8

(KB2497640)
Security Update for Windows Internet Explorer 8

(KB2510531)
Security Update for Windows Internet Explorer 8

(KB2530548)
Security Update for Windows Internet Explorer 8

(KB2544521)
Security Update for Windows Internet Explorer 8

(KB2559049)
Security Update for Windows Internet Explorer 8

(KB2586448)
Security Update for Windows Internet Explorer 8

(KB2618444)
Security Update for Windows Internet Explorer 8

(KB2647516)
Security Update for Windows Internet Explorer 8

(KB2675157)
Security Update for Windows Internet Explorer 8

(KB971961)
Security Update for Windows Internet Explorer 8

(KB981332)
Security Update for Windows Internet Explorer 8

(KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SimplyFile (remove only)
Software Update for Web Folders
Spark 2.5.8
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 Runtime (x86)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
5/18/2012 9:22:26 PM, error: Service Control Manager

[7026] - The following boot-start or system-start

driver(s) failed to load: IntelIde
.
==== End Of File ===========================

#5 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:33 AM

Posted 23 May 2012 - 10:27 AM

Hi there,


Are you still with us? My sincere apologies to the delay, it was only my fault. Now that I have discovered my mistake, I will make sure this will not happen anymore and I hope my excuses will be accepted.



Regards,


Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#6 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:33 AM

Posted 23 May 2012 - 11:12 AM

Hi there,



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#7 BigRedDog

BigRedDog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Location:Seattle, WA
  • Local time:06:33 PM

Posted 23 May 2012 - 10:13 PM

still here, was going to ping you today but you sent your message. will run the program shortly and report back, thanks.

#8 BigRedDog

BigRedDog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Location:Seattle, WA
  • Local time:06:33 PM

Posted 23 May 2012 - 11:56 PM

21:39:10.0216 4452 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
21:39:10.0841 4452 ============================================================
21:39:10.0841 4452 Current date / time: 2012/05/23 21:39:10.0841
21:39:10.0841 4452 SystemInfo:
21:39:10.0841 4452
21:39:10.0841 4452 OS Version: 5.1.2600 ServicePack: 3.0
21:39:10.0856 4452 Product type: Workstation
21:39:10.0856 4452 ComputerName: HEINO
21:39:10.0856 4452 UserName: Paul Thompson
21:39:10.0856 4452 Windows directory: C:\WINDOWS
21:39:10.0856 4452 System windows directory: C:\WINDOWS
21:39:10.0856 4452 Processor architecture: Intel x86
21:39:10.0856 4452 Number of processors: 1
21:39:10.0856 4452 Page size: 0x1000
21:39:10.0856 4452 Boot type: Normal boot
21:39:10.0856 4452 ============================================================
21:39:12.0747 4452 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:39:12.0763 4452 ============================================================
21:39:12.0763 4452 \Device\Harddisk0\DR0:
21:39:12.0763 4452 MBR partitions:
21:39:12.0763 4452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
21:39:12.0763 4452 ============================================================
21:39:12.0778 4452 C: <-> \Device\Harddisk0\DR0\Partition0
21:39:12.0778 4452 ============================================================
21:39:12.0778 4452 Initialize success
21:39:12.0778 4452 ============================================================
21:39:38.0981 1612 ============================================================
21:39:38.0981 1612 Scan started
21:39:38.0981 1612 Mode: Manual;
21:39:38.0981 1612 ============================================================
21:39:39.0513 1612 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:39:39.0528 1612 !SASCORE - ok
21:39:39.0622 1612 Abiosdsk - ok
21:39:39.0638 1612 abp480n5 - ok
21:39:39.0731 1612 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:39:39.0747 1612 ACPI - ok
21:39:39.0810 1612 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:39:39.0810 1612 ACPIEC - ok
21:39:39.0888 1612 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:39:39.0903 1612 AdobeFlashPlayerUpdateSvc - ok
21:39:39.0903 1612 adpu160m - ok
21:39:39.0966 1612 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:39:39.0966 1612 aec - ok
21:39:40.0028 1612 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:39:40.0044 1612 AFD - ok
21:39:40.0044 1612 Aha154x - ok
21:39:40.0060 1612 aic78u2 - ok
21:39:40.0075 1612 aic78xx - ok
21:39:40.0122 1612 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:39:40.0122 1612 Alerter - ok
21:39:40.0153 1612 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:39:40.0153 1612 ALG - ok
21:39:40.0169 1612 AliIde - ok
21:39:40.0185 1612 amsint - ok
21:39:40.0278 1612 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:39:40.0278 1612 Apple Mobile Device - ok
21:39:40.0356 1612 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:39:40.0372 1612 AppMgmt - ok
21:39:40.0372 1612 asc - ok
21:39:40.0388 1612 asc3350p - ok
21:39:40.0403 1612 asc3550 - ok
21:39:40.0513 1612 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:39:40.0513 1612 aspnet_state - ok
21:39:40.0575 1612 astcc (c9aa946234013ca4c4b6108ba231947c) C:\WINDOWS\system32\ASTSRV.EXE
21:39:40.0575 1612 astcc - ok
21:39:40.0622 1612 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:39:40.0622 1612 AsyncMac - ok
21:39:40.0669 1612 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:39:40.0669 1612 atapi - ok
21:39:40.0685 1612 Atdisk - ok
21:39:40.0716 1612 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:39:40.0716 1612 Atmarpc - ok
21:39:40.0778 1612 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:39:40.0778 1612 AudioSrv - ok
21:39:40.0810 1612 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:39:40.0810 1612 audstub - ok
21:39:40.0856 1612 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:39:40.0856 1612 Beep - ok
21:39:40.0903 1612 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\System32\qmgr.dll
21:39:40.0919 1612 BITS - ok
21:39:41.0028 1612 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:39:41.0044 1612 Bonjour Service - ok
21:39:41.0091 1612 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:39:41.0091 1612 Browser - ok
21:39:41.0200 1612 Browser Defender Update Service (a2e9bde9fc118ae3a4df2c5a7fd6cbcb) C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
21:39:41.0216 1612 Browser Defender Update Service - ok
21:39:41.0497 1612 CarboniteService (e581146b4e24601d3b3c60e960de4e3b) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
21:39:41.0591 1612 CarboniteService - ok
21:39:41.0731 1612 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:39:41.0731 1612 cbidf2k - ok
21:39:41.0747 1612 cd20xrnt - ok
21:39:41.0778 1612 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:39:41.0778 1612 Cdaudio - ok
21:39:41.0825 1612 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:39:41.0825 1612 Cdfs - ok
21:39:41.0841 1612 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:39:41.0856 1612 Cdrom - ok
21:39:41.0856 1612 Changer - ok
21:39:41.0903 1612 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:39:41.0903 1612 CiSvc - ok
21:39:41.0919 1612 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:39:41.0935 1612 ClipSrv - ok
21:39:42.0028 1612 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:39:42.0044 1612 clr_optimization_v2.0.50727_32 - ok
21:39:42.0044 1612 CmdIde - ok
21:39:42.0060 1612 COMSysApp - ok
21:39:42.0075 1612 Cpqarray - ok
21:39:42.0091 1612 Crypkey License - ok
21:39:42.0138 1612 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:39:42.0138 1612 CryptSvc - ok
21:39:42.0153 1612 dac2w2k - ok
21:39:42.0153 1612 dac960nt - ok
21:39:42.0216 1612 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:39:42.0247 1612 DcomLaunch - ok
21:39:42.0294 1612 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:39:42.0294 1612 Dhcp - ok
21:39:42.0341 1612 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:39:42.0341 1612 Disk - ok
21:39:42.0372 1612 DM9USB (cba7ec7d2cd6082d934ee40038c45d4d) C:\WINDOWS\system32\DRIVERS\dm9usb.sys
21:39:42.0388 1612 DM9USB - ok
21:39:42.0388 1612 dmadmin - ok
21:39:42.0466 1612 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:39:42.0481 1612 dmboot - ok
21:39:42.0528 1612 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:39:42.0528 1612 dmio - ok
21:39:42.0560 1612 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:39:42.0560 1612 dmload - ok
21:39:42.0606 1612 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:39:42.0606 1612 dmserver - ok
21:39:42.0638 1612 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:39:42.0638 1612 DMusic - ok
21:39:42.0685 1612 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:39:42.0700 1612 Dnscache - ok
21:39:42.0747 1612 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:39:42.0763 1612 Dot3svc - ok
21:39:42.0825 1612 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
21:39:42.0872 1612 Dot4 - ok
21:39:43.0060 1612 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
21:39:43.0060 1612 Dot4Print - ok
21:39:43.0091 1612 dot4ufd (5b40fc72317edbe30a0bf6319c7f633c) C:\WINDOWS\system32\DRIVERS\hppaufd0.sys
21:39:43.0106 1612 dot4ufd - ok
21:39:43.0106 1612 dpti2o - ok
21:39:43.0122 1612 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:39:43.0122 1612 drmkaud - ok
21:39:43.0169 1612 E1000 (d94437e7ee086677b266099f695cdea1) C:\WINDOWS\system32\DRIVERS\e1000325.sys
21:39:43.0169 1612 E1000 - ok
21:39:43.0216 1612 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:39:43.0216 1612 EapHost - ok
21:39:43.0263 1612 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:39:43.0263 1612 ERSvc - ok
21:39:43.0310 1612 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:39:43.0325 1612 Eventlog - ok
21:39:43.0388 1612 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:39:43.0403 1612 EventSystem - ok
21:39:43.0450 1612 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:39:43.0466 1612 Fastfat - ok
21:39:43.0497 1612 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:39:43.0513 1612 FastUserSwitchingCompatibility - ok
21:39:43.0544 1612 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:39:43.0544 1612 Fdc - ok
21:39:43.0560 1612 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:39:43.0575 1612 Fips - ok
21:39:43.0606 1612 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:39:43.0606 1612 Flpydisk - ok
21:39:43.0638 1612 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:39:43.0638 1612 FltMgr - ok
21:39:43.0716 1612 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:39:43.0731 1612 FontCache3.0.0.0 - ok
21:39:43.0794 1612 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:39:43.0794 1612 Fs_Rec - ok
21:39:43.0825 1612 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:39:43.0825 1612 Ftdisk - ok
21:39:43.0856 1612 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:39:43.0856 1612 GEARAspiWDM - ok
21:39:43.0903 1612 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:39:43.0903 1612 Gpc - ok
21:39:43.0997 1612 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:39:44.0013 1612 gupdate - ok
21:39:44.0013 1612 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:39:44.0013 1612 gupdatem - ok
21:39:44.0106 1612 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:39:44.0106 1612 helpsvc - ok
21:39:44.0153 1612 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:39:44.0153 1612 HidServ - ok
21:39:44.0185 1612 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:39:44.0185 1612 HidUsb - ok
21:39:44.0231 1612 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:39:44.0231 1612 hkmsvc - ok
21:39:44.0310 1612 HP Port Resolver (ec1606ebc3f6ece1a67f801421eac5cb) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
21:39:44.0325 1612 HP Port Resolver - ok
21:39:44.0372 1612 HP Status (f5abce0c0375fcbd3423f1bd9403d102) C:\WINDOWS\system32\hpb2ksrv.exe
21:39:44.0372 1612 HP Status - ok
21:39:44.0403 1612 HP Status Print (da5c617d4aa1a5f6a2da3c822fe9247c) C:\WINDOWS\system32\hpbhksrv.exe
21:39:44.0403 1612 HP Status Print - ok
21:39:44.0435 1612 HP Status Server (3e99ffcedc39d8d57bae6f1754bef6f9) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
21:39:44.0450 1612 HP Status Server - ok
21:39:44.0450 1612 hpn - ok
21:39:44.0513 1612 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:39:44.0528 1612 HTTP - ok
21:39:44.0560 1612 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:39:44.0560 1612 HTTPFilter - ok
21:39:44.0575 1612 i2omgmt - ok
21:39:44.0591 1612 i2omp - ok
21:39:44.0622 1612 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:39:44.0638 1612 i8042prt - ok
21:39:44.0747 1612 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:39:44.0778 1612 ialm - ok
21:39:44.0935 1612 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:39:44.0966 1612 idsvc - ok
21:39:45.0060 1612 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:39:45.0060 1612 Imapi - ok
21:39:45.0122 1612 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:39:45.0138 1612 ImapiService - ok
21:39:45.0153 1612 ini910u - ok
21:39:45.0169 1612 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:39:45.0185 1612 IntelIde - ok
21:39:45.0200 1612 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:39:45.0200 1612 intelppm - ok
21:39:45.0216 1612 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:39:45.0216 1612 Ip6Fw - ok
21:39:45.0263 1612 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:39:45.0278 1612 IpFilterDriver - ok
21:39:45.0325 1612 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:39:45.0325 1612 IpInIp - ok
21:39:45.0403 1612 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:39:45.0419 1612 IpNat - ok
21:39:45.0528 1612 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
21:39:45.0544 1612 iPod Service - ok
21:39:45.0575 1612 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:39:45.0575 1612 IPSec - ok
21:39:45.0591 1612 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:39:45.0591 1612 IRENUM - ok
21:39:45.0622 1612 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:39:45.0622 1612 isapnp - ok
21:39:45.0731 1612 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
21:39:45.0747 1612 JavaQuickStarterService - ok
21:39:45.0778 1612 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:39:45.0778 1612 Kbdclass - ok
21:39:45.0825 1612 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:39:45.0841 1612 kmixer - ok
21:39:45.0872 1612 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:39:45.0872 1612 KSecDD - ok
21:39:45.0919 1612 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:39:45.0919 1612 lanmanserver - ok
21:39:45.0950 1612 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:39:45.0966 1612 lanmanworkstation - ok
21:39:46.0013 1612 LBeepKE (be2dc24d403643a2d1d98f33c7087b38) C:\WINDOWS\system32\Drivers\LBeepKE.sys
21:39:46.0013 1612 LBeepKE - ok
21:39:46.0028 1612 lbrtfdc - ok
21:39:46.0106 1612 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
21:39:46.0122 1612 LBTServ - ok
21:39:46.0153 1612 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
21:39:46.0153 1612 LHidFilt - ok
21:39:46.0169 1612 LHidUsbK - ok
21:39:46.0216 1612 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:39:46.0216 1612 LmHosts - ok
21:39:46.0263 1612 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
21:39:46.0263 1612 LMouFilt - ok
21:39:46.0263 1612 LMouKE - ok
21:39:46.0294 1612 LUsbFilt (ddfa88e36d5f8db5fbdbdddc4969db0a) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
21:39:46.0294 1612 LUsbFilt - ok
21:39:46.0356 1612 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
21:39:46.0356 1612 MBAMProtector - ok
21:39:46.0450 1612 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:39:46.0466 1612 MBAMService - ok
21:39:46.0560 1612 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
21:39:46.0575 1612 MDM - ok
21:39:46.0606 1612 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:39:46.0622 1612 Messenger - ok
21:39:46.0653 1612 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:39:46.0653 1612 mnmdd - ok
21:39:46.0716 1612 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:39:46.0731 1612 mnmsrvc - ok
21:39:46.0763 1612 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:39:46.0763 1612 Modem - ok
21:39:46.0778 1612 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:39:46.0794 1612 Mouclass - ok
21:39:46.0825 1612 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:39:46.0825 1612 mouhid - ok
21:39:46.0856 1612 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:39:46.0856 1612 MountMgr - ok
21:39:46.0872 1612 mraid35x - ok
21:39:46.0903 1612 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:39:46.0903 1612 MRxDAV - ok
21:39:46.0966 1612 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:39:46.0981 1612 MRxSmb - ok
21:39:47.0028 1612 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:39:47.0028 1612 MSDTC - ok
21:39:47.0044 1612 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:39:47.0060 1612 Msfs - ok
21:39:47.0060 1612 MSIServer - ok
21:39:47.0106 1612 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:39:47.0106 1612 MSKSSRV - ok
21:39:47.0122 1612 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:39:47.0122 1612 MSPCLOCK - ok
21:39:47.0138 1612 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:39:47.0138 1612 MSPQM - ok
21:39:47.0169 1612 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:39:47.0169 1612 mssmbios - ok
21:39:47.0216 1612 MSSQL$ACT7 - ok
21:39:47.0278 1612 MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
21:39:47.0278 1612 MSSQLServerADHelper - ok
21:39:47.0341 1612 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:39:47.0341 1612 Mup - ok
21:39:47.0403 1612 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:39:47.0419 1612 napagent - ok
21:39:47.0466 1612 Nbf (c087dd7fa47c4a43683df764fbfa30a7) C:\WINDOWS\system32\DRIVERS\nbf.sys
21:39:47.0481 1612 Nbf - ok
21:39:47.0544 1612 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:39:47.0544 1612 NDIS - ok
21:39:47.0591 1612 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:39:47.0591 1612 NdisTapi - ok
21:39:47.0622 1612 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:39:47.0622 1612 Ndisuio - ok
21:39:47.0653 1612 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:39:47.0653 1612 NdisWan - ok
21:39:47.0685 1612 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:39:47.0700 1612 NDProxy - ok
21:39:47.0747 1612 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:39:47.0747 1612 NetBIOS - ok
21:39:47.0778 1612 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:39:47.0794 1612 NetBT - ok
21:39:47.0841 1612 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:39:47.0856 1612 NetDDE - ok
21:39:47.0856 1612 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:39:47.0872 1612 NetDDEdsdm - ok
21:39:47.0888 1612 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:39:47.0903 1612 Netlogon - ok
21:39:47.0950 1612 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:39:47.0966 1612 Netman - ok
21:39:48.0278 1612 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:39:48.0278 1612 NetTcpPortSharing - ok
21:39:48.0325 1612 NetworkX (5ef7dd401771693245d46f4b0b69fe2b) C:\WINDOWS\system32\ckldrv.sys
21:39:48.0325 1612 NetworkX - ok
21:39:48.0388 1612 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:39:48.0403 1612 Nla - ok
21:39:48.0466 1612 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:39:48.0466 1612 Npfs - ok
21:39:48.0513 1612 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:39:48.0513 1612 Ntfs - ok
21:39:48.0528 1612 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:39:48.0528 1612 NtLmSsp - ok
21:39:48.0606 1612 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:39:48.0622 1612 NtmsSvc - ok
21:39:48.0669 1612 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:39:48.0669 1612 Null - ok
21:39:48.0731 1612 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:39:48.0731 1612 NwlnkFlt - ok
21:39:48.0747 1612 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:39:48.0747 1612 NwlnkFwd - ok
21:39:48.0841 1612 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:39:48.0841 1612 ose - ok
21:39:48.0903 1612 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:39:48.0903 1612 Parport - ok
21:39:48.0919 1612 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:39:48.0919 1612 PartMgr - ok
21:39:48.0935 1612 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:39:48.0935 1612 ParVdm - ok
21:39:48.0950 1612 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:39:48.0966 1612 PCI - ok
21:39:48.0966 1612 PCIDump - ok
21:39:48.0997 1612 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:39:48.0997 1612 PCIIde - ok
21:39:49.0044 1612 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:39:49.0060 1612 Pcmcia - ok
21:39:49.0106 1612 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys
21:39:49.0106 1612 PCTBD - ok
21:39:49.0153 1612 pctBTFix (b4f58f0bfce155f7d2bd88cfdf5d81e0) C:\WINDOWS\system32\Drivers\pctBTFix.sys
21:39:49.0169 1612 pctBTFix - ok
21:39:49.0200 1612 PCTCore (3a1efee38dcc8db0b0ee8bb98edd950d) C:\WINDOWS\system32\drivers\PCTCore.sys
21:39:49.0216 1612 PCTCore - ok
21:39:49.0263 1612 pctDS (af08ec0f2093867ab955e24121ee7002) C:\WINDOWS\system32\drivers\pctDS.sys
21:39:49.0278 1612 pctDS - ok
21:39:49.0325 1612 pctEFA (4b1b0cd45a047c0941f6b6151f6fb3c1) C:\WINDOWS\system32\drivers\pctEFA.sys
21:39:49.0341 1612 pctEFA - ok
21:39:49.0388 1612 pctgntdi (92f69754ad3f18ccc7e7232ca5262029) C:\WINDOWS\system32\drivers\pctgntdi.sys
21:39:49.0403 1612 pctgntdi - ok
21:39:49.0450 1612 pctplsg (91aa056e365e1e093cf6e43540e60b28) C:\WINDOWS\system32\drivers\pctplsg.sys
21:39:49.0450 1612 pctplsg - ok
21:39:49.0466 1612 PCTSD (6f8c66b756eccff3e75d362a8c66b21e) C:\WINDOWS\system32\Drivers\PCTSD.sys
21:39:49.0481 1612 PCTSD - ok
21:39:49.0481 1612 PDCOMP - ok
21:39:49.0497 1612 PDFRAME - ok
21:39:49.0513 1612 PDRELI - ok
21:39:49.0528 1612 PDRFRAME - ok
21:39:49.0528 1612 perc2 - ok
21:39:49.0544 1612 perc2hib - ok
21:39:49.0606 1612 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:39:49.0622 1612 PlugPlay - ok
21:39:49.0669 1612 Pml Driver HPZ12 (75cf9de0a67af916ed591743dfb69694) C:\WINDOWS\system32\HPZipm12.dll
21:39:49.0669 1612 Pml Driver HPZ12 - ok
21:39:49.0716 1612 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:39:49.0716 1612 PolicyAgent - ok
21:39:49.0747 1612 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:39:49.0763 1612 PptpMiniport - ok
21:39:49.0763 1612 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:39:49.0778 1612 ProtectedStorage - ok
21:39:49.0778 1612 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:39:49.0794 1612 PSched - ok
21:39:49.0825 1612 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:39:49.0825 1612 Ptilink - ok
21:39:49.0841 1612 ql1080 - ok
21:39:49.0856 1612 Ql10wnt - ok
21:39:49.0872 1612 ql12160 - ok
21:39:49.0872 1612 ql1240 - ok
21:39:49.0888 1612 ql1280 - ok
21:39:49.0919 1612 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:39:49.0919 1612 RasAcd - ok
21:39:49.0950 1612 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:39:49.0950 1612 RasAuto - ok
21:39:49.0981 1612 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:39:49.0981 1612 Rasl2tp - ok
21:39:50.0028 1612 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:39:50.0044 1612 RasMan - ok
21:39:50.0060 1612 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:39:50.0060 1612 RasPppoe - ok
21:39:50.0075 1612 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:39:50.0075 1612 Raspti - ok
21:39:50.0122 1612 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:39:50.0138 1612 Rdbss - ok
21:39:50.0153 1612 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:39:50.0153 1612 RDPCDD - ok
21:39:50.0185 1612 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:39:50.0185 1612 rdpdr - ok
21:39:50.0247 1612 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:39:50.0247 1612 RDPWD - ok
21:39:50.0294 1612 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:39:50.0310 1612 RDSessMgr - ok
21:39:50.0341 1612 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:39:50.0341 1612 redbook - ok
21:39:50.0403 1612 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:39:50.0403 1612 RemoteAccess - ok
21:39:50.0466 1612 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:39:50.0466 1612 RemoteRegistry - ok
21:39:50.0497 1612 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:39:50.0497 1612 RpcLocator - ok
21:39:50.0560 1612 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:39:50.0560 1612 RpcSs - ok
21:39:50.0591 1612 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
21:39:50.0591 1612 rspndr - ok
21:39:50.0653 1612 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:39:50.0653 1612 RSVP - ok
21:39:50.0716 1612 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:39:50.0716 1612 SamSs - ok
21:39:50.0810 1612 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:39:50.0810 1612 SASDIFSV - ok
21:39:50.0825 1612 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:39:50.0825 1612 SASKUTIL - ok
21:39:50.0888 1612 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:39:50.0888 1612 SCardSvr - ok
21:39:50.0935 1612 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:39:50.0935 1612 Schedule - ok
21:39:51.0028 1612 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\Spyware Doctor\pctsAuxs.exe
21:39:51.0044 1612 sdAuxService - ok
21:39:51.0138 1612 sdCoreService (cb2447edda6f8098f3a966b8c82d35fd) C:\Program Files\Spyware Doctor\pctsSvc.exe
21:39:51.0153 1612 sdCoreService - ok
21:39:51.0263 1612 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:39:51.0278 1612 Secdrv - ok
21:39:51.0325 1612 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:39:51.0325 1612 seclogon - ok
21:39:51.0419 1612 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
21:39:51.0435 1612 senfilt - ok
21:39:51.0497 1612 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:39:51.0497 1612 SENS - ok
21:39:51.0560 1612 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:39:51.0560 1612 serenum - ok
21:39:51.0575 1612 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:39:51.0575 1612 Serial - ok
21:39:51.0622 1612 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:39:51.0622 1612 Sfloppy - ok
21:39:51.0700 1612 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:39:51.0716 1612 SharedAccess - ok
21:39:51.0794 1612 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:39:51.0794 1612 ShellHWDetection - ok
21:39:51.0810 1612 Simbad - ok
21:39:51.0872 1612 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
21:39:51.0872 1612 smwdm - ok
21:39:51.0888 1612 Sparrow - ok
21:39:51.0903 1612 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:39:51.0903 1612 splitter - ok
21:39:51.0950 1612 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:39:51.0966 1612 Spooler - ok
21:39:52.0028 1612 SQLAgent$ACT7 - ok
21:39:52.0075 1612 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:39:52.0091 1612 sr - ok
21:39:52.0106 1612 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:39:52.0122 1612 srservice - ok
21:39:52.0169 1612 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:39:52.0185 1612 Srv - ok
21:39:52.0200 1612 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:39:52.0216 1612 SSDPSRV - ok
21:39:52.0263 1612 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:39:52.0294 1612 stisvc - ok
21:39:52.0325 1612 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:39:52.0325 1612 swenum - ok
21:39:52.0372 1612 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:39:52.0372 1612 swmidi - ok
21:39:52.0388 1612 SwPrv - ok
21:39:52.0403 1612 symc810 - ok
21:39:52.0419 1612 symc8xx - ok
21:39:52.0435 1612 sym_hi - ok
21:39:52.0435 1612 sym_u3 - ok
21:39:52.0466 1612 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:39:52.0481 1612 sysaudio - ok
21:39:52.0513 1612 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:39:52.0528 1612 SysmonLog - ok
21:39:52.0560 1612 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:39:52.0575 1612 TapiSrv - ok
21:39:52.0638 1612 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:39:52.0653 1612 Tcpip - ok
21:39:52.0700 1612 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:39:52.0700 1612 TDPIPE - ok
21:39:52.0763 1612 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:39:52.0763 1612 TDTCP - ok
21:39:52.0810 1612 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:39:52.0810 1612 TermDD - ok
21:39:52.0856 1612 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:39:52.0872 1612 TermService - ok
21:39:52.0919 1612 TfFsMon (eb8f8b25bb64452d86d2bd577607694a) C:\WINDOWS\system32\drivers\TfFsMon.sys
21:39:52.0919 1612 TfFsMon - ok
21:39:52.0966 1612 TfNetMon (8d157e44ba7f87c8744ac977ca428c1d) C:\WINDOWS\system32\drivers\TfNetMon.sys
21:39:52.0966 1612 TfNetMon - ok
21:39:53.0028 1612 TfSysMon (c866eb15c3cb83dac8f348abe6a42ea7) C:\WINDOWS\system32\drivers\TfSysMon.sys
21:39:53.0028 1612 TfSysMon - ok
21:39:53.0091 1612 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:39:53.0106 1612 Themes - ok
21:39:53.0169 1612 ThreatFire - ok
21:39:53.0216 1612 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:39:53.0231 1612 TlntSvr - ok
21:39:53.0247 1612 TosIde - ok
21:39:53.0497 1612 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:39:53.0513 1612 TrkWks - ok
21:39:53.0575 1612 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:39:53.0575 1612 Udfs - ok
21:39:53.0591 1612 ultra - ok
21:39:53.0638 1612 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:39:53.0653 1612 Update - ok
21:39:53.0685 1612 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:39:53.0700 1612 upnphost - ok
21:39:53.0716 1612 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:39:53.0716 1612 UPS - ok
21:39:53.0763 1612 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:39:53.0763 1612 USBAAPL - ok
21:39:53.0810 1612 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:39:53.0810 1612 usbccgp - ok
21:39:53.0825 1612 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:39:53.0825 1612 usbehci - ok
21:39:53.0841 1612 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:39:53.0841 1612 usbhub - ok
21:39:53.0903 1612 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:39:53.0903 1612 usbprint - ok
21:39:53.0919 1612 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:39:53.0919 1612 usbscan - ok
21:39:53.0950 1612 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:39:53.0950 1612 USBSTOR - ok
21:39:53.0981 1612 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:39:53.0981 1612 usbuhci - ok
21:39:54.0028 1612 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:39:54.0028 1612 VgaSave - ok
21:39:54.0028 1612 ViaIde - ok
21:39:54.0075 1612 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:39:54.0075 1612 VolSnap - ok
21:39:54.0122 1612 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:39:54.0138 1612 VSS - ok
21:39:54.0169 1612 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:39:54.0185 1612 W32Time - ok
21:39:54.0200 1612 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:39:54.0200 1612 Wanarp - ok
21:39:54.0263 1612 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:39:54.0294 1612 Wdf01000 - ok
21:39:54.0310 1612 WDICA - ok
21:39:54.0356 1612 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:39:54.0372 1612 wdmaud - ok
21:39:54.0388 1612 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:39:54.0388 1612 WebClient - ok
21:39:54.0481 1612 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:39:54.0497 1612 winmgmt - ok
21:39:54.0560 1612 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:39:54.0560 1612 WmdmPmSN - ok
21:39:54.0622 1612 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:39:54.0638 1612 Wmi - ok
21:39:54.0669 1612 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:39:54.0685 1612 WmiApSrv - ok
21:39:54.0841 1612 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:39:54.0872 1612 WMPNetworkSvc - ok
21:39:54.0935 1612 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:39:54.0935 1612 WpdUsb - ok
21:39:54.0966 1612 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:39:54.0966 1612 WS2IFSL - ok
21:39:55.0013 1612 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:39:55.0013 1612 wscsvc - ok
21:39:55.0044 1612 wuauserv (b72508649dad03bcb5d708edb1e3e57e) C:\WINDOWS\system32\wuauserv.dll
21:39:55.0060 1612 wuauserv - ok
21:39:55.0091 1612 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:39:55.0106 1612 WudfPf - ok
21:39:55.0138 1612 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:39:55.0138 1612 WudfRd - ok
21:39:55.0185 1612 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:39:55.0185 1612 WudfSvc - ok
21:39:55.0263 1612 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:39:55.0278 1612 WZCSVC - ok
21:39:55.0325 1612 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:39:55.0341 1612 xmlprov - ok
21:39:55.0403 1612 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:39:55.0435 1612 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
21:39:55.0435 1612 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
21:39:55.0450 1612 Boot (0x1200) (028a157351e7c6c4f9d5db35a31b83ce) \Device\Harddisk0\DR0\Partition0
21:39:55.0450 1612 \Device\Harddisk0\DR0\Partition0 - ok
21:39:55.0450 1612 ============================================================
21:39:55.0450 1612 Scan finished
21:39:55.0450 1612 ============================================================
21:39:55.0466 5376 Detected object count: 1
21:39:55.0466 5376 Actual detected object count: 1
21:40:19.0013 5376 \Device\Harddisk0\DR0\# - copied to quarantine
21:40:19.0013 5376 \Device\Harddisk0\DR0 - copied to quarantine
21:40:19.0091 5376 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
21:40:19.0091 5376 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
21:40:19.0106 5376 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
21:40:19.0106 5376 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
21:40:19.0122 5376 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
21:40:19.0122 5376 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
21:40:19.0122 5376 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
21:40:19.0169 5376 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
21:40:19.0169 5376 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
21:40:19.0200 5376 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:40:19.0216 5376 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:40:19.0216 5376 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:40:19.0231 5376 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:40:19.0231 5376 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
21:40:19.0231 5376 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
21:40:19.0231 5376 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
21:40:19.0388 5376 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
21:40:19.0419 5376 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
21:40:19.0731 5376 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
21:40:19.0747 5376 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
21:40:19.0763 5376 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
21:40:19.0778 5376 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
21:40:20.0169 5376 \Device\Harddisk0\DR0\TDLFS\sant32 - copied to quarantine
21:40:20.0169 5376 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
21:40:20.0169 5376 \Device\Harddisk0\DR0 - ok
21:40:21.0185 5376 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
21:40:28.0169 3636 Deinitialize success

#9 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:33 AM

Posted 24 May 2012 - 01:37 PM

Hi there,



Firstly I need to tell you about the risks your computer is exposed to.
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


===================================================================================================================


If you decide on continuing with the cleaning process, please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.







Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#10 BigRedDog

BigRedDog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Location:Seattle, WA
  • Local time:06:33 PM

Posted 25 May 2012 - 01:26 AM

I prefer to reformat at this point, thanks. I have all the original disks to start, any suggestions? thanks!

#11 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:33 AM

Posted 25 May 2012 - 01:41 PM

Hi there,


If you're not sure how to reformat or need help with reformatting, please review:These links include step-by-step instructions with screenshots:Vista users can refer to these instructions:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead..


===============================================================================================================================


After you have reinstalled the Operating System, you need to take into consideration several steps for a safe web surfing:


  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,441 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:33 AM

Posted 28 May 2012 - 12:02 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users