View Full Version : Browsers crashing and programs running improperly.
I know there is something wrong but it's beyond my knowledge to resolve. So I come to the best.
When you open Chrome or Firefox they crash, IE is fine. It won't let windows update and hijacks the website when you try to go to it. I've run Spybot and Malware Bytes, and the problems persist.
Thanks in advance.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Carolynrsl at 0:30:16 on 2014-01-31
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.562 [GMT -6:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lxcfcoms.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: <No Name>: - LocalServer32 - <no file>
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - http://tbedits.totalrecipesearch.com/one-toolbaredits/menusearch.jhtml?s=100000459&p2=^YK^xdm003^S01928^us&si=CNPIzNHP1rACFSWFQAod_SUl1w&a=AA671E39-85F4-4F91-910B-20756E3DA426&n=2012072914&cv=1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} -
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{6734B78D-2D91-44C2-BCF6-A3BA4F73FD04} : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\carolynrsl\application data\mozilla\firefox\profiles\y0ciztnn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=AA671E39-85F4-4F91-910B-20756E3DA426&n=77eda07a&ind=2012061818&p2=^YK^xdm003^S01928^us&si=CNPIzNHP1rACFSWFQAod_SUl1w&searchfor=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: !HIDDEN! 2009-12-28 19:29; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-06-17 20:22; 14ffxtbr@TotalRecipeSearch_14.com; c:\program files\totalrecipesearch_14\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-8-11 55152]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-4-27 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-4-27 39040]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-11 1684736]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\amustor.sys --> c:\windows\system32\drivers\AmUStor.SYS [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-8-20 1015424]
.
=============== Created Last 30 ================
.
2014-01-27 08:40:54 -------- d-----w- c:\documents and settings\carolynrsl\local settings\application data\Google
2014-01-27 08:02:08 -------- d-----w- c:\windows\SxsCaPendDel
2014-01-12 20:31:09 -------- d-----w- c:\documents and settings\carolynrsl\local settings\application data\genienext
2014-01-06 22:51:07 75376 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2014-01-06 22:51:07 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2014-01-06 22:51:01 3449456 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2014-01-06 22:51:01 194552 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2014-01-06 22:51:01 130672 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2014-01-06 22:51:01 119408 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2014-01-06 22:50:59 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2014-01-06 22:50:59 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2014-01-06 22:50:59 3559024 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2014-01-06 22:50:53 28272 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
2014-01-06 22:50:52 170960 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2014-01-06 22:50:52 108144 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2014-01-06 22:39:55 -------- d-----w- c:\documents and settings\carolynrsl\application data\WeatherBug
2014-01-06 22:39:50 -------- d-----w- c:\program files\AWS
2014-01-06 22:39:02 -------- d-----w- c:\documents and settings\carolynrsl\.android
2014-01-06 22:38:58 -------- d-----w- c:\documents and settings\carolynrsl\local settings\application data\cache
2014-01-06 22:38:48 -------- d-----w- c:\documents and settings\carolynrsl\local settings\application data\Mobogenie
.
==================== Find3M ====================
.
2013-12-12 22:36:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-12 22:36:02 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_ rev.FB2O -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x864CCEC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x84aeb872; SUB DWORD [EBP-0x4], 0x84aeb12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8657B030]
3 CLASSPNP[0xF75C8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000005f[0x8653A8D8]
5 ACPI[0xF745F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8657C028]
[0x8657AA38] -> IRP_MJ_CREATE -> 0x864CCEC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskHitachi_HTS543216L9SA00_________________FB2OC40C#4&44f0d94&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\iaStor DriverStartIo -> 0x864CCAEA
user & kernel MBR OK
sectors 312581806 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 0:31:37.14 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-31 00:33:09
-----------------------------
00:33:09.015 OS Version: Windows 5.1.2600 Service Pack 3
00:33:09.015 Number of processors: 2 586 0x1C02
00:33:09.015 ComputerName: ROSIELAPPY UserName: Carolynrsl
00:33:09.984 Initialize success
00:55:33.203 AVAST engine defs: 14013001
01:06:11.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\iaStor0
01:06:11.328 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
01:06:11.328 Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskHitachi_HTS543216L9SA00_________________FB2OC40C#4&44f0d94&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
01:06:11.343 Device \Driver\iaStor -> DriverStartIo 864ccaea
01:06:11.515 Disk 0 MBR read successfully
01:06:11.531 Disk 0 MBR scan
01:06:11.609 Disk 0 Windows XP default MBR code
01:06:11.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 147581 MB offset 63
01:06:11.671 Disk 0 Partition 2 00 1C Hidd FAT32 LBA MSDOS5.0 5004 MB offset 302246910
01:06:11.703 Disk 0 Partition 3 00 EF EFI FAT A1311 39 MB offset 312496380
01:06:11.734 Disk 0 scanning sectors +312576705
01:06:11.921 Disk 0 scanning C:\WINDOWS\system32\drivers
01:06:16.203 File: C:\WINDOWS\system32\drivers\atapi.sys **INFECTED** Win32:Alureon-FZ
01:06:29.468 Scan finished successfully
01:07:12.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Carolynrsl\Desktop\spybotstools\MBR.dat"
01:07:12.875 The log file has been saved successfully to "C:\Documents and Settings\Carolynrsl\Desktop\spybotstools\aswMBR.txt"
11187
:snwelcome:
Looks like you may be infected with the TDSS Rootkit....not nice
Also would like you to read this as this forum and most other forums will stop offering support for Windows XP
http://techpageone.dell.com/technology/windows-xp-end-road/?dgc=BA&cid=272099&lid=5049884&acd=12309189674467600#.Uq76LvRDtL0
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
Thanks, that seemed to make it better, web browsers are stable and I'm able to update windows again.
19:24:54.0078 3984 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:24:56.0093 3984 ============================================================
19:24:56.0093 3984 Current date / time: 2014/01/31 19:24:56.0093
19:24:56.0093 3984 SystemInfo:
19:24:56.0093 3984
19:24:56.0093 3984 OS Version: 5.1.2600 ServicePack: 3.0
19:24:56.0093 3984 Product type: Workstation
19:24:56.0093 3984 ComputerName: ROSIELAPPY
19:24:56.0093 3984 UserName: Carolynrsl
19:24:56.0093 3984 Windows directory: C:\WINDOWS
19:24:56.0093 3984 System windows directory: C:\WINDOWS
19:24:56.0093 3984 Processor architecture: Intel x86
19:24:56.0093 3984 Number of processors: 2
19:24:56.0093 3984 Page size: 0x1000
19:24:56.0093 3984 Boot type: Normal boot
19:24:56.0093 3984 ============================================================
19:24:57.0187 3984 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:24:57.0187 3984 Drive \Device\Harddisk1\DR6 - Size: 0x3BF80000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:24:57.0187 3984 ============================================================
19:24:57.0187 3984 \Device\Harddisk0\DR0:
19:24:57.0187 3984 MBR partitions:
19:24:57.0187 3984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1203EBBF
19:24:57.0187 3984 \Device\Harddisk1\DR6:
19:24:57.0187 3984 MBR partitions:
19:24:57.0187 3984 \Device\Harddisk1\DR6\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1DFBE0
19:24:57.0187 3984 ============================================================
19:24:57.0234 3984 C: <-> \Device\Harddisk0\DR0\Partition1
19:24:57.0234 3984 ============================================================
19:24:57.0234 3984 Initialize success
19:24:57.0234 3984 ============================================================
19:25:10.0125 1956 ============================================================
19:25:10.0125 1956 Scan started
19:25:10.0125 1956 Mode: Manual;
19:25:10.0125 1956 ============================================================
19:25:10.0250 1956 ================ Scan system memory ========================
19:25:10.0250 1956 System memory - ok
19:25:10.0250 1956 ================ Scan services =============================
19:25:10.0468 1956 Abiosdsk - ok
19:25:10.0484 1956 abp480n5 - ok
19:25:10.0562 1956 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:25:10.0562 1956 ACPI - ok
19:25:10.0593 1956 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:25:10.0593 1956 ACPIEC - ok
19:25:10.0687 1956 [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:25:10.0703 1956 AdobeFlashPlayerUpdateSvc - ok
19:25:10.0734 1956 adpu160m - ok
19:25:10.0796 1956 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:25:10.0796 1956 aec - ok
19:25:10.0875 1956 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:25:10.0875 1956 AFD - ok
19:25:10.0890 1956 Aha154x - ok
19:25:10.0921 1956 aic78u2 - ok
19:25:10.0953 1956 aic78xx - ok
19:25:11.0000 1956 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:25:11.0015 1956 Alerter - ok
19:25:11.0062 1956 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:25:11.0062 1956 ALG - ok
19:25:11.0078 1956 AliIde - ok
19:25:11.0171 1956 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
19:25:11.0234 1956 Ambfilt - ok
19:25:11.0250 1956 amsint - ok
19:25:11.0281 1956 AmUStor - ok
19:25:11.0296 1956 AppMgmt - ok
19:25:11.0406 1956 [ E0EE769D14128014965E03B433F5F46E ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
19:25:11.0453 1956 AR5416 - ok
19:25:11.0484 1956 asc - ok
19:25:11.0500 1956 asc3350p - ok
19:25:11.0515 1956 asc3550 - ok
19:25:11.0765 1956 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:25:11.0765 1956 aspnet_state - ok
19:25:11.0828 1956 [ 12415A4B61DED200FE9932B47A35FA42 ] AsusACPI C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
19:25:11.0828 1956 AsusACPI - ok
19:25:11.0875 1956 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:25:11.0890 1956 AsyncMac - ok
19:25:11.0937 1956 [ 4CF04E270F90E9F560A0614B53804C2C ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:25:11.0953 1956 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\atapi.sys. Real md5: 4CF04E270F90E9F560A0614B53804C2C, Fake md5: 9F3A2F5AA6875C72BF062C712CFA2674
19:25:11.0953 1956 atapi ( Rootkit.Win32.TDSS.tdl3 ) - infected
19:25:11.0953 1956 atapi - detected Rootkit.Win32.TDSS.tdl3 (0)
19:25:11.0968 1956 Atdisk - ok
19:25:12.0000 1956 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:25:12.0015 1956 Atmarpc - ok
19:25:12.0078 1956 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:25:12.0078 1956 AudioSrv - ok
19:25:12.0140 1956 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:25:12.0140 1956 audstub - ok
19:25:12.0203 1956 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:25:12.0203 1956 Beep - ok
19:25:12.0281 1956 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:25:12.0296 1956 BITS - ok
19:25:12.0406 1956 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:25:12.0421 1956 Bonjour Service - ok
19:25:12.0484 1956 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
19:25:12.0484 1956 Browser - ok
19:25:12.0515 1956 btaudio - ok
19:25:12.0531 1956 BTDriver - ok
19:25:12.0546 1956 BTWDNDIS - ok
19:25:12.0562 1956 btwhid - ok
19:25:12.0593 1956 BTWUSB - ok
19:25:12.0640 1956 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:25:12.0640 1956 cbidf2k - ok
19:25:12.0687 1956 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:25:12.0687 1956 CCDECODE - ok
19:25:12.0703 1956 cd20xrnt - ok
19:25:12.0765 1956 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:25:12.0781 1956 Cdaudio - ok
19:25:12.0812 1956 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:25:12.0828 1956 Cdfs - ok
19:25:12.0859 1956 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:25:12.0875 1956 Cdrom - ok
19:25:12.0890 1956 Changer - ok
19:25:12.0937 1956 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:25:12.0937 1956 CiSvc - ok
19:25:12.0968 1956 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:25:12.0968 1956 ClipSrv - ok
19:25:13.0031 1956 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:25:13.0062 1956 clr_optimization_v2.0.50727_32 - ok
19:25:13.0125 1956 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:25:13.0125 1956 CmBatt - ok
19:25:13.0156 1956 CmdIde - ok
19:25:13.0187 1956 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:25:13.0187 1956 Compbatt - ok
19:25:13.0218 1956 COMSysApp - ok
19:25:13.0265 1956 Cpqarray - ok
19:25:13.0312 1956 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:25:13.0312 1956 CryptSvc - ok
19:25:13.0328 1956 dac2w2k - ok
19:25:13.0359 1956 dac960nt - ok
19:25:13.0437 1956 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:25:13.0453 1956 DcomLaunch - ok
19:25:13.0515 1956 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:25:13.0515 1956 Dhcp - ok
19:25:13.0546 1956 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:25:13.0546 1956 Disk - ok
19:25:13.0562 1956 dmadmin - ok
19:25:13.0640 1956 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:25:13.0671 1956 dmboot - ok
19:25:13.0703 1956 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:25:13.0703 1956 dmio - ok
19:25:13.0750 1956 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:25:13.0750 1956 dmload - ok
19:25:13.0781 1956 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:25:13.0781 1956 dmserver - ok
19:25:13.0812 1956 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:25:13.0828 1956 DMusic - ok
19:25:13.0875 1956 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:25:13.0890 1956 Dnscache - ok
19:25:13.0953 1956 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:25:13.0968 1956 Dot3svc - ok
19:25:13.0984 1956 dpti2o - ok
19:25:14.0015 1956 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:25:14.0031 1956 drmkaud - ok
19:25:14.0062 1956 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:25:14.0062 1956 EapHost - ok
19:25:14.0125 1956 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:25:14.0125 1956 ERSvc - ok
19:25:14.0203 1956 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:25:14.0203 1956 Eventlog - ok
19:25:14.0265 1956 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:25:14.0265 1956 EventSystem - ok
19:25:14.0328 1956 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:25:14.0343 1956 Fastfat - ok
19:25:14.0406 1956 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:25:14.0421 1956 FastUserSwitchingCompatibility - ok
19:25:14.0500 1956 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:25:14.0500 1956 Fdc - ok
19:25:14.0531 1956 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:25:14.0531 1956 Fips - ok
19:25:14.0578 1956 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:25:14.0578 1956 Flpydisk - ok
19:25:14.0640 1956 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:25:14.0640 1956 FltMgr - ok
19:25:14.0718 1956 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:25:14.0718 1956 FontCache3.0.0.0 - ok
19:25:14.0781 1956 [ 960F5E5E4E1F720465311AC68A99C2DF ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:25:14.0781 1956 fssfltr - ok
19:25:14.0921 1956 [ 9B1622EBEB31B3411B13382FFCB8737D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:25:14.0937 1956 fsssvc - ok
19:25:15.0000 1956 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:25:15.0000 1956 Fs_Rec - ok
19:25:15.0062 1956 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:25:15.0078 1956 Ftdisk - ok
19:25:15.0140 1956 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:25:15.0140 1956 Gpc - ok
19:25:15.0218 1956 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:25:15.0234 1956 gupdate - ok
19:25:15.0250 1956 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:25:15.0250 1956 gupdatem - ok
19:25:15.0328 1956 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:25:15.0343 1956 HDAudBus - ok
19:25:15.0453 1956 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:25:15.0468 1956 helpsvc - ok
19:25:15.0515 1956 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:25:15.0515 1956 HidServ - ok
19:25:15.0562 1956 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:25:15.0562 1956 HidUsb - ok
19:25:15.0625 1956 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:25:15.0625 1956 hkmsvc - ok
19:25:15.0656 1956 hpn - ok
19:25:15.0718 1956 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:25:15.0734 1956 HTTP - ok
19:25:15.0796 1956 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:25:15.0812 1956 HTTPFilter - ok
19:25:15.0828 1956 i2omgmt - ok
19:25:15.0843 1956 i2omp - ok
19:25:15.0906 1956 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:25:15.0906 1956 i8042prt - ok
19:25:16.0187 1956 [ 0F68E2EC713F132FFB19E45415B09679 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:25:16.0390 1956 ialm - ok
19:25:16.0453 1956 [ 8EF427C54497C5F8A7A645990E4278C7 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
19:25:16.0468 1956 iaStor - ok
19:25:16.0593 1956 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:25:16.0625 1956 idsvc - ok
19:25:16.0703 1956 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:25:16.0703 1956 Imapi - ok
19:25:16.0765 1956 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:25:16.0765 1956 ImapiService - ok
19:25:16.0796 1956 ini910u - ok
19:25:17.0046 1956 [ 9037C8BD3E896D7F2803A171FDEAEEF4 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:25:17.0218 1956 IntcAzAudAddService - ok
19:25:17.0234 1956 IntelIde - ok
19:25:17.0296 1956 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:25:17.0296 1956 intelppm - ok
19:25:17.0343 1956 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:25:17.0343 1956 Ip6Fw - ok
19:25:17.0375 1956 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:25:17.0375 1956 IpFilterDriver - ok
19:25:17.0390 1956 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:25:17.0390 1956 IpInIp - ok
19:25:17.0406 1956 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:25:17.0421 1956 IpNat - ok
19:25:17.0453 1956 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:25:17.0453 1956 IPSec - ok
19:25:17.0500 1956 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:25:17.0500 1956 IRENUM - ok
19:25:17.0562 1956 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:25:17.0562 1956 isapnp - ok
19:25:17.0625 1956 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:25:17.0625 1956 Kbdclass - ok
19:25:17.0656 1956 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:25:17.0656 1956 kmixer - ok
19:25:17.0687 1956 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:25:17.0703 1956 KSecDD - ok
19:25:17.0734 1956 [ 6C8658587E91EA25B0FD2E71781AD228 ] L1c C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
19:25:17.0750 1956 L1c - ok
19:25:17.0812 1956 [ F385F4B02C535BFFE1D70CAB80838123 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
19:25:17.0812 1956 LanmanServer - ok
19:25:17.0875 1956 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:25:17.0906 1956 lanmanworkstation - ok
19:25:17.0921 1956 lbrtfdc - ok
19:25:17.0984 1956 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:25:18.0000 1956 LmHosts - ok
19:25:18.0015 1956 lxcf_device - ok
19:25:18.0062 1956 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:25:18.0062 1956 Messenger - ok
19:25:18.0109 1956 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:25:18.0109 1956 mnmdd - ok
19:25:18.0171 1956 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:25:18.0171 1956 mnmsrvc - ok
19:25:18.0218 1956 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:25:18.0218 1956 Modem - ok
19:25:18.0296 1956 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
19:25:18.0359 1956 Monfilt - ok
19:25:18.0406 1956 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:25:18.0406 1956 Mouclass - ok
19:25:18.0453 1956 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:25:18.0468 1956 mouhid - ok
19:25:18.0484 1956 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:25:18.0500 1956 MountMgr - ok
19:25:18.0546 1956 [ 3B9398E0146855B1DC0E3D9769C80F01 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:25:18.0562 1956 MozillaMaintenance - ok
19:25:18.0578 1956 mraid35x - ok
19:25:18.0625 1956 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:25:18.0625 1956 MRxDAV - ok
19:25:18.0687 1956 [ F3AEFB11ABC521122B67095044169E98 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:25:18.0718 1956 MRxSmb - ok
19:25:18.0781 1956 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:25:18.0781 1956 MSDTC - ok
19:25:18.0828 1956 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:25:18.0828 1956 Msfs - ok
19:25:18.0859 1956 MSIServer - ok
19:25:18.0906 1956 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:25:18.0906 1956 MSKSSRV - ok
19:25:18.0921 1956 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:25:18.0921 1956 MSPCLOCK - ok
19:25:18.0953 1956 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:25:18.0953 1956 MSPQM - ok
19:25:19.0000 1956 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:25:19.0000 1956 mssmbios - ok
19:25:19.0046 1956 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:25:19.0046 1956 MSTEE - ok
19:25:19.0093 1956 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:25:19.0093 1956 Mup - ok
19:25:19.0125 1956 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:25:19.0125 1956 NABTSFEC - ok
19:25:19.0171 1956 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:25:19.0187 1956 napagent - ok
19:25:19.0250 1956 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:25:19.0265 1956 NDIS - ok
19:25:19.0312 1956 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:25:19.0312 1956 NdisIP - ok
19:25:19.0390 1956 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:25:19.0390 1956 NdisTapi - ok
19:25:19.0453 1956 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:25:19.0453 1956 Ndisuio - ok
19:25:19.0500 1956 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:25:19.0515 1956 NdisWan - ok
19:25:19.0546 1956 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:25:19.0562 1956 NDProxy - ok
19:25:19.0609 1956 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:25:19.0609 1956 NetBIOS - ok
19:25:19.0671 1956 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:25:19.0687 1956 NetBT - ok
19:25:19.0734 1956 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:25:19.0750 1956 NetDDE - ok
19:25:19.0765 1956 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:25:19.0781 1956 NetDDEdsdm - ok
19:25:19.0812 1956 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:25:19.0812 1956 Netlogon - ok
19:25:19.0859 1956 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:25:19.0859 1956 Netman - ok
19:25:19.0921 1956 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:25:19.0937 1956 NetTcpPortSharing - ok
19:25:20.0000 1956 [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla C:\WINDOWS\System32\mswsock.dll
19:25:20.0015 1956 Nla - ok
19:25:20.0078 1956 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:25:20.0078 1956 Npfs - ok
19:25:20.0140 1956 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:25:20.0156 1956 Ntfs - ok
19:25:20.0171 1956 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:25:20.0187 1956 NtLmSsp - ok
19:25:20.0234 1956 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:25:20.0250 1956 NtmsSvc - ok
19:25:20.0328 1956 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:25:20.0328 1956 Null - ok
19:25:20.0359 1956 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:25:20.0359 1956 NwlnkFlt - ok
19:25:20.0375 1956 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:25:20.0375 1956 NwlnkFwd - ok
19:25:20.0515 1956 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:25:20.0546 1956 odserv - ok
19:25:20.0609 1956 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:25:20.0609 1956 ose - ok
19:25:20.0656 1956 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
19:25:20.0656 1956 Parport - ok
19:25:20.0734 1956 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:25:20.0734 1956 PartMgr - ok
19:25:20.0781 1956 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:25:20.0781 1956 ParVdm - ok
19:25:20.0796 1956 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:25:20.0812 1956 PCI - ok
19:25:20.0828 1956 PCIDump - ok
19:25:20.0843 1956 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:25:20.0843 1956 PCIIde - ok
19:25:20.0890 1956 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:25:20.0890 1956 Pcmcia - ok
19:25:20.0906 1956 PDCOMP - ok
19:25:20.0937 1956 PDFRAME - ok
19:25:20.0953 1956 PDRELI - ok
19:25:20.0968 1956 PDRFRAME - ok
19:25:20.0984 1956 perc2 - ok
19:25:21.0015 1956 perc2hib - ok
19:25:21.0140 1956 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:25:21.0140 1956 PlugPlay - ok
19:25:21.0156 1956 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:25:21.0156 1956 PolicyAgent - ok
19:25:21.0171 1956 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:25:21.0187 1956 PptpMiniport - ok
19:25:21.0187 1956 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:25:21.0203 1956 ProtectedStorage - ok
19:25:21.0203 1956 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:25:21.0218 1956 PSched - ok
19:25:21.0234 1956 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:25:21.0234 1956 Ptilink - ok
19:25:21.0250 1956 ql1080 - ok
19:25:21.0265 1956 Ql10wnt - ok
19:25:21.0281 1956 ql12160 - ok
19:25:21.0296 1956 ql1240 - ok
19:25:21.0312 1956 ql1280 - ok
19:25:21.0359 1956 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:25:21.0359 1956 RasAcd - ok
19:25:21.0375 1956 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:25:21.0390 1956 RasAuto - ok
19:25:21.0406 1956 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:25:21.0406 1956 Rasl2tp - ok
19:25:21.0437 1956 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:25:21.0453 1956 RasMan - ok
19:25:21.0453 1956 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:25:21.0468 1956 RasPppoe - ok
19:25:21.0500 1956 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:25:21.0500 1956 Raspti - ok
19:25:21.0531 1956 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:25:21.0546 1956 Rdbss - ok
19:25:21.0578 1956 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:25:21.0578 1956 RDPCDD - ok
19:25:21.0625 1956 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:25:21.0625 1956 RDPWD - ok
19:25:21.0656 1956 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:25:21.0671 1956 RDSessMgr - ok
19:25:21.0703 1956 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:25:21.0703 1956 redbook - ok
19:25:21.0750 1956 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:25:21.0750 1956 RemoteAccess - ok
19:25:21.0812 1956 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:25:21.0812 1956 RpcLocator - ok
19:25:21.0859 1956 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:25:21.0859 1956 RpcSs - ok
19:25:21.0921 1956 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:25:21.0921 1956 RSVP - ok
19:25:21.0984 1956 [ 97B59CE2CFBB0884A16DDD8F1781812B ] RT80x86 C:\WINDOWS\system32\DRIVERS\RT2860.sys
19:25:22.0015 1956 RT80x86 - ok
19:25:22.0046 1956 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:25:22.0046 1956 SamSs - ok
19:25:22.0093 1956 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:25:22.0093 1956 SCardSvr - ok
19:25:22.0156 1956 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:25:22.0171 1956 Schedule - ok
19:25:22.0281 1956 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:25:22.0281 1956 SeaPort - ok
19:25:22.0312 1956 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:25:22.0328 1956 Secdrv - ok
19:25:22.0359 1956 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:25:22.0359 1956 seclogon - ok
19:25:22.0375 1956 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:25:22.0390 1956 SENS - ok
19:25:22.0421 1956 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
19:25:22.0421 1956 Serial - ok
19:25:22.0468 1956 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:25:22.0468 1956 Sfloppy - ok
19:25:22.0500 1956 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:25:22.0515 1956 SharedAccess - ok
19:25:22.0546 1956 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:25:22.0546 1956 ShellHWDetection - ok
19:25:22.0562 1956 Simbad - ok
19:25:22.0578 1956 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:25:22.0578 1956 SLIP - ok
19:25:22.0687 1956 [ 473F35E2A378B854731E67C377A3BEA7 ] SNP2UVC C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
19:25:22.0750 1956 SNP2UVC - ok
19:25:22.0765 1956 Sparrow - ok
19:25:22.0812 1956 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:25:22.0828 1956 splitter - ok
19:25:22.0875 1956 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:25:22.0890 1956 Spooler - ok
19:25:22.0937 1956 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:25:22.0953 1956 sr - ok
19:25:22.0968 1956 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:25:22.0984 1956 srservice - ok
19:25:23.0015 1956 [ 89220B427890AA1DFFD1A02648AE51C3 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:25:23.0031 1956 Srv - ok
19:25:23.0062 1956 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:25:23.0078 1956 SSDPSRV - ok
19:25:23.0140 1956 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:25:23.0156 1956 stisvc - ok
19:25:23.0187 1956 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:25:23.0187 1956 streamip - ok
19:25:23.0234 1956 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:25:23.0234 1956 swenum - ok
19:25:23.0265 1956 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:25:23.0265 1956 swmidi - ok
19:25:23.0281 1956 SwPrv - ok
19:25:23.0296 1956 symc810 - ok
19:25:23.0312 1956 symc8xx - ok
19:25:23.0328 1956 sym_hi - ok
19:25:23.0343 1956 sym_u3 - ok
19:25:23.0390 1956 [ 8E25A1DBB8527B2074AF9B682F818768 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:25:23.0406 1956 SynTP - ok
19:25:23.0437 1956 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:25:23.0437 1956 sysaudio - ok
19:25:23.0500 1956 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:25:23.0500 1956 SysmonLog - ok
19:25:23.0562 1956 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:25:23.0578 1956 TapiSrv - ok
19:25:23.0609 1956 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:25:23.0625 1956 Tcpip - ok
19:25:23.0656 1956 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:25:23.0671 1956 TDPIPE - ok
19:25:23.0671 1956 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:25:23.0671 1956 TDTCP - ok
19:25:23.0718 1956 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:25:23.0718 1956 TermDD - ok
19:25:23.0750 1956 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:25:23.0765 1956 TermService - ok
19:25:23.0781 1956 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:25:23.0781 1956 Themes - ok
19:25:23.0796 1956 TosIde - ok
19:25:23.0859 1956 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:25:23.0875 1956 TrkWks - ok
19:25:23.0921 1956 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:25:23.0937 1956 Udfs - ok
19:25:23.0937 1956 ultra - ok
19:25:24.0000 1956 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:25:24.0015 1956 Update - ok
19:25:24.0046 1956 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:25:24.0046 1956 upnphost - ok
19:25:24.0078 1956 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:25:24.0078 1956 UPS - ok
19:25:24.0093 1956 USBAAPL - ok
19:25:24.0140 1956 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:25:24.0140 1956 usbccgp - ok
19:25:24.0171 1956 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:25:24.0171 1956 usbehci - ok
19:25:24.0203 1956 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:25:24.0203 1956 usbhub - ok
19:25:24.0234 1956 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:25:24.0234 1956 usbprint - ok
19:25:24.0265 1956 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:25:24.0265 1956 usbstor - ok
19:25:24.0328 1956 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:25:24.0328 1956 usbuhci - ok
19:25:24.0406 1956 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
19:25:24.0421 1956 usbvideo - ok
19:25:24.0453 1956 [ C019889035CDC1A06F2FEBC93CBB6897 ] uvclf C:\WINDOWS\system32\DRIVERS\uvclf.sys
19:25:24.0453 1956 uvclf - ok
19:25:24.0484 1956 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:25:24.0484 1956 VgaSave - ok
19:25:24.0500 1956 ViaIde - ok
19:25:24.0562 1956 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:25:24.0562 1956 VolSnap - ok
19:25:24.0640 1956 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:25:24.0656 1956 VSS - ok
19:25:24.0718 1956 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:25:24.0734 1956 W32Time - ok
19:25:24.0765 1956 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:25:24.0765 1956 Wanarp - ok
19:25:24.0828 1956 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
19:25:24.0843 1956 Wdf01000 - ok
19:25:24.0859 1956 WDICA - ok
19:25:24.0890 1956 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:25:24.0890 1956 wdmaud - ok
19:25:24.0937 1956 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:25:24.0953 1956 WebClient - ok
19:25:25.0062 1956 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:25:25.0062 1956 winmgmt - ok
19:25:25.0125 1956 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:25:25.0125 1956 WmdmPmSN - ok
19:25:25.0171 1956 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:25:25.0171 1956 WmiApSrv - ok
19:25:25.0296 1956 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:25:25.0312 1956 WMPNetworkSvc - ok
19:25:25.0375 1956 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:25:25.0375 1956 wscsvc - ok
19:25:25.0406 1956 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:25:25.0406 1956 WSTCODEC - ok
19:25:25.0453 1956 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:25:25.0453 1956 wuauserv - ok
19:25:25.0515 1956 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:25:25.0531 1956 WudfPf - ok
19:25:25.0531 1956 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:25:25.0546 1956 WudfRd - ok
19:25:25.0578 1956 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:25:25.0593 1956 WudfSvc - ok
19:25:25.0656 1956 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:25:25.0671 1956 WZCSVC - ok
19:25:25.0718 1956 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:25:25.0718 1956 xmlprov - ok
19:25:25.0750 1956 ================ Scan global ===============================
19:25:25.0796 1956 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:25:25.0843 1956 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
19:25:25.0875 1956 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
19:25:25.0890 1956 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:25:25.0890 1956 [Global] - ok
19:25:25.0890 1956 ================ Scan MBR ==================================
19:25:25.0921 1956 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:25:26.0187 1956 \Device\Harddisk0\DR0 - ok
19:25:26.0203 1956 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR6
19:25:26.0218 1956 \Device\Harddisk1\DR6 - ok
19:25:26.0218 1956 ================ Scan VBR ==================================
19:25:26.0218 1956 [ 8D0C98ACF07E1C09BDEFEE5EBDFB8CA2 ] \Device\Harddisk0\DR0\Partition1
19:25:26.0234 1956 \Device\Harddisk0\DR0\Partition1 - ok
19:25:26.0234 1956 [ EAC2CD9B36094863B776548B44B3BDE6 ] \Device\Harddisk1\DR6\Partition1
19:25:26.0234 1956 \Device\Harddisk1\DR6\Partition1 - ok
19:25:26.0250 1956 ============================================================
19:25:26.0250 1956 Scan finished
19:25:26.0250 1956 ============================================================
19:25:26.0281 3024 Detected object count: 1
19:25:26.0281 3024 Actual detected object count: 1
19:26:11.0609 3024 C:\WINDOWS\system32\DRIVERS\atapi.sys - copied to quarantine
19:26:11.0656 3024 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:26:11.0671 3024 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
19:26:11.0687 3024 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
19:26:11.0687 3024 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
19:26:11.0734 3024 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
19:26:11.0734 3024 \Device\Harddisk0\DR0\TDLFS\r.dll - copied to quarantine
19:26:13.0593 3024 Backup copy found, using it..
19:26:13.0640 3024 C:\WINDOWS\system32\DRIVERS\atapi.sys - will be cured on reboot
19:26:13.0640 3024 atapi ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
19:26:18.0093 2776 Deinitialize success
Good Morning,
With a nasty Rootkit there could be more so we will need to run a few additional programs
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
ComboFix 14-02-01.01 - Carolynrsl 02/01/2014 21:37:20.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.517 [GMT -6:00]
Running from: c:\documents and settings\Carolynrsl\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Carolynrsl\Local Settings\Temporary Internet Files\Spring Smart_iels
.
.
((((((((((((((((((((((((( Files Created from 2014-01-02 to 2014-02-02 )))))))))))))))))))))))))))))))
.
.
2014-02-01 01:54 . 2013-10-29 07:57 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2014-02-01 01:52 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2014-02-01 01:52 . 2013-07-03 01:59 14976 -c----w- c:\windows\system32\dllcache\usbscan.sys
2014-02-01 01:50 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2014-02-01 01:49 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2014-02-01 01:49 . 2013-07-17 00:58 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2014-02-01 01:48 . 2013-08-09 00:55 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2014-02-01 01:48 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2014-02-01 01:41 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2014-02-01 01:41 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2014-02-01 01:36 . 2012-06-02 21:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2014-02-01 01:26 . 2014-02-01 01:26 -------- d-----w- C:\TDSSKiller_Quarantine
2014-01-31 06:28 . 2014-01-31 06:28 -------- d-----w- c:\program files\ERUNT
2014-01-27 08:40 . 2014-01-27 08:45 -------- d-----w- c:\documents and settings\Carolynrsl\Local Settings\Application Data\Google
2014-01-27 08:40 . 2014-01-27 08:45 -------- d-----w- c:\program files\Google
2014-01-27 08:02 . 2014-01-27 08:16 -------- d-----w- c:\windows\SxsCaPendDel
2014-01-12 20:31 . 2014-01-12 20:31 -------- d-----w- c:\documents and settings\Carolynrsl\Local Settings\Application Data\genienext
2014-01-06 22:51 . 2013-12-05 19:34 75376 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2014-01-06 22:51 . 2010-05-26 19:41 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2014-01-06 22:51 . 2013-12-05 19:36 130672 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2014-01-06 22:51 . 2013-12-05 19:36 194552 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2014-01-06 22:51 . 2013-12-05 19:36 119408 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2014-01-06 22:51 . 2013-12-05 19:36 3449456 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2014-01-06 22:50 . 2013-12-05 19:36 3559024 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2014-01-06 22:50 . 2010-03-18 16:15 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2014-01-06 22:50 . 2010-03-18 16:15 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2014-01-06 22:50 . 2013-12-05 19:37 28272 ----a-w- c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2014-01-06 22:50 . 2013-12-05 19:37 108144 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2014-01-06 22:50 . 2013-12-05 19:37 170960 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2014-01-06 22:39 . 2014-01-06 22:39 -------- d-----w- c:\documents and settings\Carolynrsl\Application Data\WeatherBug
2014-01-06 22:39 . 2014-01-06 22:39 -------- d-----w- c:\program files\AWS
2014-01-06 22:39 . 2014-01-06 22:39 -------- d-----w- c:\documents and settings\Carolynrsl\.android
2014-01-06 22:38 . 2014-01-13 18:49 -------- d-----w- c:\documents and settings\Carolynrsl\Local Settings\Application Data\cache
2014-01-06 22:38 . 2014-01-13 18:51 -------- d-----w- c:\documents and settings\Carolynrsl\Local Settings\Application Data\Mobogenie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-01 01:27 . 2008-04-14 00:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2013-12-12 22:36 . 2012-06-03 04:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-12 22:36 . 2012-06-03 04:30 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-27 20:21 . 2009-08-11 13:03 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59 . 2009-08-11 13:03 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2009-08-11 13:03 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2009-08-11 19:30 7168 ----a-w- c:\windows\system32\xpsp4res.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2012-11-20 1653760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-11 376832]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-07 01:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Weather"=c:\program files\AWS\WeatherBug\Weather.exe 1
"NextLive"=c:\windows\system32\rundll32.exe "c:\documents and settings\Carolynrsl\Application Data\newnext.me\nengine.dll",EntryPoint -m l
"Spotify Web Helper"="c:\documents and settings\Carolynrsl\Application Data\Spotify\Data\SpotifyWebHelper.exe"
"Updater"=c:\documents and settings\All Users\Application Data\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LiveUpdate"=c:\program files\Asus\LiveUpdate\LiveUpdate.exe auto
"LXCFCATS"=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"<NO NAME>"=
"Updater"=c:\documents and settings\All Users\Application Data\Updater\Updater.exe
"TotalRecipeSearch Search Scope Monitor"="c:\progra~1\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h
"TotalRecipeSearch_14 Browser Plugin Loader"=c:\progra~1\TOTALR~2\bar\1.bin\14brmon.exe
"mobilegeni daemon"=c:\program files\Mobogenie\DaemonProcess.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\lxcfcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcfpswx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Carolynrsl\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
.
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/27/2009 7:59 PM 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [4/27/2009 11:47 PM 39040]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/11/2009 1:00 PM 1684736]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS --> c:\windows\system32\drivers\AmUStor.SYS [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [8/20/2009 6:24 AM 1015424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-27 08:45 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 22:36]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-27 08:40]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-27 08:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Carolynrsl\Application Data\Mozilla\Firefox\Profiles\y0ciztnn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=AA671E39-85F4-4F91-910B-20756E3DA426&n=77eda07a&ind=2012061818&p2=^YK^xdm003^S01928^us&si=CNPIzNHP1rACFSWFQAod_SUl1w&searchfor=
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2009-12-28 19:29; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-06-17 20:22; 14ffxtbr@TotalRecipeSearch_14.com; c:\program files\TotalRecipeSearch_14\bar\1.bin
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-47571649.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-01 21:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\igfxdev.dll
.
Completion time: 2014-02-01 21:46:39
ComboFix-quarantined-files.txt 2014-02-02 03:46
.
Pre-Run: 139,282,792,448 bytes free
Post-Run: 139,927,855,104 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - DBE5E093AC1A3C2D9CDD4391D390EA22
8F558EB6672622401DA993E1E865C861
Good Morning
Lets run some more tools
http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
I think I ran AdwCleaner correctly, it did some weird stuff.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by Carolynrsl on Tue 02/04/2014 at 10:52:56.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\pstext.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Documents and Settings\Carolynrsl\Application Data\mozilla\firefox\profiles\y0ciztnn.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Documents and Settings\Carolynrsl\Application Data\mozilla\firefox\profiles\y0ciztnn.default\searchplugins\my-web-search.xml
Successfully deleted the following from C:\Documents and Settings\Carolynrsl\Application Data\mozilla\firefox\profiles\y0ciztnn.default\prefs.js
user_pref("extensions.mywebsearch.prevKwdEnabled", true);
user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=AA671E39-85F4-4F91-910B-20756E3DA426&n=77eda07a&ind=201206181
user_pref("extensions.toolbar.mindspark._14Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=AA671E39-85F4-4F91-910B-20756E3DA426&n=77eda07a&p2=^YK^xdm003^S0192
user_pref("extensions.toolbar.mindspark._14Members_.hp.enabled", false);
user_pref("extensions.toolbar.mindspark._14Members_.hp.lastGuardTime", -1779174835);
user_pref("extensions.toolbar.mindspark._14Members_.hp.numGuards", 1);
user_pref("extensions.toolbar.mindspark._14Members_.hp.user.defined", true);
user_pref("extensions.toolbar.mindspark._14Members_.initialized", true);
user_pref("extensions.toolbar.mindspark._14Members_.installation.installDate", "2012061818");
user_pref("extensions.toolbar.mindspark._14Members_.installation.partnerId", "^YK^xdm003^S01928^us");
user_pref("extensions.toolbar.mindspark._14Members_.installation.partnerSubId", "CNPIzNHP1rACFSWFQAod_SUl1w");
user_pref("extensions.toolbar.mindspark._14Members_.installation.success", true);
user_pref("extensions.toolbar.mindspark._14Members_.installation.toolbarId", "AA671E39-85F4-4F91-910B-20756E3DA426");
user_pref("extensions.toolbar.mindspark._14Members_.lastActivePing", "1390809219839");
user_pref("extensions.toolbar.mindspark._14Members_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._14Members_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._14Members_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._14Members_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark._14Members_.weather.location", "71201");
user_pref("extensions.toolbar.mindspark.hp.enabled", false);
user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
user_pref("extensions.toolbar.mindspark.lastInstalled", "totalrecipesearch@mindspark.com");
user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=AA671E39-85F4-4F91-910B-20756E3DA426&n=77eda07a&ind=2012061818&p2=^YK^xdm003^S01928
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/04/2014 at 11:02:36.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v3.018 - Report created 04/02/2014 at 11:17:40
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Carolynrsl - ROSIELAPPY
# Running from : C:\Documents and Settings\Carolynrsl\Desktop\spybotstools\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\AskToolbar
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.Localizer
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.Localizer.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighter
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighter.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatistics
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatistics.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SNameProxy
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SNameProxy.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{937936AF-28CA-4973-B8AE-F250406149A2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\Documents and Settings\Carolynrsl\Application Data\Mozilla\Firefox\Profiles\y0ciztnn.default\prefs.js ]
-\\ Google Chrome v32.0.1700.76
[ File : C:\Documents and Settings\Carolynrsl\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2595 octets] - [04/02/2014 11:04:39]
AdwCleaner[S0].txt - [2562 octets] - [04/02/2014 11:17:40]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2622 octets] ##########
:bigthumb:
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Due to inactivity, this thread will now be closed.
If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.