Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Shield wants me to buy their stuff!


  • This topic is locked This topic is locked
2 replies to this topic

#1 Coz

Coz

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:down south
  • Local time:10:32 PM

Posted 21 July 2012 - 09:40 AM

Warm greetings to everyone,
Forgive me for disturbing you all...but I need some assistance with what I believe is a take-over by nasty bugs and stuff. Any help at all would be deeply appreciated.
To start with...let me explain. I'm a Mac user with little to no experience with Microsoft systems. So please understand if I appear to be writing this using a crayon. I recently acquired a small Hewlett-Packard mini laptop I wanted to convert into a library separate from my Kindle...with the added feature of a game or two for pleasure. I am not the original owner and cannot verify the history of my system prior to about two weeks ago around the 6th of June.
But two days ago I attempted to use google and I was instead told by my system that it wasn't a safe place to go. Even hitting the go to it anyway button would not allow me to access it. I altered the security feature (lowering it, temporarily) to see if that would help, it didn't. Instead what was happening was warning flashing from something called Security Shield that I was not safe and to show me it proceeded to scan...showing me why. At first I selected the fix it button which only sent me to a screen wanting me to buy their program. I refused and asked it to continue unprotected. I wanted to decide what I want after more research. It progressively worsened to the point it wouldn't allow me to do anything including pulling up my Calibre Library, telling me it wasn't safe. It was only when if warned me my credit card info was being transmitted that I realized that it was all bogus. I've never used a credit card on that system and knew it wasn't possible. That's when I investigated further.
I immediately disconnected the HP and switched over to my iBook (what I'm on now) and started following trails leading me to the conclusion I was possibly infected. I started grabbing things that were suggested by the article like Malwarebytes Anti-Malware, Hijack This!, SpywareBlaster, Spybot Search & Destroy, Microsoft Support Emergency Response Tool and rkill. Every last one of them and tried to run them. Most if not all said I had icky stuff everywhere. Felt like I had a bad case of head lice or something. I asked Malwarebytes to innoculate and it did. Seemed like things were going to be okay (asides from annoying little pop-ups from Malwarebytes telling me something was trying to call home) until all of a sudden my little HP just shut down. It did this three or four time until I figured out how to use that F8 key and boot into safemode. There I ran malwarebyte again and spybot search and destroy. I haven't had the courage to exit the HP from safemode until I asked for your help.
Originally I was just going to post just the hijack this file until I read the actual suggestions you all gave so here is what I have so far. I need to know what to do next. Please help. It seems everything I've run gave me info so I have it if you need it.
Here's the dds text file as well as the HiJack This! file:

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702
Run by Shauna at 7:51:55 on 2012-07-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.586 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com/
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: VideoFileDownload: {47ceee9c-3b9b-492c-95ca-1ac3a99d154c} - c:\program files\oapps\bho_project.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\shauna\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [FDPRO-516] c:\program files\fighters\FighterLauncher.exe FDPRO
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [SpybotDeletingB6525] command.com /c del "c:\documents and settings\shauna\local settings\temp\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbar4ffx.exe"
uRunOnce: [SpybotDeletingD3895] cmd.exe /c del "c:\documents and settings\shauna\local settings\temp\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbar4ffx.exe"
uRunOnce: [SpybotDeletingB5094] command.com /c del "c:\documents and settings\shauna\local settings\temp\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbar4ie.exe"
uRunOnce: [SpybotDeletingB7481] command.com /c del "c:\documents and settings\all users\start menu\programs\installiq updater\InstallIQ Updater.lnk"
uRunOnce: [SpybotDeletingD9662] cmd.exe /c del "c:\documents and settings\all users\start menu\programs\installiq updater\InstallIQ Updater.lnk"
uRunOnce: [SpybotDeletingB2368] command.com /c del "c:\documents and settings\all users\start menu\programs\installiq updater\Privacy Policy.url"
uRunOnce: [SpybotDeletingD2561] cmd.exe /c del "c:\documents and settings\all users\start menu\programs\installiq updater\Privacy Policy.url"
uRunOnce: [SpybotDeletingB1214] command.com /c del "c:\documents and settings\all users\start menu\programs\installiq updater\Terms & Conditions.url"
uRunOnce: [SpybotDeletingD4872] cmd.exe /c del "c:\documents and settings\all users\start menu\programs\installiq updater\Terms & Conditions.url"
uRunOnce: [SpybotDeletingB6361] command.com /c del "c:\documents and settings\all users\start menu\programs\installiq updater\Uninstall InstallIQ Updater.lnk"
uRunOnce: [SpybotDeletingD395] cmd.exe /c del "c:\documents and settings\all users\start menu\programs\installiq updater\Uninstall InstallIQ Updater.lnk"
uRunOnce: [SpybotDeletingB4991] command.com /c del "c:\program files\free offers from freeze.com\control.txt"
uRunOnce: [SpybotDeletingD8747] cmd.exe /c del "c:\program files\free offers from freeze.com\control.txt"
uRunOnce: [SpybotDeletingB3115] command.com /c del "c:\program files\free offers from freeze.com\dolphinico.ico"
uRunOnce: [SpybotDeletingD9549] cmd.exe /c del "c:\program files\free offers from freeze.com\dolphinico.ico"
uRunOnce: [SpybotDeletingB276] command.com /c del "c:\program files\w3i\installiqupdater\iqu.xsl"
uRunOnce: [SpybotDeletingD421] cmd.exe /c del "c:\program files\w3i\installiqupdater\iqu.xsl"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [HP BTW Detect Program] c:\program files\hp\HPBTWD.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode
mRun: [Syncables] c:\program files\syncables\syncables desktop\Syncables.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [CommonToolkitTray] c:\program files\fighters\tray\FightersTray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [SpybotDeletingA9871] command.com /c del "c:\documents and settings\shauna\local settings\temp\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbar4ffx.exe"
mRunOnce: [SpybotDeletingC7031] cmd.exe /c del "c:\documents and settings\shauna\local settings\temp\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbar4ffx.exe"
mRunOnce: [SpybotDeletingA5972] command.com /c del "c:\documents and settings\shauna\local settings\temp\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbar4ie.exe"
mRunOnce: [SpybotDeletingC1090] cmd.exe /c del "c:\documents and settings\shauna\local settings\temp\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbar4ie.exe"
mRunOnce: [SpybotDeletingA9910] command.com /c del "c:\documents and settings\all users\application data\w3i\installiqupdater\data.xml"
mRunOnce: [SpybotDeletingC8145] cmd.exe /c del "c:\documents and settings\all users\application data\w3i\installiqupdater\data.xml"
mRunOnce: [SpybotDeletingA726] command.com /c del "c:\documents and settings\all users\application data\w3i\installiqupdater\iqu.ini"
mRunOnce: [SpybotDeletingC6347] cmd.exe /c del "c:\documents and settings\all users\application data\w3i\installiqupdater\iqu.ini"
mRunOnce: [SpybotDeletingA5632] command.com /c del "c:\documents and settings\all users\application data\w3i\installiqupdater\IQUMessageDlg.xsl"
mRunOnce: [SpybotDeletingC659] cmd.exe /c del "c:\documents and settings\all users\application data\w3i\installiqupdater\IQUMessageDlg.xsl"
mRunOnce: [SpybotDeletingA8391] command.com /c del "c:\documents and settings\all users\application data\w3i\installiqupdater\updater.log"
mRunOnce: [SpybotDeletingC5722] cmd.exe /c del "c:\documents and settings\all users\application data\w3i\installiqupdater\updater.log"
mRunOnce: [SpybotDeletingA9256] command.com /c del "c:\documents and settings\all users\start menu\programs\installiq updater\InstallIQ Updater.lnk"
mRunOnce: [SpybotDeletingC8651] cmd.exe /c del "c:\documents and settings\all users\start menu\programs\installiq updater\InstallIQ Updater.lnk"
mRunOnce: [SpybotDeletingA2017] command.com /c del "c:\documents and settings\all users\start menu\programs\installiq updater\Privacy Policy.url"
mRunOnce: [SpybotDeletingC3110] cmd.exe /c del "c:\documents and settings\all users\start menu\programs\installiq updater\Privacy Policy.url"
mRunOnce: [SpybotDeletingA3822] command.com /c del "c:\documents and settings\all users\start menu\programs\installiq updater\Terms & Conditions.url"
mRunOnce: [SpybotDeletingC8619] cmd.exe /c del "c:\documents and settings\all users\start menu\programs\installiq updater\Terms & Conditions.url"
mRunOnce: [SpybotDeletingA3948] command.com /c del "c:\documents and settings\all users\start menu\programs\installiq updater\Uninstall InstallIQ Updater.lnk"
mRunOnce: [SpybotDeletingC9497] cmd.exe /c del "c:\documents and settings\all users\start menu\programs\installiq updater\Uninstall InstallIQ Updater.lnk"
mRunOnce: [SpybotDeletingA4098] command.com /c del "c:\program files\free offers from freeze.com\control.txt"
mRunOnce: [SpybotDeletingC6129] cmd.exe /c del "c:\program files\free offers from freeze.com\control.txt"
mRunOnce: [SpybotDeletingA4376] command.com /c del "c:\program files\free offers from freeze.com\dolphinico.ico"
mRunOnce: [SpybotDeletingC317] cmd.exe /c del "c:\program files\free offers from freeze.com\dolphinico.ico"
mRunOnce: [SpybotDeletingA4415] command.com /c del "c:\program files\w3i\installiqupdater\iqu.xsl"
mRunOnce: [SpybotDeletingC3356] cmd.exe /c del "c:\program files\w3i\installiqupdater\iqu.xsl"
mRunOnce: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: bolt.cd
Trusted Zone: bolt.org\www
Trusted Zone: microsoft.com\ieonline
Trusted Zone: rapidshare.com
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{44959A9F-FBFF-420E-8666-EA3AB7CB0B63} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D3DECF45-6A43-47C4-92A4-66B8BA13E230} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-6-14 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-6-14 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [2008-9-25 103792]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2012-7-20 28552]
S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-6-14 25584]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2008-12-12 125424]
S2 BOTService;BOTService;c:\program files\roxio\backontrack\instant restore\BOTService.exe [2009-3-19 203248]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-19 655944]
S2 Suite Service;Suite Service;c:\program files\fighters\FighterSuiteService.exe [2012-5-10 1267264]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-23 250056]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-6-14 113664]
S3 Common Toolkit Tools;Common Toolkit Tools;c:\program files\fighters\full-diskfighter\Common Toolkit Tools.exe [2012-6-5 217200]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-2 38912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-19 22344]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-20 40776]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
.
=============== Created Last 30 ================
.
2012-07-20 23:22:00 -------- d-----w- c:\program files\Safer Networking
2012-07-20 22:57:53 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-20 17:04:28 14664 ----a-w- c:\windows\stinger.sys
2012-07-20 17:03:03 -------- d-----w- c:\program files\stinger
2012-07-20 16:54:51 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2012-07-20 16:54:10 -------- d-----w- c:\program files\Panda Security
2012-07-20 16:30:19 -------- d-----w- c:\documents and settings\shauna\application data\QuickScan
2012-07-20 03:09:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-20 03:09:38 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-07-20 02:36:16 -------- d-----w- c:\program files\SpywareBlaster
2012-07-20 02:13:11 -------- d-----w- c:\documents and settings\shauna\application data\Malwarebytes
2012-07-20 02:12:33 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-20 02:12:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-20 02:12:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-13 12:09:56 -------- d-----w- c:\documents and settings\shauna\application data\Meridian93
2012-07-13 12:00:46 -------- d-----w- c:\documents and settings\shauna\application data\funkitron
2012-07-13 11:56:59 -------- d-----w- c:\program files\Mah Jong Medley
2012-07-13 11:55:08 -------- d-----w- c:\windows\system32\3082
2012-07-12 13:45:56 -------- d-----w- c:\documents and settings\all users\application data\The Game Equation
2012-07-12 13:28:19 -------- d-----w- c:\documents and settings\all users\application data\FireGlow
2012-07-12 12:28:56 -------- d-----w- c:\documents and settings\shauna\application data\Arkadium
2012-07-12 12:28:49 -------- d-----w- c:\documents and settings\all users\application data\Trymedia
2012-07-12 12:17:05 -------- d-----w- C:\Games
2012-07-12 03:39:08 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 03:39:08 1866112 ------w- c:\windows\system32\dllcache\win32k.sys
2012-07-12 03:38:12 536576 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-12 03:38:12 536576 ------w- c:\windows\system32\dllcache\msado15.dll
2012-07-10 21:37:56 -------- d-----w- C:\Calibre
2012-07-10 20:38:09 -------- d-----w- c:\program files\File Type Assistant
2012-07-10 20:38:03 -------- d-----w- c:\documents and settings\shauna\application data\BitZipper
2012-07-10 20:37:53 -------- d-----w- c:\program files\BitZipper
2012-07-10 20:07:16 -------- d-----w- C:\Calibre Library
2012-07-10 20:05:55 -------- d-----w- c:\documents and settings\shauna\application data\calibre
2012-07-10 20:05:12 -------- d-----w- c:\program files\Calibre2
2012-07-10 19:48:23 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-07-10 19:48:22 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-07-10 19:48:22 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2012-07-10 19:48:16 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-07-10 19:48:16 -------- d-----w- c:\program files\PDFCreator
2012-07-10 19:47:33 -------- d-----w- c:\documents and settings\shauna\application data\BabylonToolbar
2012-07-10 19:45:56 -------- d-----w- c:\program files\Fighters
2012-07-10 19:45:56 -------- d-----w- c:\documents and settings\shauna\application data\Fighters
2012-07-10 19:45:47 -------- d-----w- c:\documents and settings\all users\application data\Fighters
2012-07-10 19:45:34 -------- d-----w- c:\program files\PricePeep
2012-07-10 19:45:30 -------- d-----w- c:\documents and settings\shauna\application data\Bucksbee Loyalty Plugin 100815.b for Chrome
2012-07-10 19:45:14 -------- d-----w- c:\program files\OApps
2012-07-10 19:41:16 214256 ----a-w- c:\windows\system32\muweb.dll
2012-07-10 19:41:15 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-07-10 19:41:10 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-23 15:30:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 15:30:26 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600BEVT-60ZCT1 rev.13.01A13 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys SahdIa32.sys >>UNKNOWN [0x863D74B1]<<
c:\windows\system32\drivers\SahdIa32.sys Sonic Solutions
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x863de93c]; MOV EAX, [0x863deab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x86547AB8]
3 CLASSPNP[0xF75E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x86501BB0]
5 SahdIa32[0xF7609939] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x86572D98]
\Driver\atapi[0x865205A0] -> IRP_MJ_CREATE -> 0x863D74B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x863D72E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 7:55:31.42 ===============

Logfile of HijackThis v1.99.1
Scan saved at 6:11:50 PM, on 7/20/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fighters\FighterSuiteService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\HP\HPBTWD.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\syncables\syncables desktop\Syncables.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fighters\Tray\FightersTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
C:\Program Files\Fighters\FighterLauncher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\syncables\syncables desktop\MigoMapi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BHO_PROJECT - {47CEEE9C-3B9B-492C-95CA-1AC3A99D154C} - C:\Program Files\OApps\bho_project.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [HP BTW Detect Program] C:\Program Files\HP\HPBTWD.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe /TrayMode
O4 - HKLM\..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [SpybotDeletingA9871] command.com /c del "C:\Documents and Settings\Shauna\Local Settings\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ffx.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7031] cmd.exe /c del "C:\Documents and Settings\Shauna\Local Settings\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ffx.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5972] command.com /c del "C:\Documents and Settings\Shauna\Local Settings\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1090] cmd.exe /c del "C:\Documents and Settings\Shauna\Local Settings\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9910] command.com /c del "C:\Documents and Settings\All Users\Application Data\W3i\InstallIQUpdater\data.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8145] cmd.exe /c del "C:\Documents and Settings\All Users\Application Data\W3i\InstallIQUpdater\data.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingA726] command.com /c del "C:\Documents and Settings\All Users\Application Data\W3i\InstallIQUpdater\iqu.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6347] cmd.exe /c del "C:\Documents and Settings\All Users\Application Data\W3i\InstallIQUpdater\iqu.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5632] command.com /c del "C:\Documents and Settings\All Users\Application Data\W3i\InstallIQUpdater\IQUMessageDlg.xsl"
O4 - HKLM\..\RunOnce: [SpybotDeletingC659] cmd.exe /c del "C:\Documents and Settings\All Users\Application Data\W3i\InstallIQUpdater\IQUMessageDlg.xsl"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8391] command.com /c del "C:\Documents and Settings\All Users\Application Data\W3i\InstallIQUpdater\updater.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5722] cmd.exe /c del "C:\Documents and Settings\All Users\Application Data\W3i\InstallIQUpdater\updater.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9256] command.com /c del "C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater\InstallIQ Updater.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8651] cmd.exe /c del "C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater\InstallIQ Updater.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2017] command.com /c del "C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater\Privacy Policy.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3110] cmd.exe /c del "C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater\Privacy Policy.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3822] command.com /c del "C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater\Terms & Conditions.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8619] cmd.exe /c del "C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater\Terms & Conditions.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3948] command.com /c del "C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater\Uninstall InstallIQ Updater.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9497] cmd.exe /c del "C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater\Uninstall InstallIQ Updater.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4098] command.com /c del "C:\Program Files\Free Offers from Freeze.com\control.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6129] cmd.exe /c del "C:\Program Files\Free Offers from Freeze.com\control.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4376] command.com /c del "C:\Program Files\Free Offers from Freeze.com\dolphinico.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC317] cmd.exe /c del "C:\Program Files\Free Offers from Freeze.com\dolphinico.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4415] command.com /c del "C:\Program Files\W3i\InstallIQUpdater\iqu.xsl"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3356] cmd.exe /c del "C:\Program Files\W3i\InstallIQUpdater\iqu.xsl"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Shauna\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [FDPRO-516] C:\Program Files\Fighters\FighterLauncher.exe FDPRO
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB6525] command.com /c del "C:\Documents and Settings\Shauna\Local Settings\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ffx.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3895] cmd.exe /c del "C:\Documents and Settings\Shauna\Local Settings\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ffx.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5094] command.com /c del "C:\Documents and Settings\Shauna\Local Settings\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7481] command.com /c del "C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater\InstallIQ Updater.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9662] cmd.exe /c del "C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater\InstallIQ Updater.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2368] command.com /c del "C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater\Privacy Policy.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2561] cmd.exe /c del "C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater\Privacy Policy.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1214] command.com /c del "C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater\Terms & Conditions.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4872] cmd.exe /c del "C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater\Terms & Conditions.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6361] command.com /c del "C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater\Uninstall InstallIQ Updater.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD395] cmd.exe /c del "C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater\Uninstall InstallIQ Updater.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4991] command.com /c del "C:\Program Files\Free Offers from Freeze.com\control.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8747] cmd.exe /c del "C:\Program Files\Free Offers from Freeze.com\control.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3115] command.com /c del "C:\Program Files\Free Offers from Freeze.com\dolphinico.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9549] cmd.exe /c del "C:\Program Files\Free Offers from Freeze.com\dolphinico.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB276] command.com /c del "C:\Program Files\W3i\InstallIQUpdater\iqu.xsl"
O4 - HKCU\..\RunOnce: [SpybotDeletingD421] cmd.exe /c del "C:\Program Files\W3i\InstallIQUpdater\iqu.xsl"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BOTService - Sonic Solutions - C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
O23 - Service: Common Toolkit Tools - SPAMfighter ApS - C:\Program Files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\WINDOWS\system32\mfevtps.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe
O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe

---------------------------------------------------

OS Name Microsoft Windows XP Home Edition
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Name MINISHAUNA
System Manufacturer Hewlett-Packard
System Model HP Mini 110-1000
System Type X86-based PC
Processor x86 Family 6 Model 28 Stepping 2 GenuineIntel ~1596 Mhz
BIOS Version/Date Hewlett-Packard 308F0 Ver. F.07, 6/18/2009
SMBIOS Version 2.4
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
User Name MINISHAUNA\Shauna
Time Zone Eastern Daylight Time
Total Physical Memory 1,024.00 MB
Available Physical Memory 632.06 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 2.39 GB
Page File C:\pagefile.sys

------------------------------------------------
Mobile Intel® 945 Express Chipset Family

Local Fixed Disk
No Compression
Size: 149.04 GB
Free Space 123.95 GB

-------------------------------------------------

4500 G510n-z 1.192.168.0.113 ROOT\IMAGE\0001 disabled
C4700.192.168.2.105 ROOT\IMAGE\0000 disabled
Officejet 4500 G510n-z ROOT\MULTIFUNCTION\0002 disabled
Photosmart C4700 ROOT\MULTIFUNCTION\0000 disabled
Photosmart Plus B209a-m ROOT\MULTIFUNCTION\0001 disabled

============================================
11/20/2011 10:22 PM Application Error Faulting application hpwucli.exe, version 5.0.8.1, faulting module hpwucli.exe, version 5.0.8.1, fault address 0x000045ea.&#x000d;&#x000a;
5/2/2012 6:59 PM Dhcp Your computer has lost the lease to its IP address 192.168.0.104 on the&#x000d;&#x000a;Network Card with network address 00265E2989B2.&#x000d;&#x000a;
5/3/2012 9:21 PM Application Error Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x03d60fd0.&#x000d;&#x000a;
7/15/2012 12:27 PM Application Error Faulting application magic_farm2.exe, version 0.0.0.0, faulting module d3d9.dll, version 5.3.2600.5512, fault address 0x0004f260.&#x000d;&#x000a;
7/17/2012 4:19 PM Application Error Faulting application magic_farm2.exe, version 0.0.0.0, faulting module magic_farm2.exe, version 0.0.0.0, fault address 0x0030ea8b.&#x000d;&#x000a;
7/19/2012 10:01 PM Application Error Faulting application explorer.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.&#x000d;&#x000a;
7/20/2012 11:18 AM Application Error Faulting application mbam.exe, version 1.62.0.87, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000108f3.&#x000d;&#x000a;
7/20/2012 11:32 AM Application Error Fault bucket -1232579465.&#x000d;&#x000a;
7/20/2012 7:20 AM Dhcp Your computer was not assigned an address from the network (by the DHCP&#x000d;&#x000a;Server) for the Network Card with network address 00265E2989B2. The following error&#x000d;&#x000a;occurred: &#x000d;&#x000a;The semaphore timeout period has expired.&#x000d;&#x000a;.&#x000d;&#x000a;Your computer will continue to try and obtain an address on its own from&#x000d;&#x000a;the network address (DHCP) server.&#x000d;&#x000a;
7/20/2012 7:26 AM Dhcp Your computer was not assigned an address from the network (by the DHCP&#x000d;&#x000a;Server) for the Network Card with network address 00265E2989B2. The following error&#x000d;&#x000a;occurred: &#x000d;&#x000a;The semaphore timeout period has expired.&#x000d;&#x000a;.&#x000d;&#x000a;Your computer will continue to try and obtain an address on its own from&#x000d;&#x000a;the network address (DHCP) server.&#x000d;&#x000a;
----------------------------------------------------

ComSpec %SystemRoot%\system32\cmd.exe <SYSTEM>
FP_NO_HOST_CHECK NO <SYSTEM>
NUMBER_OF_PROCESSORS 2 <SYSTEM>
OS Windows_NT <SYSTEM>
OnlineServices Online Services <SYSTEM>
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH <SYSTEM>
PCBRAND Pavilion <SYSTEM>
PROCESSOR_ARCHITECTURE x86 <SYSTEM>
PROCESSOR_IDENTIFIER x86 Family 6 Model 28 Stepping 2, GenuineIntel <SYSTEM>
PROCESSOR_LEVEL 6 <SYSTEM>
PROCESSOR_REVISION 1c02 <SYSTEM>
Path %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\HP\Digital Imaging\bin;C:\Program Files\HP\Digital Imaging\bin\;C:\Program Files\HP\Digital Imaging\bin\Qt\Qt 4.3.3;C:\Program Files\Calibre2\ <SYSTEM>
Platform MCD <SYSTEM>
SAFEBOOT_OPTION MINIMAL <SYSTEM>
TEMP %SystemRoot%\TEMP <SYSTEM>
TEMP %USERPROFILE%\Local Settings\Temp NT AUTHORITY\SYSTEM
TEMP %USERPROFILE%\Local Settings\Temp NT AUTHORITY\NETWORK SERVICE
TEMP %USERPROFILE%\Local Settings\Temp NT AUTHORITY\NETWORK SERVICE
TMP %SystemRoot%\TEMP <SYSTEM>
TMP %USERPROFILE%\Local Settings\Temp NT AUTHORITY\SYSTEM
TMP %USERPROFILE%\Local Settings\Temp NT AUTHORITY\NETWORK SERVICE
TMP %USERPROFILE%\Local Settings\Temp MINISHAUNA\Shauna
windir %SystemRoot% <SYSTEM>
----------------------------------------------
Startup Programs

AESTFltr %systemroot%\system32\aestfltr.exe /nodlg All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Reader Speed Launcher "c:\program files\adobe\reader 9.0\reader\reader_sl.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CommonToolkitTray c:\program files\fighters\tray\fighterstray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
FDPRO-516 c:\program files\fighters\fighterlauncher.exe fdpro MINISHAUNA\Shauna HKU\S-1-5-21-1226193511-2892163551-3241378241-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Google Update "c:\documents and settings\shauna\local settings\application data\google\update\googleupdate.exe" /c MINISHAUNA\Shauna HKU\S-1-5-21-1226193511-2892163551-3241378241-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HP BTW Detect Program c:\program files\hp\hpbtwd.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HP Digital Imaging Monitor c:\progra~1\hp\digita~1\bin\hpqtra08.exe All Users Common Startup
HP Mobile Broadband c:\swsetup\hpqwwan\hpmobilebroadband.exe /traymode All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HP Software Update c:\program files\hp\hp software update\hpwuschd2.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HotKeysCmds c:\windows\system32\hkcmd.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IgfxTray c:\windows\system32\igfxtray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
InstallIQUpdater "c:\program files\w3i\installiqupdater\installiqupdater.exe" /silent /autorun MINISHAUNA\Shauna HKU\S-1-5-21-1226193511-2892163551-3241378241-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
KernelFaultCheck %systemroot%\system32\dumprep 0 -k All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Malwarebytes' Anti-Malware "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Default Manager "c:\program files\microsoft\search enhancement pack\default manager\defmgr.exe" -resume All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Persistence c:\windows\system32\igfxpers.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SpybotSD TeaTimer c:\program files\spybot - search & destroy\teatimer.exe MINISHAUNA\Shauna HKU\S-1-5-21-1226193511-2892163551-3241378241-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched "c:\program files\java\jre6\bin\jusched.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SynTPEnh c:\program files\synaptics\syntp\syntpenh.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Syncables c:\program files\syncables\syncables desktop\syncables.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SysTrayApp %programfiles%\idt\wdm\sttray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe c:\windows\system32\ctfmon.exe MINISHAUNA\Shauna HKU\S-1-5-21-1226193511-2892163551-3241378241-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
desktop desktop.ini NT AUTHORITY\SYSTEM Startup
desktop desktop.ini MINISHAUNA\Shauna Startup
desktop desktop.ini .DEFAULT Startup
desktop desktop.ini All Users Common Startup
hpWirelessAssistant c:\program files\hewlett-packard\hp wireless assistant\hpwamain.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
--------------------------------------------------
Services:

.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Stopped Manual Own Process c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe Ignore LocalSystem 0
ASP.NET State Service aspnet_state Stopped Manual Own Process c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe Normal NT AUTHORITY\NetworkService 0
Adobe Flash Player Update Service AdobeFlashPlayerUpdateSvc Stopped Manual Own Process c:\windows\system32\macromed\flash\flashplayerupdateservice.exe Normal LocalSystem 0
Alerter Alerter Stopped Disabled Share Process c:\windows\system32\svchost.exe -k localservice Normal NT AUTHORITY\LocalService 0
Application Layer Gateway Service ALG Stopped Manual Own Process c:\windows\system32\alg.exe Normal NT AUTHORITY\LocalService 0
Application Management AppMgmt Stopped Manual Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Audio Service STacSV Stopped Auto Own Process c:\program files\idt\wdm\stacsv.exe Normal LocalSystem 0
Automatic Updates wuauserv Stopped Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
BOTService BOTService Stopped Auto Own Process "c:\program files\roxio\backontrack\instant restore\botservice.exe" Normal LocalSystem 0
Background Intelligent Transfer Service BITS Stopped Manual Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
COM+ Event System EventSystem Stopped Manual Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
COM+ System Application COMSysApp Stopped Manual Own Process c:\windows\system32\dllhost.exe /processid:{02d4b3f1-fd88-11d1-960d-00805fc79235} Normal LocalSystem 0
ClipBook ClipSrv Stopped Disabled Own Process c:\windows\system32\clipsrv.exe Normal LocalSystem 0
Common Toolkit Tools Common Toolkit Tools Stopped Manual Own Process "c:\program files\fighters\full-diskfighter\common toolkit tools.exe" Normal LocalSystem 0
Computer Browser Browser Stopped Disabled Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Cryptographic Services CryptSvc Running Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
DCOM Server Process Launcher DcomLaunch Running Auto Share Process c:\windows\system32\svchost -k dcomlaunch Normal LocalSystem 0
DHCP Client Dhcp Stopped Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
DNS Client Dnscache Stopped Auto Share Process c:\windows\system32\svchost.exe -k networkservice Normal NT AUTHORITY\NetworkService 0
Distributed Link Tracking Client TrkWks Stopped Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Distributed Transaction Coordinator MSDTC Stopped Manual Own Process c:\windows\system32\msdtc.exe Normal NT AUTHORITY\NetworkService 0
Error Reporting Service ERSvc Stopped Disabled Share Process c:\windows\system32\svchost.exe -k netsvcs Ignore LocalSystem 0
Event Log Eventlog Running Auto Share Process c:\windows\system32\services.exe Normal LocalSystem 0
Extensible Authentication Protocol Service EapHost Stopped Manual Share Process c:\windows\system32\svchost.exe -k eapsvcs Normal localSystem 0
Fast User Switching Compatibility FastUserSwitchingCompatibility Stopped Manual Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
HID Input Service HidServ Stopped Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
HP CUE DeviceDiscovery Service hpqddsvc Stopped Auto Share Process c:\windows\system32\svchost.exe -k hpdevmgmt Normal LocalSystem 0
HP Network Devices Support HPSLPSVC Stopped Auto Share Process c:\windows\system32\svchost.exe -k hpservice Normal LocalSystem 0
HTTP SSL HTTPFilter Stopped Manual Share Process c:\windows\system32\svchost.exe -k httpfilter Normal LocalSystem 0
Health Key and Certificate Management Service hkmsvc Stopped Manual Share Process c:\windows\system32\svchost.exe -k netsvcs Normal localSystem 0
Help and Support helpsvc Running Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
IMAPI CD-Burning COM Service ImapiService Stopped Manual Own Process c:\windows\system32\imapi.exe Normal LocalSystem 0
IPSEC Services PolicyAgent Stopped Auto Share Process c:\windows\system32\lsass.exe Normal LocalSystem 0
Indexing Service CiSvc Stopped Manual Share Process c:\windows\system32\cisvc.exe Normal LocalSystem 0
InstallDriver Table Manager IDriverT Stopped Manual Own Process "c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe" Ignore LocalSystem 0
Java Quick Starter JavaQuickStarterService Stopped Auto Own Process "c:\program files\java\jre6\bin\jqs.exe" -service -config "c:\program files\java\jre6\lib\deploy\jqs\jqs.conf" Normal LocalSystem 0
Logical Disk Manager dmserver Stopped Manual Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Logical Disk Manager Administrative Service dmadmin Stopped Manual Share Process c:\windows\system32\dmadmin.exe /com Normal LocalSystem 0
MBAMService MBAMService Stopped Auto Own Process "c:\program files\malwarebytes' anti-malware\mbamservice.exe" Normal LocalSystem 0
MS Software Shadow Copy Provider SwPrv Stopped Manual Own Process c:\windows\system32\dllhost.exe /processid:{2b3b4629-e439-4914-8d13-1ecd31e5d3e5} Ignore LocalSystem 0
Messenger Messenger Stopped Disabled Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Microsoft Office Diagnostics Service odserv Stopped Manual Own Process "c:\program files\common files\microsoft shared\office12\odserv.exe" Normal LocalSystem 0
NT LM Security Support Provider NtLmSsp Stopped Manual Share Process c:\windows\system32\lsass.exe Normal LocalSystem 0
Net Driver HPZ12 Net Driver HPZ12 Stopped Auto Own Process c:\windows\system32\svchost.exe -k hpz12 Normal NT AUTHORITY\LocalService 0
Net Logon Netlogon Stopped Manual Share Process c:\windows\system32\lsass.exe Normal LocalSystem 0
Net.Tcp Port Sharing Service NetTcpPortSharing Stopped Disabled Share Process "c:\windows\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe" Normal NT AUTHORITY\LocalService 0
NetMeeting Remote Desktop Sharing mnmsrvc Stopped Manual Own Process c:\windows\system32\mnmsrvc.exe Normal LocalSystem 0
Network Access Protection Agent napagent Stopped Manual Share Process c:\windows\system32\svchost.exe -k netsvcs Normal localSystem 0
Network Connections Netman Stopped Manual Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Network DDE NetDDE Stopped Disabled Share Process c:\windows\system32\netdde.exe Normal LocalSystem 0
Network DDE DSDM NetDDEdsdm Stopped Disabled Share Process c:\windows\system32\netdde.exe Normal LocalSystem 0
Network Location Awareness (NLA) Nla Stopped Manual Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Network Provisioning Service xmlprov Stopped Manual Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Office Source Engine ose Stopped Manual Own Process "c:\program files\common files\microsoft shared\source engine\ose.exe" Normal LocalSystem 0
Performance Logs and Alerts SysmonLog Stopped Manual Own Process c:\windows\system32\smlogsvc.exe Normal NT Authority\NetworkService 0
Plug and Play PlugPlay Running Auto Share Process c:\windows\system32\services.exe Normal LocalSystem 0
Pml Driver HPZ12 Pml Driver HPZ12 Stopped Auto Own Process c:\windows\system32\svchost.exe -k hpz12 Normal NT AUTHORITY\LocalService 0
Portable Media Serial Number Service WmdmPmSN Stopped Manual Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Print Spooler Spooler Stopped Auto Own Process c:\windows\system32\spoolsv.exe Normal LocalSystem 0
Protected Storage ProtectedStorage Stopped Auto Share Process c:\windows\system32\lsass.exe Normal LocalSystem 0
QoS RSVP RSVP Stopped Manual Own Process c:\windows\system32\rsvp.exe Normal LocalSystem 0
Remote Access Auto Connection Manager RasAuto Stopped Manual Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Remote Access Connection Manager RasMan Stopped Manual Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Remote Desktop Help Session Manager RDSessMgr Stopped Manual Own Process c:\windows\system32\sessmgr.exe Normal LocalSystem 0
Remote Procedure Call (RPC) RpcSs Running Auto Own Process c:\windows\system32\svchost -k rpcss Normal NT AUTHORITY\NetworkService 0
Remote Procedure Call (RPC) Locator RpcLocator Stopped Manual Own Process c:\windows\system32\locator.exe Normal NT AUTHORITY\NetworkService 0
Removable Storage NtmsSvc Stopped Manual Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Routing and Remote Access RemoteAccess Stopped Disabled Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Roxio SAIB Service 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 Stopped Auto Own Process c:\program files\roxio\backontrack\disaster recovery\saibsvc.exe Normal LocalSystem 0
SSDP Discovery Service SSDPSRV Stopped Manual Share Process c:\windows\system32\svchost.exe -k localservice Normal NT AUTHORITY\LocalService 0
Secondary Logon seclogon Stopped Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Ignore LocalSystem 0
Security Accounts Manager SamSs Stopped Auto Share Process c:\windows\system32\lsass.exe Normal LocalSystem 0
Security Center wscsvc Stopped Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Server LanmanServer Stopped Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Shell Hardware Detection ShellHWDetection Stopped Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Ignore LocalSystem 0
Smart Card SCardSvr Stopped Manual Share Process c:\windows\system32\scardsvr.exe Ignore NT AUTHORITY\LocalService 0
Suite Service Suite Service Stopped Auto Own Process c:\program files\fighters\fightersuiteservice.exe Normal LocalSystem 0
System Event Notification SENS Stopped Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
System Restore Service srservice Stopped Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
TCP/IP NetBIOS Helper LmHosts Stopped Auto Share Process c:\windows\system32\svchost.exe -k localservice Normal NT AUTHORITY\LocalService 0
Task Scheduler Schedule Stopped Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Telephony TapiSrv Stopped Manual Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Terminal Services TermService Stopped Manual Share Process c:\windows\system32\svchost -k dcomlaunch Normal LocalSystem 0
Themes Themes Stopped Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Uninterruptible Power Supply UPS Stopped Manual Own Process c:\windows\system32\ups.exe Normal NT AUTHORITY\LocalService 0
Universal Plug and Play Device Host upnphost Stopped Manual Share Process c:\windows\system32\svchost.exe -k localservice Normal NT AUTHORITY\LocalService 0
Volume Shadow Copy VSS Stopped Manual Own Process c:\windows\system32\vssvc.exe Normal LocalSystem 0
WMI Performance Adapter WmiApSrv Stopped Manual Own Process c:\windows\system32\wbem\wmiapsrv.exe Normal LocalSystem 0
WebClient WebClient Stopped Auto Own Process c:\windows\system32\svchost.exe -k localservice Normal NT AUTHORITY\LocalService 0
Windows Audio AudioSrv Stopped Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Windows CardSpace idsvc Stopped Manual Share Process "c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe" Normal LocalSystem 0
Windows Driver Foundation - User-mode Driver Framework WudfSvc Stopped Auto Share Process c:\windows\system32\svchost.exe -k wudfservicegroup Normal LocalSystem 0
Windows Firewall/Internet Connection Sharing (ICS) SharedAccess Stopped Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Windows Image Acquisition (WIA) stisvc Stopped Auto Share Process c:\windows\system32\svchost.exe -k imgsvc Normal LocalSystem 0
Windows Installer MSIServer Stopped Auto Share Process c:\windows\system32\msiexec.exe /v Normal LocalSystem 0
Windows Management Instrumentation winmgmt Running Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Ignore LocalSystem 0
Windows Media Player Network Sharing Service WMPNetworkSvc Stopped Manual Own Process "c:\program files\windows media player\wmpnetwk.exe" Normal NT AUTHORITY\NetworkService 0
Windows Presentation Foundation Font Cache 3.0.0.0 FontCache3.0.0.0 Stopped Manual Own Process c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe Normal NT AUTHORITY\LocalService 0
Windows Time W32Time Stopped Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Wired AutoConfig Dot3svc Stopped Manual Share Process c:\windows\system32\svchost.exe -k dot3svc Normal localSystem 0
Wireless Zero Configuration WZCSVC Stopped Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
Workstation lanmanworkstation Stopped Auto Share Process c:\windows\system32\svchost.exe -k netsvcs Normal LocalSystem 0
hpqcxs08 hpqcxs08 Stopped Manual Share Process c:\windows\system32\svchost.exe -k hpdevmgmt Normal LocalSystem 0
hpqwmiex hpqwmiex Stopped Manual Own Process "c:\program files\hewlett-packard\shared\hpqwmiex.exe" Normal LocalSystem 0
---------------------------------------------------
System Drivers:

abiosdsk Abiosdsk Not Available Kernel Driver No Disabled Stopped OK Ignore No No
abp480n5 abp480n5 c:\windows\system32\drivers\abp480n5.sys Kernel Driver No Disabled Stopped OK Normal No No
acpi Microsoft ACPI Driver c:\windows\system32\drivers\acpi.sys Kernel Driver Yes Boot Running OK Normal No Yes
acpiec Microsoft Embedded Controller Driver c:\windows\system32\drivers\acpiec.sys Kernel Driver Yes Boot Running OK Normal No Yes
adpu160m adpu160m c:\windows\system32\drivers\adpu160m.sys Kernel Driver No Disabled Stopped OK Normal No No
aec Microsoft Kernel Acoustic Echo Canceller c:\windows\system32\drivers\aec.sys Kernel Driver No Manual Stopped OK Normal No No
aestaud AE Audio Service c:\windows\system32\drivers\aestaud.sys Kernel Driver No Manual Stopped OK Normal No No
afd AFD c:\windows\system32\drivers\afd.sys Kernel Driver No System Stopped OK Normal No No
agp440 Intel AGP Bus Filter c:\windows\system32\drivers\agp440.sys Kernel Driver No Disabled Stopped OK Normal No No
agpcpq Compaq AGP Bus Filter c:\windows\system32\drivers\agpcpq.sys Kernel Driver No Disabled Stopped OK Normal No No
aha154x Aha154x c:\windows\system32\drivers\aha154x.sys Kernel Driver No Disabled Stopped OK Normal No No
aic78u2 aic78u2 c:\windows\system32\drivers\aic78u2.sys Kernel Driver No Disabled Stopped OK Normal No No
aic78xx aic78xx c:\windows\system32\drivers\aic78xx.sys Kernel Driver No Disabled Stopped OK Normal No No
aliide AliIde c:\windows\system32\drivers\aliide.sys Kernel Driver Yes Boot Running OK Normal No Yes
alim1541 ALI AGP Bus Filter c:\windows\system32\drivers\alim1541.sys Kernel Driver No Disabled Stopped OK Normal No No
amdagp AMD AGP Bus Filter Driver c:\windows\system32\drivers\amdagp.sys Kernel Driver No Disabled Stopped OK Normal No No
amsint amsint c:\windows\system32\drivers\amsint.sys Kernel Driver No Disabled Stopped OK Normal No No
arp1394 1394 ARP Client Protocol c:\windows\system32\drivers\arp1394.sys Kernel Driver No Manual Stopped OK Normal No No
asc asc c:\windows\system32\drivers\asc.sys Kernel Driver No Disabled Stopped OK Normal No No
asc3350p asc3350p c:\windows\system32\drivers\asc3350p.sys Kernel Driver No Disabled Stopped OK Normal No No
asc3550 asc3550 c:\windows\system32\drivers\asc3550.sys Kernel Driver No Disabled Stopped OK Normal No No
asyncmac RAS Asynchronous Media Driver c:\windows\system32\drivers\asyncmac.sys Kernel Driver No Manual Stopped OK Normal No No
atapi Standard IDE/ESDI Hard Disk Controller c:\windows\system32\drivers\atapi.sys Kernel Driver Yes Boot Running OK Normal No Yes
atdisk Atdisk Not Available Kernel Driver No Disabled Stopped OK Ignore No No
atmarpc ATM ARP Client Protocol c:\windows\system32\drivers\atmarpc.sys Kernel Driver No Manual Stopped OK Normal No No
audstub Audio Stub Driver c:\windows\system32\drivers\audstub.sys Kernel Driver No Manual Stopped OK Normal No No
bcm43xx Broadcom 802.11 Network Adapter Driver c:\windows\system32\drivers\bcmwl5.sys Kernel Driver No Manual Stopped OK Normal No No
beep Beep c:\windows\system32\drivers\beep.sys Kernel Driver Yes System Running OK Normal No Yes
cbidf cbidf c:\windows\system32\drivers\cbidf2k.sys Kernel Driver No Disabled Stopped OK Normal No No
cbidf2k cbidf2k c:\windows\system32\drivers\cbidf2k.sys Kernel Driver No Disabled Stopped OK Normal No No
ccdecode Closed Caption Decoder c:\windows\system32\drivers\ccdecode.sys Kernel Driver No Manual Stopped OK Normal No No
cd20xrnt cd20xrnt c:\windows\system32\drivers\cd20xrnt.sys Kernel Driver No Disabled Stopped OK Normal No No
cdaudio Cdaudio c:\windows\system32\drivers\cdaudio.sys Kernel Driver No System Stopped OK Ignore No No
cdfs Cdfs c:\windows\system32\drivers\cdfs.sys File System Driver No Disabled Stopped OK Normal No No
cdrom CD-ROM Driver c:\windows\system32\drivers\cdrom.sys Kernel Driver No System Stopped OK Normal No No
changer Changer Not Available Kernel Driver No System Stopped OK Ignore No No
cmbatt Microsoft ACPI Control Method Battery Driver c:\windows\system32\drivers\cmbatt.sys Kernel Driver No Manual Stopped OK Normal No No
cmdide CmdIde c:\windows\system32\drivers\cmdide.sys Kernel Driver No Disabled Stopped OK Normal No No
compbatt Microsoft Composite Battery Driver c:\windows\system32\drivers\compbatt.sys Kernel Driver Yes Boot Running OK Normal No Yes
cpqarray Cpqarray c:\windows\system32\drivers\cpqarray.sys Kernel Driver No Disabled Stopped OK Normal No No
dac2w2k dac2w2k c:\windows\system32\drivers\dac2w2k.sys Kernel Driver No Disabled Stopped OK Normal No No
dac960nt dac960nt c:\windows\system32\drivers\dac960nt.sys Kernel Driver No Disabled Stopped OK Normal No No
disk Disk Driver c:\windows\system32\drivers\disk.sys Kernel Driver Yes Boot Running OK Normal No Yes
dmboot dmboot c:\windows\system32\drivers\dmboot.sys Kernel Driver No Disabled Stopped OK Normal No No
dmio dmio c:\windows\system32\drivers\dmio.sys Kernel Driver No Disabled Stopped OK Normal No No
dmload dmload c:\windows\system32\drivers\dmload.sys Kernel Driver No Disabled Stopped OK Normal No No
dmusic Microsoft Kernel DLS Syntheiszer c:\windows\system32\drivers\dmusic.sys Kernel Driver No Manual Stopped OK Normal No No
dpti2o dpti2o c:\windows\system32\drivers\dpti2o.sys Kernel Driver No Disabled Stopped OK Normal No No
drmkaud Microsoft Kernel DRM Audio Descrambler c:\windows\system32\drivers\drmkaud.sys Kernel Driver No Manual Stopped OK Normal No No
fastfat Fastfat c:\windows\system32\drivers\fastfat.sys File System Driver Yes Disabled Running OK Normal No Yes
fdc Fdc c:\windows\system32\drivers\fdc.sys Kernel Driver No System Stopped OK Ignore No No
fips Fips c:\windows\system32\drivers\fips.sys Kernel Driver No System Stopped OK Normal No No
flpydisk Flpydisk c:\windows\system32\drivers\flpydisk.sys Kernel Driver No System Stopped OK Ignore No No
fltmgr FltMgr c:\windows\system32\drivers\fltmgr.sys File System Driver Yes Boot Running OK Normal No Yes
ftdisk Volume Manager Driver c:\windows\system32\drivers\ftdisk.sys Kernel Driver Yes Boot Running OK Normal No Yes
gpc Generic Packet Classifier c:\windows\system32\drivers\msgpc.sys Kernel Driver No Manual Stopped OK Normal No No
hdaudbus Microsoft UAA Bus Driver for High Definition Audio c:\windows\system32\drivers\hdaudbus.sys Kernel Driver Yes Manual Running OK Normal No Yes
hidusb Microsoft HID Class Driver c:\windows\system32\drivers\hidusb.sys Kernel Driver Yes Manual Running OK Ignore No Yes
hpn hpn c:\windows\system32\drivers\hpn.sys Kernel Driver No Disabled Stopped OK Normal No No
http HTTP c:\windows\system32\drivers\http.sys Kernel Driver No Manual Stopped OK Normal No No
i2omgmt i2omgmt c:\windows\system32\drivers\i2omgmt.sys Kernel Driver Yes System Running OK Normal No Yes
i2omp i2omp c:\windows\system32\drivers\i2omp.sys Kernel Driver No Disabled Stopped OK Normal No No
i8042prt i8042 Keyboard and PS/2 Mouse Port Driver c:\windows\system32\drivers\i8042prt.sys Kernel Driver Yes System Running OK Normal No Yes
ialm ialm c:\windows\system32\drivers\igxpmp32.sys Kernel Driver No Manual Stopped OK Ignore No No
imapi CD-Burning Filter Driver c:\windows\system32\drivers\imapi.sys Kernel Driver No System Stopped OK Normal No No
ini910u ini910u c:\windows\system32\drivers\ini910u.sys Kernel Driver No Disabled Stopped OK Normal No No
intelide IntelIde c:\windows\system32\drivers\intelide.sys Kernel Driver Yes Boot Running OK Normal No Yes
intelppm Intel Processor Driver c:\windows\system32\drivers\intelppm.sys Kernel Driver No System Stopped OK Normal No No
ip6fw IPv6 Windows Firewall Driver c:\windows\system32\drivers\ip6fw.sys Kernel Driver No Manual Stopped OK Normal No No
ipfilterdriver IP Traffic Filter Driver c:\windows\system32\drivers\ipfltdrv.sys Kernel Driver No Manual Stopped OK Normal No No
ipinip IP in IP Tunnel Driver c:\windows\system32\drivers\ipinip.sys Kernel Driver No Manual Stopped OK Normal No No
ipnat IP Network Address Translator c:\windows\system32\drivers\ipnat.sys Kernel Driver No Manual Stopped OK Normal No No
ipsec IPSEC driver c:\windows\system32\drivers\ipsec.sys Kernel Driver No System Stopped OK Normal No No
irenum IR Enumerator Service c:\windows\system32\drivers\irenum.sys Kernel Driver No Manual Stopped OK Normal No No
isapnp PnP ISA/EISA Bus Driver c:\windows\system32\drivers\isapnp.sys Kernel Driver Yes Boot Running OK Critical No Yes
kbdclass Keyboard Class Driver c:\windows\system32\drivers\kbdclass.sys Kernel Driver Yes System Running OK Normal No Yes
kbdhid Keyboard HID Driver c:\windows\system32\drivers\kbdhid.sys Kernel Driver No System Stopped OK Ignore No No
kmixer Microsoft Kernel Wave Audio Mixer c:\windows\system32\drivers\kmixer.sys Kernel Driver No Manual Stopped OK Normal No No
ksecdd KSecDD c:\windows\system32\drivers\ksecdd.sys Kernel Driver Yes Boot Running OK Normal No Yes
l1c NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller c:\windows\system32\drivers\l1c51x86.sys Kernel Driver No Manual Stopped OK Normal No No
lbrtfdc lbrtfdc Not Available Kernel Driver No System Stopped OK Ignore No No
mbamprotector MBAMProtector \??\c:\windows\system32\drivers\mbam.sys File System Driver No Manual Stopped OK Normal No No
mbamswissarmy MBAMSwissArmy \??\c:\windows\system32\drivers\mbamswissarmy.sys Kernel Driver No Manual Stopped OK Normal No No
mnmdd mnmdd c:\windows\system32\drivers\mnmdd.sys Kernel Driver No System Stopped OK Ignore No No
modem Modem c:\windows\system32\drivers\modem.sys Kernel Driver No Manual Stopped OK Ignore No No
mouclass Mouse Class Driver c:\windows\system32\drivers\mouclass.sys Kernel Driver Yes System Running OK Normal No Yes
mouhid Mouse HID Driver c:\windows\system32\drivers\mouhid.sys Kernel Driver Yes Manual Running OK Ignore No Yes
mountmgr MountMgr c:\windows\system32\drivers\mountmgr.sys Kernel Driver Yes Boot Running OK Normal No Yes
mraid35x mraid35x c:\windows\system32\drivers\mraid35x.sys Kernel Driver No Disabled Stopped OK Normal No No
mrxdav WebDav Client Redirector c:\windows\system32\drivers\mrxdav.sys File System Driver No Manual Stopped OK Normal No No
mrxsmb MRXSMB c:\windows\system32\drivers\mrxsmb.sys File System Driver No System Stopped OK Normal No No
msfs Msfs c:\windows\system32\drivers\msfs.sys File System Driver Yes System Running OK Normal No Yes
mskssrv Microsoft Streaming Service Proxy c:\windows\system32\drivers\mskssrv.sys Kernel Driver No Manual Stopped OK Normal No No
mspclock Microsoft Streaming Clock Proxy c:\windows\system32\drivers\mspclock.sys Kernel Driver No Manual Stopped OK Normal No No
mspqm Microsoft Streaming Quality Manager Proxy c:\windows\system32\drivers\mspqm.sys Kernel Driver No Manual Stopped OK Normal No No
mssmbios Microsoft System Management BIOS Driver c:\windows\system32\drivers\mssmbios.sys Kernel Driver Yes Manual Running OK Normal No Yes
mstee Microsoft Streaming Tee/Sink-to-Sink Converter c:\windows\system32\drivers\mstee.sys Kernel Driver No Manual Stopped OK Normal No No
mup Mup c:\windows\system32\drivers\mup.sys File System Driver Yes Boot Running OK Normal No Yes
nabtsfec NABTS/FEC VBI Codec c:\windows\system32\drivers\nabtsfec.sys Kernel Driver No Manual Stopped OK Normal No No
ndis NDIS System Driver c:\windows\system32\drivers\ndis.sys Kernel Driver Yes Boot Running OK Normal No Yes
ndisip Microsoft TV/Video Connection c:\windows\system32\drivers\ndisip.sys Kernel Driver No Manual Stopped OK Normal No No
ndistapi Remote Access NDIS TAPI Driver c:\windows\system32\drivers\ndistapi.sys Kernel Driver No Manual Stopped OK Normal No No
ndisuio NDIS Usermode I/O Protocol c:\windows\system32\drivers\ndisuio.sys Kernel Driver No Manual Stopped OK Normal No No
ndiswan Remote Access NDIS WAN Driver c:\windows\system32\drivers\ndiswan.sys Kernel Driver No Manual Stopped OK Normal No No
ndproxy NDIS Proxy c:\windows\system32\drivers\ndproxy.sys Kernel Driver No Manual Stopped OK Normal No No
netbios NetBIOS Interface c:\windows\system32\drivers\netbios.sys File System Driver No System Stopped OK Normal No No
netbt NetBios over Tcpip c:\windows\system32\drivers\netbt.sys Kernel Driver No System Stopped OK Normal No No
nic1394 1394 Net Driver c:\windows\system32\drivers\nic1394.sys Kernel Driver No Manual Stopped OK Normal No No
npfs Npfs c:\windows\system32\drivers\npfs.sys File System Driver Yes System Running OK Normal No Yes
ntfs Ntfs c:\windows\system32\drivers\ntfs.sys File System Driver Yes Disabled Running OK Normal No Yes
null Null c:\windows\system32\drivers\null.sys Kernel Driver Yes System Running OK Normal No Yes
nwlnkflt IPX Traffic Filter Driver c:\windows\system32\drivers\nwlnkflt.sys Kernel Driver No Manual Stopped OK Normal No No
nwlnkfwd IPX Traffic Forwarder Driver c:\windows\system32\drivers\nwlnkfwd.sys Kernel Driver No Manual Stopped OK Normal No No
ohci1394 OHCI Compliant IEEE 1394 Host Controller c:\windows\system32\drivers\ohci1394.sys Kernel Driver Yes Boot Running OK Normal No Yes
parport Parport c:\windows\system32\drivers\parport.sys Kernel Driver No Manual Stopped OK Ignore No No
partmgr PartMgr c:\windows\system32\drivers\partmgr.sys Kernel Driver Yes Boot Running OK Normal No Yes
parvdm ParVdm c:\windows\system32\drivers\parvdm.sys Kernel Driver No Disabled Stopped OK Ignore No No
pavboot pavboot c:\windows\system32\drivers\pavboot.sys File System Driver No Boot Stopped OK Normal No No
pci PCI Bus Driver c:\windows\system32\drivers\pci.sys Kernel Driver Yes Boot Running OK Critical No Yes
pcidump PCIDump Not Available Kernel Driver No System Stopped OK Ignore No No
pciide PCIIde c:\windows\system32\drivers\pciide.sys Kernel Driver Yes Boot Running OK Normal No Yes
pcmcia Pcmcia c:\windows\system32\drivers\pcmcia.sys Kernel Driver No Disabled Stopped OK Normal No No
pdcomp PDCOMP Not Available Kernel Driver No Manual Stopped OK Ignore No No
pdframe PDFRAME Not Available Kernel Driver No Manual Stopped OK Ignore No No
pdreli PDRELI Not Available Kernel Driver No Manual Stopped OK Ignore No No
pdrframe PDRFRAME Not Available Kernel Driver No Manual Stopped OK Ignore No No
perc2 perc2 c:\windows\system32\drivers\perc2.sys Kernel Driver No Disabled Stopped OK Normal No No
perc2hib perc2hib c:\windows\system32\drivers\perc2hib.sys Kernel Driver No Disabled Stopped OK Normal No No
pptpminiport WAN Miniport (PPTP) c:\windows\system32\drivers\raspptp.sys Kernel Driver No Manual Stopped OK Normal No No
psched QoS Packet Scheduler c:\windows\system32\drivers\psched.sys Kernel Driver No Manual Stopped OK Normal No No
ptilink Direct Parallel Link Driver c:\windows\system32\drivers\ptilink.sys Kernel Driver No Manual Stopped OK Normal No No
pxhelp20 PxHelp20 c:\windows\system32\drivers\pxhelp20.sys Kernel Driver Yes Boot Running OK Normal No Yes
ql1080 ql1080 c:\windows\system32\drivers\ql1080.sys Kernel Driver No Disabled Stopped OK Normal No No
ql10wnt Ql10wnt c:\windows\system32\drivers\ql10wnt.sys Kernel Driver No Disabled Stopped OK Normal No No
ql12160 ql12160 c:\windows\system32\drivers\ql12160.sys Kernel Driver No Disabled Stopped OK Normal No No
ql1240 ql1240 c:\windows\system32\drivers\ql1240.sys Kernel Driver No Disabled Stopped OK Normal No No
ql1280 ql1280 c:\windows\system32\drivers\ql1280.sys Kernel Driver No Disabled Stopped OK Normal No No
rasacd Remote Access Auto Connection Driver c:\windows\system32\drivers\rasacd.sys Kernel Driver No System Stopped OK Normal No No
rasl2tp WAN Miniport (L2TP) c:\windows\system32\drivers\rasl2tp.sys Kernel Driver No Manual Stopped OK Normal No No
raspppoe Remote Access PPPOE Driver c:\windows\system32\drivers\raspppoe.sys Kernel Driver No Manual Stopped OK Normal No No
raspti Direct Parallel c:\windows\system32\drivers\raspti.sys Kernel Driver No Manual Stopped OK Normal No No
rdbss Rdbss c:\windows\system32\drivers\rdbss.sys File System Driver No System Stopped OK Normal No No
rdpcdd RDPCDD c:\windows\system32\drivers\rdpcdd.sys Kernel Driver No System Stopped OK Ignore No No
rdpdr Terminal Server Device Redirector Driver c:\windows\system32\drivers\rdpdr.sys Kernel Driver No Manual Stopped OK Normal No No
rdpwd RDPWD c:\windows\system32\drivers\rdpwd.sys Kernel Driver No Manual Stopped OK Ignore No No
redbook Digital CD Audio Playback Filter Driver c:\windows\system32\drivers\redbook.sys Kernel Driver No System Stopped OK Normal No No
rsusbstor RTS5121.Sys Realtek USB Card Reader c:\windows\system32\drivers\rts5121.sys Kernel Driver No Manual Stopped OK Normal No No
rts516xir Realtek IR Driver c:\windows\system32\drivers\rts516xir.sys Kernel Driver No Manual Stopped OK Ignore No No
sahdia32 HDD Filter Driver c:\windows\system32\drivers\sahdia32.sys Kernel Driver Yes Boot Running OK Normal No Yes
saibia32 Volume Filter Driver c:\windows\system32\drivers\saibia32.sys Kernel Driver Yes Boot Running OK Normal No Yes
saibvd32 Virtual Disk Driver c:\windows\system32\drivers\saibvd32.sys Kernel Driver No System Stopped OK Normal No No
sdbus sdbus c:\windows\system32\drivers\sdbus.sys Kernel Driver No Manual Stopped OK Normal No No
secdrv Secdrv c:\windows\system32\drivers\secdrv.sys Kernel Driver No Manual Stopped OK Normal No No
serial Serial c:\windows\system32\drivers\serial.sys Kernel Driver No Auto Stopped OK Ignore No No
sfloppy Sfloppy c:\windows\system32\drivers\sfloppy.sys Kernel Driver No System Stopped OK Ignore No No
simbad Simbad Not Available Kernel Driver No Disabled Stopped OK Normal No No
sisagp SIS AGP Bus Filter c:\windows\system32\drivers\sisagp.sys Kernel Driver No Disabled Stopped OK Normal No No
slip BDA Slip De-Framer c:\windows\system32\drivers\slip.sys Kernel Driver No Manual Stopped OK Normal No No
sparrow Sparrow c:\windows\system32\drivers\sparrow.sys Kernel Driver No Disabled Stopped OK Normal No No
splitter Microsoft Kernel Audio Splitter c:\windows\system32\drivers\splitter.sys Kernel Driver No Manual Stopped OK Normal No No
sr System Restore Filter Driver c:\windows\system32\drivers\sr.sys File System Driver No Disabled Stopped OK Normal No No
srv Srv c:\windows\system32\drivers\srv.sys File System Driver No Manual Stopped OK Normal No No
sthda IDT High Definition Audio CODEC c:\windows\system32\drivers\sthda.sys Kernel Driver No Manual Stopped OK Normal No No
stillcam Still Serial Digital Camera Driver c:\windows\system32\drivers\serscan.sys Kernel Driver No Manual Stopped OK Normal No No
streamip BDA IPSink c:\windows\system32\drivers\streamip.sys Kernel Driver No Manual Stopped OK Normal No No
swenum Software Bus Driver c:\windows\system32\drivers\swenum.sys Kernel Driver Yes Manual Running OK Normal No Yes
swmidi Microsoft Kernel GS Wavetable Synthesizer c:\windows\system32\drivers\swmidi.sys Kernel Driver No Manual Stopped OK Normal No No
sym_hi sym_hi c:\windows\system32\drivers\sym_hi.sys Kernel Driver No Disabled Stopped OK Normal No No
sym_u3 sym_u3 c:\windows\system32\drivers\sym_u3.sys Kernel Driver No Disabled Stopped OK Normal No No
symc810 symc810 c:\windows\system32\drivers\symc810.sys Kernel Driver No Disabled Stopped OK Normal No No
symc8xx symc8xx c:\windows\system32\drivers\symc8xx.sys Kernel Driver No Disabled Stopped OK Normal No No
syntp Synaptics TouchPad Driver c:\windows\system32\drivers\syntp.sys Kernel Driver Yes Manual Running OK Normal No Yes
sysaudio Microsoft Kernel System Audio Device c:\windows\system32\drivers\sysaudio.sys Kernel Driver No Manual Stopped OK Normal No No
syscow SysCow c:\windows\system32\drivers\syscow32x.sys File System Driver Yes Boot Running OK Normal No Yes
tcpip TCP/IP Protocol Driver c:\windows\system32\drivers\tcpip.sys Kernel Driver No System Stopped OK Normal No No
tdpipe TDPIPE c:\windows\system32\drivers\tdpipe.sys Kernel Driver No Manual Stopped OK Ignore No No
tdtcp TDTCP c:\windows\system32\drivers\tdtcp.sys Kernel Driver No Manual Stopped OK Ignore No No
termdd Terminal Device Driver c:\windows\system32\drivers\termdd.sys Kernel Driver Yes System Running OK Normal No Yes
toside TosIde c:\windows\system32\drivers\toside.sys Kernel Driver No Disabled Stopped OK Normal No No
udfs Udfs c:\windows\system32\drivers\udfs.sys File System Driver No Disabled Stopped OK Normal No No
ultra ultra c:\windows\system32\drivers\ultra.sys Kernel Driver No Disabled Stopped OK Normal No No
update Microcode Update Driver c:\windows\system32\drivers\update.sys Kernel Driver Yes Manual Running OK Normal No Yes
usbccgp Microsoft USB Generic Parent Driver c:\windows\system32\drivers\usbccgp.sys Kernel Driver Yes Manual Running OK Normal No Yes
usbccid Realtek Smartcard Reader Driver c:\windows\system32\drivers\rts5161ccid.sys Kernel Driver No Manual Stopped OK Normal No No
usbehci Microsoft USB 2.0 Enhanced Host Controller Miniport Driver c:\windows\system32\drivers\usbehci.sys Kernel Driver Yes Manual Running OK Normal No Yes
usbhub USB2 Enabled Hub c:\windows\system32\drivers\usbhub.sys Kernel Driver Yes Manual Running OK Normal No Yes
usbprint Microsoft USB PRINTER Class c:\windows\system32\drivers\usbprint.sys Kernel Driver No Manual Stopped OK Normal No No
usbscan USB Scanner Driver c:\windows\system32\drivers\usbscan.sys Kernel Driver No Manual Stopped OK Normal No No
usbstor USB Mass Storage Driver c:\windows\system32\drivers\usbstor.sys Kernel Driver Yes Manual Running OK Normal No Yes
usbuhci Microsoft USB Universal Host Controller Miniport Driver c:\windows\system32\drivers\usbuhci.sys Kernel Driver Yes Manual Running OK Normal No Yes
usbvideo USB Video Device (WDM) c:\windows\system32\drivers\usbvideo.sys Kernel Driver No Manual Stopped OK Normal No No
vgasave VgaSave c:\windows\system32\drivers\vga.sys Kernel Driver Yes System Running OK Ignore No Yes
viaagp VIA AGP Bus Filter c:\windows\system32\drivers\viaagp.sys Kernel Driver No Disabled Stopped OK Normal No No
viaide ViaIde c:\windows\system32\drivers\viaide.sys Kernel Driver Yes Boot Running OK Normal No Yes
volsnap VolSnap c:\windows\system32\drivers\volsnap.sys Kernel Driver Yes Boot Running OK Normal No Yes
wanarp Remote Access IP ARP Driver c:\windows\system32\drivers\wanarp.sys Kernel Driver No Manual Stopped OK Normal No No
wdf01000 Kernel Mode Driver Frameworks service c:\windows\system32\drivers\wdf01000.sys Kernel Driver Yes Manual Running OK Ignore No Yes
wdica WDICA Not Available Kernel Driver No Manual Stopped OK Ignore No No
wdmaud Microsoft WINMM WDM Audio Compatibility Driver c:\windows\system32\drivers\wdmaud.sys Kernel Driver No Manual Stopped OK Normal No No
wmiacpi Microsoft Windows Management Interface for ACPI c:\windows\system32\drivers\wmiacpi.sys Kernel Driver Yes System Running OK Normal No Yes
wpdusb WpdUsb c:\windows\system32\drivers\wpdusb.sys Kernel Driver No Manual Stopped OK Normal No No
wstcodec World Standard Teletext Codec c:\windows\system32\drivers\wstcodec.sys Kernel Driver No Manual Stopped OK Normal No No
wudfpf Windows Driver Foundation - User-mode Driver Framework Platform Driver c:\windows\system32\drivers\wudfpf.sys Kernel Driver Yes Boot Running OK Normal No Yes
wudfrd Windows Driver Foundation - User-mode Driver Framework Reflector c:\windows\system32\drivers\wudfrd.sys Kernel Driver No Manual Stopped OK Normal No No
--------------------------------------------------
OLE Registration:

Adobe Acrobat Document "c:\program files\adobe\reader 9.0\reader\acrord32.exe"
Bitmap Image mspaint.exe
MIDI Sequence mplay32.exe /mid
Media Clip mplay32.exe
Media Clip Not Available
Microsoft Equation 3.0 c:\progra~1\common~1\micros~1\equation\eqnedt32.exe
Microsoft Excel 4.0 Macro Not Available
Microsoft Graph Chart c:\progra~1\micros~2\office12\graph.exe
Microsoft Office Excel 95 Worksheet Not Available
Microsoft Office Excel 97-2003 Worksheet c:\progra~1\micros~2\office12\excel.exe
Microsoft Office Excel Binary Worksheet c:\progra~1\micros~2\office12\excel.exe
Microsoft Office Excel Chart Not Available
Microsoft Office Excel Chart c:\progra~1\micros~2\office12\excel.exe
Microsoft Office Excel Chart Not Available
Microsoft Office Excel Macro-Enabled Worksheet c:\progra~1\micros~2\office12\excel.exe
Microsoft Office Excel Worksheet c:\progra~1\micros~2\office12\excel.exe
Microsoft Office PowerPoint 97-2003 Presentation c:\progra~1\micros~2\office12\powerpnt.exe
Microsoft Office PowerPoint 97-2003 Slide c:\progra~1\micros~2\office12\powerpnt.exe
Microsoft Office PowerPoint Macro-Enabled Presentation c:\progra~1\micros~2\office12\powerpnt.exe
Microsoft Office PowerPoint Macro-Enabled Slide c:\progra~1\micros~2\office12\powerpnt.exe
Microsoft Office PowerPoint Presentation c:\progra~1\micros~2\office12\powerpnt.exe
Microsoft Office PowerPoint Slide c:\progra~1\micros~2\office12\powerpnt.exe
Microsoft Office Word 97 - 2003 Document c:\progra~1\micros~2\office12\winword.exe
Microsoft Office Word Document c:\progra~1\micros~2\office12\winword.exe
Microsoft Office Word Macro-Enabled Document c:\progra~1\micros~2\office12\winword.exe
Microsoft Office Word Macro-Enabled Template c:\progra~1\micros~2\office12\winword.exe
Microsoft Office Word Template c:\progra~1\micros~2\office12\winword.exe
Microsoft Word 6.0 - 7.0 Document Not Available
Microsoft Word 6.0 - 7.0 Picture Not Available
Microsoft Works Spreadsheet c:\progra~1\micros~3\wksss.exe
OpenDocument Presentation c:\progra~1\micros~2\office12\powerpnt.exe
OpenDocument Spreadsheet c:\progra~1\micros~2\office12\excel.exe
OpenDocument Text c:\progra~1\micros~2\office12\winword.exe
Sound Not Available
Sound (OLE2) sndrec32.exe
Video Clip mplay32.exe /avi
WordPad Document "%programfiles%\windows nt\accessories\wordpad.exe"
---------------------------------------
IDE:

Name Intel® 82801GBM/GHM (ICH7-M Family) Serial ATA Storage Controller - 27C4
Manufacturer Intel
Status OK
PNP Device ID PCI\VEN_8086&DEV_27C4&SUBSYS_308F103C&REV_02\3&11583659&0&FA
I/O Port 0x0000D400-0x0000D407
I/O Port 0x0000D080-0x0000D083
I/O Port 0x0000D000-0x0000D007
I/O Port 0x0000CC80-0x0000CC83
I/O Port 0x0000CC00-0x0000CC0F
Memory Address 0xFE937800-0xFE937BFF
IRQ Channel IRQ 19
Driver c:\windows\system32\drivers\pciide.sys (5.1.2600.0 (XPClient.010817-1148), 3.25 KB (3,328 bytes), 8/18/2001 8:51 AM)

Name Primary IDE Channel
Manufacturer (Standard IDE ATA/ATAPI controllers)
Status OK
PNP Device ID PCIIDE\IDECHANNEL\4&1B379197&0&0
Driver c:\windows\system32\drivers\atapi.sys (5.1.2600.5512 (xpsp.080413-2108), 94.25 KB (96,512 bytes), 4/14/2008 7:10 PM)

Name Secondary IDE Channel
Manufacturer (Standard IDE ATA/ATAPI controllers)
Status OK
PNP Device ID PCIIDE\IDECHANNEL\4&1B379197&0&1
Driver c:\windows\system32\drivers\atapi.sys (5.1.2600.5512 (xpsp.080413-2108), 94.25 KB (96,512 bytes), 4/14/2008 7:10 PM)

========================================================================================
Should I also post the mbam log?

Thanks everyone...so very much.
~~ Do wah ditty ditty dum ditty do ~~
Coz

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 PM

Posted 26 July 2012 - 09:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461749 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 PM

Posted 31 July 2012 - 09:50 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users