1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved XP Security 2012 Malware

Discussion in 'Malware and Virus Removal Archive' started by boyracer, 2011/12/14.

Page 1 of 3
  1. 2011/12/14
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    [Resolved] XP Security 2012 Malware

    My main machine, this one, was infected by the XP Security 2012 malware. A friend directed me to this BBS where I found instructions and was able to clean the infection out.

    I was able to get MSE running. I can get online though I'm not sure I'm safe yet. As yet I am unable to update the MSE virus definitions.

    There seemed to be a problem starting all the programs I use and cannot get into the control panel at all. I can get a few going but, I cannot start many programs and thought by installing the XP install disc I could repair any corrupt files. However, I cannot get past the install windows page.

    MSE did catch these and removed them:

    On Dec 10th Blacole.H and today Dec 14th Wimpixo.E and Redirector.HQ

    I generally don't have problems with my computers. The problems I have are generally self-inflicted and easily repairable. This time I'm stumped.
     
    boyracer,
    #1
  2. 2011/12/14
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    My Malwarebytes log of Dec 13th:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7622

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/13/2011 5:03:54 PM
    mbam-log-2011-12-13 (17-03-54).txt

    Scan type: Full scan (C:\|J:\|K:\|L:\|)
    Objects scanned: 255721
    Time elapsed: 48 minute(s), 44 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 4
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    c:\documents and settings\Guertins\local settings\application data\feh.exe (Trojan.ExeShell.Gen) -> 2840 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ( "C:\Documents and Settings\Guertins\Local Settings\Application Data\feh.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe ") Good: (iexplore.exe) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\Guertins\local settings\application data\feh.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
    c:\documents and settings\Guertins\local settings\Temp\0.3553653785059656.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
    c:\documents and settings\Guertins\local settings\Temp\0.73134250387443.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
     
    boyracer,
    #2


  3. to hide this advert.

  4. 2011/12/14
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    This is the DDS log:

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9B1FDCBA-B532-4B8B-8542-78075CA3C1E6} : DhcpNameServer = 192.168.1.1
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: xmlproservice - xmlrpw32.dll
    Notify: xmlrpw32 - xmlrpw32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2011-4-10 57112]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
    R1 MpKsl324b8465;MpKsl324b8465;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{52340e5f-9079-4164-9b38-3db14fc15d5f}\MpKsl324b8465.sys [2011-12-14 29904]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    S1 MpKsl1f5c8a59;MpKsl1f5c8a59;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1879bd2c-bcc3-436b-a242-2b566809c81f}\mpksl1f5c8a59.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1879bd2c-bcc3-436b-a242-2b566809c81f}\MpKsl1f5c8a59.sys [?]
    S1 MpKsl394ae27f;MpKsl394ae27f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d0733930-9c1f-47e8-bbe3-2cad27494b30}\mpksl394ae27f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d0733930-9c1f-47e8-bbe3-2cad27494b30}\MpKsl394ae27f.sys [?]
    S1 MpKsl6ff49fcd;MpKsl6ff49fcd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9fd69d06-53a5-45b6-9480-b9a507cec844}\mpksl6ff49fcd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9fd69d06-53a5-45b6-9480-b9a507cec844}\MpKsl6ff49fcd.sys [?]
    S1 MpKsl78f7993d;MpKsl78f7993d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3984fd34-2a62-432e-aa99-55765f457c27}\mpksl78f7993d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3984fd34-2a62-432e-aa99-55765f457c27}\MpKsl78f7993d.sys [?]
    S1 MpKslf50db3a1;MpKslf50db3a1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7a595b0d-a913-4981-9d16-0396115d64d1}\mpkslf50db3a1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7a595b0d-a913-4981-9d16-0396115d64d1}\MpKslf50db3a1.sys [?]
    S2 XMLProvS;Network ProService;c:\windows\system32\svchost.exe -k xmlpros [2006-3-15 14336]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-3-15 14336]
    .
    =============== File Associations ===============
    .
    .exe=2jf
    .
    =============== Created Last 30 ================
    .
    2011-12-15 02:13:19 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{52340e5f-9079-4164-9b38-3db14fc15d5f}\MpKsl324b8465.sys
    2011-12-15 02:13:12 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{52340e5f-9079-4164-9b38-3db14fc15d5f}\offreg.dll
    2011-12-14 16:25:10 37888 ----a-w- c:\windows\system32\xmlrpw32.dll
    2011-12-10 20:37:23 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
    2011-12-10 20:37:20 -------- d-----w- c:\documents and settings\guertins\application data\TestApp
    2011-12-09 20:19:07 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{52340e5f-9079-4164-9b38-3db14fc15d5f}\mpengine.dll
    .
    ==================== Find3M ====================
    .
    2011-11-09 22:00:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .

    I am unable to run GMER at all without declaring a file association and I am unable to zip the DDS Attachment.
     
    boyracer,
    #3
  5. 2011/12/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    DDS.txt log is incomplete (top part missing).
    Repost.
    Attach.txt log has to be pasted straight not zipped (if you read instructions).

    Your MBAM definitions are very outdated.
    Update, re-run, post new log.

    aswMBR log is missing.
     
    broni,
    #4
  6. 2011/12/15
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    Yes, the AMWB were outdated but, have since been updated. I will rerun the DDS logs and post in thier entirety.

    I am unable to run aswMBR at all off the desktop.

    DDS Log:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Guertins at 15:32:37 on 2011-12-15
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1325 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ping.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.dogpile.com/
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe "
    mRun: [P17Helper] Rundll32 P17.dll,P17Helper
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [DVAPTray] c:\windows\system32\DVAPTray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\arcsoft\mediaconverter 3\Monitor.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295976966375
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9B1FDCBA-B532-4B8B-8542-78075CA3C1E6} : DhcpNameServer = 192.168.1.1
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: xmlproservice - xmlrpw32.dll
    Notify: xmlrpw32 - xmlrpw32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2011-4-10 57112]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
    R1 MpKsl8181b3f5;MpKsl8181b3f5;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{09d2cc79-77f9-470a-bba7-521640dc2742}\MpKsl8181b3f5.sys [2011-12-15 29904]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    S1 MpKsl1f5c8a59;MpKsl1f5c8a59;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1879bd2c-bcc3-436b-a242-2b566809c81f}\mpksl1f5c8a59.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1879bd2c-bcc3-436b-a242-2b566809c81f}\MpKsl1f5c8a59.sys [?]
    S1 MpKsl394ae27f;MpKsl394ae27f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d0733930-9c1f-47e8-bbe3-2cad27494b30}\mpksl394ae27f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d0733930-9c1f-47e8-bbe3-2cad27494b30}\MpKsl394ae27f.sys [?]
    S1 MpKsl6ff49fcd;MpKsl6ff49fcd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9fd69d06-53a5-45b6-9480-b9a507cec844}\mpksl6ff49fcd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9fd69d06-53a5-45b6-9480-b9a507cec844}\MpKsl6ff49fcd.sys [?]
    S1 MpKsl78f7993d;MpKsl78f7993d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3984fd34-2a62-432e-aa99-55765f457c27}\mpksl78f7993d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3984fd34-2a62-432e-aa99-55765f457c27}\MpKsl78f7993d.sys [?]
    S1 MpKslf50db3a1;MpKslf50db3a1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7a595b0d-a913-4981-9d16-0396115d64d1}\mpkslf50db3a1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7a595b0d-a913-4981-9d16-0396115d64d1}\MpKslf50db3a1.sys [?]
    S2 XMLProvS;Network ProService;c:\windows\system32\svchost.exe -k xmlpros [2006-3-15 14336]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-3-15 14336]
    .
    =============== File Associations ===============
    .
    .exe=2jf
    .
    =============== Created Last 30 ================
    .
    2011-12-15 20:29:24 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{09d2cc79-77f9-470a-bba7-521640dc2742}\MpKsl8181b3f5.sys
    2011-12-15 20:29:07 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{09d2cc79-77f9-470a-bba7-521640dc2742}\offreg.dll
    2011-12-15 20:29:02 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{09d2cc79-77f9-470a-bba7-521640dc2742}\mpengine.dll
    2011-12-14 16:25:10 37888 ----a-w- c:\windows\system32\xmlrpw32.dll
    2011-12-10 20:37:23 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
    2011-12-10 20:37:20 -------- d-----w- c:\documents and settings\guertins\application data\TestApp
    .
    ==================== Find3M ====================
    .
    2011-11-09 22:00:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 15:33:34.23 ===============


    Attach.txt log:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/24/2011 8:34:35 PM
    System Uptime: 12/15/2011 3:17:45 PM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | P5PE-VM
    Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Socket 775 | 1862/266mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 190 GiB total, 65.631 GiB free.
    D: is Removable
    E: is Removable
    F: is Removable
    G: is Removable
    H: is CDROM ()
    I: is CDROM ()
    J: is FIXED (NTFS) - 49 GiB total, 48.702 GiB free.
    K: is FIXED (NTFS) - 184 GiB total, 167.229 GiB free.
    L: is FIXED (NTFS) - 466 GiB total, 362.663 GiB free.
    M: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP314: 9/16/2011 11:10:07 AM - Software Distribution Service 3.0
    RP315: 9/17/2011 11:13:02 AM - System Checkpoint
    RP316: 9/18/2011 11:45:03 AM - Software Distribution Service 3.0
    RP317: 9/19/2011 12:34:48 PM - System Checkpoint
    RP318: 9/19/2011 12:52:00 PM - Software Distribution Service 3.0
    RP319: 9/20/2011 3:27:08 PM - Software Distribution Service 3.0
    RP320: 9/21/2011 1:01:41 PM - Software Distribution Service 3.0
    RP321: 9/22/2011 3:05:49 PM - Software Distribution Service 3.0
    RP322: 9/23/2011 1:17:27 PM - Software Distribution Service 3.0
    RP323: 9/24/2011 10:06:34 PM - Software Distribution Service 3.0
    RP324: 9/25/2011 1:14:47 PM - Software Distribution Service 3.0
    RP325: 9/26/2011 1:14:54 PM - Software Distribution Service 3.0
    RP326: 9/27/2011 12:36:41 PM - Software Distribution Service 3.0
    RP327: 9/28/2011 10:00:14 AM - Software Distribution Service 3.0
    RP328: 9/28/2011 1:21:54 PM - Software Distribution Service 3.0
    RP329: 9/29/2011 4:59:00 PM - Software Distribution Service 3.0
    RP330: 9/30/2011 9:36:52 PM - Software Distribution Service 3.0
    RP331: 10/2/2011 9:41:43 PM - Software Distribution Service 3.0
    RP332: 10/3/2011 1:28:35 PM - Software Distribution Service 3.0
    RP333: 10/4/2011 12:47:05 PM - Software Distribution Service 3.0
    RP334: 10/5/2011 1:52:28 PM - Software Distribution Service 3.0
    RP335: 10/6/2011 4:49:11 PM - Software Distribution Service 3.0
    RP336: 10/7/2011 10:06:58 PM - Software Distribution Service 3.0
    RP337: 10/9/2011 9:09:28 PM - Software Distribution Service 3.0
    RP338: 10/10/2011 1:12:21 PM - Software Distribution Service 3.0
    RP339: 10/11/2011 4:03:29 PM - Software Distribution Service 3.0
    RP340: 10/12/2011 8:24:44 PM - Software Distribution Service 3.0
    RP341: 10/14/2011 4:44:11 PM - Software Distribution Service 3.0
    RP342: 10/14/2011 6:08:35 PM - Software Distribution Service 3.0
    RP343: 10/16/2011 8:32:04 AM - Software Distribution Service 3.0
    RP344: 10/17/2011 9:19:19 AM - Software Distribution Service 3.0
    RP345: 10/17/2011 12:59:15 PM - Software Distribution Service 3.0
    RP346: 10/18/2011 3:22:39 PM - Software Distribution Service 3.0
    RP347: 10/19/2011 4:09:41 PM - System Checkpoint
    RP348: 10/19/2011 10:30:49 PM - Software Distribution Service 3.0
    RP349: 10/21/2011 8:15:23 AM - Software Distribution Service 3.0
    RP350: 10/22/2011 9:35:27 AM - Software Distribution Service 3.0
    RP351: 10/22/2011 1:14:16 PM - Software Distribution Service 3.0
    RP352: 10/23/2011 2:02:11 PM - Software Distribution Service 3.0
    RP353: 10/24/2011 3:06:00 PM - Software Distribution Service 3.0
    RP354: 10/25/2011 8:17:41 PM - Software Distribution Service 3.0
    RP355: 10/26/2011 8:23:17 PM - System Checkpoint
    RP356: 10/27/2011 9:33:20 AM - Software Distribution Service 3.0
    RP357: 10/28/2011 3:13:52 PM - Software Distribution Service 3.0
    RP358: 10/29/2011 2:36:45 PM - Installed Windows 7 Upgrade Advisor
    RP359: 10/30/2011 8:50:22 AM - Software Distribution Service 3.0
    RP360: 10/31/2011 9:18:46 AM - Software Distribution Service 3.0
    RP361: 10/31/2011 12:50:46 PM - Software Distribution Service 3.0
    RP362: 11/1/2011 4:37:11 PM - Software Distribution Service 3.0
    RP363: 11/2/2011 10:24:01 PM - Software Distribution Service 3.0
    RP364: 11/4/2011 9:00:17 AM - Software Distribution Service 3.0
    RP365: 11/4/2011 1:04:08 PM - Software Distribution Service 3.0
    RP366: 11/5/2011 1:28:29 PM - Software Distribution Service 3.0
    RP367: 11/7/2011 11:44:17 AM - Software Distribution Service 3.0
    RP368: 11/8/2011 1:55:28 PM - Software Distribution Service 3.0
    RP369: 11/8/2011 11:50:59 PM - Software Distribution Service 3.0
    RP370: 11/9/2011 5:08:37 PM - Software Distribution Service 3.0
    RP371: 11/11/2011 8:10:30 AM - Software Distribution Service 3.0
    RP372: 11/11/2011 9:11:27 AM - Software Distribution Service 3.0
    RP373: 11/12/2011 9:38:13 AM - Software Distribution Service 3.0
    RP374: 11/13/2011 4:54:36 PM - Software Distribution Service 3.0
    RP375: 11/14/2011 5:28:49 PM - System Checkpoint
    RP376: 11/16/2011 9:45:44 AM - Software Distribution Service 3.0
    RP377: 11/17/2011 11:06:02 AM - Software Distribution Service 3.0
    RP378: 11/18/2011 11:35:26 AM - System Checkpoint
    RP379: 11/18/2011 12:30:46 PM - Software Distribution Service 3.0
    RP380: 11/19/2011 12:59:58 PM - Software Distribution Service 3.0
    RP381: 11/21/2011 10:06:20 AM - Software Distribution Service 3.0
    RP382: 11/22/2011 10:56:01 AM - System Checkpoint
    RP383: 11/22/2011 1:13:39 PM - Software Distribution Service 3.0
    RP384: 11/23/2011 1:16:56 PM - Software Distribution Service 3.0
    RP385: 11/24/2011 1:19:20 PM - Software Distribution Service 3.0
    RP386: 11/25/2011 2:56:05 PM - Software Distribution Service 3.0
    RP387: 11/26/2011 3:21:32 PM - Software Distribution Service 3.0
    RP388: 11/27/2011 8:37:07 PM - Software Distribution Service 3.0
    RP389: 11/28/2011 8:47:28 PM - System Checkpoint
    RP390: 11/30/2011 9:13:32 AM - Software Distribution Service 3.0
    RP391: 12/3/2011 9:47:25 AM - Software Distribution Service 3.0
    RP392: 12/4/2011 11:10:17 AM - Software Distribution Service 3.0
    RP393: 12/5/2011 12:02:39 PM - System Checkpoint
    RP394: 12/5/2011 12:45:20 PM - Software Distribution Service 3.0
    RP395: 12/6/2011 10:03:56 PM - Software Distribution Service 3.0
    RP396: 12/8/2011 9:10:35 AM - Software Distribution Service 3.0
    RP397: 12/9/2011 3:19:02 PM - Software Distribution Service 3.0
    RP398: 12/10/2011 3:23:00 PM - System Checkpoint
    RP399: 12/14/2011 11:26:07 AM - Microsoft Antimalware Checkpoint
    .
    ==== Installed Programs ======================
    .
    6200
    6200_Help
    6200Trb
    Adobe Flash Player 11 ActiveX
    Advanced DVD PlayerPro
    AiO_Scan
    AiOSoftware
    ALTools Update
    Apple Application Support
    Apple Software Update
    ArcSoft MediaConverter 3
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    ATI MCE Control Panel
    ATI MCE Transcode
    ATI Parental Control & Encoder
    AVIVO Codecs
    BufferChm
    CCleaner
    CDBurnerXP
    Creative System Information
    Defraggler
    Destinations
    Director
    DragStrip2000 Version 3.05
    DVAPTray
    Dyno2000 Version 3.08
    Family Tree Maker 8.0
    Fax
    ffdshow [rev 3026] [2009-07-05]
    FileZilla Client 3.5.0
    Foxit Reader
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    HP Image Zone 4.7
    HP Image Zone Express
    HP Product Assistant
    HP PSC & OfficeJet 4.7
    HPSystemDiagnostics
    Java Auto Updater
    Java(TM) 6 Update 16
    Java(TM) 6 Update 24
    LogWorks3
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Marvell Miniport Driver
    Masque IGT Slots Wolf Run
    Microsoft .NET Framework 1.0 Hotfix (KB2572066)
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Accounting 2009
    Microsoft Office Accounting 2009 Equifax Addin
    Microsoft Office Accounting 2009 Fixed Asset Manager
    Microsoft Office Accounting 2009 PayPal Addin
    Microsoft Office Accounting 2009 Tax Integration Add-in
    Microsoft Office Accounting ADP Payroll Addin
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio 2005 Tools for Office Runtime
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser
    OpenOffice.org 3.1
    Panzer General 3D
    Paragon Backup & Recoveryâ„¢ 2011 (Advanced) Free
    Picasa 3
    ProductContext
    QFolder
    QuickTime
    Readme
    Revo Uninstaller 1.91
    Scan
    ScannerCopy
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2416400)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Snapshot Viewer
    Sound Blaster Audigy
    SUPERAntiSpyware
    TrayApp
    Tweak UI
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Windows (KB971513)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Virtual Engine Calculator Advanced
    WebFldrs XP
    WebReg
    Windows 7 Upgrade Advisor
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/14/2011 9:59:35 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.718.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    12/14/2011 9:40:05 PM, error: Service Control Manager [7023] - The Network ProService service terminated with the following error: The specified module could not be found.
    12/14/2011 9:34:56 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    12/14/2011 9:23:21 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.718.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    12/14/2011 9:17:22 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.718.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    12/14/2011 9:14:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
    12/14/2011 11:25:37 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.718.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    12/14/2011 1:14:07 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.718.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    12/13/2011 5:34:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/13/2011 5:32:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    12/13/2011 5:31:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    12/13/2011 5:29:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip UimBus Uim_IM
    12/13/2011 5:29:30 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    12/13/2011 5:29:30 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/13/2011 5:29:30 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/13/2011 5:29:30 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    12/13/2011 5:07:34 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    12/13/2011 4:20:45 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.718.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    12/13/2011 3:55:56 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.718.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    12/10/2011 3:43:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter SASDIFSV SASKUTIL UimBus Uim_IM
    .
    ==== End Of File ===========================

    Could I load GMER and aswMBR somewhere other than the desktop and run from there?
     
    boyracer,
    #5
  7. 2011/12/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Assuming it's MBAM I need fresh log from it.

    What happens when you try to run GMER and aswMBR?

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #6
  8. 2011/12/15
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    I'm on my laptop as I lost network connectivity over on my main machine.

    I couldn't run GMER and aswMBR as the machine would ask for an associated program. I was unable to find that like I can other programs.

    I have been able to restore the system to the last day of November and it appears to have returned to functionality. My logs for MWAB, DDS and attach.txt are still there. I understand this doesn't mean I still don't have malware residing on the machine only that I have regained most functionality.

    I am running GMER as I type. I'll post that log as soon as I get it's network connection back up.

    aswMBR has asked that I run down load Avast before I start that scan. do I really have to do that?

    I'll get the fresh MBAM log and I'll download TDSSKiller to this machine and save to that desktop.
     
    boyracer,
    #7
  9. 2011/12/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It doesn't ask for installing Avast. It only asks for your permission to download the newest AV definitions.
    Say "yes ".
     
    broni,
    #8
  10. 2011/12/17
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    Here are the lastest scanlogs.

    MBAM:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8371

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/17/2011 8:39:43 AM
    mbam-log-2011-12-17 (08-39-43).txt

    Scan type: Full scan (C:\|J:\|K:\|L:\|)
    Objects scanned: 276843
    Time elapsed: 56 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER scan

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-17 10:55:24
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6B200R0 rev.BAH41E00
    Running: gmer.exe; Driver: C:\DOCUME~1\Guertins\LOCALS~1\Temp\fxddapoc.sys


    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\SearchIndexer.exe[1892] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\$NtUninstallKB35825$\1196870823 0 bytes
    File C:\WINDOWS\$NtUninstallKB35825$\1196870823\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB35825$\1196870823\bckfg.tmp 852 bytes
    File C:\WINDOWS\$NtUninstallKB35825$\1196870823\cfg.ini 208 bytes
    File C:\WINDOWS\$NtUninstallKB35825$\1196870823\Desktop.ini 4608 bytes
    File C:\WINDOWS\$NtUninstallKB35825$\1196870823\keywords 0 bytes
    File C:\WINDOWS\$NtUninstallKB35825$\1196870823\kwrd.dll 223744 bytes
    File C:\WINDOWS\$NtUninstallKB35825$\1196870823\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB35825$\1196870823\L\pkmdlree 162816 bytes
    File C:\WINDOWS\$NtUninstallKB35825$\1196870823\lsflt7.ver 5176 bytes
    File C:\WINDOWS\$NtUninstallKB35825$\1196870823\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB35825$\1196870823\U\00000001.@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB35825$\1196870823\U\00000002.@ 224768 bytes
    File C:\WINDOWS\$NtUninstallKB35825$\1196870823\U\00000004.@ 1024 bytes
    File C:\WINDOWS\$NtUninstallKB35825$\1196870823\U\80000000.@ 1024 bytes
    File C:\WINDOWS\$NtUninstallKB35825$\1196870823\U\80000004.@ 12800 bytes
    File C:\WINDOWS\$NtUninstallKB35825$\1196870823\U\80000032.@ 98304 bytes
    File C:\WINDOWS\$NtUninstallKB35825$\721571896 0 bytes

    ---- EOF - GMER 1.0.15 ----


    aswMBR

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-17 10:57:16
    -----------------------------
    10:57:16.890 OS Version: Windows 5.1.2600 Service Pack 3
    10:57:16.890 Number of processors: 2 586 0xF02
    10:57:16.890 ComputerName: DESKTOP UserName:
    10:57:18.046 Initialize success
    10:57:27.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    10:57:27.515 Disk 0 Vendor: Maxtor_6B200R0 BAH41E00 Size: 194481MB BusType: 3
    10:57:27.515 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    10:57:27.515 Disk 1 Vendor: WDC_WD2500JB-00REA0 20.00K20 Size: 238475MB BusType: 3
    10:57:27.515 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-2b
    10:57:27.515 Disk 2 Vendor: ST3500418AS CC46 Size: 476940MB BusType: 3
    10:57:29.546 Disk 0 MBR read successfully
    10:57:29.546 Disk 0 MBR scan
    10:57:29.546 Disk 0 Windows XP default MBR code
    10:57:29.546 Disk 0 scanning sectors +398267415
    10:57:29.625 Disk 0 scanning C:\WINDOWS\system32\drivers
    10:58:19.531 Service scanning
    10:58:20.000 Service MpKsl0ada7952 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD7E431B-C4E5-4F62-9BD0-82F29A821ACB}\MpKsl0ada7952.sys **LOCKED** 32
    10:58:20.609 Modules scanning
    10:59:44.812 Disk 0 trace - called modules:
    10:59:44.859 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
    10:59:44.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89bb1ab8]
    10:59:44.859 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000062[0x89bfef18]
    10:59:44.859 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x89bc6940]
    10:59:44.859 Scan finished successfully
    11:00:14.390 Disk 0 MBR has been saved successfully to "M:\MBR.dat "
    11:00:14.406 The log file has been saved successfully to "M:\aswMBR.txt "


    ddsNotePad

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Guertins at 15:32:37 on 2011-12-15
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1325 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ping.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.dogpile.com/
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe "
    mRun: [P17Helper] Rundll32 P17.dll,P17Helper
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [DVAPTray] c:\windows\system32\DVAPTray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\arcsoft\mediaconverter 3\Monitor.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295976966375
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9B1FDCBA-B532-4B8B-8542-78075CA3C1E6} : DhcpNameServer = 192.168.1.1
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: xmlproservice - xmlrpw32.dll
    Notify: xmlrpw32 - xmlrpw32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2011-4-10 57112]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
    R1 MpKsl8181b3f5;MpKsl8181b3f5;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{09d2cc79-77f9-470a-bba7-521640dc2742}\MpKsl8181b3f5.sys [2011-12-15 29904]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    S1 MpKsl1f5c8a59;MpKsl1f5c8a59;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1879bd2c-bcc3-436b-a242-2b566809c81f}\mpksl1f5c8a59.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1879bd2c-bcc3-436b-a242-2b566809c81f}\MpKsl1f5c8a59.sys [?]
    S1 MpKsl394ae27f;MpKsl394ae27f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d0733930-9c1f-47e8-bbe3-2cad27494b30}\mpksl394ae27f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d0733930-9c1f-47e8-bbe3-2cad27494b30}\MpKsl394ae27f.sys [?]
    S1 MpKsl6ff49fcd;MpKsl6ff49fcd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9fd69d06-53a5-45b6-9480-b9a507cec844}\mpksl6ff49fcd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9fd69d06-53a5-45b6-9480-b9a507cec844}\MpKsl6ff49fcd.sys [?]
    S1 MpKsl78f7993d;MpKsl78f7993d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3984fd34-2a62-432e-aa99-55765f457c27}\mpksl78f7993d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3984fd34-2a62-432e-aa99-55765f457c27}\MpKsl78f7993d.sys [?]
    S1 MpKslf50db3a1;MpKslf50db3a1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7a595b0d-a913-4981-9d16-0396115d64d1}\mpkslf50db3a1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7a595b0d-a913-4981-9d16-0396115d64d1}\MpKslf50db3a1.sys [?]
    S2 XMLProvS;Network ProService;c:\windows\system32\svchost.exe -k xmlpros [2006-3-15 14336]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-3-15 14336]
    .
    =============== File Associations ===============
    .
    .exe=2jf
    .
    =============== Created Last 30 ================
    .
    2011-12-15 20:29:24 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{09d2cc79-77f9-470a-bba7-521640dc2742}\MpKsl8181b3f5.sys
    2011-12-15 20:29:07 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{09d2cc79-77f9-470a-bba7-521640dc2742}\offreg.dll
    2011-12-15 20:29:02 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{09d2cc79-77f9-470a-bba7-521640dc2742}\mpengine.dll
    2011-12-14 16:25:10 37888 ----a-w- c:\windows\system32\xmlrpw32.dll
    2011-12-10 20:37:23 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
    2011-12-10 20:37:20 -------- d-----w- c:\documents and settings\guertins\application data\TestApp
    .
    ==================== Find3M ====================
    .
    2011-11-09 22:00:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 15:33:34.23 ===============


    dds attach.txt log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/24/2011 8:34:35 PM
    System Uptime: 12/15/2011 3:17:45 PM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | P5PE-VM
    Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Socket 775 | 1862/266mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 190 GiB total, 65.631 GiB free.
    D: is Removable
    E: is Removable
    F: is Removable
    G: is Removable
    H: is CDROM ()
    I: is CDROM ()
    J: is FIXED (NTFS) - 49 GiB total, 48.702 GiB free.
    K: is FIXED (NTFS) - 184 GiB total, 167.229 GiB free.
    L: is FIXED (NTFS) - 466 GiB total, 362.663 GiB free.
    M: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP314: 9/16/2011 11:10:07 AM - Software Distribution Service 3.0
    RP315: 9/17/2011 11:13:02 AM - System Checkpoint
    RP316: 9/18/2011 11:45:03 AM - Software Distribution Service 3.0
    RP317: 9/19/2011 12:34:48 PM - System Checkpoint
    RP318: 9/19/2011 12:52:00 PM - Software Distribution Service 3.0
    RP319: 9/20/2011 3:27:08 PM - Software Distribution Service 3.0
    RP320: 9/21/2011 1:01:41 PM - Software Distribution Service 3.0
    RP321: 9/22/2011 3:05:49 PM - Software Distribution Service 3.0
    RP322: 9/23/2011 1:17:27 PM - Software Distribution Service 3.0
    RP323: 9/24/2011 10:06:34 PM - Software Distribution Service 3.0
    RP324: 9/25/2011 1:14:47 PM - Software Distribution Service 3.0
    RP325: 9/26/2011 1:14:54 PM - Software Distribution Service 3.0
    RP326: 9/27/2011 12:36:41 PM - Software Distribution Service 3.0
    RP327: 9/28/2011 10:00:14 AM - Software Distribution Service 3.0
    RP328: 9/28/2011 1:21:54 PM - Software Distribution Service 3.0
    RP329: 9/29/2011 4:59:00 PM - Software Distribution Service 3.0
    RP330: 9/30/2011 9:36:52 PM - Software Distribution Service 3.0
    RP331: 10/2/2011 9:41:43 PM - Software Distribution Service 3.0
    RP332: 10/3/2011 1:28:35 PM - Software Distribution Service 3.0
    RP333: 10/4/2011 12:47:05 PM - Software Distribution Service 3.0
    RP334: 10/5/2011 1:52:28 PM - Software Distribution Service 3.0
    RP335: 10/6/2011 4:49:11 PM - Software Distribution Service 3.0
    RP336: 10/7/2011 10:06:58 PM - Software Distribution Service 3.0
    RP337: 10/9/2011 9:09:28 PM - Software Distribution Service 3.0
    RP338: 10/10/2011 1:12:21 PM - Software Distribution Service 3.0
    RP339: 10/11/2011 4:03:29 PM - Software Distribution Service 3.0
    RP340: 10/12/2011 8:24:44 PM - Software Distribution Service 3.0
    RP341: 10/14/2011 4:44:11 PM - Software Distribution Service 3.0
    RP342: 10/14/2011 6:08:35 PM - Software Distribution Service 3.0
    RP343: 10/16/2011 8:32:04 AM - Software Distribution Service 3.0
    RP344: 10/17/2011 9:19:19 AM - Software Distribution Service 3.0
    RP345: 10/17/2011 12:59:15 PM - Software Distribution Service 3.0
    RP346: 10/18/2011 3:22:39 PM - Software Distribution Service 3.0
    RP347: 10/19/2011 4:09:41 PM - System Checkpoint
    RP348: 10/19/2011 10:30:49 PM - Software Distribution Service 3.0
    RP349: 10/21/2011 8:15:23 AM - Software Distribution Service 3.0
    RP350: 10/22/2011 9:35:27 AM - Software Distribution Service 3.0
    RP351: 10/22/2011 1:14:16 PM - Software Distribution Service 3.0
    RP352: 10/23/2011 2:02:11 PM - Software Distribution Service 3.0
    RP353: 10/24/2011 3:06:00 PM - Software Distribution Service 3.0
    RP354: 10/25/2011 8:17:41 PM - Software Distribution Service 3.0
    RP355: 10/26/2011 8:23:17 PM - System Checkpoint
    RP356: 10/27/2011 9:33:20 AM - Software Distribution Service 3.0
    RP357: 10/28/2011 3:13:52 PM - Software Distribution Service 3.0
    RP358: 10/29/2011 2:36:45 PM - Installed Windows 7 Upgrade Advisor
    RP359: 10/30/2011 8:50:22 AM - Software Distribution Service 3.0
    RP360: 10/31/2011 9:18:46 AM - Software Distribution Service 3.0
    RP361: 10/31/2011 12:50:46 PM - Software Distribution Service 3.0
    RP362: 11/1/2011 4:37:11 PM - Software Distribution Service 3.0
    RP363: 11/2/2011 10:24:01 PM - Software Distribution Service 3.0
    RP364: 11/4/2011 9:00:17 AM - Software Distribution Service 3.0
    RP365: 11/4/2011 1:04:08 PM - Software Distribution Service 3.0
    RP366: 11/5/2011 1:28:29 PM - Software Distribution Service 3.0
    RP367: 11/7/2011 11:44:17 AM - Software Distribution Service 3.0
    RP368: 11/8/2011 1:55:28 PM - Software Distribution Service 3.0
    RP369: 11/8/2011 11:50:59 PM - Software Distribution Service 3.0
    RP370: 11/9/2011 5:08:37 PM - Software Distribution Service 3.0
    RP371: 11/11/2011 8:10:30 AM - Software Distribution Service 3.0
    RP372: 11/11/2011 9:11:27 AM - Software Distribution Service 3.0
    RP373: 11/12/2011 9:38:13 AM - Software Distribution Service 3.0
    RP374: 11/13/2011 4:54:36 PM - Software Distribution Service 3.0
    RP375: 11/14/2011 5:28:49 PM - System Checkpoint
    RP376: 11/16/2011 9:45:44 AM - Software Distribution Service 3.0
    RP377: 11/17/2011 11:06:02 AM - Software Distribution Service 3.0
    RP378: 11/18/2011 11:35:26 AM - System Checkpoint
    RP379: 11/18/2011 12:30:46 PM - Software Distribution Service 3.0
    RP380: 11/19/2011 12:59:58 PM - Software Distribution Service 3.0
    RP381: 11/21/2011 10:06:20 AM - Software Distribution Service 3.0
    RP382: 11/22/2011 10:56:01 AM - System Checkpoint
    RP383: 11/22/2011 1:13:39 PM - Software Distribution Service 3.0
    RP384: 11/23/2011 1:16:56 PM - Software Distribution Service 3.0
    RP385: 11/24/2011 1:19:20 PM - Software Distribution Service 3.0
    RP386: 11/25/2011 2:56:05 PM - Software Distribution Service 3.0
    RP387: 11/26/2011 3:21:32 PM - Software Distribution Service 3.0
    RP388: 11/27/2011 8:37:07 PM - Software Distribution Service 3.0
    RP389: 11/28/2011 8:47:28 PM - System Checkpoint
    RP390: 11/30/2011 9:13:32 AM - Software Distribution Service 3.0
    RP391: 12/3/2011 9:47:25 AM - Software Distribution Service 3.0
    RP392: 12/4/2011 11:10:17 AM - Software Distribution Service 3.0
    RP393: 12/5/2011 12:02:39 PM - System Checkpoint
    RP394: 12/5/2011 12:45:20 PM - Software Distribution Service 3.0
    RP395: 12/6/2011 10:03:56 PM - Software Distribution Service 3.0
    RP396: 12/8/2011 9:10:35 AM - Software Distribution Service 3.0
    RP397: 12/9/2011 3:19:02 PM - Software Distribution Service 3.0
    RP398: 12/10/2011 3:23:00 PM - System Checkpoint
    RP399: 12/14/2011 11:26:07 AM - Microsoft Antimalware Checkpoint
    .
    ==== Installed Programs ======================
    .
    6200
    6200_Help
    6200Trb
    Adobe Flash Player 11 ActiveX
    Advanced DVD PlayerPro
    AiO_Scan
    AiOSoftware
    ALTools Update
    Apple Application Support
    Apple Software Update
    ArcSoft MediaConverter 3
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    ATI MCE Control Panel
    ATI MCE Transcode
    ATI Parental Control & Encoder
    AVIVO Codecs
    BufferChm
    CCleaner
    CDBurnerXP
    Creative System Information
    Defraggler
    Destinations
    Director
    DragStrip2000 Version 3.05
    DVAPTray
    Dyno2000 Version 3.08
    Family Tree Maker 8.0
    Fax
    ffdshow [rev 3026] [2009-07-05]
    FileZilla Client 3.5.0
    Foxit Reader
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    HP Image Zone 4.7
    HP Image Zone Express
    HP Product Assistant
    HP PSC & OfficeJet 4.7
    HPSystemDiagnostics
    Java Auto Updater
    Java(TM) 6 Update 16
    Java(TM) 6 Update 24
    LogWorks3
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Marvell Miniport Driver
    Masque IGT Slots Wolf Run
    Microsoft .NET Framework 1.0 Hotfix (KB2572066)
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Accounting 2009
    Microsoft Office Accounting 2009 Equifax Addin
    Microsoft Office Accounting 2009 Fixed Asset Manager
    Microsoft Office Accounting 2009 PayPal Addin
    Microsoft Office Accounting 2009 Tax Integration Add-in
    Microsoft Office Accounting ADP Payroll Addin
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio 2005 Tools for Office Runtime
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser
    OpenOffice.org 3.1
    Panzer General 3D
    Paragon Backup & Recoveryâ„¢ 2011 (Advanced) Free
    Picasa 3
    ProductContext
    QFolder
    QuickTime
    Readme
    Revo Uninstaller 1.91
    Scan
    ScannerCopy
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2416400)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Snapshot Viewer
    Sound Blaster Audigy
    SUPERAntiSpyware
    TrayApp
    Tweak UI
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Windows (KB971513)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Virtual Engine Calculator Advanced
    WebFldrs XP
    WebReg
    Windows 7 Upgrade Advisor
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/14/2011 9:59:35 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.718.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    12/14/2011 9:40:05 PM, error: Service Control Manager [7023] - The Network ProService service terminated with the following error: The specified module could not be found.
    12/14/2011 9:34:56 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    12/14/2011 9:23:21 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.718.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    12/14/2011 9:17:22 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.718.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    12/14/2011 9:14:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
    12/14/2011 11:25:37 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.718.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    12/14/2011 1:14:07 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.718.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    12/13/2011 5:34:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/13/2011 5:32:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    12/13/2011 5:31:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    12/13/2011 5:29:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip UimBus Uim_IM
    12/13/2011 5:29:30 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    12/13/2011 5:29:30 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/13/2011 5:29:30 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/13/2011 5:29:30 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    12/13/2011 5:07:34 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    12/13/2011 4:20:45 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.718.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    12/13/2011 3:55:56 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.718.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    12/10/2011 3:43:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter SASDIFSV SASKUTIL UimBus Uim_IM
    .
    ==== End Of File ===========================


    I ran tdsskiller. I was unable to save and paste the log here but, the scan showed no results.
     
    boyracer,
    #9
  11. 2011/12/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Then....

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #10
  12. 2011/12/18
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    Here is the TDSSKiller log:

    11:00:59.0656 2904 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
    11:00:59.0703 2904 ============================================================
    11:00:59.0703 2904 Current date / time: 2011/12/17 11:00:59.0703
    11:00:59.0703 2904 SystemInfo:
    11:00:59.0703 2904
    11:00:59.0703 2904 OS Version: 5.1.2600 ServicePack: 3.0
    11:00:59.0703 2904 Product type: Workstation
    11:00:59.0703 2904 ComputerName: DESKTOP
    11:00:59.0703 2904 UserName: Guertins
    11:00:59.0703 2904 Windows directory: C:\WINDOWS
    11:00:59.0703 2904 System windows directory: C:\WINDOWS
    11:00:59.0703 2904 Processor architecture: Intel x86
    11:00:59.0703 2904 Number of processors: 2
    11:00:59.0703 2904 Page size: 0x1000
    11:00:59.0703 2904 Boot type: Normal boot
    11:00:59.0703 2904 ============================================================
    11:01:01.0671 2904 Initialize success
    11:01:09.0062 2000 ============================================================
    11:01:09.0062 2000 Scan started
    11:01:09.0062 2000 Mode: Manual;
    11:01:09.0062 2000 ============================================================
    11:01:09.0937 2000 Abiosdsk - ok
    11:01:09.0984 2000 abp480n5 - ok
    11:01:10.0093 2000 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    11:01:10.0093 2000 ACPI - ok
    11:01:10.0156 2000 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    11:01:10.0156 2000 ACPIEC - ok
    11:01:10.0218 2000 adpu160m - ok
    11:01:10.0281 2000 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    11:01:10.0281 2000 aec - ok
    11:01:10.0328 2000 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    11:01:10.0328 2000 AFD - ok
    11:01:10.0343 2000 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    11:01:10.0359 2000 agp440 - ok
    11:01:10.0375 2000 Aha154x - ok
    11:01:10.0406 2000 aic78u2 - ok
    11:01:10.0421 2000 aic78xx - ok
    11:01:10.0453 2000 AliIde - ok
    11:01:10.0468 2000 amsint - ok
    11:01:10.0500 2000 asc - ok
    11:01:10.0531 2000 asc3350p - ok
    11:01:10.0546 2000 asc3550 - ok
    11:01:10.0593 2000 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    11:01:10.0593 2000 AsyncMac - ok
    11:01:10.0609 2000 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    11:01:10.0609 2000 atapi - ok
    11:01:10.0625 2000 Atdisk - ok
    11:01:10.0718 2000 ati2mtag (e78b73eb84c257d0d940e041742d2699) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    11:01:10.0734 2000 ati2mtag - ok
    11:01:10.0781 2000 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    11:01:10.0781 2000 Atmarpc - ok
    11:01:10.0843 2000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    11:01:10.0843 2000 audstub - ok
    11:01:10.0890 2000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    11:01:10.0890 2000 Beep - ok
    11:01:10.0968 2000 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    11:01:10.0968 2000 cbidf2k - ok
    11:01:11.0000 2000 cd20xrnt - ok
    11:01:11.0031 2000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    11:01:11.0031 2000 Cdaudio - ok
    11:01:11.0046 2000 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    11:01:11.0046 2000 Cdfs - ok
    11:01:11.0125 2000 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    11:01:11.0125 2000 Cdrom - ok
    11:01:11.0140 2000 Changer - ok
    11:01:11.0171 2000 CmdIde - ok
    11:01:11.0187 2000 Cpqarray - ok
    11:01:11.0234 2000 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
    11:01:11.0234 2000 ctsfm2k - ok
    11:01:11.0343 2000 dac2w2k - ok
    11:01:11.0390 2000 dac960nt - ok
    11:01:11.0484 2000 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    11:01:11.0484 2000 Disk - ok
    11:01:11.0687 2000 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    11:01:11.0734 2000 dmboot - ok
    11:01:11.0765 2000 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    11:01:11.0765 2000 dmio - ok
    11:01:11.0875 2000 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    11:01:11.0875 2000 dmload - ok
    11:01:12.0000 2000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    11:01:12.0015 2000 DMusic - ok
    11:01:12.0156 2000 dpti2o - ok
    11:01:12.0203 2000 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    11:01:12.0203 2000 drmkaud - ok
    11:01:12.0250 2000 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    11:01:12.0250 2000 Fastfat - ok
    11:01:12.0281 2000 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    11:01:12.0281 2000 Fdc - ok
    11:01:12.0296 2000 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    11:01:12.0296 2000 Fips - ok
    11:01:12.0328 2000 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    11:01:12.0328 2000 Flpydisk - ok
    11:01:12.0359 2000 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    11:01:12.0359 2000 FltMgr - ok
    11:01:12.0390 2000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    11:01:12.0390 2000 Fs_Rec - ok
    11:01:12.0421 2000 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    11:01:12.0421 2000 Ftdisk - ok
    11:01:12.0453 2000 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    11:01:12.0453 2000 Gpc - ok
    11:01:12.0687 2000 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    11:01:12.0687 2000 HidUsb - ok
    11:01:12.0750 2000 hotcore3 (8be9369d385dc0fdf86a59f70d90ae79) C:\WINDOWS\system32\DRIVERS\hotcore3.sys
    11:01:12.0750 2000 hotcore3 - ok
    11:01:12.0781 2000 hpn - ok
    11:01:12.0812 2000 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    11:01:12.0812 2000 HPZid412 - ok
    11:01:12.0812 2000 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    11:01:12.0812 2000 HPZipr12 - ok
    11:01:12.0859 2000 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    11:01:12.0859 2000 HPZius12 - ok
    11:01:12.0921 2000 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    11:01:12.0921 2000 HTTP - ok
    11:01:12.0968 2000 i2omgmt - ok
    11:01:13.0000 2000 i2omp - ok
    11:01:13.0015 2000 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    11:01:13.0015 2000 i8042prt - ok
    11:01:13.0062 2000 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    11:01:13.0062 2000 Imapi - ok
    11:01:13.0093 2000 ini910u - ok
    11:01:13.0125 2000 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    11:01:13.0125 2000 IntelIde - ok
    11:01:13.0140 2000 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    11:01:13.0156 2000 intelppm - ok
    11:01:13.0234 2000 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    11:01:13.0250 2000 Ip6Fw - ok
    11:01:13.0328 2000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    11:01:13.0328 2000 IpFilterDriver - ok
    11:01:13.0531 2000 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    11:01:13.0531 2000 IpInIp - ok
    11:01:13.0593 2000 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    11:01:13.0593 2000 IpNat - ok
    11:01:13.0640 2000 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    11:01:13.0640 2000 IPSec - ok
    11:01:13.0671 2000 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    11:01:13.0671 2000 IRENUM - ok
    11:01:13.0718 2000 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    11:01:13.0718 2000 isapnp - ok
    11:01:13.0781 2000 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    11:01:13.0781 2000 Kbdclass - ok
    11:01:13.0828 2000 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    11:01:13.0828 2000 kmixer - ok
    11:01:13.0859 2000 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    11:01:13.0875 2000 KSecDD - ok
    11:01:13.0890 2000 lbrtfdc - ok
    11:01:13.0984 2000 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
    11:01:13.0984 2000 ltmodem5 - ok
    11:01:14.0046 2000 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    11:01:14.0046 2000 MHNDRV - ok
    11:01:14.0140 2000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    11:01:14.0140 2000 mnmdd - ok
    11:01:14.0171 2000 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    11:01:14.0187 2000 Modem - ok
    11:01:14.0218 2000 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    11:01:14.0218 2000 MODEMCSA - ok
    11:01:14.0250 2000 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    11:01:14.0250 2000 Mouclass - ok
    11:01:14.0296 2000 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    11:01:14.0296 2000 mouhid - ok
    11:01:14.0312 2000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    11:01:14.0312 2000 MountMgr - ok
    11:01:14.0343 2000 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    11:01:14.0375 2000 MpFilter - ok
    11:01:14.0453 2000 MpKsl0ada7952 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD7E431B-C4E5-4F62-9BD0-82F29A821ACB}\MpKsl0ada7952.sys
    11:01:14.0453 2000 MpKsl0ada7952 - ok
    11:01:14.0468 2000 MpKsl1f5c8a59 - ok
    11:01:14.0484 2000 MpKsl2bf43507 - ok
    11:01:14.0500 2000 MpKsl394ae27f - ok
    11:01:14.0500 2000 MpKsl6ff49fcd - ok
    11:01:14.0500 2000 MpKsl78f7993d - ok
    11:01:14.0515 2000 MpKslf50db3a1 - ok
    11:01:14.0578 2000 mraid35x - ok
    11:01:14.0718 2000 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    11:01:14.0718 2000 MRxDAV - ok
    11:01:15.0203 2000 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    11:01:15.0203 2000 MRxSmb - ok
    11:01:15.0375 2000 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    11:01:15.0375 2000 Msfs - ok
    11:01:15.0468 2000 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    11:01:15.0500 2000 MSKSSRV - ok
    11:01:15.0546 2000 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    11:01:15.0546 2000 MSPCLOCK - ok
    11:01:15.0578 2000 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    11:01:15.0578 2000 MSPQM - ok
    11:01:15.0609 2000 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    11:01:15.0609 2000 mssmbios - ok
    11:01:15.0718 2000 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    11:01:15.0718 2000 Mup - ok
    11:01:15.0781 2000 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    11:01:15.0781 2000 NDIS - ok
    11:01:15.0843 2000 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    11:01:15.0843 2000 NdisTapi - ok
    11:01:15.0906 2000 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    11:01:15.0906 2000 Ndisuio - ok
    11:01:15.0968 2000 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    11:01:15.0968 2000 NdisWan - ok
    11:01:16.0031 2000 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    11:01:16.0031 2000 NDProxy - ok
    11:01:16.0109 2000 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    11:01:16.0109 2000 NetBIOS - ok
    11:01:16.0156 2000 NetBT - ok
    11:01:16.0234 2000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    11:01:16.0250 2000 Npfs - ok
    11:01:16.0312 2000 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    11:01:16.0328 2000 Ntfs - ok
    11:01:16.0406 2000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    11:01:16.0406 2000 Null - ok
    11:01:16.0453 2000 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    11:01:16.0453 2000 NwlnkFlt - ok
    11:01:16.0468 2000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    11:01:16.0468 2000 NwlnkFwd - ok
    11:01:16.0515 2000 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
    11:01:16.0515 2000 ossrv - ok
    11:01:16.0671 2000 P17 (1db419cb76493f6292ccfbdc3466f5ff) C:\WINDOWS\system32\drivers\P17.sys
    11:01:16.0687 2000 P17 - ok
    11:01:16.0765 2000 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    11:01:16.0765 2000 Parport - ok
    11:01:17.0031 2000 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    11:01:17.0031 2000 PartMgr - ok
    11:01:17.0234 2000 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    11:01:17.0234 2000 ParVdm - ok
    11:01:17.0296 2000 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    11:01:17.0296 2000 PCI - ok
    11:01:17.0312 2000 PCIDump - ok
    11:01:17.0343 2000 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
    11:01:17.0343 2000 PCIIde - ok
    11:01:17.0390 2000 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    11:01:17.0390 2000 Pcmcia - ok
    11:01:17.0421 2000 PDCOMP - ok
    11:01:17.0437 2000 PDFRAME - ok
    11:01:17.0453 2000 PDRELI - ok
    11:01:17.0468 2000 PDRFRAME - ok
    11:01:17.0484 2000 perc2 - ok
    11:01:17.0500 2000 perc2hib - ok
    11:01:17.0531 2000 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    11:01:17.0531 2000 PptpMiniport - ok
    11:01:17.0562 2000 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    11:01:17.0562 2000 PSched - ok
    11:01:17.0593 2000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    11:01:17.0593 2000 Ptilink - ok
    11:01:17.0625 2000 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    11:01:17.0625 2000 PxHelp20 - ok
    11:01:17.0640 2000 ql1080 - ok
    11:01:17.0656 2000 Ql10wnt - ok
    11:01:17.0687 2000 ql12160 - ok
    11:01:17.0703 2000 ql1240 - ok
    11:01:17.0718 2000 ql1280 - ok
    11:01:17.0734 2000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    11:01:17.0734 2000 RasAcd - ok
    11:01:17.0765 2000 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    11:01:17.0765 2000 Rasl2tp - ok
    11:01:17.0796 2000 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    11:01:17.0796 2000 RasPppoe - ok
    11:01:17.0812 2000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    11:01:17.0812 2000 Raspti - ok
    11:01:17.0843 2000 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    11:01:17.0843 2000 Rdbss - ok
    11:01:17.0875 2000 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    11:01:17.0890 2000 RDPCDD - ok
    11:01:17.0906 2000 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    11:01:17.0906 2000 rdpdr - ok
    11:01:18.0000 2000 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    11:01:18.0000 2000 RDPWD - ok
    11:01:18.0031 2000 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    11:01:18.0031 2000 redbook - ok
    11:01:18.0109 2000 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    11:01:18.0109 2000 SASDIFSV - ok
    11:01:18.0125 2000 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    11:01:18.0125 2000 SASKUTIL - ok
    11:01:18.0171 2000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    11:01:18.0171 2000 Secdrv - ok
    11:01:18.0218 2000 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    11:01:18.0218 2000 serenum - ok
    11:01:18.0281 2000 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    11:01:18.0281 2000 Serial - ok
    11:01:18.0468 2000 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    11:01:18.0468 2000 Sfloppy - ok
    11:01:18.0671 2000 Simbad - ok
    11:01:18.0781 2000 Sparrow - ok
    11:01:18.0875 2000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    11:01:18.0875 2000 splitter - ok
    11:01:18.0968 2000 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    11:01:18.0968 2000 sr - ok
    11:01:19.0015 2000 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    11:01:19.0015 2000 Srv - ok
    11:01:19.0078 2000 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
    11:01:19.0078 2000 StarOpen - ok
    11:01:19.0109 2000 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    11:01:19.0109 2000 swenum - ok
    11:01:19.0140 2000 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    11:01:19.0140 2000 swmidi - ok
    11:01:19.0171 2000 symc810 - ok
    11:01:19.0187 2000 symc8xx - ok
    11:01:19.0218 2000 sym_hi - ok
    11:01:19.0250 2000 sym_u3 - ok
    11:01:19.0281 2000 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    11:01:19.0281 2000 sysaudio - ok
    11:01:19.0343 2000 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    11:01:19.0343 2000 Tcpip - ok
    11:01:19.0390 2000 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    11:01:19.0390 2000 TDPIPE - ok
    11:01:19.0437 2000 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    11:01:19.0437 2000 TDTCP - ok
    11:01:19.0468 2000 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    11:01:19.0468 2000 TermDD - ok
    11:01:19.0500 2000 TosIde - ok
    11:01:19.0531 2000 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    11:01:19.0531 2000 Udfs - ok
    11:01:19.0578 2000 UimBus (16264d4a7f052a7cc516b23e00b14213) C:\WINDOWS\system32\DRIVERS\UimBus.sys
    11:01:19.0593 2000 UimBus - ok
    11:01:19.0625 2000 Uim_IM (811e4296913821ce402b9e6629740350) C:\WINDOWS\system32\Drivers\Uim_IM.sys
    11:01:19.0625 2000 Uim_IM - ok
    11:01:19.0671 2000 ultra - ok
    11:01:19.0703 2000 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    11:01:19.0703 2000 Update - ok
    11:01:19.0750 2000 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    11:01:19.0750 2000 usbccgp - ok
    11:01:19.0765 2000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    11:01:19.0765 2000 usbehci - ok
    11:01:19.0812 2000 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    11:01:19.0812 2000 usbhub - ok
    11:01:19.0843 2000 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    11:01:19.0843 2000 usbprint - ok
    11:01:19.0859 2000 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    11:01:19.0859 2000 usbscan - ok
    11:01:19.0890 2000 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    11:01:19.0890 2000 usbstor - ok
    11:01:19.0906 2000 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    11:01:19.0906 2000 usbuhci - ok
    11:01:20.0031 2000 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    11:01:20.0031 2000 VgaSave - ok
    11:01:20.0140 2000 ViaIde - ok
    11:01:20.0343 2000 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    11:01:20.0343 2000 VolSnap - ok
    11:01:20.0468 2000 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    11:01:20.0468 2000 Wanarp - ok
    11:01:20.0578 2000 WDICA - ok
    11:01:20.0718 2000 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    11:01:20.0718 2000 wdmaud - ok
    11:01:21.0156 2000 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    11:01:21.0203 2000 WudfPf - ok
    11:01:21.0312 2000 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    11:01:21.0328 2000 WudfRd - ok
    11:01:21.0437 2000 yukonwxp (ae9573e9563771c7f2f333e728fe7e76) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
    11:01:21.0437 2000 yukonwxp - ok
    11:01:21.0453 2000 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    11:01:21.0562 2000 \Device\Harddisk0\DR0 - ok
    11:01:21.0562 2000 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    11:01:21.0718 2000 \Device\Harddisk1\DR1 - ok
    11:01:21.0718 2000 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
    11:01:21.0890 2000 \Device\Harddisk2\DR2 - ok
    11:01:21.0890 2000 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk7\DR11
    11:01:21.0890 2000 \Device\Harddisk7\DR11 - ok
    11:01:21.0921 2000 Boot (0x1200) (67cfcc0fcb0f5fd1a05d7b6aee5d4345) \Device\Harddisk0\DR0\Partition0
    11:01:21.0921 2000 \Device\Harddisk0\DR0\Partition0 - ok
    11:01:21.0921 2000 Boot (0x1200) (50f6938f840e3bc5c248e47fbfcbef6f) \Device\Harddisk1\DR1\Partition0
    11:01:21.0921 2000 \Device\Harddisk1\DR1\Partition0 - ok
    11:01:21.0921 2000 Boot (0x1200) (b1d98582ef2f177e632becb7bbae14f3) \Device\Harddisk1\DR1\Partition1
    11:01:21.0921 2000 \Device\Harddisk1\DR1\Partition1 - ok
    11:01:21.0937 2000 Boot (0x1200) (45c8e56608cde22024ba81f7c48cded6) \Device\Harddisk2\DR2\Partition0
    11:01:21.0937 2000 \Device\Harddisk2\DR2\Partition0 - ok
    11:01:21.0937 2000 Boot (0x1200) (51bbfebcbce2cc593ca7597d63671967) \Device\Harddisk7\DR11\Partition0
    11:01:21.0937 2000 \Device\Harddisk7\DR11\Partition0 - ok
    11:01:21.0937 2000 ============================================================
    11:01:21.0937 2000 Scan finished
    11:01:21.0937 2000 ============================================================
    11:01:21.0953 2136 Detected object count: 0
    11:01:21.0953 2136 Actual detected object count: 0
    11:04:25.0156 0344 Deinitialize success


    TheComboFix Log:

    ComboFix 11-12-17.02 - Guertins 12/18/2011 14:22:27.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1534 [GMT -5:00]
    Running from: c:\documents and settings\Guertins\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Guertins\Application Data\PriceGong
    c:\documents and settings\Guertins\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Guertins\WINDOWS
    c:\program files\StartNow Toolbar
    c:\program files\StartNow Toolbar\Resources\images\engine_images.png
    c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
    c:\program files\StartNow Toolbar\Resources\images\engine_news.png
    c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
    c:\program files\StartNow Toolbar\Resources\images\engine_web.png
    c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
    c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
    c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
    c:\program files\StartNow Toolbar\Resources\images\icon_games.png
    c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
    c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
    c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
    c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
    c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
    c:\program files\StartNow Toolbar\Resources\installer.xml
    c:\program files\StartNow Toolbar\Resources\protect\index.html
    c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
    c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
    c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
    c:\program files\StartNow Toolbar\Resources\protect\window.css
    c:\program files\StartNow Toolbar\Resources\protect\window.js
    c:\program files\StartNow Toolbar\Resources\reactivate\index.html
    c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
    c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
    c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
    c:\program files\StartNow Toolbar\Resources\reactivate\window.css
    c:\program files\StartNow Toolbar\Resources\reactivate\window.js
    c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
    c:\program files\StartNow Toolbar\Resources\skin\separator.png
    c:\program files\StartNow Toolbar\Resources\skin\splitter.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
    c:\program files\StartNow Toolbar\Resources\toolbar.xml
    c:\program files\StartNow Toolbar\Resources\update.xml
    c:\program files\StartNow Toolbar\ToolbarUpdaterService(2).exe
    c:\program files\StartNow Toolbar\uninstall.dat
    c:\windows\$NtUninstallKB35825$
    c:\windows\$NtUninstallKB35825$\1196870823\@
    c:\windows\$NtUninstallKB35825$\1196870823\bckfg.tmp
    c:\windows\$NtUninstallKB35825$\1196870823\cfg.ini
    c:\windows\$NtUninstallKB35825$\1196870823\Desktop.ini
    c:\windows\$NtUninstallKB35825$\1196870823\keywords
    c:\windows\$NtUninstallKB35825$\1196870823\kwrd.dll
    c:\windows\$NtUninstallKB35825$\1196870823\L\pkmdlree
    c:\windows\$NtUninstallKB35825$\1196870823\lsflt7.ver
    c:\windows\$NtUninstallKB35825$\1196870823\U\00000001.@
    c:\windows\$NtUninstallKB35825$\1196870823\U\00000002.@
    c:\windows\$NtUninstallKB35825$\1196870823\U\00000004.@
    c:\windows\$NtUninstallKB35825$\1196870823\U\80000000.@
    c:\windows\$NtUninstallKB35825$\1196870823\U\80000004.@
    c:\windows\$NtUninstallKB35825$\1196870823\U\80000032.@
    c:\windows\$NtUninstallKB35825$\721571896
    c:\windows\CSC\d6
    c:\windows\EventSystem.log
    c:\windows\settings.reg
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-15 21:00 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD7E431B-C4E5-4F62-9BD0-82F29A821ACB}\mpengine.dll
    2011-12-15 20:58 . 2011-12-15 20:58 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-12-14 16:25 . 2011-12-14 16:25 37888 ----a-w- c:\windows\system32\xmlrpw32.dll
    2011-12-13 21:31 . 2011-12-13 21:31 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
    2011-12-10 20:37 . 2011-12-10 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2011-12-10 20:37 . 2011-12-10 20:37 -------- d-----w- c:\documents and settings\Guertins\Application Data\TestApp
    2011-12-08 02:04 . 2011-12-08 02:04 -------- d-----w- c:\program files\Common Files\Apple
    2011-12-08 02:03 . 2011-12-08 02:04 -------- d-----w- c:\program files\QuickTime
    2011-12-08 02:03 . 2011-12-08 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-21 10:47 . 2011-01-26 03:49 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-11-09 22:00 . 2011-11-09 22:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-10 14:22 . 2011-01-25 01:29 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06 . 2006-03-15 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41 . 2006-03-15 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41 . 2006-03-15 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
    "P17Helper "= "P17.dll" [2005-05-03 64512]
    "UpdReg "= "c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "ArcSoft Connection Service "= "c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
    "DVAPTray "= "c:\windows\System32\DVAPTray.exe" [2009-10-30 188416]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Device Monitor.lnk - c:\program files\ArcSoft\MediaConverter 3\Monitor.exe [2011-5-26 139264]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\WINDOWS\\system32\\mmc.exe "=
    "c:\\WINDOWS\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP "= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [4/10/2011 12:57 PM 57112]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
    S1 MpKsl1f5c8a59;MpKsl1f5c8a59;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1879BD2C-BCC3-436B-A242-2B566809C81F}\MpKsl1f5c8a59.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1879BD2C-BCC3-436B-A242-2B566809C81F}\MpKsl1f5c8a59.sys [?]
    S1 MpKsl2bf43507;MpKsl2bf43507;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CB6462B-5BD2-437E-BE86-16256A0154BF}\MpKsl2bf43507.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8CB6462B-5BD2-437E-BE86-16256A0154BF}\MpKsl2bf43507.sys [?]
    S1 MpKsl394ae27f;MpKsl394ae27f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0733930-9C1F-47E8-BBE3-2CAD27494B30}\MpKsl394ae27f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0733930-9C1F-47E8-BBE3-2CAD27494B30}\MpKsl394ae27f.sys [?]
    S1 MpKsl6ff49fcd;MpKsl6ff49fcd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FD69D06-53A5-45B6-9480-B9A507CEC844}\MpKsl6ff49fcd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FD69D06-53A5-45B6-9480-B9A507CEC844}\MpKsl6ff49fcd.sys [?]
    S1 MpKsl78f7993d;MpKsl78f7993d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3984FD34-2A62-432E-AA99-55765F457C27}\MpKsl78f7993d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3984FD34-2A62-432E-AA99-55765F457C27}\MpKsl78f7993d.sys [?]
    S1 MpKslf50db3a1;MpKslf50db3a1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A595B0D-A913-4981-9D16-0396115D64D1}\MpKslf50db3a1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A595B0D-A913-4981-9D16-0396115D64D1}\MpKslf50db3a1.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [3/15/2006 7:00 AM 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2011-11-18 c:\windows\Tasks\Backup.job
    - c:\windows\system32\ntbackup.exe [2006-03-15 10:42]
    .
    2011-12-18 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
    .
    2011-12-18 c:\windows\Tasks\User_Feed_Synchronization-{292B8DA8-6C6A-405E-812C-97C686BBE93A}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.dogpile.com/
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-18 14:37
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(684)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(2504)
    c:\windows\system32\WININET.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Rundll32.exe
    c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\SearchIndexer.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\dllhost.exe
    c:\windows\eHome\ehmsas.exe
    c:\program files\ATI Technologies\ATI.ACE\mace.exe
    c:\program files\ATI Technologies\ATI.ACE\cli.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-18 14:40:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-18 19:40
    .
    Pre-Run: 70,487,789,568 bytes free
    Post-Run: 71,128,248,320 bytes free
    .
    - - End Of File - - 2FFE8376056DE0FC29ED44A00A609296

    I would like to point out again the machine does not have a network connection and was unable to install an updated version of Recovery Console.
     
    boyracer,
    #11
  13. 2011/12/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Re-run Combofix, allow recovery console installation, post new log.

    How is computer doing at the moment?
     
    broni,
    #12
  14. 2011/12/18
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    The computer seems to be fine at the moment, other than I don't have a network connection. But, that's a question for the Networking Forum.

    I can run combo fix again but, do I get Windows Recovery Console on a machine with no internet?
     
    boyracer,
    #13
  15. 2011/12/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Let's see if we can fix it.

    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Press "Scan ".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
    broni,
    #14
  16. 2011/12/19
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    Here is the FSS log:

    Farbar Service Scanner
    Ran by Guertins (administrator) on 19-12-2011 at 08:24:12
    Microsoft Windows XP Professional Service Pack 3 (X86)
    ********************************************************

    Service Check:
    ==============
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    NetBt Service is not running. Checking service configuration:
    The start type of NetBt service is OK.
    The ImagePath of NetBt service is OK.


    File Check:
    ===========
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    Attention! C:\WINDOWS\system32\Drivers\netbt.sys is missing.
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

    Connection Status:
    ==================
    Localhost is accessible.
    There is no connection to network.
    Attempt to access Google IP returned error: Google IP is unreachable
    Attempt to access Yahoo IP returend error: Yahoo IP is unreachable

    **** End of log ****
     
    boyracer,
    #15
  17. 2011/12/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You have one system file and one registry key missing.

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
netbt.sys
:reg
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt /s
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
    broni,
    #16
  18. 2011/12/20
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    System Look Log:


    SystemLook 30.07.11 by jpshortstuff
    Log created at 08:38 on 20/12/2011 by Guertins
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "netbt.sys "
    C:\WINDOWS\$NtServicePackUninstall$\netbt.sys -----c- 162816 bytes [01:43 25/01/2011] [12:00 15/03/2006] 0C80E410CD2F47134407EE7DD19CC86B
    C:\WINDOWS\ServicePackFiles\i386\netbt.sys ------- 162816 bytes [01:50 25/01/2011] [05:51 14/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D
    C:\WINDOWS\system32\dllcache\netbt.sys --a--c- 162816 bytes [12:00 15/03/2006] [05:51 14/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D

    ========== reg ==========

    [HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt]
    "Type "= 0x0000000001 (1)
    "Start "= 0x0000000001 (1)
    "ErrorControl "= 0x0000000001 (1)
    "Tag "= 0x0000000006 (6)
    "ImagePath "= "system32\DRIVERS\netbt.sys "
    "DisplayName "= "NetBios over Tcpip "
    "Group "= "PNP_TDI "
    "DependOnService "= "Tcpip "
    "DependOnGroup "=" "
    "Description "= "NetBios over Tcpip "

    [HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt\Linkage]
    "OtherDependencies "= "Tcpip "
    "Bind "= "\Device\Tcpip_{9B1FDCBA-B532-4B8B-8542-78075CA3C1E6} \Device\Tcpip_{B3155C5D-3FDF-45C4-B63D-E6F754CF9AEC} \Device\Tcpip_{59F8B053-933D-49BA-8426-9B922FBC518F} "
    "Route "=" "Tcpip" "{9B1FDCBA-B532-4B8B-8542-78075CA3C1E6}" "Tcpip" "NdisWanIp" "
    "Export "= "\Device\NetBT_Tcpip_{9B1FDCBA-B532-4B8B-8542-78075CA3C1E6} \Device\NetBT_Tcpip_{B3155C5D-3FDF-45C4-B63D-E6F754CF9AEC} \Device\NetBT_Tcpip_{59F8B053-933D-49BA-8426-9B922FBC518F} "

    [HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt\Parameters]
    "NbProvider "= "_tcp "
    "NameServerPort "= 0x0000000089 (137)
    "CacheTimeout "= 0x00000927c0 (600000)
    "BcastNameQueryCount "= 0x0000000003 (3)
    "BcastQueryTimeout "= 0x00000002ee (750)
    "NameSrvQueryCount "= 0x0000000003 (3)
    "NameSrvQueryTimeout "= 0x00000005dc (1500)
    "Size/Small/Medium/Large "= 0x0000000001 (1)
    "SessionKeepAlive "= 0x000036ee80 (3600000)
    "TransportBindName "= "\Device\ "
    "EnableLMHOSTS "= 0x0000000001 (1)

    [HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt\Parameters\Interfaces]
    (No values found)

    [HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt\Parameters\Interfaces\Tcpip_{59F8B053-933D-49BA-8426-9B922FBC518F}]
    "NameServerList "=" "

    [HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt\Parameters\Interfaces\Tcpip_{9B1FDCBA-B532-4B8B-8542-78075CA3C1E6}]
    "NameServerList "=" "
    "NetbiosOptions "= 0x0000000000 (0)

    [HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt\Parameters\Interfaces\Tcpip_{B3155C5D-3FDF-45C4-B63D-E6F754CF9AEC}]
    "NameServerList "=" "

    [HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt\Security]
    "Security "=01 00 14 80 e8 00 00 00 f4 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 b8 00 08 00 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 9d 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 25 02 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 40 00 00 00 01 01 00 00 00 00 00 05 13 00 00 00 00 00 14 00 40 00 00 00 01 01 00 00 00 00 00 05 14 00 00 00 00 00 18 00 9d 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2c 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)

    [HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt\Enum]
    "0 "= "Root\LEGACY_NETBT\0000 "
    "Count "= 0x0000000001 (1)
    "NextInstance "= 0x0000000001 (1)
    "INITSTARTFAILED "= 0x0000000001 (1)


    -= EOF =-
     
    boyracer,
    #17
  19. 2011/12/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It looks like we have one system file and one registry key missing.

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
netbt.sys
:reg
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\netbt /s
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
    broni,
    #18
  20. 2011/12/20
    boyracer

    boyracer Well-Known Member Thread Starter

    Joined:
    2011/12/11
    Messages:
    88
    Likes Received:
    0
    I've run SystemLook already. The log is posted below. Should I run it a second time?
     
    boyracer,
    #19
  21. 2011/12/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ooops, sorry about it.
    Hold on...
     
    broni,
    #20
Page 1 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...